last executing test programs:

9m29.808862519s ago: executing program 0 (id=71):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000400)={r5, 0x0, 0x0, 0x0, 0x0, [<r6=>0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r6, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r7})
close_range(r0, 0xffffffffffffffff, 0x10200000000000)

9m29.695092356s ago: executing program 0 (id=74):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000002e00)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/55, 0x37}, {&(0x7f0000000340)=""/107, 0x6b}, {&(0x7f00000003c0)=""/100, 0x64}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f00000001c0)=""/58, 0x3a}], 0xa}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x3fffffffffffe9b, 0x40010020, 0x0)

9m29.584968783s ago: executing program 0 (id=76):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/72, 0x48}, {&(0x7f00000001c0)=""/246, 0xf6}], 0x2}, 0x1}], 0x1, 0x42, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="cf0400000000000400001300000008000300", @ANYRES32=r3, @ANYBLOB="0400130006001200000000000600b500850100000a0006000802110000010000280011"], 0x64}}, 0x0)

9m29.513493302s ago: executing program 0 (id=77):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000202010400000000000000000a0000003c0002800c00028005000100000000002c0001"], 0x50}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x8001, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf259441000008000300", @ANYRES32=r4, @ANYBLOB="08007d80"], 0x24}, 0x1, 0x0, 0x0, 0x24004084}, 0x40)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xb5b894efe82e151}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x40, r5, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7a}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x4)
mount$bind(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0)
chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00')
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = syz_open_procfs$pagemap(0x0, &(0x7f0000000100))
ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x9, 0x0, 0x0, 0xd, 0x0, 0x4, 0x8effd365f977435f, 0x40})
setsockopt$inet_tcp_int(r7, 0x6, 0x6, &(0x7f0000000040)=0x25, 0x4)
setsockopt$inet_int(r7, 0x0, 0x13, &(0x7f0000000000)=0x802, 0x4)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00')
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)

9m29.42032617s ago: executing program 0 (id=78):
syz_open_dev$tty1(0xc, 0x4, 0x3)
r0 = syz_open_dev$swradio(&(0x7f0000000740), 0x1, 0x2)
r1 = dup(r0)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000580)="4c222614b7908631ec695de8739c42c9fbefc168d215d60d44611ca18e504e8c4ecc0a4a56d3bef276a32159e98505493ddcc10ada2786c6f7e7a4337976fc5ae3a9266553bb0bffaca65f29c9afad93840e5a46de7aac1130b10ae9c68921066bfd1209c04a710f78ca022d354956be57a2ed74b4b2d11cafd475aed4f440fa3800cf40aa9032bfb2f3aebe2b15f56a651d08553125dd4dd1f25ae5d8079f507d77623c3c7d4fe686f97abb39704d2ccfaf2cc25e5afef09aacae", 0xbb}], 0x1)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x19, 0x64, 0xd4, 0x8, 0x1a86, 0xe092, 0x533f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x2, 0x0, 0x10, 0x3, [{{0x9, 0x4, 0x1f, 0x2, 0x2, 0xe9, 0x17, 0xf3, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000003c0)={0x24, &(0x7f0000000240)={0x0, 0x11, 0x63, {0x63, 0x23, "47db75691ba3a4d89573848aab73453522884412304ea7bddb0f62f42e619e410373e92d62258093ca0161f4b8fd8883a0a55bebeba29318bed8b5ec83c3b7f097337c795f18e6b9fa95b3877f7bfd7f8aa08836fd2ad0dd628f0dd2636002aeab"}}, &(0x7f0000000300)={0x0, 0x3, 0xb5, @string={0xb5, 0x3, "6a0e7a3cb8f2b748234ea5548886990b4bce80af5d22aa226d456ca3a3f4c7586f5e92b1d47ae25fd153a21ea575e9b63339f63aa7a8bb20c140b12f14a96d97fcde595d761dc948eb39c290f52db44970cb82e2ae98ebf6c5a6805bfcfe32d530edda3a4423d4509ffba7f5cb501fbca7558973449be84b77f9ba87cf1982fddca52f7ba0aa41fc8da58e93beab5a1af60dcc17afedf23f40477d34ad4c8b5f5e2cb94dac9dff3b348820fb8f55c8e9261baa"}}, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@global=@item_012={0x2, 0x1, 0x3, "6a06"}, @global=@item_4={0x3, 0x1, 0x2, "ad949ef1"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x4, 0x1, {0x22, 0xd70}}}}, &(0x7f0000000700)={0x2c, &(0x7f0000000400)={0x0, 0x5, 0x100, "eb35bb469400aaf329b2d618cf9cc64ae472306a0f4a0d4a28e4cac8fbccea957f2f81d5e1c44f6f90af12436ebdd04a1c275fe49f0da0403c24e4c6d8183b9691671f9503344fd260759a1bda90d97946e45df5468d5c8248349a8d29d4bc06e1e1ad7f5db99d8e30c80119ae1fe01d715f209c1d4e4a0caadeb6226c3e646d908b3dc46606d421be306687713320fa01023822afba602d9966517e527df7e30972e2ba3b269333ed26004a23196d506dc781cccdb0cbf3b47494babababa6d8f2b7ea7da31f73001a064683ec51f9ae404ebbe36570d249b69a8eba2b15b2797be0c657d2c933eef2cb3d38332b9d8ed7dac841a0e081cfe5406aa9c122f3b"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x72}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000680)={0x20, 0x1, 0x5, "5eea6c961d"}, &(0x7f00000006c0)={0x20, 0x3, 0x1, 0xa}})
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r4, @ANYRES64=0x0, @ANYRESHEX=r4, @ANYRES64=0x0, @ANYRES64, @ANYRES16=r4], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

9m29.159532412s ago: executing program 0 (id=79):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x11, r0, 0xf648e000)
socket$packet(0x11, 0x3, 0x300)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x7000, 0x0, 0x3)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x7000000}, 0x0)

9m29.015135824s ago: executing program 32 (id=79):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x11, r0, 0xf648e000)
socket$packet(0x11, 0x3, 0x300)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x7000, 0x0, 0x3)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x7000000}, 0x0)

6m51.731220531s ago: executing program 2 (id=1236):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregset(0x4205, r0, 0x201, 0x0)

6m51.469399533s ago: executing program 2 (id=1238):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

6m51.249248437s ago: executing program 2 (id=1242):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1ff, 0x20000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0x1, 0x6, 0x6, 0x448, '\x00', 0x8}, 0x1, [0x7, 0xd5, 0x2, 0xfff, 0x6, 0x6, 0x2, 0x401, 0x2, 0xbc, 0x80000000, 0x102d, 0x8, 0x1, 0x3, 0x1, 0x1, 0x7, 0x6, 0x200, 0x80, 0x7, 0x7, 0x7, 0x8, 0x2, 0x2, 0x7, 0xffffffffffffffff, 0x3, 0x100000001, 0x403, 0x1, 0x7, 0x101, 0x3, 0x3, 0x1, 0x0, 0x1da5, 0x9, 0x4, 0x8a, 0x50f, 0x9ac2, 0x6fe5, 0xffffffffba36ba5a, 0x4, 0x9, 0x88b, 0x6, 0x6, 0xffffffffffffffff, 0x400, 0x3, 0xfffffffffffff8f6, 0x4, 0xfffffffffffffff9, 0x0, 0xf9800000, 0x0, 0x5, 0x4, 0x4, 0x82d, 0x9, 0x6, 0x0, 0x9, 0xfffffffffffffff8, 0x3ff, 0x6, 0x2, 0x2f, 0x1, 0x7, 0x40, 0x2, 0x42843379, 0x1, 0x7, 0x200, 0x77a, 0x6997, 0x5, 0x539, 0x623a, 0x6, 0x0, 0x7, 0x9, 0x200, 0x7, 0x7ff, 0x0, 0x5, 0x93, 0x8, 0x80, 0x2, 0x2775e12f, 0x680000000000, 0x5, 0x7, 0x9, 0x80000004, 0x0, 0xfffffffffffffffa, 0x10001, 0x8, 0x8, 0x1000, 0x0, 0x5, 0x7, 0xfffffffffffff000, 0x10000, 0x7fff, 0xfffffffffffffff9, 0x6, 0x46b, 0x8, 0x5, 0x6, 0x7, 0x800000000000000, 0x7f, 0x63a]})

6m51.055800333s ago: executing program 2 (id=1244):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x19a199a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r4, r3, 0x0, 0x80000000)
sendmsg$nl_generic(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x14, 0x18, 0x1, 0x70bd2b, 0x25dfdbfb, {0x1d}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4044800)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_DQBUF(r5, 0xc0585611, &(0x7f0000000180)=@overlay={0x1, 0x1, 0x4, 0x10000, 0x5, {}, {0x1, 0x2, 0x6, 0x80, 0x5, 0x3, "e5a5bed8"}, 0x747f, 0x3, {}, 0xf})
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r7, 0x0)
r8 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r8, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x2, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0xffff, 0x0, 0x5, 0x6, 0x1, 0x5], 0x8000000, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000080)=@x86={0x7f, 0x3, 0xfd, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x8, 0x5, 0xb, 0x8, 0x0, 0x10003, 0x9, 0xff, 0x4, 0x2, 0x12, '\x00', 0xb})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

6m50.748771309s ago: executing program 2 (id=1248):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0)
ioctl$COMEDI_CMDTEST(r1, 0x8050640a, &(0x7f0000000300)={0x2, 0x30000, 0x40, 0xb045, 0x20, 0x0, 0x40, 0xfffffffb, 0xffffffff, 0xed9, 0xffffffff, 0xffffff0e, &(0x7f00000001c0)=[0x8, 0x9, 0x7, 0x10000], 0x4, &(0x7f00000003c0)="c337f17ea16d469e3ef55f26b5edb1c46355d4395fd84992772dd8aa260d0d3701b6072275e609cfde2c87ad996fbf3482f8340d6732c41e30663bb8ec57bdd62e7c01b7ce2b5564677903927f4a3ed7e0b29baeaeb611cc38694ad475cb390211c296a2367d7b5853c160570bd5234ef1070180420521d277fd417a53b504f8b4a0ebdbb7b48bbf2d946cf41db897abddc4f527ab", 0x95})
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0)
syz_io_uring_setup(0x3b48, &(0x7f0000000280)={0x0, 0xc5ba, 0x1, 0x1, 0xc3}, 0x0, 0x0)
r2 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
timer_create(0x7, &(0x7f000049efa0)={0x0, 0x1d, 0x4, @tid=r2}, &(0x7f0000000100))
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r5, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000000040)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x3, {0x1, 0xc9, 0x7, 0x1}}, 0x7)
syz_usb_connect$uac1(0x6, 0x0, 0x0, 0x0)
timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0))
write$nci(r7, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x12)
rt_sigtimedwait(&(0x7f0000000380)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
sendfile(r0, r0, 0x0, 0x7ffff000)

6m50.453065481s ago: executing program 2 (id=1249):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}}], 0x40000cf, 0x0)

6m49.97110175s ago: executing program 33 (id=1249):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000}}], 0x40000cf, 0x0)

