last executing test programs:

5m1.112165638s ago: executing program 2 (id=365):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800ffffff1f007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800020085000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x8}, 0x94)

5m0.345709676s ago: executing program 2 (id=367):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000ffff26bd7000ebdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="b1400000231a0500140012800b00010065727370616e0000a1ff02800a00010001"], 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x20040040)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={<r2=>0x0}, &(0x7f0000000100)=0xffffffffffffff74)
prlimit64(r2, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9da54000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r6, 0x0, 0xfffffffffffffffc}, 0x18)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r7, 0x6, 0x1c, &(0x7f0000000280)=""/116, &(0x7f00000001c0)=0x74)
r8 = socket$kcm(0x29, 0x5, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x7e}, 0x10)
sendmsg$nl_route(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="2c0000001a00012200000000000000050a000000000000000000000006000f00"], 0x2c}}, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r8, 0x119, 0x1, &(0x7f0000000240), 0x4)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r11, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000ecffff054d564b"])

4m56.797790365s ago: executing program 2 (id=374):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syz_tun\x00', 0x7101})
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>0x0})
syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000d2cf00003d36000002"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r6}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r6, &(0x7f0000001940), &(0x7f00000002c0)=""/187}, 0x20)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001280)={r5, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r5)
getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200))
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, r3, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

4m54.271997998s ago: executing program 2 (id=379):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
connect$can_bcm(r4, &(0x7f00000002c0), 0x10)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000280)=0x2c9, 0x4)
readv(r4, &(0x7f0000000200)=[{&(0x7f0000001b80)=""/4096, 0x1000}], 0x1)
sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=r4], 0x80}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)

4m45.471903573s ago: executing program 2 (id=394):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000000280), 0x2181700, &(0x7f00000003c0)=ANY=[@ANYBLOB="f210bedc399ccf5f8cfd1b7356f2662ccdef24beb0bc08ca78b86e1a34", @ANYBLOB="04991aa51df618111fc01d0b158073d9cbf3cd47c0d0ba62ad63cb97507beaab29da32b6edeb85500c780d8fe8b251bfddfe2bd85d43ddba36ddfa7d8511ebfd24312e92ea9ba216dec779228eae76bb9332873a431eff22b515aebf4b3f13147642edd8d562d87142069414e4bd3bf6dbad385c31506f80910c6b6e94d9f8ff95f215a0bb8eed93595b10650f12ca63d45fbb0890a7b9d2e8808be3d0777407006235d8cb207b1c8d673898e381b606b07f3729b3eaa0d3c8968bc3517b1ae4bcc4f8b2130642e8255440"])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x10, {{0x29, 0x0, 0x5000000, @local, 0x6}}}, 0xd8)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x6f4dad00}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002080)=ANY=[@ANYBLOB="140000001500010300000000000000000b00000099cb376cc020b9b1bda5903544c4884fcdae4abe00266414babfc4fd6b123d54febf0e65a343c989565bb27f76be75c4cac95c4a625557ac1e1438bd738bd76c2bd9b58c93c3237913b4312bb03340289cb9f6ecd99e83e3959ddca6a86710774b5cf30457f638f4f6504ba71ad5fcef8fe3e017b98e583768373702c41c383343d1e6e58b9557b6dcc7df95269970ac6eb9fff82d0a7d96f597500be455"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r4, r1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000800), 0x565801, 0x0)
r6 = openat$smackfs_ipv6host(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_ipv6host(r6, &(0x7f0000002180)=ANY=[@ANYBLOB="3078303030303030303030303030303030373a3078303030303030303030303030303030393a3078303030303030303030303030303030393a3078303030303030303030303030303030393a3078303030303030303030303030343038303a3078303030303030303030303030306635343a3078303030303030303030303030303030383a3078303030303030303030303030303033382f3030303030303030303030303030303030303136202825270000fb1e410bfeb92046cf9900960e6fad44c313c557d7d61ef8501450caec60a989d44803cb752abfdeeb9140416d47a3f148f558d02442c5b4e0455ab78a7a3343247ee1551fb91ee85b6bef2ea8b56b816d6047a548a2f6f4"], 0xb1)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x10000, 0x1008b}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000002140)=ANY=[@ANYRESOCT=r0], 0x0)

4m43.494348324s ago: executing program 2 (id=395):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000100)=0xf)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vim2m(0x0, 0x40000000e, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, 0x0, 0x1)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30f1ff00000800054000000021540000001d0a01010000000000000000070000000b00020073797a31000000000900010073797a30"], 0xc4}}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
r8 = dup3(r4, r5, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r8, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r8, 0x10f, 0x88)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r7, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
ioctl$int_out(r1, 0x0, &(0x7f0000000080))
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})

4m27.787810463s ago: executing program 32 (id=395):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000100)=0xf)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$vim2m(0x0, 0x40000000e, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, 0x0, 0x1)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30f1ff00000800054000000021540000001d0a01010000000000000000070000000b00020073797a31000000000900010073797a30"], 0xc4}}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
r8 = dup3(r4, r5, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r8, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r8, 0x10f, 0x88)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r7, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
ioctl$int_out(r1, 0x0, &(0x7f0000000080))
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})

18.108022542s ago: executing program 5 (id=1054):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000456000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xf0ffffff)
r1 = io_uring_setup(0x299, &(0x7f0000000300)={0x0, 0xf76b, 0x2000, 0x0, 0xfffffffe})
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r1, 0x12, 0x0, 0x0)
syz_usb_connect(0x1, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0xbd, 0x17, 0xc6, 0x8, 0x16d8, 0x7212, 0x6bed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x41, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4d, 0x0, 0x0, 0xaa, 0x95, 0x7a, 0x20}}]}}]}}, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) (async)
remap_file_pages(&(0x7f0000456000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xf0ffffff) (async)
io_uring_setup(0x299, &(0x7f0000000300)={0x0, 0xf76b, 0x2000, 0x0, 0xfffffffe}) (async)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r1, 0x12, 0x0, 0x0) (async)
syz_usb_connect(0x1, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x0, 0xbd, 0x17, 0xc6, 0x8, 0x16d8, 0x7212, 0x6bed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x41, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4d, 0x0, 0x0, 0xaa, 0x95, 0x7a, 0x20}}]}}]}}, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0}) (async)

13.998625484s ago: executing program 5 (id=1063):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r2, @ANYRES8=r2], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e0000"], 0x80}}, 0x0)
syz_emit_ethernet(0x136, &(0x7f0000000580)={@multicast, @random="58a4ab044a92", @void, {@ipv4={0x800, @tipc={{0x41, 0x4, 0x3, 0x3e, 0x128, 0x67, 0x0, 0x7f, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0xb}, @private=0xa010102, {[@timestamp_addr={0x44, 0xc, 0xb0, 0x1, 0x2, [{@dev={0xac, 0x14, 0x14, 0x3c}, 0x1f2e}]}, @rr={0x7, 0xf, 0xf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1c}, @rand_addr=0x64010101]}, @cipso={0x86, 0x67, 0xfffffffffffffffa, [{0x5, 0xa, "410413581a897e77"}, {0x6, 0x10, "5a8697ab32184be2ec4e97a2ebf4"}, {0x1, 0xe, "4cc6c9186d525af41a5c2342"}, {0x7, 0x12, "ff3c91fc2e238cf66dc7f31c5d37af33"}, {0x0, 0x11, "5e3ced2e04449979c596e3093ab409"}, {0x1, 0xd, "2b0f5e7f6b81d118163cbb"}, {0x7, 0x9, "a18706e307fcfc"}]}, @timestamp_addr={0x44, 0x34, 0xf3, 0x1, 0xa, [{@remote, 0x5}, {@local, 0x7}, {@multicast2, 0x6}, {@rand_addr=0x64010102, 0xebf0}, {@rand_addr=0x64010101, 0x1}, {@multicast1, 0x2}]}, @ssrr={0x89, 0x17, 0xf0, [@local, @local, @dev={0xac, 0x14, 0x14, 0x24}, @private=0xa010101, @broadcast]}, @ssrr={0x89, 0xf, 0x13, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @private=0xa010100]}, @lsrr={0x83, 0x13, 0xbb, [@loopback, @dev={0xac, 0x14, 0x14, 0x15}, @private=0xa010100, @private=0xa010100]}]}}, @payload_direct={{{{0x24, 0x0, 0x0, 0x1, 0x1, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x7, 0x3, 0x1, 0x1, 0x3, 0x4e21, 0x4e24}, 0x4, 0x4}}, [0x0, 0x0, 0x0, 0x0]}}}}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "0af5b0699d46dac48f29d158dbe8cfb1979e12979688dc039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c7667ce67af25166c2f0f85f36aa8867406119c2a6f1f892e31dea982c5ab0348d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b51424df36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459af0ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0x9, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x4000010)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
gettid()
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001a00010006000000000000000220200000000020000008000200ffffffff0000"], 0x24}}, 0x48010)
fsmount(r4, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6, 0x2010, 0xffffffffffffffff, 0x180000000)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0x8, 0x47524247, 0x3, 0x6, 0x2, 0x6, 0xa6e, 0x0, 0x4, 0x1, 0x5}})
syz_open_dev$vim2m(0x0, 0x3, 0x2)

12.035786157s ago: executing program 5 (id=1066):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$key(0xf, 0x3, 0x2)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bond0\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r4, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)

10.056836508s ago: executing program 5 (id=1074):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x1}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x14, 0x5, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYBLOB="0b2884bc9b0d2f815a5ea208d900ca1fb64b8c57b82dc0e9b3e347c67a0c414d07de2c5d1055a8f399e9ebd9dbec806e53e8d5ecd1043c0d9b15714e884fc8327421b13b4b81ba9b06fab6843575a051b57b43c02c40e023a518725919473f30b1fe3274c993e6126c795c33c6f04b5bcfb27d42c44c3beaaede70d30fea7e9073d1fc952923e46545dec003ca3ad84fdf234d0c286b6f69f5b9f44ecf3e6ec34c4ac83b8bd7b098"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0xc0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102400, 0x19000)
socket$kcm(0x10, 0x2, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x8, 0x1, 0x2, "3a7107ca5de21f000000f373000000e0ff00", 0x56595559})
sendfile(r2, r2, &(0x7f0000000080)=0x1, 0x4)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{0x0}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)

9.391266128s ago: executing program 3 (id=1075):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
openat$autofs(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
setsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000001c0))
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x21, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
map_shadow_stack(&(0x7f00002f6000/0x3000)=nil, 0x3000, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r4)
r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r6, 0xc03064ca, &(0x7f0000000ac0)={0x0, 0x0, 0x5, 0x0, 0x4})
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)={0x4c, r5, 0x1, 0x70bd2d, 0x4, {0x4e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x7}}]}, 0x4c}}, 0x4040)

8.072562922s ago: executing program 3 (id=1077):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)

6.748453265s ago: executing program 5 (id=1080):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x28, 0x140a, 0x8fde2c53ca9f6b21, 0x70bd2b, 0x25cfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4010)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x28, 0x140a, 0x8fde2c53ca9f6b21, 0x70bd2b, 0x25cfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4010) (async)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x0) (async)

6.491883613s ago: executing program 3 (id=1082):
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acbf5"], 0x0)
syz_usb_control_io$printer(r0, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}}, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x48000, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f0000000000)={0xffffffff, 0x1, 0x1})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/123, 0x7b}, {0x0}], 0x2, 0xffffa5f7, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r4, 0x0, 0x0, <r5=>0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000140)=[{0x25, 0x0, 0x1, 0xfffffffe}, {}, {0x6}]})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000000)={0x28, 0x7, r4, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1004000})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r1, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r5, 0x0, 0x1004000, 0x1000, &(0x7f0000ffc000)})
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r6, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40040)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)

6.120173713s ago: executing program 4 (id=1085):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffff7f9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)

5.966259961s ago: executing program 4 (id=1088):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0xd, 0x4, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

5.710198117s ago: executing program 4 (id=1091):
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000001018610f4205ae06d6cbdc00301090224ff5aa30009050402"], 0x0)

5.112158358s ago: executing program 1 (id=1102):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)

5.005784216s ago: executing program 1 (id=1103):
openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x4400, 0x0)

4.864054422s ago: executing program 1 (id=1105):
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x1, @local, 0x71ee}}}, 0x108)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, 0x0)

4.792961633s ago: executing program 1 (id=1108):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x300, 0x4)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
sendto(r0, &(0x7f0000000600)="1db4d479c5fa", 0x6, 0x4c080, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
io_setup(0xc, 0x0)
r1 = timerfd_create(0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
timerfd_settime(r1, 0x3, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$igmp(0x2, 0x3, 0x2)
socket$netlink(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

4.2960739s ago: executing program 0 (id=1115):
r0 = syz_open_dev$loop(&(0x7f0000000300), 0x91, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff)

4.295900454s ago: executing program 0 (id=1116):
syz_emit_ethernet(0xe4, &(0x7f0000000840)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd66364e0200ae2cfffc020000000000000000000000000001ff02000000000000000000000000000111000530640000007304020500000000fc020000000000000000000000000001fe80000000000000000000000000000f2c0003ff000000008a56a4984628f8290d76d3fcf61313928119e0094c2765798508c3243febf3953b157d526bd51a139f01bf84ea328ffa25fdd345aa8090c20935afbbea178160adb100000000000000009a07c8efc9acf30a831fc5802d959cbd5dc221b943977e"], 0x0)

4.251980691s ago: executing program 0 (id=1117):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0)

4.208606482s ago: executing program 0 (id=1118):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000640)={0x6, 0xd})

4.120071802s ago: executing program 4 (id=1119):
socket$inet6(0xa, 0x1, 0x10000000)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x24020400)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001400), 0x80000, 0x0)
ioctl$TIOCSLCKTRMIOS(r1, 0x5457, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
syz_open_dev$sndpcmc(0x0, 0x1, 0x214401)
splice(0xffffffffffffffff, 0x0, r1, &(0x7f0000000180)=0x8000000000000001, 0x7, 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_IOCTL(r3, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)

4.117762216s ago: executing program 0 (id=1120):
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xb)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000140))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.360407775s ago: executing program 0 (id=1121):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300), 0x2002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0xffffe000)
r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
close(0x3)
dup(r2)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000)

3.346505697s ago: executing program 1 (id=1122):
r0 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\rW\xef\x10\xd6d#\xf2\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8\x1f\xb2C\xf8\'?]\x16C\x166\xc0\xbcJT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8', 0x2)
pwritev(r0, &(0x7f0000000540)=[{&(0x7f0000000600)='\x00', 0x1}], 0x1, 0x7fffff, 0x8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendfile(r2, r0, 0x0, 0x2000081)

3.283967482s ago: executing program 5 (id=1123):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
accept4$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x0)

3.198269767s ago: executing program 3 (id=1124):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x0, 0x40002, 0x3, {0xd, @pix_mp={0x0, 0x3, 0x20303159, 0x0, 0xa, [{}, {}, {}, {0xfffffffd}, {}, {0x7}, {0x0, 0x1}], 0x10, 0xfd, 0x4, 0x2}}})

2.799656027s ago: executing program 4 (id=1125):
open(0x0, 0x81ff, 0x36)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r4, 0x1, 0x4000, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000050}, 0x0)