1m48.177654088s ago: executing program 4 (id=3772):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0xf5ffffff, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xb}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

1m47.965058617s ago: executing program 4 (id=3773):
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10) (async, rerun: 32)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) (rerun: 32)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="1c0000002000090002000000fedbdf2501000000080008"], 0x1c}, 0x1, 0x0, 0x0, 0x4000815}, 0x4000) (async, rerun: 64)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000a80)={0x1c, &(0x7f0000000440)={0x0, 0xf, 0x1, "0e"}, 0x0, 0x0}) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000001080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0)

1m46.693380289s ago: executing program 4 (id=3780):
openat$uinput(0xffffffffffffff9c, &(0x7f0000003100), 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0xa, 0x801, 0x84)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$can_bcm(0x1d, 0x2, 0x2)
socket(0x1d, 0x2, 0x6)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000002c0), 0x0, 0x7f})

1m46.598772183s ago: executing program 4 (id=3782):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x12000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELFLOWTABLE={0x5c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'wg2\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x10}}, 0xe4}}, 0x0)

1m46.473302516s ago: executing program 4 (id=3783):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0xe, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000140)=0x9)
r1 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0x3, @mcast2, 0x5}, 0x1c)
getsockopt$inet6_int(r2, 0x29, 0x10, 0x0, &(0x7f00000000c0))
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='mand\x00', &(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r5=>0x0})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="012028bd7000fcdbdf251500000008000300", @ANYRES32=r5, @ANYBLOB="05002900fd000000"], 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0xc4)
fsmount(r1, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0)

1m46.136806573s ago: executing program 4 (id=3787):
creat(&(0x7f0000000080)='./file0\x00', 0xac)
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x28, r3, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)

1m31.151744494s ago: executing program 34 (id=3787):
creat(&(0x7f0000000080)='./file0\x00', 0xac)
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x28, r3, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)

8.417392607s ago: executing program 1 (id=4442):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000240))
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc08c}, 0xc004)
write$nci(r1, &(0x7f0000000000)=ANY=[], 0x0)

8.263445135s ago: executing program 1 (id=4444):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x10000, 0x4a) (async)
mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000)

8.176754011s ago: executing program 3 (id=4445):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x4084)
recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) (fail_nth: 85)

8.176371795s ago: executing program 5 (id=4446):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c001c0202060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff000060005401c02000008000640"], 0x6c}}, 0x0)

8.090000602s ago: executing program 3 (id=4447):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x81, 0xfffffffc}}, './cgroup\x00'})

7.912155172s ago: executing program 1 (id=4448):
r0 = socket(0x15, 0x5, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x534a9a5dd9356517)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0xfffffffffffff002, 0x0, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000004b40)=0x2e, 0x4)
r2 = openat$vim2m(0xffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000005440)={0x3, 0x2, 0x0, "c165800400a27d4c2328a656f51640957f84b6a11d204715fac6704bbdc92e00"})
pipe2$9p(&(0x7f0000004c00)={<r3=>0xffffffffffffffff}, 0x80040)
mount$9p_fd(0x0, &(0x7f0000004380)='./file0\x00', &(0x7f0000004bc0), 0x800400, &(0x7f0000004c40)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_L}, {@ignoreqv}]}})
clock_gettime(0x0, &(0x7f0000004ac0)={<r4=>0x0, <r5=>0x0})
recvmmsg$unix(r0, &(0x7f0000004940)=[{{&(0x7f0000000040), 0x6e, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/236, 0xec}, {&(0x7f00000001c0)=""/252, 0xfc}, {&(0x7f00000002c0)=""/31, 0x1f}, {&(0x7f0000000300)=""/34, 0x22}, {&(0x7f0000000340)=""/136, 0x88}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/225, 0xe1}, {&(0x7f0000000540)=""/48, 0x30}], 0x8, &(0x7f0000000600)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x38}}, {{&(0x7f0000000640)=@abs, 0x6e, &(0x7f0000000880)=[{&(0x7f00000006c0)=""/213, 0xd5}, {&(0x7f00000007c0)=""/36, 0x24}, {&(0x7f0000000800)=""/78, 0x4e}], 0x3, &(0x7f00000008c0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000000900)=@abs, 0x6e, &(0x7f0000001b40)=[{&(0x7f0000000980)=""/55, 0x37}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/80, 0x50}, {&(0x7f0000001a40)=""/81, 0x51}, {&(0x7f0000001ac0)=""/83, 0x53}], 0x5, &(0x7f0000001bc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{0x0, 0x0, &(0x7f0000002fc0)=[{&(0x7f0000001cc0)=""/242, 0xf2}, {&(0x7f0000001dc0)=""/4096, 0x1000}, {&(0x7f0000002dc0)=""/205, 0xcd}, {&(0x7f0000002ec0)=""/254, 0xfe}], 0x4, &(0x7f0000003000)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}, {{&(0x7f00000030c0), 0x6e, &(0x7f0000004540)=[{&(0x7f0000003140)=""/27, 0x1b}, {&(0x7f0000003180)=""/4096, 0x1000}, {&(0x7f0000004180)=""/90, 0x5a}, {&(0x7f0000004200)=""/244, 0xf4}, {&(0x7f0000004300)=""/100, 0x64}, {&(0x7f0000004b80)=""/59, 0x3b}, {&(0x7f00000043c0)=""/66, 0x42}, {&(0x7f0000004440)=""/70, 0x46}, {&(0x7f00000044c0)=""/78, 0x4e}], 0x9, &(0x7f0000004600)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000004680)=@abs, 0x6e, &(0x7f0000004840)=[{&(0x7f0000004700)=""/230, 0xe6}, {&(0x7f0000004800)=""/4, 0x4}], 0x2, &(0x7f0000004880)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}], 0x6, 0x40000101, &(0x7f0000004b00)={r4, r5+10000000})
getsockopt(r0, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000))

7.836924919s ago: executing program 5 (id=4449):
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x6, 'wlan1\x00', {}, 0x108})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f47"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x101800, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x80000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4, 0x4}, 'syz1\x00', 0x4b})
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000100)={0x39, {0x9, 0x0, 0x2000000, 0x2, 0xfffffffd, 0xfffffffe}})
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x2, 0x4002004c4, 0xffe, 0x0, 0x0, 0x0, 0x900f, 0x0, 0xd57b, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000006c0)={0xb42, 0x3, 0x8001, 0x10, 0x6200, 0x45a0, 0x7, 0x2}, 0x20)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000000)={0x1, 0x4, [0x9]})
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
r7 = dup(r6)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1400000003080178bfb24493079ca5d607000008"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
accept4$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14, 0x80000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r4, 0x2000)

7.817620591s ago: executing program 1 (id=4450):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[], 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8)

7.797600688s ago: executing program 3 (id=4451):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000004c0), 0x440, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000780)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f00000005c0)=ANY=[], 0x128}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
mount(&(0x7f00000001c0)=@rnullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x180b0c5, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs={0x40046304, 0x3}], 0x0, 0x0, 0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r1], 0xb8}, 0x1, 0x0, 0x0, 0x48846}, 0x2000c890)
timer_create(0x3, 0x0, &(0x7f0000000300))
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
lseek(r3, 0x1000, 0x1)

7.69976111s ago: executing program 3 (id=4452):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000240))
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc08c}, 0xc004)
write$nci(r1, &(0x7f0000000000)=ANY=[], 0x0)

7.576875007s ago: executing program 3 (id=4453):
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
r0 = openat2$dir(0xffffff9c, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000300)={0x208000, 0x0, 0x38}, 0x18)
r1 = syz_usb_connect(0x3, 0x24, &(0x7f0000000f80)=ANY=[@ANYBLOB="120100038ee3710889076001fe8201020301090212000107d1102d0904cc50f109"], &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000002d00)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="20160600000099d9e9678b2c688500ef0a461bbc664c3ac105520d834383f369363c43080ec17146f9c06c51b2d7d99a615be2c0f5117e920d26d75069d0a9d6f76b11b09b10159cef974351102840835251f501223394354b2eed3b753216a83bb423ba78dae02a98a5536e148c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000003140)={0x34, &(0x7f0000002ec0)={0x40, 0xe, 0x2, "68ae"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x3, 0x24, &(0x7f0000000580)={{0x12, 0x1, 0x310, 0x20, 0xad, 0x16, 0x20, 0x7c0, 0x158b, 0xd096, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0x7f, 0x0, 0x4, [{{0x9, 0x4, 0xb3, 0x1, 0x0, 0x4f, 0x7e, 0xc2, 0x2}}]}}]}}, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
read$FUSE(r4, &(0x7f0000006140)={0x2020}, 0x2020)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x200, 0x80)

6.718641475s ago: executing program 6 (id=4455):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000100fffffffffffffff50000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

6.553376839s ago: executing program 6 (id=4456):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)

6.105941283s ago: executing program 5 (id=4457):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0xfc00}, 0x1c)

5.209159388s ago: executing program 5 (id=4458):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x482)
r1 = dup(r0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000bc0)={'mpc624\x00', [0x1000, 0x0, 0x7, 0x3ff, 0x5, 0x9, 0x1ff, 0x1, 0x1000, 0x0, 0x4, 0x7a34, 0x10001, 0x3, 0x4, 0x2, 0x5, 0x800, 0x3, 0x2, 0x8, 0xb42, 0x0, 0x3, 0xffe, 0xb316, 0xffffffff, 0x2bab482c, 0xc1, 0x7, 0xd9, 0x7]})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x5, 0x12, r2, 0xb9abd000)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_mptcp_buf(r3, 0x11c, 0x0, &(0x7f0000000500)=""/256, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r3, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000200)="dd88762ff26452224868ff689bbe40f15fde89d6b4281653d6cdff01000000000000d8f0847bac51b95d115d7525e401000000000000800028ac04de585b0969bde42b66528499b6c10ebfbfbf0fe0ec53969ed30aa3ff49fd", 0x59, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0x8, 0xc9100121, 0x0, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x284000, 0x0)
ioctl$FBIOGET_VSCREENINFO(r4, 0x4600, &(0x7f0000000000))
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000300), r6)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000140)=0xc)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)={<r7=>0xffffffffffffffff})
connect$tipc(r7, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x1, {0x41, 0x2, 0x1}}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000904000/0x1000)=nil, 0x1000)
mlock(&(0x7f00007c0000/0x1000)=nil, 0x1000)