1.555916382s ago: executing program 4 (id=1126):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfc, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000019240)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe3d08660d3cd4684})
io_uring_enter(0xffffffffffffffff, 0x92, 0x0, 0x0, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x4004944)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000019480)={&(0x7f0000019200)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x880}, 0x20000800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = gettid()
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
read$ptp(r3, 0x0, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r4=>0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r5, &(0x7f0000000000)='map_files\x00')
mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x16, 0x0, @tid=r5})
timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r6, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="fe4cecb210"], 0x53)
memfd_create(&(0x7f0000000ac0)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600"], 0x48)
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000100)={&(0x7f0000001600)=""/4096, 0x1000})

1.477021703s ago: executing program 3 (id=1127):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, 0x0)

132.398149ms ago: executing program 3 (id=1128):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)

0s ago: executing program 1 (id=1129):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={0x0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x400000000000004)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r3 = accept(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, r3)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000500)=[{0x0}], 0x1}}], 0x1, 0x3404c8d4)

kernel console output (not intermixed with test programs):

9: detected capacity change from 0 to 7
[  316.315857][ T7931] buffer_io_error: 4 callbacks suppressed
[  316.315897][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.330305][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.339090][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.347548][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.356571][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.365053][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.373491][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.381880][ T7931] ldm_validate_partition_table(): Disk read failed.
[  316.390275][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.399895][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.408529][ T7931] Buffer I/O error on dev loop9, logical block 0, async page read
[  316.417454][ T7931] Dev loop9: unable to read RDB block 0
[  316.424602][ T7931]  loop9: unable to read partition table
[  316.431437][ T7931] loop9: partition table beyond EOD, truncated
[  316.437764][ T7931] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  316.437764][ T7931] 
) failed (rc=-5)
[  317.226944][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.229180][ T7924] Dev loop6: unable to read RDB block 7
[  317.239192][   T24] usb 4-1: USB disconnect, device number 13
[  318.336408][ T7924]  loop6: AHDI p3 p4
[  318.340629][ T7924] loop6: partition table partially beyond EOD, truncated
[  318.374679][ T7939] netlink: 'syz.5.540': attribute type 5 has an invalid length.
[  318.382797][ T7924] loop6: p3 start 1886353253 is beyond EOD, truncated
[  318.725276][   T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  319.043485][ T7952] overlayfs: failed to clone lowerpath
[  319.686615][   T24] usb 4-1: Using ep0 maxpacket: 32
[  319.771894][ T7957] FAULT_INJECTION: forcing a failure.
[  319.771894][ T7957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.849284][   T24] usb 4-1: device descriptor read/all, error -71
[  319.964286][ T7957] CPU: 0 UID: 0 PID: 7957 Comm: syz.1.543 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  319.964317][ T7957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  319.964329][ T7957] Call Trace:
[  319.964338][ T7957]  <TASK>
[  319.964347][ T7957]  dump_stack_lvl+0x189/0x250
[  319.964377][ T7957]  ? __pfx____ratelimit+0x10/0x10
[  319.964400][ T7957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.964423][ T7957]  ? __pfx__printk+0x10/0x10
[  319.964451][ T7957]  ? __might_fault+0xb0/0x130
[  319.964483][ T7957]  should_fail_ex+0x414/0x560
[  319.964512][ T7957]  _copy_from_iter+0x1db/0x16f0
[  319.964543][ T7957]  ? rcu_is_watching+0x15/0xb0
[  319.964568][ T7957]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  319.964591][ T7957]  ? __pfx__copy_from_iter+0x10/0x10
[  319.964620][ T7957]  ? __build_skb_around+0x257/0x3e0
[  319.964654][ T7957]  ? netlink_sendmsg+0x642/0xb30
[  319.964683][ T7957]  ? skb_put+0x11b/0x210
[  319.964717][ T7957]  netlink_sendmsg+0x6b2/0xb30
[  319.964766][ T7957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.964805][ T7957]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  319.964826][ T7957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.964857][ T7957]  __sock_sendmsg+0x21c/0x270
[  319.964885][ T7957]  ____sys_sendmsg+0x505/0x830
[  319.964922][ T7957]  ? __pfx_____sys_sendmsg+0x10/0x10
[  319.964963][ T7957]  ? import_iovec+0x74/0xa0
[  319.964995][ T7957]  ___sys_sendmsg+0x21f/0x2a0
[  319.965030][ T7957]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.965101][ T7957]  ? __fget_files+0x2a/0x420
[  319.965124][ T7957]  ? __fget_files+0x3a0/0x420
[  319.965158][ T7957]  __x64_sys_sendmsg+0x19b/0x260
[  319.965195][ T7957]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  319.965238][ T7957]  ? __pfx_ksys_write+0x10/0x10
[  319.965256][ T7957]  ? rcu_is_watching+0x15/0xb0
[  319.965284][ T7957]  ? do_syscall_64+0xbe/0x3b0
[  319.965312][ T7957]  do_syscall_64+0xfa/0x3b0
[  319.965334][ T7957]  ? lockdep_hardirqs_on+0x9c/0x150
[  319.965356][ T7957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.965376][ T7957]  ? clear_bhb_loop+0x60/0xb0
[  319.965401][ T7957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.965420][ T7957] RIP: 0033:0x7f92b718ebe9
[  319.965438][ T7957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.965455][ T7957] RSP: 002b:00007f92b7ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.965478][ T7957] RAX: ffffffffffffffda RBX: 00007f92b73b5fa0 RCX: 00007f92b718ebe9
[  319.965493][ T7957] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  319.965506][ T7957] RBP: 00007f92b7ff6090 R08: 0000000000000000 R09: 0000000000000000
[  319.965520][ T7957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.965532][ T7957] R13: 00007f92b73b6038 R14: 00007f92b73b5fa0 R15: 00007ffee4751a48
[  319.965567][ T7957]  </TASK>
[  321.516523][   T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  322.409775][ T7980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.550'.
[  322.418809][ T7980] netlink: 48 bytes leftover after parsing attributes in process `syz.4.550'.
[  322.430249][   T24] usb 4-1: Using ep0 maxpacket: 16
[  322.452449][   T24] usb 4-1: config 0 has an invalid interface number: 48 but max is 0
[  322.497980][   T24] usb 4-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[  322.539524][ T7988] netlink: 12 bytes leftover after parsing attributes in process `syz.0.551'.
[  322.604386][   T24] usb 4-1: config 0 has no interface number 0
[  322.611200][   T24] usb 4-1: config 0 interface 48 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  322.628490][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=7270, bcdDevice=89.5d
[  322.673637][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.685675][   T24] usb 4-1: Product: syz
[  322.686173][ T7991] loop6: detected capacity change from 0 to 7
[  322.695950][   T24] usb 4-1: Manufacturer: syz
[  322.701408][   T24] usb 4-1: SerialNumber: syz
[  322.746726][ T7991] Dev loop6: unable to read RDB block 7
[  322.752923][   T24] usb 4-1: config 0 descriptor??
[  322.794440][ T7991]  loop6: AHDI p3 p4
[  322.809103][ T7991] loop6: partition table partially beyond EOD, truncated
[  322.847019][ T7991] loop6: p3 start 1886353253 is beyond EOD, truncated
[  323.094686][ T8001] loop9: detected capacity change from 0 to 7
[  323.104908][ T8001] buffer_io_error: 4 callbacks suppressed
[  323.104953][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.119511][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.128136][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.136687][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.147598][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.156131][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.164655][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.172944][ T8001] ldm_validate_partition_table(): Disk read failed.
[  323.179963][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.188570][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.197317][ T8001] Buffer I/O error on dev loop9, logical block 0, async page read
[  323.206206][ T8001] Dev loop9: unable to read RDB block 0
[  323.213564][ T8001]  loop9: unable to read partition table
[  323.220445][ T8001] loop9: partition table beyond EOD, truncated
[  323.226815][ T8001] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  323.226815][ T8001] 
) failed (rc=-5)
[  323.602280][  T980] usb 4-1: USB disconnect, device number 15
[  324.267109][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.277870][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.286877][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.295803][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.304738][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.313673][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  324.322635][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.556'.
[  325.276425][  T980] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  325.526705][   T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  325.826548][  T980] usb 1-1: Using ep0 maxpacket: 32
[  325.842909][  T980] usb 1-1: too many configurations: 75, using maximum allowed: 8
[  325.991054][  T980] usb 1-1: config index 0 descriptor too short (expected 2304, got 18)
[  326.006455][   T24] usb 4-1: device descriptor read/64, error -71
[  326.206363][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  326.632128][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  326.647919][  T980] usb 1-1: config index 1 descriptor too short (expected 2304, got 18)
[  326.656224][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  326.726610][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  326.741717][  T980] usb 1-1: config index 2 descriptor too short (expected 2304, got 18)
[  326.755973][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  326.768710][ T8032] tipc: Started in network mode
[  326.773656][ T8032] tipc: Node identity fe80000000000000000006010000001, cluster identity 4711
[  326.799584][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  326.816519][ T8032] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  326.831593][  T980] usb 1-1: config index 3 descriptor too short (expected 2304, got 18)
[  326.842197][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  326.866430][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  326.886771][  T980] usb 1-1: config index 4 descriptor too short (expected 2304, got 18)
[  326.901319][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  326.921647][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  326.931004][   T24] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  326.994029][  T980] usb 1-1: config index 5 descriptor too short (expected 2304, got 18)
[  327.017385][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  327.043248][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  327.070737][  T980] usb 1-1: config index 6 descriptor too short (expected 2304, got 18)
[  327.086250][  T980] usb 1-1: config 0 has an invalid descriptor of length 251, skipping remainder of the config
[  327.092781][   T24] usb 4-1: device descriptor read/64, error -71
[  327.098258][  T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 4
[  327.842401][  T980] usb 1-1: unable to read config index 7 descriptor/start: -71
[  327.902341][   T24] usb usb4-port1: attempt power cycle
[  328.017275][  T980] usb 1-1: can't read configurations, error -71
[  328.318965][   T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  329.781824][   T24] usb 4-1: device descriptor read/8, error -71
[  330.591124][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.599185][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.608112][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.609862][ T8079] UHID_CREATE from different security context by process 32 (syz.5.573), this is not allowed.
[  330.616009][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.634491][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.648225][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.663852][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.695710][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.732671][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.773135][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.826765][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.852390][ T8084] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  330.871025][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.909761][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.924929][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  330.970400][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.021105][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.046898][ T8089] tmpfs: Cannot retroactively limit inodes
[  331.058660][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.086472][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.093930][ T8089] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem
[  331.143247][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.145239][ T8093] netlink: 'syz.0.577': attribute type 2 has an invalid length.
[  331.326473][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.346451][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.353898][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.362615][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.370130][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.378171][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.386967][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  331.431075][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.097060][ T8097] netlink: 'syz.0.577': attribute type 2 has an invalid length.
[  332.176663][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.184636][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.196686][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.204138][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.216553][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.223997][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.233058][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.241789][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.242436][ T8102] /dev/sg0: Can't lookup blockdev
[  332.253819][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.263383][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.288189][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.305880][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.327243][ T8102] capability: warning: `syz.1.578' uses deprecated v2 capabilities in a way that may be insecure
[  332.375481][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.392344][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.422137][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.448638][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.456121][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.500187][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  332.517209][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.486467][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.506395][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.514096][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.591410][ T8116] loop9: detected capacity change from 0 to 7
[  333.598119][ T8116] buffer_io_error: 4 callbacks suppressed
[  333.598135][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.611885][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.619998][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.628007][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.635978][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.691473][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.706050][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.715828][ T8116] ldm_validate_partition_table(): Disk read failed.
[  333.723788][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.735565][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.744111][ T8116] Buffer I/O error on dev loop9, logical block 0, async page read
[  333.752305][ T8116] Dev loop9: unable to read RDB block 0
[  333.758228][ T8116]  loop9: unable to read partition table
[  333.764096][ T8116] loop9: partition table beyond EOD, truncated
[  333.770397][ T8116] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  333.770397][ T8116] 
) failed (rc=-5)
[  333.973142][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.981099][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.989457][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  333.998097][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.005538][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.487850][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  334.487870][   T30] audit: type=1326 audit(1755118284.198:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  334.520368][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.527857][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.535282][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.542772][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  334.666644][   T30] audit: type=1326 audit(1755118284.198:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  335.187925][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.195336][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.203938][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.215119][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.223778][ T8118] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  335.234508][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.266409][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.299666][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.476437][   T30] audit: type=1326 audit(1755118284.258:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  335.516567][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  335.530921][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.217600][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.236431][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.246018][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.275667][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.302573][   T30] audit: type=1326 audit(1755118284.258:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  336.346572][   T30] audit: type=1326 audit(1755118284.258:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  336.468901][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.477141][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.484604][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.492913][  T980] hid-generic 0000:0000:0004.0002: unknown main item tag 0x0
[  336.505263][  T980] hid-generic 0000:0000:0004.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  337.246382][   T30] audit: type=1326 audit(1755118284.288:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  337.385558][   T30] audit: type=1326 audit(1755118284.288:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  337.419465][   T30] audit: type=1326 audit(1755118284.298:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  337.498610][   T30] audit: type=1326 audit(1755118284.298:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  337.591220][   T30] audit: type=1326 audit(1755118284.298:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.4.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  338.337734][ T8149] __nla_validate_parse: 46 callbacks suppressed
[  338.337753][ T8149] netlink: 12 bytes leftover after parsing attributes in process `syz.1.590'.
[  338.389833][ T8143] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  338.396428][ T8143] comedi comedi3: 8255: I/O port conflict (0xfffffffffffff2fa,4)
[  338.408347][ T8143] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  338.414908][ T8143] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  338.422071][ T8143] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  338.428659][ T8143] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  338.435389][ T8143] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  338.440712][ T8149] FAULT_INJECTION: forcing a failure.
[  338.440712][ T8149] name failslab, interval 1, probability 0, space 0, times 0
[  338.466887][ T8149] CPU: 0 UID: 0 PID: 8149 Comm: syz.1.590 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  338.466916][ T8149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  338.466929][ T8149] Call Trace:
[  338.466938][ T8149]  <TASK>
[  338.466947][ T8149]  dump_stack_lvl+0x189/0x250
[  338.466976][ T8149]  ? __pfx____ratelimit+0x10/0x10
[  338.466999][ T8149]  ? __pfx_dump_stack_lvl+0x10/0x10
[  338.467023][ T8149]  ? __pfx__printk+0x10/0x10
[  338.467051][ T8149]  ? __pfx___might_resched+0x10/0x10
[  338.467075][ T8149]  ? fs_reclaim_acquire+0x7d/0x100
[  338.467112][ T8149]  should_fail_ex+0x414/0x560
[  338.467140][ T8149]  should_failslab+0xa8/0x100
[  338.467165][ T8149]  __kmalloc_cache_noprof+0x70/0x3d0
[  338.467186][ T8149]  ? xfrm_policy_alloc+0x78/0x2b0
[  338.467214][ T8149]  xfrm_policy_alloc+0x78/0x2b0
[  338.467241][ T8149]  xfrm_policy_construct+0x39/0x6b0
[  338.467273][ T8149]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.467304][ T8149]  xfrm_add_policy+0x267/0x800
[  338.467335][ T8149]  ? rcu_is_watching+0x15/0xb0
[  338.467359][ T8149]  ? __pfx_xfrm_add_policy+0x10/0x10
[  338.467396][ T8149]  ? __nla_parse+0x40/0x60
[  338.467427][ T8149]  xfrm_user_rcv_msg+0x7a0/0xab0
[  338.467462][ T8149]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  338.467529][ T8149]  ? __mutex_trylock_common+0x153/0x260
[  338.467558][ T8149]  ? __pfx___mutex_trylock_common+0x10/0x10
[  338.467589][ T8149]  ? rcu_is_watching+0x15/0xb0
[  338.467612][ T8149]  ? trace_contention_end+0x39/0x120
[  338.467646][ T8149]  netlink_rcv_skb+0x205/0x470
[  338.467678][ T8149]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  338.467709][ T8149]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  338.467757][ T8149]  ? netlink_deliver_tap+0x2e/0x1b0
[  338.467786][ T8149]  ? netlink_deliver_tap+0x2e/0x1b0
[  338.467819][ T8149]  xfrm_netlink_rcv+0x79/0x90
[  338.467848][ T8149]  netlink_unicast+0x75c/0x8e0
[  338.467911][ T8149]  netlink_sendmsg+0x805/0xb30
[  338.467967][ T8149]  ? __pfx_netlink_sendmsg+0x10/0x10
[  338.468007][ T8149]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  338.468029][ T8149]  ? __pfx_netlink_sendmsg+0x10/0x10
[  338.468061][ T8149]  __sock_sendmsg+0x21c/0x270
[  338.468097][ T8149]  ____sys_sendmsg+0x505/0x830
[  338.468137][ T8149]  ? __pfx_____sys_sendmsg+0x10/0x10
[  338.468181][ T8149]  ? import_iovec+0x74/0xa0
[  338.468215][ T8149]  ___sys_sendmsg+0x21f/0x2a0
[  338.468252][ T8149]  ? __pfx____sys_sendmsg+0x10/0x10
[  338.468324][ T8149]  ? __fget_files+0x2a/0x420
[  338.468348][ T8149]  ? __fget_files+0x3a0/0x420
[  338.468384][ T8149]  __x64_sys_sendmsg+0x19b/0x260
[  338.468421][ T8149]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  338.468466][ T8149]  ? __pfx_ksys_write+0x10/0x10
[  338.468502][ T8149]  ? rcu_is_watching+0x15/0xb0
[  338.468532][ T8149]  ? do_syscall_64+0xbe/0x3b0
[  338.468561][ T8149]  do_syscall_64+0xfa/0x3b0
[  338.468583][ T8149]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.468604][ T8149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.468627][ T8149]  ? clear_bhb_loop+0x60/0xb0
[  338.468654][ T8149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.468675][ T8149] RIP: 0033:0x7f92b718ebe9
[  338.468695][ T8149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.468714][ T8149] RSP: 002b:00007f92b7ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  338.468738][ T8149] RAX: ffffffffffffffda RBX: 00007f92b73b5fa0 RCX: 00007f92b718ebe9
[  338.468754][ T8149] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  338.468768][ T8149] RBP: 00007f92b7ff6090 R08: 0000000000000000 R09: 0000000000000000
[  338.468782][ T8149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.468795][ T8149] R13: 00007f92b73b6038 R14: 00007f92b73b5fa0 R15: 00007ffee4751a48
[  338.468831][ T8149]  </TASK>
[  338.516515][ T8143] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  338.856394][ T8143] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  338.907329][ T8154] netlink: 12 bytes leftover after parsing attributes in process `syz.0.593'.
[  338.992084][ T8143] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  339.007641][ T8143] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  339.030100][ T8143] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  339.051063][ T8143] comedi comedi3: 8255: I/O port conflict (0x401,4)
[  339.070586][ T8143] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  339.684032][   T24] IPVS: starting estimator thread 0...
[  339.826417][ T8177] IPVS: using max 36 ests per chain, 86400 per kthread
[  340.676881][   T24] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  340.964712][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  341.306440][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  341.337015][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  341.346106][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.410784][   T24] usb 2-1: Product: syz
[  341.415025][   T24] usb 2-1: Manufacturer: syz
[  341.588228][   T24] usb 2-1: SerialNumber: syz
[  341.994815][ T8176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.199767][ T8176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.246705][ T8196] FAULT_INJECTION: forcing a failure.
[  342.246705][ T8196] name failslab, interval 1, probability 0, space 0, times 0
[  342.259801][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.4.604 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  342.259827][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  342.259839][ T8196] Call Trace:
[  342.259848][ T8196]  <TASK>
[  342.259856][ T8196]  dump_stack_lvl+0x189/0x250
[  342.259885][ T8196]  ? __pfx____ratelimit+0x10/0x10
[  342.259907][ T8196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.259930][ T8196]  ? __pfx__printk+0x10/0x10
[  342.259958][ T8196]  ? __lock_acquire+0xab9/0xd20
[  342.259987][ T8196]  should_fail_ex+0x414/0x560
[  342.260013][ T8196]  should_failslab+0xa8/0x100
[  342.260037][ T8196]  __kmalloc_cache_noprof+0x70/0x3d0
[  342.260057][ T8196]  ? xfrm_policy_inexact_insert_node+0xa57/0xb60
[  342.260096][ T8196]  xfrm_policy_inexact_insert_node+0xa57/0xb60
[  342.260130][ T8196]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  342.260171][ T8196]  xfrm_policy_inexact_alloc_chain+0x7d4/0xeb0
[  342.260206][ T8196]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  342.260240][ T8196]  xfrm_policy_inexact_insert+0xc9/0x180
[  342.260269][ T8196]  xfrm_policy_insert+0x116/0x940
[  342.260304][ T8196]  xfrm_add_policy+0x2e2/0x800
[  342.260338][ T8196]  ? __pfx_xfrm_add_policy+0x10/0x10
[  342.260373][ T8196]  ? __nla_parse+0x40/0x60
[  342.260402][ T8196]  xfrm_user_rcv_msg+0x7a0/0xab0
[  342.260436][ T8196]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  342.260510][ T8196]  ? __mutex_trylock_common+0x153/0x260
[  342.260539][ T8196]  ? __pfx___mutex_trylock_common+0x10/0x10
[  342.260569][ T8196]  ? rcu_is_watching+0x15/0xb0
[  342.260591][ T8196]  ? trace_contention_end+0x39/0x120
[  342.260623][ T8196]  netlink_rcv_skb+0x205/0x470
[  342.260654][ T8196]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  342.260683][ T8196]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  342.260728][ T8196]  ? netlink_deliver_tap+0x2e/0x1b0
[  342.260756][ T8196]  ? netlink_deliver_tap+0x2e/0x1b0
[  342.260787][ T8196]  xfrm_netlink_rcv+0x79/0x90
[  342.260815][ T8196]  netlink_unicast+0x75c/0x8e0
[  342.260852][ T8196]  netlink_sendmsg+0x805/0xb30
[  342.260891][ T8196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.260929][ T8196]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  342.260949][ T8196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.260997][ T8196]  __sock_sendmsg+0x21c/0x270
[  342.261027][ T8196]  ____sys_sendmsg+0x505/0x830
[  342.261068][ T8196]  ? __pfx_____sys_sendmsg+0x10/0x10
[  342.261113][ T8196]  ? import_iovec+0x74/0xa0
[  342.261147][ T8196]  ___sys_sendmsg+0x21f/0x2a0
[  342.261184][ T8196]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.261259][ T8196]  ? __fget_files+0x2a/0x420
[  342.261282][ T8196]  ? __fget_files+0x3a0/0x420
[  342.261318][ T8196]  __x64_sys_sendmsg+0x19b/0x260
[  342.261355][ T8196]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.261400][ T8196]  ? __pfx_ksys_write+0x10/0x10
[  342.261418][ T8196]  ? rcu_is_watching+0x15/0xb0
[  342.261447][ T8196]  ? do_syscall_64+0xbe/0x3b0
[  342.261482][ T8196]  do_syscall_64+0xfa/0x3b0
[  342.261506][ T8196]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.261528][ T8196]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.261550][ T8196]  ? clear_bhb_loop+0x60/0xb0
[  342.261576][ T8196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.261597][ T8196] RIP: 0033:0x7fcf1b18ebe9
[  342.261616][ T8196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.261635][ T8196] RSP: 002b:00007fcf1c034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.261658][ T8196] RAX: ffffffffffffffda RBX: 00007fcf1b3b5fa0 RCX: 00007fcf1b18ebe9
[  342.261674][ T8196] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  342.261687][ T8196] RBP: 00007fcf1c034090 R08: 0000000000000000 R09: 0000000000000000
[  342.261700][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.261713][ T8196] R13: 00007fcf1b3b6038 R14: 00007fcf1b3b5fa0 R15: 00007ffefba09c38
[  342.261747][ T8196]  </TASK>
[  342.818079][   T24] usb 2-1: 0:2 : does not exist
[  342.834547][   T24] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  343.148159][ T8204] netlink: 148 bytes leftover after parsing attributes in process `syz.3.605'.
[  343.671718][ T8205] binder: 8199:8205 ioctl c0306201 200000000100 returned -14
[  343.679462][ T5919] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  343.711610][   T24] usb 2-1: USB disconnect, device number 13
[  343.846514][ T5919] usb 4-1: Using ep0 maxpacket: 16
[  344.045379][ T5919] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  344.092614][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.329963][ T5919] usb 4-1: Product: syz
[  344.433515][ T5919] usb 4-1: Manufacturer: syz
[  344.538996][ T5919] usb 4-1: SerialNumber: syz
[  344.785914][ T5919] r8152-cfgselector 4-1: Unknown version 0x0000
[  344.816656][ T5919] r8152-cfgselector 4-1: config 0 descriptor??
[  345.005449][ T8219] syzkaller0: entered promiscuous mode
[  345.013311][ T8219] syzkaller0: entered allmulticast mode
[  345.046682][ T5919] r8152-cfgselector 4-1: Unknown version 0x0000
[  345.609236][ T5919] r8152-cfgselector 4-1: bad CDC descriptors
[  345.625843][ T5919] r8152-cfgselector 4-1: USB disconnect, device number 20
[  347.376790][ T8239] netlink: 12 bytes leftover after parsing attributes in process `syz.1.617'.
[  349.236617][   T43] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  349.596997][   T43] usb 1-1: Using ep0 maxpacket: 32
[  349.669085][ T8255] netlink: 12 bytes leftover after parsing attributes in process `syz.3.622'.
[  349.688078][ T8255] FAULT_INJECTION: forcing a failure.
[  349.688078][ T8255] name failslab, interval 1, probability 0, space 0, times 0
[  349.734133][ T8255] CPU: 0 UID: 0 PID: 8255 Comm: syz.3.622 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  349.734169][ T8255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  349.734183][ T8255] Call Trace:
[  349.734191][ T8255]  <TASK>
[  349.734201][ T8255]  dump_stack_lvl+0x189/0x250
[  349.734231][ T8255]  ? __pfx____ratelimit+0x10/0x10
[  349.734254][ T8255]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.734278][ T8255]  ? __pfx__printk+0x10/0x10
[  349.734314][ T8255]  ? do_raw_spin_lock+0x121/0x290
[  349.734348][ T8255]  should_fail_ex+0x414/0x560
[  349.734377][ T8255]  should_failslab+0xa8/0x100
[  349.734403][ T8255]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  349.734426][ T8255]  ? __alloc_skb+0x112/0x2d0
[  349.734462][ T8255]  __alloc_skb+0x112/0x2d0
[  349.734496][ T8255]  xfrm_send_policy_notify+0x29d/0x1bb0
[  349.734529][ T8255]  ? __lock_acquire+0xab9/0xd20
[  349.734555][ T8255]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  349.734589][ T8255]  ? km_policy_notify+0x28/0x200
[  349.734627][ T8255]  ? km_policy_notify+0x28/0x200
[  349.734656][ T8255]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  349.734685][ T8255]  km_policy_notify+0x121/0x200
[  349.734712][ T8255]  ? km_policy_notify+0x28/0x200
[  349.734744][ T8255]  xfrm_add_policy+0x4c7/0x800
[  349.734801][ T8255]  ? __pfx_xfrm_add_policy+0x10/0x10
[  349.734840][ T8255]  ? __nla_parse+0x40/0x60
[  349.734872][ T8255]  xfrm_user_rcv_msg+0x7a0/0xab0
[  349.734910][ T8255]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  349.734979][ T8255]  ? __mutex_trylock_common+0x153/0x260
[  349.735010][ T8255]  ? __pfx___mutex_trylock_common+0x10/0x10
[  349.735043][ T8255]  ? rcu_is_watching+0x15/0xb0
[  349.735068][ T8255]  ? trace_contention_end+0x39/0x120
[  349.735111][ T8255]  netlink_rcv_skb+0x205/0x470
[  349.735144][ T8255]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  349.735176][ T8255]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  349.735226][ T8255]  ? netlink_deliver_tap+0x2e/0x1b0
[  349.735257][ T8255]  ? netlink_deliver_tap+0x2e/0x1b0
[  349.735290][ T8255]  xfrm_netlink_rcv+0x79/0x90