5.108787123s ago: executing program 5 (id=4459):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000480), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000080), 0x4)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00001c8000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_GET_FPU(r3, 0x81a0ae8c, &(0x7f0000000440))
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x2, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x76, 0xa5, 0x9, 0x9, 0x4, 0x9}, {0x7, 0xd08, 0x6, 0x3, 0x6, 0x7, 0x8d, 0x6, 0x8, 0x9, 0xf7, 0x4, 0x10}, {0xdf, 0x6, 0xe6, 0xb, 0x3, 0x0, 0x32, 0x6, 0x7, 0x7, 0x4, 0x8, 0x8}], 0x9})
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BLKREPORTZONE(r6, 0xc0101282, &(0x7f0000000000))
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xa5, 0x19, 0x6, 0x3, 0x0, 0x9d, 0x1, 0xec, 0x81, 0x40, 0x8b, '\x00', 0x4, 0xcaa})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000300)={[0xea, 0x55e, 0xffffffff, 0x4, 0xfffffffffffffffd, 0x7, 0x9, 0xb, 0x4, 0x80, 0x6, 0x794, 0xa, 0x40, 0xc976, 0x6], 0x2, 0x20200})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.07757468s ago: executing program 6 (id=4460):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000004c0), 0x440, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000780)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f00000005c0)=ANY=[], 0x128}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
mount(&(0x7f00000001c0)=@rnullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x180b0c5, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs={0x40046304, 0x3}], 0x0, 0x0, 0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r1], 0xb8}, 0x1, 0x0, 0x0, 0x48846}, 0x2000c890)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
lseek(r3, 0x1000, 0x1)

5.000822879s ago: executing program 6 (id=4461):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000240))
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0xc08c}, 0xc004)
write$nci(r1, &(0x7f0000000000)=ANY=[], 0x0)

4.837227106s ago: executing program 6 (id=4462):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
add_key(&(0x7f0000000580)='trusted\x00', 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f00000001c0)=""/80)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36104001a0038001d004231a0e69ee581ffffffffffffff00a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407163ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c, 0x0}}], 0x1, 0xc040)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x640a3000)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r5, 0x107, 0xc, &(0x7f0000000200)=0x5, 0x4)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, &(0x7f0000000040))
r6 = syz_open_dev$video(&(0x7f0000000100), 0x7ffffffffffffffc, 0x0)
ioctl$VIDIOC_S_SELECTION(r6, 0xc0d05605, &(0x7f0000000080)={0x8})
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0)

4.739700154s ago: executing program 1 (id=4463):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000140)}], 0x1}}], 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xa)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000d}, 0x20008010)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430060005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

114.622133ms ago: executing program 5 (id=4464):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xb}, @NFTA_CT_KEY={0x8, 0x2a, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

114.063832ms ago: executing program 1 (id=4465):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='highspeed\x00', 0xa)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000040)={@dev, @multicast1, <r2=>0x0}, &(0x7f0000000140)=0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r1, 0x29, 0x13, 0x0, &(0x7f0000000080))
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000200)={0x1, 0x0, 0x0, r2, 0x6}, 0xc)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
r3 = syz_usb_connect(0x5, 0x46, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acb", @ANYRESOCT=r2], 0x0)
syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000280)={0x3, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[], 0x4d}, 0x1, 0x7}, 0x40000)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r4, r4, 0x0, 0x7ffff000)

13.292821ms ago: executing program 3 (id=4466):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01'], 0x3f000000})

0s ago: executing program 6 (id=4467):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async, rerun: 32)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, r1, 0x5, 0x400000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x25}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x14c8}]}, 0x38}}, 0x0) (async, rerun: 32)
creat(&(0x7f0000000080)='./file0\x00', 0xac)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)

kernel console output (not intermixed with test programs):