[  349.735320][ T8255]  netlink_unicast+0x75c/0x8e0
[  349.735362][ T8255]  netlink_sendmsg+0x805/0xb30
[  349.735405][ T8255]  ? __pfx_netlink_sendmsg+0x10/0x10
[  349.735446][ T8255]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  349.735468][ T8255]  ? __pfx_netlink_sendmsg+0x10/0x10
[  349.735501][ T8255]  __sock_sendmsg+0x21c/0x270
[  349.735530][ T8255]  ____sys_sendmsg+0x505/0x830
[  349.735570][ T8255]  ? __pfx_____sys_sendmsg+0x10/0x10
[  349.735614][ T8255]  ? import_iovec+0x74/0xa0
[  349.735650][ T8255]  ___sys_sendmsg+0x21f/0x2a0
[  349.735687][ T8255]  ? __pfx____sys_sendmsg+0x10/0x10
[  349.735764][ T8255]  ? __fget_files+0x2a/0x420
[  349.735788][ T8255]  ? __fget_files+0x3a0/0x420
[  349.735825][ T8255]  __x64_sys_sendmsg+0x19b/0x260
[  349.735864][ T8255]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  349.735910][ T8255]  ? __pfx_ksys_write+0x10/0x10
[  349.735929][ T8255]  ? rcu_is_watching+0x15/0xb0
[  349.735958][ T8255]  ? do_syscall_64+0xbe/0x3b0
[  349.735988][ T8255]  do_syscall_64+0xfa/0x3b0
[  349.736012][ T8255]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.736034][ T8255]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.736069][ T8255]  ? clear_bhb_loop+0x60/0xb0
[  349.736102][ T8255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.736123][ T8255] RIP: 0033:0x7f0ba518ebe9
[  349.736142][ T8255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.736160][ T8255] RSP: 002b:00007f0ba6003038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  349.736183][ T8255] RAX: ffffffffffffffda RBX: 00007f0ba53b5fa0 RCX: 00007f0ba518ebe9
[  349.736199][ T8255] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  349.736212][ T8255] RBP: 00007f0ba6003090 R08: 0000000000000000 R09: 0000000000000000
[  349.736225][ T8255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.736238][ T8255] R13: 00007f0ba53b6038 R14: 00007f0ba53b5fa0 R15: 00007ffc5063c108
[  349.736276][ T8255]  </TASK>
[  349.806459][   T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  350.143277][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  350.172405][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  350.190771][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  350.200183][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.220283][   T43] usb 1-1: config 0 descriptor??
[  350.226153][ T8246] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  350.242416][   T43] hub 1-1:0.0: USB hub found
[  350.491457][    T9] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  350.535262][   T43] hub 1-1:0.0: config failed, hub has too many ports! (err -19)
[  350.595993][ T8271] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.627'.
[  351.578076][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  351.584147][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  351.619323][   T43] usb 1-1: USB disconnect, device number 19
[  351.794764][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.807727][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  351.827701][    T9] usb 6-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  351.836901][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.848389][    T9] usb 6-1: config 0 descriptor??
[  352.494083][ T8295] input: syz1 as /devices/virtual/input/input12
[  352.940153][ T8296] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  353.037945][  T980] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  353.935497][  T980] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  354.049418][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.071459][  T980] usb 5-1: Product: syz
[  354.078602][  T980] usb 5-1: Manufacturer: syz
[  354.820056][  T980] usb 5-1: SerialNumber: syz
[  354.845984][  T980] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  354.874872][ T5891] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  358.556314][    C0] sched: DL replenish lagged too much
[  358.699420][  T980] usb 5-1: USB disconnect, device number 22
[  358.711855][    T9] usb 6-1: string descriptor 0 read error: -32
[  359.152124][    T9] IPVS: starting estimator thread 0...
[  359.277192][ T8317] IPVS: using max 23 ests per chain, 55200 per kthread
[  359.291653][ T8319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  359.571666][   T43] usb 6-1: USB disconnect, device number 3
[  360.036487][ T5891] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  360.043617][ T5891] ath9k_htc: Failed to initialize the device
[  360.126347][  T980] usb 5-1: ath9k_htc: USB layer deinitialized
[  360.730790][ T8333] FAULT_INJECTION: forcing a failure.
[  360.730790][ T8333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.744073][ T8333] CPU: 1 UID: 0 PID: 8333 Comm: syz.5.644 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  360.744102][ T8333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.744116][ T8333] Call Trace:
[  360.744127][ T8333]  <TASK>
[  360.744137][ T8333]  dump_stack_lvl+0x189/0x250
[  360.744168][ T8333]  ? __pfx____ratelimit+0x10/0x10
[  360.744192][ T8333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.744217][ T8333]  ? __pfx__printk+0x10/0x10
[  360.744246][ T8333]  ? __might_fault+0xb0/0x130
[  360.744280][ T8333]  should_fail_ex+0x414/0x560
[  360.744309][ T8333]  _copy_from_user+0x2d/0xb0
[  360.744341][ T8333]  do_sock_getsockopt+0x17d/0x450
[  360.744379][ T8333]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  360.744411][ T8333]  ? do_syscall_64+0x20/0x3b0
[  360.744435][ T8333]  ? __fget_files+0x3a0/0x420
[  360.744460][ T8333]  ? __fget_files+0x2a/0x420
[  360.744492][ T8333]  __x64_sys_getsockopt+0x1a5/0x250
[  360.744525][ T8333]  ? do_syscall_64+0x20/0x3b0
[  360.744551][ T8333]  ? do_syscall_64+0x20/0x3b0
[  360.744580][ T8333]  do_syscall_64+0xfa/0x3b0
[  360.744606][ T8333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.744628][ T8333]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  360.744649][ T8333]  ? clear_bhb_loop+0x60/0xb0
[  360.744676][ T8333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.744698][ T8333] RIP: 0033:0x7fcc8e58ebe9
[  360.744717][ T8333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.744737][ T8333] RSP: 002b:00007fcc8f46f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  360.744760][ T8333] RAX: ffffffffffffffda RBX: 00007fcc8e7b6180 RCX: 00007fcc8e58ebe9
[  360.744776][ T8333] RDX: 0000000000000007 RSI: 0000000000000112 RDI: 0000000000000006
[  360.744789][ T8333] RBP: 00007fcc8f46f090 R08: 0000200000000240 R09: 0000000000000000
[  360.744802][ T8333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.744815][ T8333] R13: 00007fcc8e7b6218 R14: 00007fcc8e7b6180 R15: 00007ffefdf87628
[  360.744858][ T8333]  </TASK>
[  361.295685][ T8340] netlink: 12 bytes leftover after parsing attributes in process `syz.1.646'.
[  361.353528][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.5.649'.
[  361.417471][ T8343] 9pnet_fd: Insufficient options for proto=fd
[  363.236706][ T5948] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  363.532074][ T8362] netlink: 12 bytes leftover after parsing attributes in process `syz.0.654'.
[  363.542320][ T8362] netlink: 48 bytes leftover after parsing attributes in process `syz.0.654'.
[  364.117413][ T5948] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  364.139421][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.148271][ T5948] usb 4-1: Product: syz
[  364.152508][ T5948] usb 4-1: Manufacturer: syz
[  364.157576][ T5948] usb 4-1: SerialNumber: syz
[  364.303020][ T5948] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  364.337408][   T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  365.408449][  T980] usb 4-1: USB disconnect, device number 21
[  365.446497][ T5948] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  365.715763][ T5948] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  365.839553][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.955588][ T5948] usb 6-1: Product: syz
[  366.006392][ T5948] usb 6-1: Manufacturer: syz
[  366.026376][ T5948] usb 6-1: SerialNumber: syz
[  366.098147][   T43] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  366.132880][   T43] ath9k_htc: Failed to initialize the device
[  366.229901][ T8386] netlink: 228 bytes leftover after parsing attributes in process `syz.4.661'.
[  366.270610][ T5948] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  366.290223][  T980] usb 4-1: ath9k_htc: USB layer deinitialized
[  366.324530][ T1613] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  366.361546][ T8392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.663'.
[  367.345250][ T8396] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  367.383708][ T1613] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  367.385107][ T8377] netlink: 'syz.5.659': attribute type 29 has an invalid length.
[  367.433327][ T1613] ath9k_htc: Failed to initialize the device
[  367.447767][ T5948] usb 6-1: USB disconnect, device number 4
[  367.478244][ T5948] usb 6-1: ath9k_htc: USB layer deinitialized
[  367.597503][ T8404] netlink: 16 bytes leftover after parsing attributes in process `syz.3.666'.
[  367.749711][ T8410] netlink: 244 bytes leftover after parsing attributes in process `syz.4.668'.
[  367.812794][ T5891] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  368.443122][ T5891] usb 1-1: Using ep0 maxpacket: 16
[  369.026658][ T5891] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  369.046659][ T5891] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  369.070974][ T5891] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  369.087288][ T5891] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  369.097533][ T5891] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  369.133431][ T5891] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  369.144404][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  369.426510][ T5891] usb 1-1: SerialNumber: syz
[  369.440426][ T8396] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  369.461458][ T5891] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  370.175941][ T5891] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12
[  371.180765][ T8437] netlink: 12 bytes leftover after parsing attributes in process `syz.1.675'.
[  371.212514][ T5891] usb 1-1: USB disconnect, device number 20
[  371.695371][    T9] IPVS: starting estimator thread 0...
[  372.057210][ T8444] IPVS: using max 23 ests per chain, 55200 per kthread
[  375.146595][ T5948] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  376.266372][ T5948] usb 4-1: Using ep0 maxpacket: 8
[  376.273590][ T5948] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  377.031801][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.130848][ T5948] usb 4-1: can't set config #252, error -71
[  377.193459][ T5948] usb 4-1: USB disconnect, device number 22
[  377.444680][ T8486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.689'.
[  377.540171][ T8488] netlink: 12 bytes leftover after parsing attributes in process `syz.4.690'.
[  377.579356][ T8486] FAULT_INJECTION: forcing a failure.
[  377.579356][ T8486] name failslab, interval 1, probability 0, space 0, times 0
[  377.816783][ T8487] loop9: detected capacity change from 0 to 7
[  377.823614][ T8487] buffer_io_error: 4 callbacks suppressed
[  377.823631][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.839142][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.847136][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.855091][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.863174][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.871231][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.879646][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.887746][ T8487] ldm_validate_partition_table(): Disk read failed.
[  377.894442][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.902476][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  377.910482][ T8487] Buffer I/O error on dev loop9, logical block 0, async page read
[  378.034863][ T8487] Dev loop9: unable to read RDB block 0
[  378.040923][ T8487]  loop9: unable to read partition table
[  378.046892][ T8487] loop9: partition table beyond EOD, truncated
[  378.053111][ T8487] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  378.053111][ T8487] 
) failed (rc=-5)
[  378.095733][ T8486] CPU: 1 UID: 0 PID: 8486 Comm: syz.1.689 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  378.095767][ T8486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  378.095781][ T8486] Call Trace:
[  378.095790][ T8486]  <TASK>
[  378.095801][ T8486]  dump_stack_lvl+0x189/0x250
[  378.095836][ T8486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.095861][ T8486]  ? __pfx__printk+0x10/0x10
[  378.095899][ T8486]  ? should_fail_ex+0x399/0x560
[  378.095926][ T8486]  should_fail_ex+0x414/0x560
[  378.095954][ T8486]  should_failslab+0xa8/0x100
[  378.095980][ T8486]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  378.096004][ T8486]  ? __alloc_skb+0x112/0x2d0
[  378.096040][ T8486]  __alloc_skb+0x112/0x2d0
[  378.096075][ T8486]  netlink_ack+0x146/0xa50
[  378.096103][ T8486]  ? __pfx___mutex_trylock_common+0x10/0x10
[  378.096137][ T8486]  ? rcu_is_watching+0x15/0xb0
[  378.096173][ T8486]  netlink_rcv_skb+0x28c/0x470
[  378.096205][ T8486]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  378.096243][ T8486]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  378.096297][ T8486]  ? netlink_deliver_tap+0x2e/0x1b0
[  378.096335][ T8486]  xfrm_netlink_rcv+0x79/0x90
[  378.096367][ T8486]  netlink_unicast+0x75c/0x8e0
[  378.096407][ T8486]  netlink_sendmsg+0x805/0xb30
[  378.096450][ T8486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  378.096492][ T8486]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  378.096513][ T8486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  378.096547][ T8486]  __sock_sendmsg+0x21c/0x270
[  378.096578][ T8486]  ____sys_sendmsg+0x505/0x830
[  378.096619][ T8486]  ? __pfx_____sys_sendmsg+0x10/0x10
[  378.096664][ T8486]  ? import_iovec+0x74/0xa0
[  378.096700][ T8486]  ___sys_sendmsg+0x21f/0x2a0
[  378.096740][ T8486]  ? __pfx____sys_sendmsg+0x10/0x10
[  378.096817][ T8486]  ? __fget_files+0x2a/0x420
[  378.096841][ T8486]  ? __fget_files+0x3a0/0x420
[  378.096880][ T8486]  __x64_sys_sendmsg+0x19b/0x260
[  378.096918][ T8486]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  378.096982][ T8486]  do_syscall_64+0xfa/0x3b0
[  378.097010][ T8486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.097032][ T8486]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  378.097054][ T8486]  ? clear_bhb_loop+0x60/0xb0
[  378.097082][ T8486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.097105][ T8486] RIP: 0033:0x7f92b718ebe9
[  378.097126][ T8486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.097146][ T8486] RSP: 002b:00007f92b7ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  378.097170][ T8486] RAX: ffffffffffffffda RBX: 00007f92b73b5fa0 RCX: 00007f92b718ebe9
[  378.097187][ T8486] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  378.097202][ T8486] RBP: 00007f92b7ff6090 R08: 0000000000000000 R09: 0000000000000000
[  378.097217][ T8486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  378.097231][ T8486] R13: 00007f92b73b6038 R14: 00007f92b73b5fa0 R15: 00007ffee4751a48
[  378.097277][ T8486]  </TASK>
[  378.702862][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.169407][  T980] IPVS: starting estimator thread 0...
[  379.557638][ T8506] IPVS: using max 27 ests per chain, 64800 per kthread
[  380.189721][  T980] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  380.231957][ T8517] loop9: detected capacity change from 0 to 7
[  380.300447][ T8517] ldm_validate_partition_table(): Disk read failed.
[  380.307806][ T8517] Dev loop9: unable to read RDB block 0
[  380.313936][ T8517]  loop9: unable to read partition table
[  380.320219][ T8517] loop9: partition table beyond EOD, truncated
[  380.326525][ T8517] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  380.326525][ T8517] 
) failed (rc=-5)
[  381.040899][  T980] usb 4-1: unable to get BOS descriptor or descriptor too short
[  381.050898][  T980] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  381.092009][  T980] usb 4-1: string descriptor 0 read error: -22
[  381.115626][  T980] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  381.135895][  T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.144497][ T8525] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  381.451756][  T980] usb 4-1: reset high-speed USB device number 23 using dummy_hcd
[  381.459974][ T5891] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  381.614117][ T8533] hub 1-0:1.0: USB hub found
[  381.626774][ T8533] hub 1-0:1.0: 1 port detected
[  381.862696][ T5891] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  381.876508][ T5891] usb 6-1: config 8 has no interface number 0
[  381.882717][ T5891] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  381.896511][ T5891] usb 6-1: config 8 interface 177 has no altsetting 0
[  381.906501][ T5891] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  381.915979][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.318226][  T980] usb 4-1: device descriptor read/64, error -71