 device team_slave_1 added
[  576.395283][T19040] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.403833][T19040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.432618][T19040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.445653][T19040] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.452919][T19040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.481219][T19040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.544815][T19040] hsr_slave_0: entered promiscuous mode
[  576.551424][T19040] hsr_slave_1: entered promiscuous mode
[  576.559546][T19040] debugfs: 'hsr0' already exists in 'hsr'
[  576.565666][T19040] Cannot create hsr debugfs directory
[  576.582145][  T120] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  576.609916][  T120] usb 6-1: device descriptor read/8, error -71
[  576.861855][  T120] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  576.908629][  T120] usb 6-1: device descriptor read/8, error -71
[  577.043751][  T120] usb usb6-port1: unable to enumerate USB device
[  577.127858][T19040] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  577.147011][T19040] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  577.164603][T19040] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  577.186322][T19040] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  577.331492][T19040] 8021q: adding VLAN 0 to HW filter on device bond0
[  577.379388][T19040] 8021q: adding VLAN 0 to HW filter on device team0
[  577.427026][ T1116] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.434237][ T1116] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.476373][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.483593][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.554252][T14144] Bluetooth: hci3: command tx timeout
[  577.932690][T19040] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.164111][T19092] netlink: 'syz.3.3905': attribute type 5 has an invalid length.
[  578.379341][T19040] veth0_vlan: entered promiscuous mode
[  578.417502][T19040] veth1_vlan: entered promiscuous mode
[  578.477817][T19040] veth0_macvtap: entered promiscuous mode
[  578.523893][T19040] veth1_macvtap: entered promiscuous mode
[  578.567928][T19040] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.600879][T19040] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.639023][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.680360][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.754603][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.771442][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.871111][T19108] /dev/rnullb0: Can't open blockdev
[  578.987421][T11954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  579.054029][T11954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  579.169403][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  579.197834][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  579.254554][T19117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.270442][T19117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.631775][T14144] Bluetooth: hci3: command tx timeout
[  579.774792][T19135] 9pnet_fd: Insufficient options for proto=fd
[  579.810347][T19133] autofs4:pid:19133:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189374)
[  579.872613][T19133] autofs4:pid:19133:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[  580.372430][  T120] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  580.547521][  T120] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  580.585109][  T120] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  580.634996][  T120] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  580.657819][  T120] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.899112][  T120] usb 7-1: GET_CAPABILITIES returned 0
[  580.925815][  T120] usbtmc 7-1:16.0: can't read capabilities
[  581.103900][  T120] usb 7-1: USB disconnect, device number 2
[  581.481173][   T24] usb 6-1: new full-speed USB device number 94 using dummy_hcd
[  581.646160][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  581.657615][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  581.669379][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  581.684416][   T24] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  581.694672][   T24] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  581.703377][   T24] usb 6-1: Manufacturer: syz
[  581.711168][T14144] Bluetooth: hci3: command tx timeout
[  581.725141][T19183] exFAT-fs (rnullb0): invalid boot record signature
[  581.727365][   T24] usb 6-1: config 0 descriptor??
[  581.737432][T19183] exFAT-fs (rnullb0): failed to read boot sector
[  581.744683][T19183] exFAT-fs (rnullb0): failed to recognize exfat type
[  581.874935][T19184] use of bytesused == 0 is deprecated and will be removed in the future,
[  581.884111][T19184] use the actual size instead.
[  583.008550][T19208] netlink: 'syz.3.3941': attribute type 5 has an invalid length.
[  583.791184][T14144] Bluetooth: hci3: command tx timeout
[  585.302284][ T4603] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  585.680347][T14237] usb 6-1: USB disconnect, device number 94
[  586.053131][T19257] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  586.155063][T19259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.166619][T19259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.179865][T19259] gfs2: gfs2 mount does not exist
[  586.186314][T14144] Bluetooth: hci4: unknown advertising packet type: 0x6c
[  586.186347][T14144] Bluetooth: hci4: Dropping invalid advertising data
[  586.203276][T14144] Bluetooth: hci4: Malformed LE Event: 0x02
[  586.429814][T19263] CUSE: info not properly terminated
[  587.249951][ T5903] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  587.261082][T19290] gfs2: not a GFS2 filesystem
[  587.302687][T14144] Bluetooth: hci4: unknown advertising packet type: 0x6e
[  587.302723][T14144] Bluetooth: hci4: Dropping invalid advertising data
[  587.317669][T14144] Bluetooth: hci4: unknown advertising packet type: 0x20
[  587.317697][T14144] Bluetooth: hci4: Malformed LE Event: 0x02
[  587.429990][ T5903] usb 4-1: Using ep0 maxpacket: 32
[  587.445406][ T5903] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  587.470343][ T5903] usb 4-1: config 0 has no interface number 0
[  587.482339][ T5903] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  587.509918][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.528254][ T5903] usb 4-1: Product: syz
[  587.547213][ T5903] usb 4-1: Manufacturer: syz
[  587.559536][ T5903] usb 4-1: SerialNumber: syz
[  587.578091][ T5903] usb 4-1: config 0 descriptor??
[  587.595058][ T5903] smsc95xx v2.0.0
[  587.894377][T19306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  587.921120][T19306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  587.949166][T19306] gfs2: gfs2 mount does not exist
[  587.957079][T14144] Bluetooth: hci4: unknown advertising packet type: 0x6c
[  587.957113][T14144] Bluetooth: hci4: Dropping invalid advertising data
[  587.971396][T14144] Bluetooth: hci4: Malformed LE Event: 0x02
[  588.350682][T19311] netlink: 'syz.6.3968': attribute type 10 has an invalid length.
[  588.654592][T19317] FAULT_INJECTION: forcing a failure.
[  588.654592][T19317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.707688][T19317] CPU: 0 UID: 0 PID: 19317 Comm: syz.1.3970 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  588.707713][T19317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  588.707724][T19317] Call Trace:
[  588.707734][T19317]  <TASK>
[  588.707743][T19317]  dump_stack_lvl+0x189/0x250
[  588.707770][T19317]  ? __pfx____ratelimit+0x10/0x10
[  588.707792][T19317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  588.707812][T19317]  ? __pfx__printk+0x10/0x10
[  588.707833][T19317]  ? __might_fault+0xb0/0x130
[  588.707860][T19317]  should_fail_ex+0x414/0x560
[  588.707885][T19317]  _copy_from_iter+0x1db/0x16f0
[  588.707906][T19317]  ? rcu_is_watching+0x15/0xb0
[  588.707927][T19317]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  588.707947][T19317]  ? __pfx__copy_from_iter+0x10/0x10
[  588.707974][T19317]  ? __build_skb_around+0x257/0x3e0
[  588.707994][T19317]  ? netlink_sendmsg+0x642/0xb30
[  588.708017][T19317]  ? skb_put+0x11b/0x210
[  588.708037][T19317]  netlink_sendmsg+0x6b2/0xb30
[  588.708069][T19317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  588.708096][T19317]  ? aa_sock_msg_perm+0xf1/0x1d0
[  588.708121][T19317]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  588.708144][T19317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  588.708167][T19317]  __sock_sendmsg+0x219/0x270
[  588.708191][T19317]  ____sys_sendmsg+0x505/0x830
[  588.708216][T19317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  588.708243][T19317]  ? import_iovec+0x74/0xa0
[  588.708265][T19317]  ___sys_sendmsg+0x21f/0x2a0
[  588.708287][T19317]  ? __pfx____sys_sendmsg+0x10/0x10
[  588.708339][T19317]  ? __fget_files+0x2a/0x420
[  588.708361][T19317]  ? __fget_files+0x3a0/0x420
[  588.708393][T19317]  __x64_sys_sendmsg+0x19b/0x260
[  588.708414][T19317]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  588.708450][T19317]  ? __pfx_ksys_write+0x10/0x10
[  588.708469][T19317]  ? rcu_is_watching+0x15/0xb0
[  588.708494][T19317]  ? do_syscall_64+0xbe/0x3b0
[  588.708521][T19317]  do_syscall_64+0xfa/0x3b0
[  588.708542][T19317]  ? lockdep_hardirqs_on+0x9c/0x150
[  588.708563][T19317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.708581][T19317]  ? clear_bhb_loop+0x60/0xb0
[  588.708601][T19317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.708619][T19317] RIP: 0033:0x7f04feb8e9a9
[  588.708634][T19317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  588.708649][T19317] RSP: 002b:00007f04ff9d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  588.708668][T19317] RAX: ffffffffffffffda RBX: 00007f04fedb5fa0 RCX: 00007f04feb8e9a9
[  588.708682][T19317] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000003
[  588.708693][T19317] RBP: 00007f04ff9d5090 R08: 0000000000000000 R09: 0000000000000000
[  588.708704][T19317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.708715][T19317] R13: 0000000000000000 R14: 00007f04fedb5fa0 R15: 00007ffef9d3a128
[  588.708744][T19317]  </TASK>
[  589.287264][T19331] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.3974' sets config #-1
[  589.459905][ T5935] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  589.591028][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  589.622280][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  589.626203][ T5935] usb 6-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.649995][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  589.661014][ T5935] usb 6-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0
[  589.680096][ T5903] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  589.699810][ T5935] usb 6-1: config 0 interface 0 has no altsetting 0
[  589.706706][ T5935] usb 6-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  589.728227][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.758159][ T5903] usb 4-1: USB disconnect, device number 43
[  589.797403][ T5935] usb 6-1: config 0 descriptor??
[  590.261966][T19358] syz.1.3980: attempt to access beyond end of device
[  590.261966][T19358] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  590.289429][T14237] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  590.311811][ T5935] acrux 0003:1A34:F705.0029: hidraw0: USB HID v0.00 Device [HID 1a34:f705] on usb-dummy_hcd.5-1/input0
[  590.327151][T19359] FAULT_INJECTION: forcing a failure.
[  590.327151][T19359] name failslab, interval 1, probability 0, space 0, times 0
[  590.333589][T19358] EXT4-fs (loop1): unable to read superblock
[  590.371251][ T5935] acrux 0003:1A34:F705.0029: no inputs found
[  590.377323][ T5935] acrux 0003:1A34:F705.0029: Failed to enable force feedback support, error: -19
[  590.389475][T19359] CPU: 1 UID: 0 PID: 19359 Comm: syz.3.3981 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  590.389500][T19359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  590.389512][T19359] Call Trace:
[  590.389522][T19359]  <TASK>
[  590.389532][T19359]  dump_stack_lvl+0x189/0x250
[  590.389559][T19359]  ? __pfx____ratelimit+0x10/0x10
[  590.389582][T19359]  ? __pfx_dump_stack_lvl+0x10/0x10
[  590.389603][T19359]  ? __pfx__printk+0x10/0x10
[  590.389630][T19359]  ? __pfx___might_resched+0x10/0x10
[  590.389650][T19359]  ? fs_reclaim_acquire+0x7d/0x100
[  590.389673][T19359]  should_fail_ex+0x414/0x560
[  590.389696][T19359]  should_failslab+0xa8/0x100
[  590.389716][T19359]  __kmalloc_noprof+0xcb/0x4f0
[  590.389731][T19359]  ? kfree+0x4d/0x440
[  590.389744][T19359]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  590.389764][T19359]  tomoyo_realpath_from_path+0xe3/0x5d0
[  590.389780][T19359]  ? tomoyo_domain+0xd9/0x130
[  590.389801][T19359]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  590.389820][T19359]  tomoyo_path_number_perm+0x1e8/0x5a0
[  590.389842][T19359]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  590.389877][T19359]  ? __lock_acquire+0xab9/0xd20
[  590.389910][T19359]  ? __fget_files+0x2a/0x420
[  590.389936][T19359]  ? __fget_files+0x2a/0x420
[  590.389956][T19359]  ? __fget_files+0x3a0/0x420
[  590.389975][T19359]  ? __fget_files+0x2a/0x420
[  590.389999][T19359]  security_file_ioctl+0xcb/0x2d0
[  590.390021][T19359]  __se_sys_ioctl+0x47/0x170
[  590.390051][T19359]  do_syscall_64+0xfa/0x3b0
[  590.390070][T19359]  ? lockdep_hardirqs_on+0x9c/0x150
[  590.390087][T19359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.390100][T19359]  ? clear_bhb_loop+0x60/0xb0
[  590.390116][T19359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.390129][T19359] RIP: 0033:0x7fecd5b8e9a9