[  383.059937][ T8524] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  383.193529][  T980] usb 4-1: reset high-speed USB device number 23 using dummy_hcd
[  383.281081][ T5891] usb 6-1: can't set config #8, error -71
[  383.333457][ T5891] usb 6-1: USB disconnect, device number 5
[  383.430908][ T8556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  385.126563][  T980] usb 4-1: USB disconnect, device number 23
[  385.836558][ T5833] Bluetooth: hci5: command 0x0406 tx timeout
[  386.036076][ T8589] FAULT_INJECTION: forcing a failure.
[  386.036076][ T8589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.078844][ T8589] CPU: 0 UID: 0 PID: 8589 Comm: syz.4.718 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  386.078876][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.078891][ T8589] Call Trace:
[  386.078901][ T8589]  <TASK>
[  386.078910][ T8589]  dump_stack_lvl+0x189/0x250
[  386.078940][ T8589]  ? __pfx____ratelimit+0x10/0x10
[  386.078964][ T8589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.078990][ T8589]  ? __pfx__printk+0x10/0x10
[  386.079022][ T8589]  ? __might_fault+0xb0/0x130
[  386.079053][ T8589]  should_fail_ex+0x414/0x560
[  386.079082][ T8589]  _copy_from_user+0x2d/0xb0
[  386.079114][ T8589]  kstrtouint_from_user+0xc4/0x170
[  386.079135][ T8589]  ? rcu_is_watching+0x15/0xb0
[  386.079161][ T8589]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  386.079184][ T8589]  ? preempt_schedule_irq+0xde/0x150
[  386.079215][ T8589]  ? irqentry_exit+0x74/0x90
[  386.079235][ T8589]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.079260][ T8589]  proc_fail_nth_write+0x88/0x240
[  386.079286][ T8589]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  386.079314][ T8589]  ? vfs_write+0x211/0xa90
[  386.079336][ T8589]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  386.079364][ T8589]  vfs_write+0x27e/0xa90
[  386.079399][ T8589]  ? __pfx_vfs_write+0x10/0x10
[  386.079430][ T8589]  ? fdget_pos+0x27c/0x320
[  386.079468][ T8589]  ksys_write+0x145/0x250
[  386.079491][ T8589]  ? __pfx_ksys_write+0x10/0x10
[  386.079518][ T8589]  ? rcu_is_watching+0x15/0xb0
[  386.079548][ T8589]  ? do_syscall_64+0xbe/0x3b0
[  386.079577][ T8589]  do_syscall_64+0xfa/0x3b0
[  386.079601][ T8589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.079622][ T8589]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  386.079643][ T8589]  ? clear_bhb_loop+0x60/0xb0
[  386.079668][ T8589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.079689][ T8589] RIP: 0033:0x7fcf1b18d69f
[  386.079720][ T8589] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  386.079739][ T8589] RSP: 002b:00007fcf1bff2030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  386.079761][ T8589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcf1b18d69f
[  386.079776][ T8589] RDX: 0000000000000001 RSI: 00007fcf1bff20a0 RDI: 0000000000000006
[  386.079790][ T8589] RBP: 00007fcf1bff2090 R08: 0000000000000000 R09: 0000000000000000
[  386.079803][ T8589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  386.079816][ T8589] R13: 00007fcf1b3b6218 R14: 00007fcf1b3b6180 R15: 00007ffefba09c38
[  386.079848][ T8589]  </TASK>
[  386.421515][ T8591] netlink: 'syz.1.720': attribute type 2 has an invalid length.
[  386.573296][ T8597] Invalid logical block size (1792)
[  387.639137][ T1613] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  387.743891][ T8611] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  388.093041][ T1613] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  388.127138][ T1613] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.144916][ T1613] usb 6-1: Product: syz
[  388.161232][ T1613] usb 6-1: Manufacturer: syz
[  388.173612][ T1613] usb 6-1: SerialNumber: syz
[  388.203238][ T1613] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  388.216776][ T8618] Invalid logical block size (510)
[  388.247327][ T5948] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  388.416932][ T8623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.452792][ T8623] tipc: Resetting bearer <eth:syzkaller0>
[  388.551686][ T8622] tipc: Disabling bearer <eth:syzkaller0>
[  389.230953][ T8592] netlink: 'syz.5.721': attribute type 29 has an invalid length.
[  389.291433][ T5919] usb 6-1: USB disconnect, device number 6
[  389.301426][ T5948] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  389.308737][ T5948] ath9k_htc: Failed to initialize the device
[  389.341437][ T5919] usb 6-1: ath9k_htc: USB layer deinitialized
[  389.755004][ T8633] netlink: 16 bytes leftover after parsing attributes in process `syz.4.730'.
[  390.521619][ T8638] netlink: 12 bytes leftover after parsing attributes in process `syz.1.733'.
[  391.602866][ T8646] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  391.725214][ T8647] netlink: 12 bytes leftover after parsing attributes in process `syz.5.734'.
[  395.381456][ T8678] netlink: 'syz.3.745': attribute type 2 has an invalid length.
[  396.055706][ T8687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.747'.
[  396.157119][ T8688] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  396.204321][ T8690] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  397.286543][ T8692] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  397.458370][ T8703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.835744][ T8730] FAULT_INJECTION: forcing a failure.
[  399.835744][ T8730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.853818][ T8730] CPU: 0 UID: 0 PID: 8730 Comm: syz.1.762 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  399.853851][ T8730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  399.853865][ T8730] Call Trace:
[  399.853873][ T8730]  <TASK>
[  399.853883][ T8730]  dump_stack_lvl+0x189/0x250
[  399.853914][ T8730]  ? __pfx____ratelimit+0x10/0x10
[  399.853938][ T8730]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.853963][ T8730]  ? __pfx__printk+0x10/0x10
[  399.853991][ T8730]  ? __might_fault+0xb0/0x130
[  399.854027][ T8730]  should_fail_ex+0x414/0x560
[  399.854055][ T8730]  _copy_from_iter+0x1db/0x16f0
[  399.854088][ T8730]  ? rcu_is_watching+0x15/0xb0
[  399.854114][ T8730]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  399.854140][ T8730]  ? __pfx__copy_from_iter+0x10/0x10
[  399.854169][ T8730]  ? __build_skb_around+0x257/0x3e0
[  399.854205][ T8730]  ? netlink_sendmsg+0x642/0xb30
[  399.854234][ T8730]  ? skb_put+0x11b/0x210
[  399.854270][ T8730]  netlink_sendmsg+0x6b2/0xb30
[  399.854319][ T8730]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.854365][ T8730]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  399.854388][ T8730]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.854420][ T8730]  __sock_sendmsg+0x21c/0x270
[  399.854451][ T8730]  ____sys_sendmsg+0x505/0x830
[  399.854491][ T8730]  ? __pfx_____sys_sendmsg+0x10/0x10
[  399.854535][ T8730]  ? import_iovec+0x74/0xa0
[  399.854569][ T8730]  ___sys_sendmsg+0x21f/0x2a0
[  399.854606][ T8730]  ? __pfx____sys_sendmsg+0x10/0x10
[  399.854681][ T8730]  ? __fget_files+0x2a/0x420
[  399.854705][ T8730]  ? __fget_files+0x3a0/0x420
[  399.854742][ T8730]  __x64_sys_sendmsg+0x19b/0x260
[  399.854780][ T8730]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  399.854825][ T8730]  ? __pfx_ksys_write+0x10/0x10
[  399.854843][ T8730]  ? rcu_is_watching+0x15/0xb0
[  399.854873][ T8730]  ? do_syscall_64+0xbe/0x3b0
[  399.854902][ T8730]  do_syscall_64+0xfa/0x3b0
[  399.854925][ T8730]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.854948][ T8730]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.854970][ T8730]  ? clear_bhb_loop+0x60/0xb0
[  399.854997][ T8730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.855019][ T8730] RIP: 0033:0x7f92b718ebe9
[  399.855039][ T8730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.855058][ T8730] RSP: 002b:00007f92b7ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.855082][ T8730] RAX: ffffffffffffffda RBX: 00007f92b73b5fa0 RCX: 00007f92b718ebe9
[  399.855098][ T8730] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  399.855111][ T8730] RBP: 00007f92b7ff6090 R08: 0000000000000000 R09: 0000000000000000
[  399.855125][ T8730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.855138][ T8730] R13: 00007f92b73b6038 R14: 00007f92b73b5fa0 R15: 00007ffee4751a48
[  399.855172][ T8730]  </TASK>
[  400.403988][ T8737] netlink: 116 bytes leftover after parsing attributes in process `syz.5.764'.
[  400.454350][ T8740] Invalid logical block size (768)
[  400.841334][ T8741] netlink: 'syz.0.763': attribute type 2 has an invalid length.
[  400.865220][ T8741] loop6: detected capacity change from 0 to 7
[  400.874446][ T8741] Dev loop6: unable to read RDB block 7
[  400.874548][ T8741]  loop6: AHDI p4
[  400.874676][ T8741] loop6: partition table partially beyond EOD, truncated
[  401.781352][ T8756] netlink: 2384 bytes leftover after parsing attributes in process `syz.5.769'.
[  402.785197][ T8760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  404.666311][ T8752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  405.551225][ T8786] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  405.772376][ T1613] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  407.732558][ T8794] overlayfs: overlapping lowerdir path
[  407.766500][ T1613] usb 4-1: Using ep0 maxpacket: 32
[  407.780889][ T1613] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  407.829548][ T1613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.304954][ T1613] usb 4-1: config 0 descriptor??
[  409.373267][ T1613] usb 4-1: can't set config #0, error -71
[  409.409445][ T1613] usb 4-1: USB disconnect, device number 24
[  409.705877][ T8806] netlink: 2384 bytes leftover after parsing attributes in process `syz.5.781'.
[  410.422167][ T8805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.783'.
[  412.454614][ T8821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  413.256555][ T5891] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  413.264277][ T5919] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  413.930507][ T5891] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  414.036443][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.044691][ T5891] usb 6-1: Product: syz
[  414.055658][ T5891] usb 6-1: Manufacturer: syz
[  414.065011][ T5891] usb 6-1: SerialNumber: syz
[  414.888446][ T5891] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  414.935951][    T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  415.606008][ T5948] usb 6-1: USB disconnect, device number 7
[  416.016361][    T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  417.604703][    T9] ath9k_htc: Failed to initialize the device
[  418.076573][ T1613] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  418.345962][ T5948] usb 6-1: ath9k_htc: USB layer deinitialized
[  418.379392][ T1613] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  418.424104][ T1613] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.608708][ T1613] usb 5-1: Product: syz
[  418.608734][ T1613] usb 5-1: Manufacturer: syz
[  418.608752][ T1613] usb 5-1: SerialNumber: syz
[  418.710834][ T8859] netlink: 2384 bytes leftover after parsing attributes in process `syz.5.796'.
[  420.006621][ T1613] usb 5-1: can't set config #1, error -71
[  420.008670][ T1613] usb 5-1: USB disconnect, device number 23
[  420.234683][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.5.798'.
[  421.021997][ T8874] overlayfs: failed to resolve './file0': -2
[  421.308225][ T1613] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  421.638908][ T1613] usb 2-1: Using ep0 maxpacket: 8
[  422.014180][ T1613] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  422.037289][ T1613] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  422.255030][ T1613] usb 2-1: Product: syz
[  422.263544][ T1613] usb 2-1: Manufacturer: syz
[  422.294188][ T1613] usb 2-1: SerialNumber: syz
[  422.307675][ T1613] usb 2-1: config 0 descriptor??
[  422.330594][ T1613] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  422.616080][ T8877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.661591][ T5911] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  422.686680][ T8877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.800830][ T8900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.817214][ T8900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.854346][ T5911] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  422.863679][ T5948] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  422.871507][ T1613] gspca_zc3xx: reg_w_i err -110
[  422.887675][ T1613] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  422.906371][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.914446][ T5911] usb 6-1: Product: syz
[  422.933168][ T5911] usb 6-1: Manufacturer: syz
[  422.949390][ T5911] usb 6-1: SerialNumber: syz
[  422.970116][ T8904] Invalid logical block size (48858)
[  422.976877][ T5911] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  423.015757][ T1613] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  423.055514][ T5948] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  423.098128][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.123240][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.164891][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.186915][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.206506][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.249973][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.273407][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.297013][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.327285][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.345468][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.374372][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.406093][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.428366][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.457383][   T24] usb 6-1: USB disconnect, device number 8
[  423.489764][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.513172][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.534510][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.559045][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.616341][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  423.656733][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  423.703765][ T8910] FAULT_INJECTION: forcing a failure.
[  423.703765][ T8910] name failslab, interval 1, probability 0, space 0, times 0
[  423.705225][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  423.743014][ T8910] CPU: 0 UID: 0 PID: 8910 Comm: syz.4.813 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  423.743060][ T8910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  423.743078][ T8910] Call Trace:
[  423.743087][ T8910]  <TASK>
[  423.743096][ T8910]  dump_stack_lvl+0x189/0x250
[  423.743125][ T8910]  ? __pfx____ratelimit+0x10/0x10
[  423.743147][ T8910]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.743170][ T8910]  ? __pfx__printk+0x10/0x10
[  423.743210][ T8910]  should_fail_ex+0x414/0x560
[  423.743237][ T8910]  should_failslab+0xa8/0x100
[  423.743261][ T8910]  kmem_cache_alloc_noprof+0x73/0x3c0
[  423.743281][ T8910]  ? skb_clone+0x212/0x3a0
[  423.743305][ T8910]  skb_clone+0x212/0x3a0
[  423.743329][ T8910]  __netlink_deliver_tap+0x404/0x850
[  423.743370][ T8910]  ? netlink_deliver_tap+0x2e/0x1b0
[  423.743400][ T8910]  netlink_deliver_tap+0x19c/0x1b0
[  423.743429][ T8910]  netlink_sendskb+0x68/0x140
[  423.743456][ T8910]  netlink_rcv_skb+0x28c/0x470
[  423.743485][ T8910]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  423.743514][ T8910]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  423.743555][ T8910]  ? netlink_deliver_tap+0x2e/0x1b0
[  423.743582][ T8910]  ? netlink_deliver_tap+0x2e/0x1b0
[  423.743615][ T8910]  netlink_unicast+0x75c/0x8e0
[  423.743652][ T8910]  netlink_sendmsg+0x805/0xb30
[  423.743691][ T8910]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.743728][ T8910]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  423.743748][ T8910]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.743777][ T8910]  __sock_sendmsg+0x21c/0x270
[  423.743804][ T8910]  ____sys_sendmsg+0x505/0x830
[  423.743841][ T8910]  ? __pfx_____sys_sendmsg+0x10/0x10
[  423.743881][ T8910]  ? import_iovec+0x74/0xa0
[  423.743912][ T8910]  ___sys_sendmsg+0x21f/0x2a0
[  423.743945][ T8910]  ? __pfx____sys_sendmsg+0x10/0x10
[  423.744013][ T8910]  ? __fget_files+0x2a/0x420
[  423.744040][ T8910]  ? __fget_files+0x3a0/0x420
[  423.744079][ T8910]  __x64_sys_sendmsg+0x19b/0x260
[  423.744113][ T8910]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  423.744155][ T8910]  ? __pfx_ksys_write+0x10/0x10
[  423.744171][ T8910]  ? rcu_is_watching+0x15/0xb0
[  423.744198][ T8910]  ? do_syscall_64+0xbe/0x3b0
[  423.744225][ T8910]  do_syscall_64+0xfa/0x3b0
[  423.744263][ T8910]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.744286][ T8910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.744307][ T8910]  ? clear_bhb_loop+0x60/0xb0
[  423.744333][ T8910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.744354][ T8910] RIP: 0033:0x7fcf1b18ebe9
[  423.744373][ T8910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.744392][ T8910] RSP: 002b:00007fcf1c034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  423.744415][ T8910] RAX: ffffffffffffffda RBX: 00007fcf1b3b5fa0 RCX: 00007fcf1b18ebe9
[  423.744431][ T8910] RDX: 000000000002c044 RSI: 0000200000000580 RDI: 0000000000000003
[  423.744445][ T8910] RBP: 00007fcf1c034090 R08: 0000000000000000 R09: 0000000000000000
[  423.744458][ T8910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.744470][ T8910] R13: 00007fcf1b3b6038 R14: 00007fcf1b3b5fa0 R15: 00007ffefba09c38
[  423.744504][ T8910]  </TASK>
[  423.776363][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  424.226308][ T1613] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  424.233417][ T1613] ath9k_htc: Failed to initialize the device
[  424.303987][   T24] usb 6-1: ath9k_htc: USB layer deinitialized
[  424.368175][    T9] usb 2-1: USB disconnect, device number 15
[  425.092631][ T5948] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  425.101785][ T5948] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  425.141125][ T5948] usb 4-1: config 0 interface 0 has no altsetting 0
[  425.168991][ T5948] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  425.191500][ T5948] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  425.209746][ T5948] usb 4-1: Product: syz
[  425.277760][ T5948] usb 4-1: Manufacturer: syz
[  425.303508][ T5948] usb 4-1: SerialNumber: syz
[  425.691386][ T5948] usb 4-1: config 0 descriptor??
[  425.899306][ T5948] usb 4-1: can't set config #0, error -71
[  425.921456][ T5948] usb 4-1: USB disconnect, device number 25
[  426.848714][ T8942] program syz.5.823 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  426.953276][ T8945] FAULT_INJECTION: forcing a failure.
[  426.953276][ T8945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.969174][ T8948] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  427.007467][ T8945] CPU: 0 UID: 0 PID: 8945 Comm: syz.4.824 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  427.007498][ T8945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  427.007515][ T8945] Call Trace:
[  427.007527][ T8945]  <TASK>
[  427.007536][ T8945]  dump_stack_lvl+0x189/0x250
[  427.007565][ T8945]  ? __pfx____ratelimit+0x10/0x10
[  427.007588][ T8945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.007613][ T8945]  ? __pfx__printk+0x10/0x10
[  427.007653][ T8945]  should_fail_ex+0x414/0x560
[  427.007680][ T8945]  _copy_to_user+0x31/0xb0
[  427.007713][ T8945]  simple_read_from_buffer+0xe1/0x170
[  427.007740][ T8945]  proc_fail_nth_read+0x1df/0x250
[  427.007783][ T8945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  427.007838][ T8945]  ? rw_verify_area+0x258/0x650
[  427.007870][ T8945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  427.007899][ T8945]  vfs_read+0x200/0x980
[  427.007939][ T8945]  ? __pfx___mutex_lock+0x10/0x10
[  427.007965][ T8945]  ? __pfx_vfs_read+0x10/0x10
[  427.008000][ T8945]  ? __fget_files+0x2a/0x420
[  427.008030][ T8945]  ? __fget_files+0x3a0/0x420
[  427.008053][ T8945]  ? __fget_files+0x2a/0x420
[  427.008087][ T8945]  ksys_read+0x145/0x250
[  427.008110][ T8945]  ? __pfx_ksys_read+0x10/0x10
[  427.008125][ T8945]  ? rcu_is_watching+0x15/0xb0
[  427.008155][ T8945]  ? do_syscall_64+0xbe/0x3b0
[  427.008184][ T8945]  do_syscall_64+0xfa/0x3b0
[  427.008207][ T8945]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.008229][ T8945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.008251][ T8945]  ? clear_bhb_loop+0x60/0xb0
[  427.008278][ T8945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.008298][ T8945] RIP: 0033:0x7fcf1b18d5fc
[  427.008317][ T8945] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  427.008337][ T8945] RSP: 002b:00007fcf1c034030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  427.008360][ T8945] RAX: ffffffffffffffda RBX: 00007fcf1b3b5fa0 RCX: 00007fcf1b18d5fc
[  427.008376][ T8945] RDX: 000000000000000f RSI: 00007fcf1c0340a0 RDI: 0000000000000006
[  427.008390][ T8945] RBP: 00007fcf1c034090 R08: 0000000000000000 R09: 0000000000000000
[  427.008403][ T8945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.008416][ T8945] R13: 00007fcf1b3b6038 R14: 00007fcf1b3b5fa0 R15: 00007ffefba09c38
[  427.008451][ T8945]  </TASK>
[  427.245245][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.481314][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  428.042019][   T24] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  428.059695][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.075491][   T24] usb 2-1: Product: syz
[  428.086766][   T24] usb 2-1: Manufacturer: syz
[  428.105162][   T24] usb 2-1: SerialNumber: syz
[  428.125081][   T24] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  428.145426][ T1613] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  428.359131][ T8962] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  428.380241][ T8962] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  428.958295][ T8964] fuse: Unknown parameter ''
[  428.990730][ T5919] usb 2-1: USB disconnect, device number 16
[  429.456395][ T1613] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  429.483948][ T1613] ath9k_htc: Failed to initialize the device
[  429.514895][ T5919] usb 2-1: ath9k_htc: USB layer deinitialized
[  430.317083][ T8982] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  431.446109][ T5919] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  431.864693][ T5919] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  432.104811][ T5919] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  432.120545][ T5919] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  432.131742][ T5919] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  432.145608][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  432.145627][   T30] audit: type=1326 audit(1755118381.898:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8975 comm="syz.0.836" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d5f78ebe9 code=0x0
[  432.190918][ T5919] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  432.220481][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.246380][ T5919] usb 2-1: Product: syz
[  432.250625][ T5919] usb 2-1: Manufacturer: syz
[  432.255254][ T5919] usb 2-1: SerialNumber: syz
[  432.445400][ T8993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.837'.
[  432.485365][ T8995] Invalid logical block size (55998)
[  432.696684][ T8974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  432.745674][ T8974] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.786989][ T5919] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  432.802407][ T5919] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  432.821598][ T5919] usb 2-1: found format II with max.bitrate = 128, frame size=0
[  432.839190][ T5919] usb 2-1: 2:1: All rates were zero
[  432.885780][ T5919] usb 2-1: USB disconnect, device number 17
[  433.740482][ T9006] netlink: 12 bytes leftover after parsing attributes in process `syz.5.841'.
[  433.749501][ T9006] netlink: 48 bytes leftover after parsing attributes in process `syz.5.841'.
[  434.066477][ T1613] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  434.265808][ T1613] usb 4-1: descriptor type invalid, skip
[  434.933050][ T5919] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  434.971509][ T1613] usb 4-1: No LPM exit latency info found, disabling LPM.
[  435.011569][ T1613] usb 4-1: config 1 interface 0 altsetting 248 endpoint 0x82 is Bulk; changing to Interrupt
[  435.035011][ T1613] usb 4-1: config 1 interface 0 altsetting 248 endpoint 0x3 is Bulk; changing to Interrupt
[  435.096514][ T1613] usb 4-1: config 1 interface 0 has no altsetting 0
[  435.109638][ T1613] usb 4-1: string descriptor 0 read error: -22
[  435.117255][ T5919] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  435.126758][ T1613] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  435.135840][ T1613] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.142721][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.162302][ T9011] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  435.165812][ T5919] usb 6-1: Product: syz
[  435.186390][ T9011] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  435.191812][ T5919] usb 6-1: Manufacturer: syz
[  435.198987][ T5919] usb 6-1: SerialNumber: syz
[  435.201094][ T1613] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  435.243382][ T5919] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  435.450164][    T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  435.451440][ T9011] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  436.365514][ T5891] usb 6-1: USB disconnect, device number 9
[  436.535103][    T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  436.700184][    T9] ath9k_htc: Failed to initialize the device
[  436.711605][ T5891] usb 6-1: ath9k_htc: USB layer deinitialized
[  436.762860][ T5919] usb 4-1: USB disconnect, device number 26
[  436.783497][ T9036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.849'.
[  438.364018][ T9040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  438.505689][ T9051] netlink: 12 bytes leftover after parsing attributes in process `syz.3.855'.
[  438.515000][ T9050] netlink: 'syz.5.854': attribute type 2 has an invalid length.
[  438.524547][ T9050] FAULT_INJECTION: forcing a failure.
[  438.524547][ T9050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  438.543684][ T9050] CPU: 0 UID: 0 PID: 9050 Comm: syz.5.854 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  438.543713][ T9050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  438.543726][ T9050] Call Trace:
[  438.543735][ T9050]  <TASK>
[  438.543744][ T9050]  dump_stack_lvl+0x189/0x250
[  438.543774][ T9050]  ? __pfx____ratelimit+0x10/0x10
[  438.543805][ T9050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  438.543830][ T9050]  ? __pfx__printk+0x10/0x10
[  438.543869][ T9050]  should_fail_ex+0x414/0x560
[  438.543895][ T9050]  _copy_to_user+0x31/0xb0
[  438.543928][ T9050]  simple_read_from_buffer+0xe1/0x170
[  438.543956][ T9050]  proc_fail_nth_read+0x1df/0x250
[  438.543986][ T9050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  438.544015][ T9050]  ? rw_verify_area+0x258/0x650
[  438.544047][ T9050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  438.544072][ T9050]  vfs_read+0x200/0x980
[  438.544105][ T9050]  ? __pfx___mutex_lock+0x10/0x10
[  438.544127][ T9050]  ? __pfx_vfs_read+0x10/0x10
[  438.544159][ T9050]  ? __fget_files+0x2a/0x420
[  438.544186][ T9050]  ? __fget_files+0x3a0/0x420
[  438.544206][ T9050]  ? __fget_files+0x2a/0x420
[  438.544238][ T9050]  ksys_read+0x145/0x250
[  438.544261][ T9050]  ? __pfx_ksys_read+0x10/0x10
[  438.544277][ T9050]  ? rcu_is_watching+0x15/0xb0
[  438.544305][ T9050]  ? do_syscall_64+0xbe/0x3b0
[  438.544332][ T9050]  do_syscall_64+0xfa/0x3b0
[  438.544372][ T9050]  ? lockdep_hardirqs_on+0x9c/0x150
[  438.544392][ T9050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.544413][ T9050]  ? clear_bhb_loop+0x60/0xb0
[  438.544439][ T9050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.544472][ T9050] RIP: 0033:0x7fcc8e58d5fc
[  438.544492][ T9050] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  438.544527][ T9050] RSP: 002b:00007fcc8f4b1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  438.544550][ T9050] RAX: ffffffffffffffda RBX: 00007fcc8e7b5fa0 RCX: 00007fcc8e58d5fc
[  438.544566][ T9050] RDX: 000000000000000f RSI: 00007fcc8f4b10a0 RDI: 0000000000000004
[  438.544579][ T9050] RBP: 00007fcc8f4b1090 R08: 0000000000000000 R09: 0000000000000000
[  438.544592][ T9050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  438.544604][ T9050] R13: 00007fcc8e7b6038 R14: 00007fcc8e7b5fa0 R15: 00007ffefdf87628
[  438.544641][ T9050]  </TASK>
[  438.910161][ T9054] loop6: detected capacity change from 0 to 7
[  438.937378][ T9054] Dev loop6: unable to read RDB block 7
[  438.943030][ T9054]  loop6: unable to read partition table
[  438.949127][ T9054] loop6: partition table beyond EOD, truncated
[  438.990589][ T9054] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  440.027101][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  442.817421][ T1613] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  442.937694][ T9087] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.865'.
[  443.534618][ T1613] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  443.556404][ T1613] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.564467][ T1613] usb 1-1: Product: syz
[  443.586446][ T1613] usb 1-1: Manufacturer: syz
[  443.591137][ T1613] usb 1-1: SerialNumber: syz
[  443.605280][ T1613] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  443.707917][ T5948] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  443.775640][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.4.867'.
[  444.256988][  T980] usb 1-1: USB disconnect, device number 21
[  445.243811][ T9107] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  446.485191][ T9115] netlink: 'syz.4.873': attribute type 1 has an invalid length.
[  446.491250][ T5948] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  448.075252][ T5948] ath9k_htc: Failed to initialize the device
[  448.086350][  T980] usb 1-1: ath9k_htc: USB layer deinitialized
[  448.100940][ T9122] netlink: 12 bytes leftover after parsing attributes in process `syz.0.874'.
[  448.270480][ T9116] bridge1: entered promiscuous mode
[  448.736899][ T9116] bridge1: entered allmulticast mode
[  448.756171][ T9115] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  448.849845][ T9130] fuse: Unknown parameter ''
[  450.809522][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.880'.
[  450.897603][ T9145] Invalid logical block size (65481)
[  450.927292][ T9132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.229332][ T9153] netlink: 'syz.3.882': attribute type 10 has an invalid length.
[  451.237328][ T9153] netlink: 40 bytes leftover after parsing attributes in process `syz.3.882'.
[  451.249275][  T980] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  451.306066][ T9153] batman_adv: batadv0: Adding interface: virt_wifi0
[  451.313009][ T9153] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  451.339439][ T9153] batman_adv: batadv0: Interface activated: virt_wifi0
[  451.878607][  T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  452.009833][  T980] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  452.019666][  T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.027879][  T980] usb 1-1: Product: syz
[  452.032116][  T980] usb 1-1: Manufacturer: syz
[  452.036937][  T980] usb 1-1: SerialNumber: syz
[  452.704839][  T980] usb 1-1: config 0 descriptor??
[  452.746054][  T980] usb 1-1: can't set config #0, error -71
[  452.761540][  T980] usb 1-1: USB disconnect, device number 22
[  452.856637][   T43] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  452.875998][ T9163] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  452.896783][ T9164] netlink: 'syz.1.885': attribute type 1 has an invalid length.
[  453.003483][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.886'.
[  453.012584][ T9166] netlink: 48 bytes leftover after parsing attributes in process `syz.4.886'.
[  453.026435][   T43] usb 6-1: Using ep0 maxpacket: 32
[  453.044383][   T43] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  453.086375][   T43] usb 6-1: config 0 has no interface number 0
[  453.100267][   T43] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  453.131313][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.143051][ T9168] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  453.151719][   T43] usb 6-1: Product: syz
[  453.159587][ T9168] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  453.196292][   T43] usb 6-1: Manufacturer: syz
[  453.200971][   T43] usb 6-1: SerialNumber: syz
[  453.243032][   T43] usb 6-1: config 0 descriptor??
[  453.274189][   T43] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  453.343275][ T9164] gretap1: entered promiscuous mode
[  453.427470][ T9164] bond1: (slave gretap1): making interface the new active one
[  453.527306][ T9164] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  453.553281][   T43] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  453.576662][ T5948] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  453.603268][   T43] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  453.614276][ T9170] macvlan3: entered promiscuous mode
[  453.636469][ T9170] macvlan3: entered allmulticast mode
[  453.643151][ T9170] bond1: entered promiscuous mode
[  453.659584][ T9170] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  453.707808][ T9170] bond1: (slave macvlan3): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  453.745730][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 8
[  453.765263][ T9170] bond1: left promiscuous mode
[  453.776993][ T5948] usb 1-1: Using ep0 maxpacket: 16
[  453.784546][ T5948] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  453.794463][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.820449][ T5948] usb 1-1: config 0 descriptor??
[  453.830491][ T5948] gspca_main: sonixj-2.14.0 probing 0471:0327