[  590.390142][T19359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.390153][T19359] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  590.390169][T19359] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  590.390179][T19359] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  590.390188][T19359] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  590.390197][T19359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.390205][T19359] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  590.390227][T19359]  </TASK>
[  590.390261][T19359] ERROR: Out of memory at tomoyo_realpath_from_path.
[  590.504611][T14237] usb 7-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  590.574560][ T5935] usb 6-1: USB disconnect, device number 95
[  590.597284][    C1] vkms_vblank_simulate: vblank timer overrun
[  590.618598][T14237] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.698227][T14237] usb 7-1: Product: syz
[  590.757873][T14144] Bluetooth: hci4: unexpected cc 0x040d length: 63 > 7
[  590.766411][T14144] Bluetooth: hci4: unexpected event for opcode 0x040d
[  590.799850][T19361] fido_id[19361]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:1A34:F705.0029/report_descriptor': No such device
[  590.827217][T14237] usb 7-1: Manufacturer: syz
[  590.833245][T14237] usb 7-1: SerialNumber: syz
[  590.862259][T14237] usb 7-1: config 0 descriptor??
[  590.869757][T19367] netlink: 'syz.3.3983': attribute type 5 has an invalid length.
[  590.903159][T14237] go7007 7-1:0.0: Sensoray 2250 found
[  590.926252][T14237] go7007 7-1:0.0: probe with driver go7007 failed with error -12
[  591.088874][T19352] gfs2: gfs2 mount does not exist
[  591.107462][T14144] Bluetooth: hci3: unknown advertising packet type: 0x6c
[  591.107551][T14144] Bluetooth: hci3: Dropping invalid advertising data
[  591.124826][T14144] Bluetooth: hci3: Malformed LE Event: 0x02
[  591.133928][ T5903] usb 7-1: USB disconnect, device number 3
[  592.168116][T19407] vxfs: WRONG superblock magic 00000000 at 1
[  592.176364][T19407] vxfs: WRONG superblock magic 00000000 at 8
[  592.182507][T19407] vxfs: can't find superblock.
[  592.354369][T19414] /dev/nullb0: Can't open blockdev
[  592.447827][T19418] /dev/rnullb0: Can't open blockdev
[  592.453955][T19417] loop3: detected capacity change from 0 to 1
[  592.474034][ T5979] Dev loop3: unable to read RDB block 1
[  592.493832][ T5979]  loop3: unable to read partition table
[  592.506596][ T5979] loop3: partition table beyond EOD, truncated
[  592.535216][T19417] Dev loop3: unable to read RDB block 1
[  592.548185][T19417]  loop3: unable to read partition table
[  592.567088][T19417] loop3: partition table beyond EOD, truncated
[  592.598705][T19417] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  592.783413][T19424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.807340][T19424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.895534][T14144] Bluetooth: hci3: unknown advertising packet type: 0x6e
[  592.895570][T14144] Bluetooth: hci3: Dropping invalid advertising data
[  592.912408][T14144] Bluetooth: hci3: Malformed LE Event: 0x02
[  593.393031][T19445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.402911][T19445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.107583][T19462] FAULT_INJECTION: forcing a failure.
[  594.107583][T19462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  594.135582][T19462] CPU: 1 UID: 0 PID: 19462 Comm: syz.6.4012 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  594.135608][T19462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  594.135619][T19462] Call Trace:
[  594.135627][T19462]  <TASK>
[  594.135635][T19462]  dump_stack_lvl+0x189/0x250
[  594.135665][T19462]  ? __pfx____ratelimit+0x10/0x10
[  594.135690][T19462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  594.135711][T19462]  ? __pfx__printk+0x10/0x10
[  594.135754][T19462]  should_fail_ex+0x414/0x560
[  594.135780][T19462]  strncpy_from_user+0x36/0x290
[  594.135805][T19462]  getname_flags+0xf3/0x540
[  594.135827][T19462]  do_sys_openat2+0xbc/0x1c0
[  594.135848][T19462]  ? __pfx_do_sys_openat2+0x10/0x10
[  594.135880][T19462]  __se_sys_openat2+0x226/0x2c0
[  594.135900][T19462]  ? __pfx___se_sys_openat2+0x10/0x10
[  594.135920][T19462]  ? rcu_is_watching+0x15/0xb0
[  594.135942][T19462]  ? do_syscall_64+0xbe/0x3b0
[  594.135969][T19462]  do_syscall_64+0xfa/0x3b0
[  594.135990][T19462]  ? lockdep_hardirqs_on+0x9c/0x150
[  594.136012][T19462]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.136029][T19462]  ? clear_bhb_loop+0x60/0xb0
[  594.136050][T19462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.136067][T19462] RIP: 0033:0x7fb97878e9a9
[  594.136084][T19462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  594.136098][T19462] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  594.136118][T19462] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  594.136129][T19462] RDX: 0000200000000300 RSI: 00002000000002c0 RDI: 00000000ffffff9c
[  594.136140][T19462] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  594.136150][T19462] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  594.136159][T19462] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  594.136184][T19462]  </TASK>
[  594.834180][T14144] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  594.844665][T14144] Bluetooth: hci4: Injecting HCI hardware error event
[  594.854305][ T5166] Bluetooth: hci4: hardware error 0x00
[  594.999202][   T24] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[  595.178588][   T24] usb 6-1: Using ep0 maxpacket: 16
[  595.187118][   T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  595.218889][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  595.227328][T19490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.258243][T19490] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.278676][   T24] usb 6-1: config 0 has no interface number 0
[  595.284846][   T24] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  595.291743][T19490] gfs2: gfs2 mount does not exist
[  595.336320][   T24] usb 6-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  595.339888][T14144] Bluetooth: hci4: unknown advertising packet type: 0x6c
[  595.345489][T14144] Bluetooth: hci4: Dropping invalid advertising data
[  595.364730][T14144] Bluetooth: hci4: Malformed LE Event: 0x02
[  595.407323][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.496772][   T24] usb 6-1: config 0 descriptor??
[  595.517792][   T24] usbhid 6-1:0.1: couldn't find an input interrupt endpoint
[  595.744790][T19502] netlink: 'syz.6.4025': attribute type 5 has an invalid length.
[  595.887442][T19512] gfs2: not a GFS2 filesystem
[  596.087008][T19519] FAULT_INJECTION: forcing a failure.
[  596.087008][T19519] name failslab, interval 1, probability 0, space 0, times 0
[  596.107729][T19519] CPU: 1 UID: 0 PID: 19519 Comm: syz.3.4028 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  596.107752][T19519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  596.107761][T19519] Call Trace:
[  596.107768][T19519]  <TASK>
[  596.107775][T19519]  dump_stack_lvl+0x189/0x250
[  596.107809][T19519]  ? __pfx____ratelimit+0x10/0x10
[  596.107828][T19519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  596.107847][T19519]  ? __pfx__printk+0x10/0x10
[  596.107868][T19519]  ? __pfx___might_resched+0x10/0x10
[  596.107885][T19519]  ? fs_reclaim_acquire+0x7d/0x100
[  596.107907][T19519]  should_fail_ex+0x414/0x560
[  596.107929][T19519]  should_failslab+0xa8/0x100
[  596.107947][T19519]  __kmalloc_noprof+0xcb/0x4f0
[  596.107961][T19519]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  596.107977][T19519]  ? sock_kmalloc+0xd6/0x160
[  596.107997][T19519]  sock_kmalloc+0xd6/0x160
[  596.108014][T19519]  hash_recvmsg+0x1d4/0x840
[  596.108036][T19519]  ? __pfx_hash_recvmsg+0x10/0x10
[  596.108053][T19519]  sock_recvmsg_nosec+0x186/0x1c0
[  596.108075][T19519]  ____sys_recvmsg+0x3aa/0x460
[  596.108100][T19519]  ? __pfx_____sys_recvmsg+0x10/0x10
[  596.108129][T19519]  ? import_iovec+0x74/0xa0
[  596.108149][T19519]  ___sys_recvmsg+0x1b5/0x510
[  596.108170][T19519]  ? __pfx____sys_recvmsg+0x10/0x10
[  596.108214][T19519]  ? __might_fault+0xb0/0x130
[  596.108232][T19519]  do_recvmmsg+0x307/0x770
[  596.108256][T19519]  ? __pfx_do_recvmmsg+0x10/0x10
[  596.108283][T19519]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  596.108319][T19519]  __x64_sys_recvmmsg+0x190/0x240
[  596.108339][T19519]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  596.108353][T19519]  ? rcu_is_watching+0x15/0xb0
[  596.108375][T19519]  ? do_syscall_64+0xbe/0x3b0
[  596.108398][T19519]  do_syscall_64+0xfa/0x3b0
[  596.108416][T19519]  ? lockdep_hardirqs_on+0x9c/0x150
[  596.108434][T19519]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.108448][T19519]  ? clear_bhb_loop+0x60/0xb0
[  596.108466][T19519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.108480][T19519] RIP: 0033:0x7fecd5b8e9a9
[  596.108494][T19519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.108507][T19519] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  596.108542][T19519] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  596.108553][T19519] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  596.108563][T19519] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  596.108572][T19519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  596.108581][T19519] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  596.108606][T19519]  </TASK>
[  596.791863][T19540] tipc: Started in network mode
[  596.797986][T19542] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4036'.
[  596.804512][T19540] tipc: Node identity cea8d8cfc22e, cluster identity 4711
[  596.808082][T19542] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4036'.
[  596.839090][T19540] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  596.908711][ T5166] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  596.937648][T19546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.946781][T19546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.990401][T19543] syzkaller0: entered promiscuous mode
[  596.996071][T19543] syzkaller0: entered allmulticast mode
[  597.002650][T19543] tipc: Resetting bearer <eth:syzkaller0>
[  597.011319][T19549] gfs2: gfs2 mount does not exist
[  597.138689][ T5903] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  597.301572][ T5903] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  597.312971][ T5903] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  597.323151][ T5903] usb 7-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  597.338032][ T5903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.355383][ T5903] usb 7-1: config 0 descriptor??
[  597.816263][T14237] usb 6-1: USB disconnect, device number 96
[  597.857098][ T5903] redragon 0003:0C45:760B.002A: hidraw0: USB HID v0.00 Device [HID 0c45:760b] on usb-dummy_hcd.6-1/input0
[  597.923884][  T120] tipc: Node number set to 210163919
[  598.011725][T19540] vxfs: WRONG superblock magic 00000000 at 1
[  598.045529][T19540] vxfs: WRONG superblock magic 00000000 at 8
[  598.064724][T19540] vxfs: can't find superblock.
[  598.097110][T14237] usb 7-1: USB disconnect, device number 4
[  598.131214][T19539] tipc: Resetting bearer <eth:syzkaller0>
[  608.342034][T19539] tipc: Disabling bearer <eth:syzkaller0>
[  608.768619][T19602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  608.810262][T19602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.012897][T19613] netlink: 'syz.5.4054': attribute type 12 has an invalid length.
[  609.098483][   T30] audit: type=1326 audit(1752937842.112:13174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19614 comm="syz.6.4055" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb97878e9a9 code=0x0
[  610.079951][T19648] netlink: 'syz.6.4060': attribute type 21 has an invalid length.
[  610.098845][T19648] netlink: 168 bytes leftover after parsing attributes in process `syz.6.4060'.
[  610.174053][T19653] /dev/rnullb0: Can't open blockdev
[  610.310164][T19659] netlink: 'syz.5.4064': attribute type 5 has an invalid length.
[  610.367658][ T5935] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  610.386171][ T5903] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  610.413722][T19663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.443962][T19663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.470264][T19665] /dev/rnullb0: Can't open blockdev
[  610.483053][T19665] fusectl: Unknown parameter '$.$*+'#'
[  610.492736][T19668] fusectl: Unknown parameter '$.$*+'#'
[  610.492907][T19665] /dev/rnullb0: Can't open blockdev
[  610.526077][ T5903] usb 4-1: device descriptor read/64, error -71
[  610.550030][ T5935] usb 7-1: Using ep0 maxpacket: 8
[  610.560873][ T5935] usb 7-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d
[  610.585766][ T5935] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.594302][ T5935] usb 7-1: Product: syz
[  610.599314][ T5935] usb 7-1: Manufacturer: syz
[  610.604041][ T5935] usb 7-1: SerialNumber: syz
[  610.613070][ T5935] usb 7-1: config 0 descriptor??
[  610.633258][ T5935] usb_ehset_test 7-1:0.0: probe with driver usb_ehset_test failed with error -32
[  610.767190][ T5903] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  610.898128][ T5935] usb 7-1: USB disconnect, device number 5
[  610.905926][ T5903] usb 4-1: device descriptor read/64, error -71
[  611.027273][ T5903] usb usb4-port1: attempt power cycle
[  611.092825][T19687] FAULT_INJECTION: forcing a failure.
[  611.092825][T19687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.106814][T19687] CPU: 1 UID: 0 PID: 19687 Comm: syz.1.4070 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  611.106841][T19687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.106856][T19687] Call Trace:
[  611.106864][T19687]  <TASK>
[  611.106872][T19687]  dump_stack_lvl+0x189/0x250
[  611.106899][T19687]  ? __pfx____ratelimit+0x10/0x10
[  611.106922][T19687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.106944][T19687]  ? __pfx__printk+0x10/0x10
[  611.106966][T19687]  ? __might_fault+0xb0/0x130