[  453.848509][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.893'.
[  454.258044][ T9170] syz.1.885 (9170) used greatest stack depth: 19832 bytes left
[  454.533319][ T5948] gspca_sonixj: reg_r err -32
[  455.171845][ T5948] sonixj 1-1:0.0: probe with driver sonixj failed with error -32
[  455.257077][ T9186] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  455.410403][  T980] usb 1-1: USB disconnect, device number 23
[  455.626986][ T9202] input: syz1 as /devices/virtual/input/input13
[  455.632233][ T9199] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  455.923800][ T9199] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.121419][ T9199] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.144060][ T9209] tipc: Started in network mode
[  456.153979][ T9209] tipc: Node identity fe80000000000000000000000022001, cluster identity 4711
[  456.171452][ T9209] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  456.213130][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  456.307360][ T5948] usb 6-1: USB disconnect, device number 10
[  456.919048][ T5948] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  457.355303][ T5948] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  457.393624][ T5948] quatech2 6-1:0.51: device disconnected
[  457.452898][ T9219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.905'.
[  457.476147][ T9199] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.457081][ T9199] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  458.499716][ T9199] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  458.533411][ T9199] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  458.563327][ T9199] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  460.106816][ T9233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  461.006085][ T9252] loop9: detected capacity change from 0 to 7
[  461.015890][ T9252] buffer_io_error: 18 callbacks suppressed
[  461.015930][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.030558][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.039268][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.047830][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.056324][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.064937][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.073546][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.083223][ T9252] ldm_validate_partition_table(): Disk read failed.
[  461.091267][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.100043][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.108628][ T9252] Buffer I/O error on dev loop9, logical block 0, async page read
[  461.117465][ T9252] Dev loop9: unable to read RDB block 0
[  461.124665][ T9252]  loop9: unable to read partition table
[  461.131709][ T9252] loop9: partition table beyond EOD, truncated
[  461.138167][ T9252] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  461.138167][ T9252] 
) failed (rc=-5)
[  463.546514][ T9270] netlink: 104 bytes leftover after parsing attributes in process `syz.4.922'.
[  464.437885][ T9282] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  465.060963][ T9287] fuse: Unknown parameter ''
[  465.633975][ T9289] netlink: 12 bytes leftover after parsing attributes in process `syz.1.929'.
[  465.676475][ T9289] netlink: 12 bytes leftover after parsing attributes in process `syz.1.929'.
[  466.415083][ T9295] tipc: Started in network mode
[  466.420936][ T9295] tipc: Node identity fe800000000000000000100097fd001, cluster identity 4711
[  466.430508][ T9295] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  466.482649][ T9290] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.604769][ T9305] FAULT_INJECTION: forcing a failure.
[  466.604769][ T9305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.716491][ T9305] CPU: 1 UID: 0 PID: 9305 Comm: syz.3.935 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  466.716522][ T9305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  466.716536][ T9305] Call Trace:
[  466.716545][ T9305]  <TASK>
[  466.716555][ T9305]  dump_stack_lvl+0x189/0x250
[  466.716586][ T9305]  ? __pfx____ratelimit+0x10/0x10
[  466.716609][ T9305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.716633][ T9305]  ? __pfx__printk+0x10/0x10
[  466.716673][ T9305]  ? __might_fault+0xb0/0x130
[  466.716704][ T9305]  should_fail_ex+0x414/0x560
[  466.716731][ T9305]  _copy_from_user+0x2d/0xb0
[  466.716761][ T9305]  core_sys_select+0x4b7/0xa20
[  466.716795][ T9305]  ? __pfx_core_sys_select+0x10/0x10
[  466.716841][ T9305]  ? __pfx_set_user_sigmask+0x10/0x10
[  466.716875][ T9305]  __se_sys_pselect6+0x27a/0x300
[  466.716903][ T9305]  ? __pfx___se_sys_pselect6+0x10/0x10
[  466.716924][ T9305]  ? __pfx_ksys_write+0x10/0x10
[  466.716941][ T9305]  ? rcu_is_watching+0x15/0xb0
[  466.716968][ T9305]  ? __x64_sys_pselect6+0x21/0xf0
[  466.716992][ T9305]  do_syscall_64+0xfa/0x3b0
[  466.717014][ T9305]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.717035][ T9305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.717055][ T9305]  ? clear_bhb_loop+0x60/0xb0
[  466.717079][ T9305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.717099][ T9305] RIP: 0033:0x7f0ba518ebe9
[  466.717116][ T9305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.717134][ T9305] RSP: 002b:00007f0ba6003038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  466.717155][ T9305] RAX: ffffffffffffffda RBX: 00007f0ba53b5fa0 RCX: 00007f0ba518ebe9
[  466.717179][ T9305] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  466.717193][ T9305] RBP: 00007f0ba6003090 R08: 0000000000000000 R09: 0000000000000000
[  466.717209][ T9305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.717221][ T9305] R13: 00007f0ba53b6038 R14: 00007f0ba53b5fa0 R15: 00007ffc5063c108
[  466.717253][ T9305]  </TASK>
[  467.300591][ T9318] netlink: 4 bytes leftover after parsing attributes in process `syz.0.938'.
[  467.309931][ T9318] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  467.436630][ T5948] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  467.676369][ T5948] usb 6-1: Using ep0 maxpacket: 32
[  467.693704][ T5948] usb 6-1: config 0 has an invalid interface number: 195 but max is 0
[  467.714515][ T5948] usb 6-1: config 0 has no interface number 0
[  467.721818][ T5948] usb 6-1: config 0 interface 195 has no altsetting 0
[  467.756179][ T5948] usb 6-1: New USB device found, idVendor=1b80, idProduct=e309, bcdDevice=5c.6b
[  467.770941][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.788681][ T5948] usb 6-1: Product: syz
[  467.797691][ T5948] usb 6-1: Manufacturer: syz
[  467.802367][ T5948] usb 6-1: SerialNumber: syz
[  467.813490][ T5948] usb 6-1: config 0 descriptor??
[  467.831334][ T5948] em28xx 6-1:0.195: New device syz syz @ 480 Mbps (1b80:e309, interface 195, class 195)
[  467.851926][ T5948] em28xx 6-1:0.195: Video interface 195 found: bulk
[  467.917755][ T9333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.943'.
[  468.160381][ T5948] em28xx 6-1:0.195: unknown em28xx chip ID (0)
[  468.492615][ T5948] em28xx 6-1:0.195: reading from i2c device at 0xa0 failed (error=-5)
[  468.523570][ T5948] em28xx 6-1:0.195: board has no eeprom
[  468.747985][ T5948] em28xx 6-1:0.195: Identified as Easy Cap Capture DC-60 (card=64)
[  468.759063][ T5948] em28xx 6-1:0.195: analog set to bulk mode.
[  468.765470][   T43] em28xx 6-1:0.195: Registering V4L2 extension
[  468.796655][ T5948] usb 6-1: USB disconnect, device number 11
[  468.804108][ T5948] em28xx 6-1:0.195: Disconnecting em28xx
[  468.901293][ T5891] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  469.554609][   T43] em28xx 6-1:0.195: Config register raw data: 0xffffffed
[  469.591367][   T43] em28xx 6-1:0.195: AC97 chip type couldn't be determined
[  469.606852][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  469.613422][   T43] em28xx 6-1:0.195: No AC97 audio processor
[  469.627435][ T5891] usb 1-1: config 8 has an invalid interface number: 125 but max is 0
[  469.633390][ T9351] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  469.644024][ T9351] syzkaller0: entered promiscuous mode
[  469.649646][ T9351] syzkaller0: entered allmulticast mode
[  469.659548][ T9349] netlink: 36 bytes leftover after parsing attributes in process `syz.3.948'.
[  469.675325][ T5891] usb 1-1: config 8 has no interface number 0
[  469.675747][   T43] usb 6-1: Decoder not found
[  469.692894][ T9349] netlink: 12 bytes leftover after parsing attributes in process `syz.3.948'.
[  469.702954][ T5891] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=26.ec
[  469.712779][   T43] em28xx 6-1:0.195: failed to create media graph
[  469.712828][   T43] em28xx 6-1:0.195: V4L2 device video103 deregistered
[  469.717584][   T43] em28xx 6-1:0.195: Remote control support is not available for this card.
[  469.741080][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.753800][ T9351] tipc: Resetting bearer <eth:syzkaller0>
[  469.770964][ T5891] usb 1-1: Product: syz
[  469.778871][ T9347] tipc: Resetting bearer <eth:syzkaller0>
[  469.782989][ T9354] netlink: 'syz.1.949': attribute type 1 has an invalid length.
[  469.789041][ T5948] em28xx 6-1:0.195: Closing input extension
[  469.798960][ T5891] usb 1-1: Manufacturer: syz
[  469.798986][ T5891] usb 1-1: SerialNumber: syz
[  469.807072][ T9354] netlink: 228 bytes leftover after parsing attributes in process `syz.1.949'.
[  469.821657][ T5891] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  469.854145][ T5948] em28xx 6-1:0.195: Freeing device
[  469.871846][ T9347] tipc: Disabling bearer <eth:syzkaller0>
[  469.892386][ T9355] netlink: 'syz.1.949': attribute type 2 has an invalid length.
[  469.977035][ T9357] netlink: 8 bytes leftover after parsing attributes in process `syz.3.950'.
[  470.003507][ T9357] openvswitch: netlink: Unknown nsh attribute 0
[  470.010328][ T9357] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  470.103089][ T9359] FAULT_INJECTION: forcing a failure.
[  470.103089][ T9359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.269083][ T9359] CPU: 1 UID: 0 PID: 9359 Comm: syz.5.951 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  470.269115][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  470.269129][ T9359] Call Trace:
[  470.269137][ T9359]  <TASK>
[  470.269148][ T9359]  dump_stack_lvl+0x189/0x250
[  470.269179][ T9359]  ? __pfx____ratelimit+0x10/0x10
[  470.269204][ T9359]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.269228][ T9359]  ? __pfx__printk+0x10/0x10
[  470.269257][ T9359]  ? __might_fault+0xb0/0x130
[  470.269291][ T9359]  should_fail_ex+0x414/0x560
[  470.269320][ T9359]  core_sys_select+0x724/0xa20
[  470.269357][ T9359]  ? __pfx_core_sys_select+0x10/0x10
[  470.269407][ T9359]  ? __pfx_set_user_sigmask+0x10/0x10
[  470.269444][ T9359]  __se_sys_pselect6+0x27a/0x300
[  470.269474][ T9359]  ? __pfx___se_sys_pselect6+0x10/0x10
[  470.269497][ T9359]  ? __pfx_ksys_write+0x10/0x10
[  470.269516][ T9359]  ? rcu_is_watching+0x15/0xb0
[  470.269546][ T9359]  ? __x64_sys_pselect6+0x21/0xf0
[  470.269571][ T9359]  do_syscall_64+0xfa/0x3b0
[  470.269595][ T9359]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.269618][ T9359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.269639][ T9359]  ? clear_bhb_loop+0x60/0xb0
[  470.269666][ T9359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.269688][ T9359] RIP: 0033:0x7fcc8e58ebe9
[  470.269707][ T9359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.269726][ T9359] RSP: 002b:00007fcc8f4b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  470.269749][ T9359] RAX: ffffffffffffffda RBX: 00007fcc8e7b5fa0 RCX: 00007fcc8e58ebe9
[  470.269765][ T9359] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  470.269779][ T9359] RBP: 00007fcc8f4b1090 R08: 0000000000000000 R09: 0000000000000000
[  470.269793][ T9359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.269806][ T9359] R13: 00007fcc8e7b6038 R14: 00007fcc8e7b5fa0 R15: 00007ffefdf87628
[  470.269840][ T9359]  </TASK>
[  470.275742][ T5891] gspca_m5602: Failed to find a sensor
[  470.484409][ T5891] ALi m5602 1-1:8.125: ALi m5602 webcam failed
[  470.500218][ T5891] usb 1-1: USB disconnect, device number 24
[  472.639470][ T9363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.682003][ T9374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.955'.
[  473.162257][ T9374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.955'.
[  473.351979][ T9393] netlink: 12 bytes leftover after parsing attributes in process `syz.0.960'.
[  473.361388][ T9393] netlink: 12 bytes leftover after parsing attributes in process `syz.0.960'.
[  474.495936][ T9400] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  474.506005][ T9400] syzkaller0: entered promiscuous mode
[  474.511635][ T9400] syzkaller0: entered allmulticast mode
[  474.620191][ T9400] tipc: Resetting bearer <eth:syzkaller0>
[  474.729208][ T9399] tipc: Resetting bearer <eth:syzkaller0>
[  474.826940][ T5948] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  474.975632][ T9407] Invalid logical block size (33554432)
[  475.014902][ T9399] tipc: Disabling bearer <eth:syzkaller0>
[  475.032428][ T5948] usb 4-1: unable to read config index 0 descriptor/start: -61
[  475.078363][ T5948] usb 4-1: can't read configurations, error -61
[  475.456480][ T5948] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  476.440909][ T9421] Illegal XDP return value 4294967282 on prog  (id 225) dev N/A, expect packet loss!
[  476.471783][ T5948] usb 4-1: unable to read config index 0 descriptor/start: -61
[  477.263619][ T5948] usb 4-1: can't read configurations, error -61
[  477.278537][ T5948] usb usb4-port1: attempt power cycle
[  477.385563][  T980] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  477.656717][ T5948] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  478.080332][  T980] usb 2-1: Using ep0 maxpacket: 16
[  478.133447][  T980] usb 2-1: unable to get BOS descriptor or descriptor too short
[  478.182622][  T980] usb 2-1: config 7 interface 0 has no altsetting 0
[  478.185008][ T5948] usb 4-1: device descriptor read/8, error -71
[  478.222940][  T980] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=8f.26
[  478.256439][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.291388][ T9434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.974'.
[  478.302773][ T9434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.974'.
[  478.320749][  T980] usb 2-1: Product: syz
[  478.346430][  T980] usb 2-1: Manufacturer: syz
[  478.353742][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'.
[  478.357122][  T980] usb 2-1: SerialNumber: syz
[  478.457154][ T9441] netlink: 148 bytes leftover after parsing attributes in process `syz.5.972'.
[  478.468303][ T9441] netlink: 56 bytes leftover after parsing attributes in process `syz.5.972'.
[  479.376769][ T5891] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  479.411113][ T9436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.463169][  T980] usb 2-1: USB disconnect, device number 18
[  479.536520][ T5891] usb 6-1: Using ep0 maxpacket: 16
[  479.704540][ T5891] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  479.731955][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.426435][ T5891] usb 6-1: Product: syz
[  480.431650][ T5891] usb 6-1: Manufacturer: syz
[  480.448991][ T5891] usb 6-1: SerialNumber: syz
[  480.459808][ T5891] r8152-cfgselector 6-1: Unknown version 0x0000
[  480.476324][ T5891] r8152-cfgselector 6-1: config 0 descriptor??
[  480.819433][ T5891] r8152-cfgselector 6-1: Unknown version 0x0000
[  480.915588][ T5891] r8152-cfgselector 6-1: bad CDC descriptors
[  480.966719][ T5891] r8152-cfgselector 6-1: USB disconnect, device number 12
[  480.974768][ T9459] sctp: failed to load transform for md5: -2
[  480.981534][ T9456] sctp: failed to load transform for md5: -2
[  483.756547][ T5948] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  483.799737][ T9535] loop9: detected capacity change from 0 to 7
[  483.810625][ T9535] buffer_io_error: 4 callbacks suppressed
[  483.810667][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.825317][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.833869][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.842715][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.851818][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.860765][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.869431][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.877937][ T9535] ldm_validate_partition_table(): Disk read failed.
[  483.885011][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.893611][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.902579][ T9535] Buffer I/O error on dev loop9, logical block 0, async page read
[  483.913709][ T9535] Dev loop9: unable to read RDB block 0
[  483.921417][ T9535]  loop9: unable to read partition table
[  483.928448][ T9535] loop9: partition table beyond EOD, truncated
[  483.934793][ T9535] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  483.934793][ T9535] 
) failed (rc=-5)
[  484.491189][ T5948] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  484.500587][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.516277][ T5948] usb 4-1: Product: syz