[  611.106996][T19687]  should_fail_ex+0x414/0x560
[  611.107021][T19687]  _copy_from_user+0x2d/0xb0
[  611.107041][T19687]  ___sys_recvmsg+0x12e/0x510
[  611.107066][T19687]  ? __pfx____sys_recvmsg+0x10/0x10
[  611.107116][T19687]  ? __might_fault+0xb0/0x130
[  611.107137][T19687]  do_recvmmsg+0x307/0x770
[  611.107166][T19687]  ? __pfx_do_recvmmsg+0x10/0x10
[  611.107197][T19687]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  611.107237][T19687]  __x64_sys_recvmmsg+0x190/0x240
[  611.107257][T19687]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  611.107275][T19687]  ? rcu_is_watching+0x15/0xb0
[  611.107302][T19687]  ? do_syscall_64+0xbe/0x3b0
[  611.107329][T19687]  do_syscall_64+0xfa/0x3b0
[  611.107349][T19687]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.107370][T19687]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.107387][T19687]  ? clear_bhb_loop+0x60/0xb0
[  611.107408][T19687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.107424][T19687] RIP: 0033:0x7f04feb8e9a9
[  611.107441][T19687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.107455][T19687] RSP: 002b:00007f04ff9d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  611.107475][T19687] RAX: ffffffffffffffda RBX: 00007f04fedb5fa0 RCX: 00007f04feb8e9a9
[  611.107488][T19687] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  611.107500][T19687] RBP: 00007f04ff9d5090 R08: 0000000000000000 R09: 0000000000000000
[  611.107517][T19687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  611.107528][T19687] R13: 0000000000000000 R14: 00007f04fedb5fa0 R15: 00007ffef9d3a128
[  611.107557][T19687]  </TASK>
[  611.328640][T14237] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[  611.471138][T14237] usb 6-1: device descriptor read/64, error -71
[  611.587435][T19698] /dev/rnullb0: Can't open blockdev
[  611.594558][T19699] /dev/rnullb0: Can't open blockdev
[  611.605956][ T5903] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  611.628292][ T5903] usb 4-1: device descriptor read/8, error -71
[  611.723238][T14237] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[  611.768613][T19704] FAULT_INJECTION: forcing a failure.
[  611.768613][T19704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.768644][T19704] CPU: 1 UID: 0 PID: 19704 Comm: syz.1.4073 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  611.768665][T19704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.768676][T19704] Call Trace:
[  611.768684][T19704]  <TASK>
[  611.768695][T19704]  dump_stack_lvl+0x189/0x250
[  611.768721][T19704]  ? __pfx____ratelimit+0x10/0x10
[  611.768745][T19704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.768767][T19704]  ? __pfx__printk+0x10/0x10
[  611.768789][T19704]  ? __might_fault+0xb0/0x130
[  611.768820][T19704]  should_fail_ex+0x414/0x560
[  611.768846][T19704]  _copy_from_user+0x2d/0xb0
[  611.768866][T19704]  drm_ioctl+0x58a/0xb10
[  611.768894][T19704]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  611.768920][T19704]  ? __pfx_drm_ioctl+0x10/0x10
[  611.768955][T19704]  ? __fget_files+0x2a/0x420
[  611.768981][T19704]  ? bpf_lsm_file_ioctl+0x9/0x20
[  611.768999][T19704]  ? __pfx_drm_ioctl+0x10/0x10
[  611.769020][T19704]  __se_sys_ioctl+0xf9/0x170
[  611.769042][T19704]  do_syscall_64+0xfa/0x3b0
[  611.769064][T19704]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.769085][T19704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.769103][T19704]  ? clear_bhb_loop+0x60/0xb0
[  611.769124][T19704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.769141][T19704] RIP: 0033:0x7f04feb8e9a9
[  611.769157][T19704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.769173][T19704] RSP: 002b:00007f04ff9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  611.769192][T19704] RAX: ffffffffffffffda RBX: 00007f04fedb5fa0 RCX: 00007f04feb8e9a9
[  611.769205][T19704] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  611.769217][T19704] RBP: 00007f04ff9d5090 R08: 0000000000000000 R09: 0000000000000000
[  611.769228][T19704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.769239][T19704] R13: 0000000000000000 R14: 00007f04fedb5fa0 R15: 00007ffef9d3a128
[  611.769267][T19704]  </TASK>
[  611.888648][ T5903] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  611.889226][T14237] usb 6-1: device descriptor read/64, error -71
[  611.910294][ T5903] usb 4-1: device descriptor read/8, error -71
[  611.953283][T19711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.953691][T19711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  612.007933][T14237] usb usb6-port1: attempt power cycle
[  612.133498][ T5903] usb usb4-port1: unable to enumerate USB device
[  612.184388][T19715] sctp: [Deprecated]: syz.6.4076 (pid 19715) Use of struct sctp_assoc_value in delayed_ack socket option.
[  612.184388][T19715] Use struct sctp_sack_info instead
[  612.212208][T19715] /dev/rnullb0: Can't open blockdev
[  612.404958][T19719] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  612.485759][T14237] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[  612.526163][T14237] usb 6-1: device descriptor read/8, error -71
[  612.775626][T14237] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[  612.785585][   T43] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  612.797123][T14237] usb 6-1: device descriptor read/8, error -71
[  612.906934][T14237] usb usb6-port1: unable to enumerate USB device
[  612.945772][   T43] usb 7-1: Using ep0 maxpacket: 16
[  612.953472][   T43] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  612.961785][   T43] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.972555][   T43] usb 7-1: config 0 has no interface number 0
[  612.978753][   T43] usb 7-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  612.994770][   T43] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  613.004050][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.014548][   T43] usb 7-1: config 0 descriptor??
[  613.024957][   T43] usbhid 7-1:0.1: couldn't find an input interrupt endpoint
[  613.233637][T19737] /dev/rnullb0: Can't open blockdev
[  614.122287][T19754] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  614.305409][   T43] usb 6-1: new high-speed USB device number 101 using dummy_hcd
[  614.404078][T19766] /dev/rnullb0: Can't open blockdev
[  614.488296][   T43] usb 6-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  614.498961][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.520984][   T43] usb 6-1: Product: syz
[  614.535288][T14237] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  614.538678][   T43] usb 6-1: Manufacturer: syz
[  614.552380][   T43] usb 6-1: SerialNumber: syz
[  614.571558][   T43] usb 6-1: config 0 descriptor??
[  614.593304][   T43] go7007 6-1:0.0: Sensoray 2250 found
[  614.599801][   T43] go7007 6-1:0.0: probe with driver go7007 failed with error -12
[  614.656523][T19771] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.697002][T14237] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  614.728217][T14237] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  614.757124][T14237] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  614.769015][T14237] usb 4-1: config 1 has no interface number 1
[  614.794719][T14237] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  614.822557][ T5934] usb 6-1: USB disconnect, device number 101
[  614.830193][ T5166] Bluetooth: hci1: unknown advertising packet type: 0x6e
[  614.830225][ T5166] Bluetooth: hci1: Dropping invalid advertising data
[  614.844256][ T5166] Bluetooth: hci1: Malformed LE Event: 0x02
[  614.855002][T14237] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  614.876631][T14237] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  614.892862][T14237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.901278][T14237] usb 4-1: Product: syz
[  614.912468][T14237] usb 4-1: Manufacturer: syz
[  614.917239][T14237] usb 4-1: SerialNumber: syz
[  615.292401][T19761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.331889][T19761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.411197][T19792] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  615.485414][T14237] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  615.485971][T19796] netlink: 'syz.5.4101': attribute type 12 has an invalid length.
[  615.492976][T14237] usb 4-1: MIDIStreaming interface descriptor not found
[  615.595316][T14237] usb 4-1: USB disconnect, device number 48
[  615.650896][  T120] usb 7-1: USB disconnect, device number 6
[  615.802874][T19803] udevd[19803]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  616.241150][T19821] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  616.949662][T19839] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  617.087213][T19846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.125356][T19846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.232414][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  617.439281][T19854] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  617.774023][T19865] FAULT_INJECTION: forcing a failure.
[  617.774023][T19865] name failslab, interval 1, probability 0, space 0, times 0
[  617.811405][T19871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4120'.
[  617.834805][T19865] CPU: 1 UID: 0 PID: 19865 Comm: syz.3.4118 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  617.834831][T19865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  617.834839][T19865] Call Trace:
[  617.834847][T19865]  <TASK>
[  617.834855][T19865]  dump_stack_lvl+0x189/0x250
[  617.834883][T19865]  ? __pfx____ratelimit+0x10/0x10
[  617.834904][T19865]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.834925][T19865]  ? __pfx__printk+0x10/0x10
[  617.834951][T19865]  ? __pfx___might_resched+0x10/0x10
[  617.834970][T19865]  ? fs_reclaim_acquire+0x7d/0x100
[  617.834995][T19865]  should_fail_ex+0x414/0x560
[  617.835021][T19865]  should_failslab+0xa8/0x100
[  617.835041][T19865]  __kmalloc_cache_noprof+0x70/0x3d0
[  617.835060][T19865]  ? drm_atomic_state_alloc+0xa9/0x100
[  617.835076][T19865]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.835098][T19865]  drm_atomic_state_alloc+0xa9/0x100
[  617.835116][T19865]  drm_mode_atomic_ioctl+0x437/0xcb0
[  617.835149][T19865]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  617.835187][T19865]  ? do_raw_spin_unlock+0x122/0x240
[  617.835211][T19865]  ? _raw_spin_unlock+0x28/0x50
[  617.835230][T19865]  ? drm_is_current_master+0x19f/0x200
[  617.835251][T19865]  drm_ioctl_kernel+0x2cc/0x390
[  617.835271][T19865]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  617.835289][T19865]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  617.835321][T19865]  drm_ioctl+0x67f/0xb10
[  617.835345][T19865]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  617.835369][T19865]  ? __pfx_drm_ioctl+0x10/0x10
[  617.835401][T19865]  ? __fget_files+0x2a/0x420
[  617.835425][T19865]  ? bpf_lsm_file_ioctl+0x9/0x20
[  617.835441][T19865]  ? __pfx_drm_ioctl+0x10/0x10
[  617.835460][T19865]  __se_sys_ioctl+0xf9/0x170
[  617.835480][T19865]  do_syscall_64+0xfa/0x3b0
[  617.835500][T19865]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.835521][T19865]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.835538][T19865]  ? clear_bhb_loop+0x60/0xb0
[  617.835558][T19865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.835575][T19865] RIP: 0033:0x7fecd5b8e9a9
[  617.835591][T19865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.835605][T19865] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  617.835633][T19865] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  617.835647][T19865] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  617.835659][T19865] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  617.835670][T19865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.835681][T19865] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  617.835709][T19865]  </TASK>
[  617.842584][T19871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4120'.
[  618.482978][T19880] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  619.051906][T19898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  619.414338][T14237] usb 6-1: new high-speed USB device number 102 using dummy_hcd
[  619.570041][T14237] usb 6-1: Using ep0 maxpacket: 16
[  619.578312][T14237] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  619.586756][T14237] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.597062][T14237] usb 6-1: config 0 has no interface number 0
[  619.603249][T14237] usb 6-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  619.616844][T14237] usb 6-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  619.633843][T14237] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.645715][T14237] usb 6-1: config 0 descriptor??
[  619.657727][T14237] usbhid 6-1:0.1: couldn't find an input interrupt endpoint
[  620.802205][T19922] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  621.087236][T19930] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  621.196635][T14237] usb 2-1: USB disconnect, device number 109
[  621.275203][T14144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  621.321407][T14144] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  621.331946][T14144] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  621.345330][T14144] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  621.355630][T14144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  621.552654][T19935] chnl_net:caif_netlink_parms(): no params data found
[  621.646534][T19935] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.653792][T19935] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.662002][T19935] bridge_slave_0: entered allmulticast mode
[  621.669856][T19935] bridge_slave_0: entered promiscuous mode
[  621.680415][T19935] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.689598][T19935] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.697274][T19935] bridge_slave_1: entered allmulticast mode