[  484.520516][ T5948] usb 4-1: Manufacturer: syz
[  484.549884][ T5948] usb 4-1: SerialNumber: syz
[  484.570740][ T5948] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  484.626597][ T1613] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  484.651967][ T9545] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  485.986958][ T1613] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  485.994397][ T1613] ath9k_htc: Failed to initialize the device
[  486.144802][ T1613] usb 4-1: ath9k_htc: USB layer deinitialized
[  486.211011][   T24] usb 4-1: USB disconnect, device number 31
[  486.414532][  T980] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  486.808434][  T980] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  486.818058][  T980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.826420][  T980] usb 6-1: Product: syz
[  486.830899][  T980] usb 6-1: Manufacturer: syz
[  486.835755][  T980] usb 6-1: SerialNumber: syz
[  486.849452][  T980] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  486.868793][    T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  487.966540][    T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  488.141749][    T9] ath9k_htc: Failed to initialize the device
[  488.213284][  T980] usb 6-1: USB disconnect, device number 13
[  488.243786][  T980] usb 6-1: ath9k_htc: USB layer deinitialized
[  488.505904][ T9593] netlink: 'syz.3.1010': attribute type 2 has an invalid length.
[  490.360883][  T980] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  490.540307][  T980] usb 5-1: device descriptor read/64, error -71
[  491.474734][  T980] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  491.835300][ T9608] fuse: Unknown parameter ''
[  491.936492][ T9617] fuse: Unknown parameter ''
[  492.786298][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  493.079647][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 25978, setting to 1024
[  493.136059][    T9] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  493.944084][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  494.020457][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  494.102091][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.118656][ T9637] 9pnet_fd: Insufficient options for proto=fd
[  494.146900][    T9] usb 2-1: Product: syz
[  494.165827][    T9] usb 2-1: Manufacturer: syz
[  494.182578][    T9] usb 2-1: SerialNumber: syz
[  494.213422][ T9622] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  494.231486][    T9] hub 2-1:1.0: bad descriptor, ignoring hub
[  494.240454][    T9] hub 2-1:1.0: probe with driver hub failed with error -5
[  494.434269][ T9622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.456315][   T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  494.470722][ T9622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.569420][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  494.611898][    T9] usb 2-1: USB disconnect, device number 19
[  494.759718][   T24] usb 4-1: Using ep0 maxpacket: 8
[  494.785117][    T9] usblp0: removed
[  494.785286][   T24] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  495.578828][   T24] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  495.589335][   T24] usb 4-1: config 0 has no interface number 0
[  495.599139][   T24] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  495.611240][   T24] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  495.622631][   T24] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  495.653769][   T24] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  495.676346][   T24] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  495.696993][   T24] usb 4-1: Product: syz
[  495.708320][   T24] usb 4-1: config 0 descriptor??
[  495.725079][ T9639] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  497.348539][   T24] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input14
[  497.401587][ T9657] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.503607][ T9667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1031'.
[  497.553335][ T9667] netlink: 'syz.1.1031': attribute type 5 has an invalid length.
[  497.562798][ T9667] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1031'.
[  498.430744][ T9667] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  498.482250][ T9667] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  498.491587][ T9667] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  498.500779][ T9667] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  498.547330][ T9667] geneve2: entered promiscuous mode
[  498.552696][ T9667] geneve2: entered allmulticast mode
[  498.614166][    T9] usb 4-1: USB disconnect, device number 32
[  498.614295][    C1] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  499.619790][ T9682] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.1034'.
[  501.487770][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.580874][ T9692] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1036'.
[  501.608670][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1039'.
[  502.448208][ T9715] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.1043'.
[  504.024028][ T9731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1048'.
[  505.756527][ T1613] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  506.082633][ T1613] usb 5-1: device descriptor read/64, error -71
[  506.596593][ T1613] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  506.749146][ T1613] usb 5-1: device descriptor read/64, error -71
[  506.872174][ T1613] usb usb5-port1: attempt power cycle
[  507.127376][ T9752] mmap: syz.5.1054 (9752) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  507.256607][ T1613] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  507.306981][ T1613] usb 5-1: device descriptor read/8, error -71
[  507.486479][ T5891] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  507.688017][ T9755] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  507.767400][ T5891] usb 6-1: config 65 has an invalid interface number: 77 but max is 0
[  507.836665][ T5891] usb 6-1: config 65 has no interface number 0
[  510.331430][ T9778] fuse: Unknown parameter ''
[  510.430434][ T9776] netlink: 'syz.0.1061': attribute type 3 has an invalid length.
[  510.465107][ T9776] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1061'.
[  510.661159][ T9776] netlink: 'syz.0.1061': attribute type 2 has an invalid length.
[  511.156147][ T5891] usb 6-1: New USB device found, idVendor=16d8, idProduct=7212, bcdDevice=6b.ed
[  511.185968][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.231859][ T5891] usb 6-1: can't set config #65, error -71
[  511.247937][ T5891] usb 6-1: USB disconnect, device number 14
[  512.439109][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1063'.
[  516.858542][ T9829] loop9: detected capacity change from 0 to 7
[  516.865305][ T9829] buffer_io_error: 4 callbacks suppressed
[  516.865323][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.879210][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.888284][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.896359][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.904336][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.913036][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.924062][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.933979][ T9829] ldm_validate_partition_table(): Disk read failed.
[  516.940908][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.949338][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.960443][ T9829] Buffer I/O error on dev loop9, logical block 0, async page read
[  516.970063][ T9829] Dev loop9: unable to read RDB block 0
[  516.976474][ T9829]  loop9: unable to read partition table
[  516.982598][ T9829] loop9: partition table beyond EOD, truncated
[  516.993411][ T9829] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  516.993411][ T9829] 
) failed (rc=-5)
[  518.676324][  T980] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  518.806914][  T980] usb 6-1: device descriptor read/64, error -71
[  518.971115][   T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  519.046466][  T980] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  519.161269][   T24] usb 4-1: Using ep0 maxpacket: 8
[  519.197214][   T24] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  519.205500][   T24] usb 4-1: config 0 has no interface number 0
[  519.207088][  T980] usb 6-1: device descriptor read/64, error -71
[  519.232219][   T24] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  519.279831][   T24] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  519.331724][   T24] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  519.351190][   T24] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  519.351979][  T980] usb usb6-port1: attempt power cycle
[  519.368586][   T24] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  519.429327][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.447194][   T24] usb 4-1: Product: syz
[  519.456535][   T24] usb 4-1: Manufacturer: syz
[  519.461210][   T24] usb 4-1: SerialNumber: syz
[  519.505651][   T24] usb 4-1: config 0 descriptor??
[  519.768254][  T980] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  519.769338][   T24] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  519.804140][  T980] usb 6-1: device descriptor read/8, error -71
[  519.806399][ T1613] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  519.971594][ T9852] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  519.983241][   T30] audit: type=1326 audit(1755118469.748:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9850 comm="syz.3.1082" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ba518ebe9 code=0x0
[  519.986766][ T9896] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  520.018549][ T1613] usb 5-1: Using ep0 maxpacket: 16
[  520.027249][ T9896] Error validating options; rc = [-22]
[  520.033574][ T1613] usb 5-1: config index 0 descriptor too short (expected 65316, got 36)
[  520.042608][ T1613] usb 5-1: config 163 has too many interfaces: 90, using maximum allowed: 32
[  520.053312][ T9899] binder: 9898:9899 ioctl 4018620d 0 returned -22
[  520.066306][  T980] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  520.069327][ T1613] usb 5-1: config 163 contains an unexpected descriptor of type 0x2, skipping
[  520.088203][ T1613] usb 5-1: config 163 has an invalid descriptor of length 0, skipping remainder of the config
[  520.100512][ T5948] usb 4-1: USB disconnect, device number 33
[  520.108115][  T980] usb 6-1: device descriptor read/8, error -71
[  520.127825][ T1613] usb 5-1: config 163 has 0 interfaces, different from the descriptor's value: 90
[  520.145836][ T1613] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  520.158966][ T1613] usb 5-1: New USB device strings: Mfr=189, Product=192, SerialNumber=3
[  520.173026][ T1613] usb 5-1: Product: syz
[  520.179971][ T1613] usb 5-1: Manufacturer: syz
[  520.184667][ T1613] usb 5-1: SerialNumber: syz
[  520.218178][  T980] usb usb6-port1: unable to enumerate USB device
[  520.275107][ T9906] warning: `syz.1.1105' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  520.416682][ T5948] usb 5-1: USB disconnect, device number 30
[  520.493195][ T9917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1109'.
[  521.348740][ T9938] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1119' sets config #0
[  523.671516][   T30] audit: type=1326 audit(1755118473.438:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  523.742267][   T30] audit: type=1326 audit(1755118473.468:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  523.876311][   T30] audit: type=1326 audit(1755118473.468:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  524.047919][   T30] audit: type=1326 audit(1755118473.468:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  524.070921][   T30] audit: type=1326 audit(1755118473.468:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  524.113281][   T30] audit: type=1326 audit(1755118473.468:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  524.966397][   T30] audit: type=1326 audit(1755118473.468:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.104343][   T30] audit: type=1326 audit(1755118473.468:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.167809][ T9966] BUG: assuming non migratable context at ./include/linux/filter.h:703
[  525.198284][   T30] audit: type=1326 audit(1755118473.468:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.220220][ T9966] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 9966, name: syz.3.1128
[  525.259667][ T9966] 2 locks held by syz.3.1128/9966:
[  525.274900][ T9966]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0x10f/0x390
[  525.293661][   T30] audit: type=1326 audit(1755118473.468:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.346095][ T9966]  #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0x9d/0x380
[  525.376986][   T30] audit: type=1326 audit(1755118473.558:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.410286][ T9966] CPU: 0 UID: 0 PID: 9966 Comm: syz.3.1128 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  525.410320][ T9966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  525.410334][ T9966] Call Trace:
[  525.410343][ T9966]  <TASK>
[  525.410353][ T9966]  dump_stack_lvl+0x189/0x250
[  525.410388][ T9966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  525.410423][ T9966]  ? print_lock_name+0xde/0x100
[  525.410460][ T9966]  __cant_migrate+0x238/0x2e0
[  525.410490][ T9966]  ? __pfx___cant_migrate+0x10/0x10
[  525.410519][ T9966]  ? ip6table_mangle_hook+0x2a2/0x6c0
[  525.410555][ T9966]  ? nf_nat_ipv6_fn+0xe7/0x2d0
[  525.410588][ T9966]  nf_hook_run_bpf+0x8f/0x1f0
[  525.410610][ T9966]  ? __pfx_ip6table_mangle_hook+0x10/0x10
[  525.410646][ T9966]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[  525.410673][ T9966]  ? nf_nat_ipv6_out+0x21d/0x380
[  525.410700][ T9966]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[  525.410724][ T9966]  nf_hook_slow+0xc5/0x220
[  525.410761][ T9966]  nf_hook+0x217/0x380
[  525.410800][ T9966]  ? nf_hook+0x9d/0x380
[  525.410832][ T9966]  ? __pfx_nf_hook+0x10/0x10
[  525.410869][ T9966]  ? __pfx_ip6_finish_output+0x10/0x10
[  525.410904][ T9966]  ? __pfx___ip6_local_out+0x10/0x10
[  525.410934][ T9966]  ? __pfx_dst_output+0x10/0x10
[  525.410959][ T9966]  ? ip6_send_skb+0x10f/0x390
[  525.410997][ T9966]  ip6_output+0x27d/0x3e0
[  525.411025][ T9966]  ? __pfx_ip6_finish_output+0x10/0x10
[  525.411059][ T9966]  ? ip6_send_skb+0x10f/0x390
[  525.411094][ T9966]  ip6_send_skb+0x1d5/0x390
[  525.411139][ T9966]  udp_v6_send_skb+0xc17/0x1830
[  525.411196][ T9966]  udpv6_sendmsg+0x1bba/0x24c0
[  525.411242][ T9966]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  525.411273][ T9966]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  525.411312][ T9966]  ? __lock_acquire+0xab9/0xd20
[  525.411355][ T9966]  ? __local_bh_enable_ip+0x12d/0x1c0
[  525.411379][ T9966]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  525.411412][ T9966]  ? inet_send_prepare+0x1b9/0x270
[  525.411441][ T9966]  ? inet_send_prepare+0x1b9/0x270
[  525.411471][ T9966]  ? inet6_sendmsg+0xe4/0x120
[  525.411500][ T9966]  __sock_sendmsg+0xe5/0x270
[  525.411532][ T9966]  __sys_sendto+0x3bd/0x520
[  525.411567][ T9966]  ? __pfx___sys_sendto+0x10/0x10
[  525.411597][ T9966]  ? do_futex+0x395/0x420
[  525.411665][ T9966]  ? rcu_is_watching+0x15/0xb0
[  525.411697][ T9966]  __x64_sys_sendto+0xde/0x100
[  525.411734][ T9966]  do_syscall_64+0xfa/0x3b0
[  525.411759][ T9966]  ? lockdep_hardirqs_on+0x9c/0x150
[  525.411782][ T9966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.411805][ T9966]  ? clear_bhb_loop+0x60/0xb0
[  525.411834][ T9966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.411856][ T9966] RIP: 0033:0x7f0ba518ebe9
[  525.411876][ T9966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.411897][ T9966] RSP: 002b:00007f0ba6003038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  525.411922][ T9966] RAX: ffffffffffffffda RBX: 00007f0ba53b5fa0 RCX: 00007f0ba518ebe9
[  525.411939][ T9966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  525.411952][ T9966] RBP: 00007f0ba5211e19 R08: 0000200000000300 R09: 000000000000001c
[  525.411967][ T9966] R10: 0000000020000001 R11: 0000000000000246 R12: 0000000000000000
[  525.411981][ T9966] R13: 00007f0ba53b6038 R14: 00007f0ba53b5fa0 R15: 00007ffc5063c108
[  525.412019][ T9966]  </TASK>
[  525.412387][   T30] audit: type=1326 audit(1755118473.558:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.877117][   T30] audit: type=1326 audit(1755118473.558:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.901690][   T30] audit: type=1326 audit(1755118473.558:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.925030][   T30] audit: type=1326 audit(1755118473.558:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.964057][   T30] audit: type=1326 audit(1755118473.558:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000
[  525.996663][   T30] audit: type=1326 audit(1755118473.558:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9956 comm="syz.4.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf1b18ebe9 code=0x7ffc0000