[  621.715467][T19935] bridge_slave_1: entered promiscuous mode
[  621.748987][T19935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  621.761574][T19935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  621.803735][T19935] team0: Port device team_slave_0 added
[  621.812531][T19935] team0: Port device team_slave_1 added
[  621.844258][T19935] batman_adv: batadv0: Adding interface: batadv_slave_0
[  621.851373][T19935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.880484][T19935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  621.894181][T19935] batman_adv: batadv0: Adding interface: batadv_slave_1
[  621.901139][T19935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.928582][T19935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.983169][T19935] hsr_slave_0: entered promiscuous mode
[  621.990168][T19935] hsr_slave_1: entered promiscuous mode
[  621.998165][T19935] debugfs: 'hsr0' already exists in 'hsr'
[  622.005549][T19935] Cannot create hsr debugfs directory
[  622.231635][ T5935] usb 6-1: USB disconnect, device number 102
[  622.427481][T19961] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  622.619716][T19935] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.748564][   T43] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  622.826811][T19935] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.916034][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  622.934625][T14237] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  622.943994][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  622.967966][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  623.013984][   T43] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  623.032405][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.050433][T19935] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.073983][   T43] usb 4-1: config 0 descriptor??
[  623.130048][T14237] usb 7-1: no configurations
[  623.135676][T14237] usb 7-1: can't read configurations, error -22
[  623.161871][T19935] bond0: (slave netdevsim0): Releasing backup interface
[  623.201817][T19935] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.274249][T14237] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  623.386595][T14144] Bluetooth: hci4: command tx timeout
[  623.456243][T14237] usb 7-1: no configurations
[  623.460873][T14237] usb 7-1: can't read configurations, error -22
[  623.478792][T14237] usb usb7-port1: attempt power cycle
[  623.498325][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.523340][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.543317][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.553299][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.577334][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.597100][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.610354][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.622600][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.643229][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.652317][   T43] plantronics 0003:047F:FFFF.002B: unknown main item tag 0x0
[  623.686560][   T43] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  623.853884][T14237] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  623.886481][T14237] usb 7-1: no configurations
[  623.891204][T14237] usb 7-1: can't read configurations, error -22
[  623.914929][T19935] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  623.928755][  T120] usb 4-1: USB disconnect, device number 49
[  623.972987][T19935] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  624.036967][T19935] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  624.057390][T14237] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  624.087854][T14237] usb 7-1: no configurations
[  624.092485][T14237] usb 7-1: can't read configurations, error -22
[  624.093530][T19935] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  624.108320][T14237] usb usb7-port1: unable to enumerate USB device
[  624.260598][T20019] /dev/rnullb0: Can't open blockdev
[  624.284285][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  624.371651][T19935] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.379896][T20017] syzkaller1: entered promiscuous mode
[  624.386216][T20017] syzkaller1: entered allmulticast mode
[  624.401786][T20017] /dev/rnullb0: Can't open blockdev
[  624.564584][T19935] 8021q: adding VLAN 0 to HW filter on device team0
[  624.597667][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.604867][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.659259][ T1116] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.666554][ T1116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  624.802249][T19935] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  625.092322][T20046] FAULT_INJECTION: forcing a failure.
[  625.092322][T20046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  625.113641][T20046] CPU: 0 UID: 0 PID: 20046 Comm: syz.5.4160 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  625.113667][T20046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  625.113679][T20046] Call Trace:
[  625.113686][T20046]  <TASK>
[  625.113695][T20046]  dump_stack_lvl+0x189/0x250
[  625.113722][T20046]  ? __pfx____ratelimit+0x10/0x10
[  625.113746][T20046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  625.113768][T20046]  ? __pfx__printk+0x10/0x10
[  625.113791][T20046]  ? __might_fault+0xb0/0x130
[  625.113820][T20046]  should_fail_ex+0x414/0x560
[  625.113846][T20046]  _copy_from_user+0x2d/0xb0
[  625.113866][T20046]  ___sys_recvmsg+0x12e/0x510
[  625.113892][T20046]  ? __pfx____sys_recvmsg+0x10/0x10
[  625.113949][T20046]  ? __might_fault+0xb0/0x130
[  625.113971][T20046]  do_recvmmsg+0x307/0x770
[  625.113998][T20046]  ? __pfx_do_recvmmsg+0x10/0x10
[  625.114030][T20046]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  625.114070][T20046]  __x64_sys_recvmmsg+0x190/0x240
[  625.114092][T20046]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  625.114108][T20046]  ? rcu_is_watching+0x15/0xb0
[  625.114133][T20046]  ? do_syscall_64+0xbe/0x3b0
[  625.114158][T20046]  do_syscall_64+0xfa/0x3b0
[  625.114178][T20046]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.114199][T20046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.114215][T20046]  ? clear_bhb_loop+0x60/0xb0
[  625.114236][T20046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.114253][T20046] RIP: 0033:0x7f64dc78e9a9
[  625.114269][T20046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  625.114284][T20046] RSP: 002b:00007f64dd696038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  625.114301][T20046] RAX: ffffffffffffffda RBX: 00007f64dc9b5fa0 RCX: 00007f64dc78e9a9
[  625.114314][T20046] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  625.114326][T20046] RBP: 00007f64dd696090 R08: 0000000000000000 R09: 0000000000000000
[  625.114337][T20046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  625.114348][T20046] R13: 0000000000000000 R14: 00007f64dc9b5fa0 R15: 00007ffff23f0b28
[  625.114376][T20046]  </TASK>
[  625.335409][    C0] vkms_vblank_simulate: vblank timer overrun
[  625.353002][T19935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  625.399439][T19935] veth0_vlan: entered promiscuous mode
[  625.413671][T19935] veth1_vlan: entered promiscuous mode
[  625.463312][T14144] Bluetooth: hci4: command tx timeout
[  625.510783][T19935] veth0_macvtap: entered promiscuous mode
[  625.529245][T19935] veth1_macvtap: entered promiscuous mode
[  625.561349][T19935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  625.576783][T19935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  625.617890][T11954] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  625.649054][T11954] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  625.740107][T11954] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  625.789103][T20058] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4163'.
[  625.833800][T11954] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  625.878942][T20061] /dev/rnullb0: Can't open blockdev
[  626.090498][ T4603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.122809][ T4603] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.256648][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.302518][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.429057][T20079] sctp: [Deprecated]: syz.5.4169 (pid 20079) Use of int in maxseg socket option.
[  626.429057][T20079] Use struct sctp_assoc_value instead
[  626.735311][T20091] /dev/rnullb0: Can't open blockdev
[  627.033506][ T5935] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  627.207103][ T5935] usb 4-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  627.217571][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.231468][ T5935] usb 4-1: Product: syz
[  627.241367][ T5935] usb 4-1: Manufacturer: syz
[  627.247886][ T5935] usb 4-1: SerialNumber: syz
[  627.260965][ T5935] usb 4-1: config 0 descriptor??
[  627.276385][ T5935] go7007 4-1:0.0: Sensoray 2250 found
[  627.281997][ T5935] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  627.357321][ T5882] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  627.504109][T14144] Bluetooth: hci0: unknown advertising packet type: 0x99
[  627.504166][T14144] Bluetooth: hci0: Malformed LE Event: 0x02
[  627.510199][T14237] usb 4-1: USB disconnect, device number 50
[  627.513481][ T5882] usb 2-1: Using ep0 maxpacket: 16
[  627.530156][T20116] /dev/rnullb0: Can't open blockdev
[  627.541435][ T5882] usb 2-1: config 1 has an invalid descriptor of length 136, skipping remainder of the config
[  627.555199][T14144] Bluetooth: hci4: command tx timeout
[  627.573153][ T5882] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  627.593203][ T5882] usb 2-1: New USB device found, idVendor=0525, idProduct=7ea1, bcdDevice=f2.a0
[  627.606657][ T5882] usb 2-1: New USB device strings: Mfr=71, Product=2, SerialNumber=3
[  627.616864][ T5882] usb 2-1: Product: syz
[  627.621049][ T5882] usb 2-1: Manufacturer: syz
[  627.622677][T20118] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4181'.
[  627.632282][ T5882] usb 2-1: SerialNumber: syz
[  627.790455][T20124] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  627.869815][T20106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.890278][T20106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.972674][T20127] /dev/rnullb0: Can't open blockdev
[  627.995622][T20127] netlink: 'syz.6.4185': attribute type 27 has an invalid length.
[  628.148172][ T5882] cdc_ncm 2-1:1.0: bind() failure
[  628.246124][ T5882] usb 2-1: USB disconnect, device number 110
[  628.385928][T20142] netlink: 'syz.3.4191': attribute type 5 has an invalid length.
[  628.400232][T20143] /dev/rnullb0: Can't open blockdev
[  628.522966][  T120] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  628.527480][T20149] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  628.683527][  T120] usb 7-1: Using ep0 maxpacket: 8
[  628.699635][  T120] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  628.722534][  T120] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  628.746627][  T120] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  628.758168][  T120] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  628.769366][  T120] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  628.799679][  T120] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  628.841385][  T120] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.887207][T14237] usb 6-1: new high-speed USB device number 103 using dummy_hcd
[  628.900239][T20162] FAULT_INJECTION: forcing a failure.
[  628.900239][T20162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.930641][T20162] CPU: 1 UID: 0 PID: 20162 Comm: syz.1.4197 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  628.930667][T20162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  628.930679][T20162] Call Trace:
[  628.930687][T20162]  <TASK>
[  628.930695][T20162]  dump_stack_lvl+0x189/0x250
[  628.930720][T20162]  ? __pfx____ratelimit+0x10/0x10
[  628.930743][T20162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.930763][T20162]  ? __pfx__printk+0x10/0x10
[  628.930786][T20162]  ? __might_fault+0xb0/0x130
[  628.930811][T20162]  should_fail_ex+0x414/0x560
[  628.930835][T20162]  _copy_from_user+0x2d/0xb0
[  628.930854][T20162]  do_sock_getsockopt+0x17d/0x450
[  628.930876][T20162]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  628.930899][T20162]  ? do_syscall_64+0xa0/0x3b0
[  628.930920][T20162]  ? __fget_files+0x3a0/0x420
[  628.930941][T20162]  ? __fget_files+0x2a/0x420
[  628.930970][T20162]  __x64_sys_getsockopt+0x1a5/0x250
[  628.930987][T20162]  ? do_syscall_64+0xa0/0x3b0
[  628.931011][T20162]  ? do_syscall_64+0xa0/0x3b0
[  628.931036][T20162]  do_syscall_64+0xfa/0x3b0
[  628.931057][T20162]  ? lockdep_hardirqs_on+0x9c/0x150
[  628.931078][T20162]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.931095][T20162]  ? clear_bhb_loop+0x60/0xb0
[  628.931115][T20162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.931131][T20162] RIP: 0033:0x7f5fc818e9a9
[  628.931148][T20162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.931163][T20162] RSP: 002b:00007f5fc906a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  628.931182][T20162] RAX: ffffffffffffffda RBX: 00007f5fc83b5fa0 RCX: 00007f5fc818e9a9
[  628.931196][T20162] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003
[  628.931208][T20162] RBP: 00007f5fc906a090 R08: 0000200000000000 R09: 0000000000000000
[  628.931221][T20162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.931231][T20162] R13: 0000000000000000 R14: 00007f5fc83b5fa0 R15: 00007ffe78ed0bd8
[  628.931260][T20162]  </TASK>
[  629.222937][T14237] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  629.242438][T14237] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  629.264917][T14237] usb 6-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  629.284701][T14237] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.341793][T14237] usb 6-1: Product: syz
[  629.377944][T20171] /dev/rnullb0: Can't open blockdev
[  629.401267][T20137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  629.423078][T20137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  629.433149][T14237] usb 6-1: Manufacturer: syz
[  629.437771][T14237] usb 6-1: SerialNumber: syz
[  629.457176][ T5935] usb 7-1: USB disconnect, device number 11
[  629.470097][T14237] usb 6-1: config 0 descriptor??
[  629.525496][T14237] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -22
[  629.626376][T14144] Bluetooth: hci4: command tx timeout
[  629.654976][T20178] /dev/rnullb0: Can't open blockdev
[  629.722900][T20153] kAFS: Can only specify source 'none' with -o dyn
[  629.862036][T20184] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4202'.
[  629.869664][T14237] usb 6-1: USB disconnect, device number 103
[  629.979337][T20191] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  630.085418][T20184] syz.3.4202 (20184) used obsolete PPPIOCDETACH ioctl
[  630.415844][T20206] FAULT_INJECTION: forcing a failure.
[  630.415844][T20206] name failslab, interval 1, probability 0, space 0, times 0
[  630.444504][T20206] CPU: 1 UID: 0 PID: 20206 Comm: syz.6.4207 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  630.444532][T20206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  630.444543][T20206] Call Trace:
[  630.444551][T20206]  <TASK>
[  630.444559][T20206]  dump_stack_lvl+0x189/0x250
[  630.444586][T20206]  ? __pfx____ratelimit+0x10/0x10
[  630.444610][T20206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  630.444633][T20206]  ? __pfx__printk+0x10/0x10
[  630.444661][T20206]  ? __pfx___might_resched+0x10/0x10
[  630.444681][T20206]  ? fs_reclaim_acquire+0x7d/0x100
[  630.444705][T20206]  should_fail_ex+0x414/0x560
[  630.444731][T20206]  should_failslab+0xa8/0x100
[  630.444758][T20206]  __kmalloc_noprof+0xcb/0x4f0
[  630.444777][T20206]  ? drm_atomic_state_init+0x106/0x310
[  630.444799][T20206]  drm_atomic_state_init+0x106/0x310
[  630.444820][T20206]  drm_atomic_state_alloc+0xbc/0x100
[  630.444838][T20206]  drm_mode_atomic_ioctl+0x437/0xcb0
[  630.444874][T20206]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  630.444917][T20206]  ? do_raw_spin_unlock+0x122/0x240
[  630.444944][T20206]  ? _raw_spin_unlock+0x28/0x50
[  630.444963][T20206]  ? drm_is_current_master+0x19f/0x200
[  630.444984][T20206]  drm_ioctl_kernel+0x2cc/0x390
[  630.445006][T20206]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  630.445025][T20206]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  630.445056][T20206]  drm_ioctl+0x67f/0xb10
[  630.445082][T20206]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  630.445107][T20206]  ? __pfx_drm_ioctl+0x10/0x10
[  630.445139][T20206]  ? __fget_files+0x2a/0x420
[  630.445165][T20206]  ? bpf_lsm_file_ioctl+0x9/0x20
[  630.445183][T20206]  ? __pfx_drm_ioctl+0x10/0x10
[  630.445204][T20206]  __se_sys_ioctl+0xf9/0x170
[  630.445226][T20206]  do_syscall_64+0xfa/0x3b0
[  630.445248][T20206]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.445269][T20206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.445286][T20206]  ? clear_bhb_loop+0x60/0xb0
[  630.445308][T20206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.445324][T20206] RIP: 0033:0x7fb97878e9a9
[  630.445341][T20206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  630.445356][T20206] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  630.445375][T20206] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  630.445388][T20206] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  630.445400][T20206] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  630.445412][T20206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  630.445422][T20206] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  630.445450][T20206]  </TASK>
[  630.987083][T20212] FAULT_INJECTION: forcing a failure.
[  630.987083][T20212] name failslab, interval 1, probability 0, space 0, times 0
[  631.001285][T20212] CPU: 1 UID: 0 PID: 20212 Comm: syz.6.4209 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  631.001312][T20212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  631.001323][T20212] Call Trace:
[  631.001332][T20212]  <TASK>
[  631.001339][T20212]  dump_stack_lvl+0x189/0x250
[  631.001367][T20212]  ? __pfx____ratelimit+0x10/0x10
[  631.001391][T20212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  631.001422][T20212]  ? __pfx__printk+0x10/0x10
[  631.001447][T20212]  ? __pfx___might_resched+0x10/0x10
[  631.001468][T20212]  ? fs_reclaim_acquire+0x7d/0x100
[  631.001494][T20212]  should_fail_ex+0x414/0x560
[  631.001520][T20212]  should_failslab+0xa8/0x100
[  631.001541][T20212]  __kmalloc_noprof+0xcb/0x4f0
[  631.001559][T20212]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  631.001578][T20212]  ? sock_kmalloc+0xd6/0x160
[  631.001603][T20212]  sock_kmalloc+0xd6/0x160
[  631.001624][T20212]  hash_recvmsg+0x1d4/0x840
[  631.001651][T20212]  ? __pfx_hash_recvmsg+0x10/0x10
[  631.001671][T20212]  sock_recvmsg_nosec+0x186/0x1c0
[  631.001698][T20212]  ____sys_recvmsg+0x3aa/0x460
[  631.001726][T20212]  ? __pfx_____sys_recvmsg+0x10/0x10
[  631.001761][T20212]  ? import_iovec+0x74/0xa0
[  631.001784][T20212]  ___sys_recvmsg+0x1b5/0x510
[  631.001809][T20212]  ? __pfx____sys_recvmsg+0x10/0x10
[  631.001861][T20212]  ? __might_fault+0xb0/0x130
[  631.001884][T20212]  do_recvmmsg+0x307/0x770
[  631.001912][T20212]  ? __pfx_do_recvmmsg+0x10/0x10
[  631.001943][T20212]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  631.001984][T20212]  __x64_sys_recvmmsg+0x190/0x240
[  631.002007][T20212]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  631.002023][T20212]  ? rcu_is_watching+0x15/0xb0
[  631.002050][T20212]  ? do_syscall_64+0xbe/0x3b0
[  631.002076][T20212]  do_syscall_64+0xfa/0x3b0
[  631.002097][T20212]  ? lockdep_hardirqs_on+0x9c/0x150
[  631.002119][T20212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.002136][T20212]  ? clear_bhb_loop+0x60/0xb0
[  631.002157][T20212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.002173][T20212] RIP: 0033:0x7fb97878e9a9
[  631.002189][T20212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.002203][T20212] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  631.002224][T20212] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  631.002236][T20212] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  631.002246][T20212] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  631.002257][T20212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  631.002266][T20212] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  631.002292][T20212]  </TASK>
[  631.477762][T20220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4211'.
[  631.500903][T20224] /dev/rnullb0: Can't open blockdev
[  631.511021][T20220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4211'.
[  631.662246][ T5935] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  631.832504][ T5935] usb 4-1: Using ep0 maxpacket: 16
[  631.849851][ T5935] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  631.872276][ T5935] usb 4-1: config 0 has no interface number 0
[  631.902185][ T5935] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  631.951303][ T5935] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  631.965720][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.979710][ T5935] usb 4-1: config 0 descriptor??
[  631.983408][ T5935] usbhid 4-1:0.1: couldn't find an input interrupt endpoint
[  632.297576][T20261] netlink: 'syz.6.4224': attribute type 10 has an invalid length.
[  632.442135][ T5934] usb 6-1: new high-speed USB device number 104 using dummy_hcd
[  633.152478][T20281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4230'.
[  633.261395][T20281] binder: 20280:20281 ioctl 4018620d 0 returned -22
[  633.335955][T20290] binder: 20280:20290 ioctl c018620c 0 returned -14
[  633.883956][T14237] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  634.069333][T14237] usb 7-1: config 3 has an invalid interface number: 106 but max is 0
[  634.080671][T14237] usb 7-1: config 3 has no interface number 0
[  634.091067][T14237] usb 7-1: New USB device found, idVendor=0c45, idProduct=628e, bcdDevice=57.cc
[  634.109914][T14237] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.121528][T14237] usb 7-1: Product: syz
[  634.134354][T14237] usb 7-1: Manufacturer: syz
[  634.139293][T14237] usb 7-1: SerialNumber: syz
[  634.166516][T14237] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628e
[  634.259849][T20312] netlink: 'syz.1.4239': attribute type 5 has an invalid length.
[  634.268911][T20312] netlink: 176 bytes leftover after parsing attributes in process `syz.1.4239'.
[  634.491965][ T5935] usb 4-1: USB disconnect, device number 51
[  634.550943][T20322] /dev/rnullb0: Can't open blockdev
[  634.659512][T20326] FAULT_INJECTION: forcing a failure.
[  634.659512][T20326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  634.691745][T20326] CPU: 0 UID: 0 PID: 20326 Comm: syz.3.4244 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  634.691776][T20326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  634.691787][T20326] Call Trace:
[  634.691795][T20326]  <TASK>
[  634.691803][T20326]  dump_stack_lvl+0x189/0x250
[  634.691830][T20326]  ? __pfx____ratelimit+0x10/0x10
[  634.691853][T20326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  634.691873][T20326]  ? __pfx__printk+0x10/0x10
[  634.691906][T20326]  should_fail_ex+0x414/0x560
[  634.691930][T20326]  _copy_to_user+0x31/0xb0
[  634.691951][T20326]  simple_read_from_buffer+0xe1/0x170
[  634.691979][T20326]  proc_fail_nth_read+0x1b3/0x220
[  634.692002][T20326]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  634.692025][T20326]  ? rw_verify_area+0x2a6/0x4d0
[  634.692044][T20326]  ? __lock_acquire+0xab9/0xd20
[  634.692061][T20326]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  634.692081][T20326]  vfs_read+0x1fd/0x980
[  634.692101][T20326]  ? fdget_pos+0x247/0x320
[  634.692149][T20326]  ? __pfx___mutex_lock+0x10/0x10
[  634.692172][T20326]  ? __pfx_vfs_read+0x10/0x10
[  634.692194][T20326]  ? __fget_files+0x2a/0x420
[  634.692218][T20326]  ? __fget_files+0x3a0/0x420
[  634.692238][T20326]  ? __fget_files+0x2a/0x420
[  634.692269][T20326]  ksys_read+0x145/0x250
[  634.692293][T20326]  ? __pfx_ksys_read+0x10/0x10
[  634.692311][T20326]  ? fput+0xa0/0xd0
[  634.692333][T20326]  ? do_syscall_64+0xbe/0x3b0
[  634.692358][T20326]  do_syscall_64+0xfa/0x3b0
[  634.692381][T20326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.692396][T20326]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  634.692414][T20326]  ? clear_bhb_loop+0x60/0xb0
[  634.692435][T20326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.692451][T20326] RIP: 0033:0x7fecd5b8d3bc
[  634.692468][T20326] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  634.692482][T20326] RSP: 002b:00007fecd69bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  634.692501][T20326] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8d3bc
[  634.692515][T20326] RDX: 000000000000000f RSI: 00007fecd69bf0a0 RDI: 0000000000000004
[  634.692526][T20326] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  634.692537][T20326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  634.692549][T20326] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  634.692578][T20326]  </TASK>
[  635.260096][T14237] gspca_sn9c20x: Write register 1000 failed -110
[  635.266601][T14237] gspca_sn9c20x: Device initialization failed
[  635.272827][T14237] gspca_sn9c20x 7-1:3.106: probe with driver gspca_sn9c20x failed with error -110
[  636.704474][   T43] usb 7-1: USB disconnect, device number 12
[  636.913669][T20353] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4253'.
[  637.220890][T20370] FAULT_INJECTION: forcing a failure.
[  637.220890][T20370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  637.256957][T20370] CPU: 0 UID: 0 PID: 20370 Comm: syz.5.4261 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  637.256983][T20370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  637.256995][T20370] Call Trace:
[  637.257003][T20370]  <TASK>
[  637.257011][T20370]  dump_stack_lvl+0x189/0x250
[  637.257039][T20370]  ? __pfx____ratelimit+0x10/0x10
[  637.257063][T20370]  ? __pfx_dump_stack_lvl+0x10/0x10
[  637.257085][T20370]  ? __pfx__printk+0x10/0x10
[  637.257107][T20370]  ? __might_fault+0xb0/0x130
[  637.257137][T20370]  should_fail_ex+0x414/0x560
[  637.257164][T20370]  _copy_from_user+0x2d/0xb0
[  637.257184][T20370]  ___sys_recvmsg+0x12e/0x510
[  637.257210][T20370]  ? __pfx____sys_recvmsg+0x10/0x10
[  637.257260][T20370]  ? __might_fault+0xb0/0x130
[  637.257286][T20370]  do_recvmmsg+0x307/0x770
[  637.257314][T20370]  ? __pfx_do_recvmmsg+0x10/0x10
[  637.257345][T20370]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  637.257385][T20370]  __x64_sys_recvmmsg+0x190/0x240
[  637.257407][T20370]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  637.257425][T20370]  ? rcu_is_watching+0x15/0xb0
[  637.257452][T20370]  ? do_syscall_64+0xbe/0x3b0
[  637.257479][T20370]  do_syscall_64+0xfa/0x3b0
[  637.257499][T20370]  ? lockdep_hardirqs_on+0x9c/0x150
[  637.257521][T20370]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.257539][T20370]  ? clear_bhb_loop+0x60/0xb0
[  637.257560][T20370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.257576][T20370] RIP: 0033:0x7f64dc78e9a9
[  637.257593][T20370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  637.257608][T20370] RSP: 002b:00007f64dd696038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  637.257628][T20370] RAX: ffffffffffffffda RBX: 00007f64dc9b5fa0 RCX: 00007f64dc78e9a9
[  637.257641][T20370] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  637.257653][T20370] RBP: 00007f64dd696090 R08: 0000000000000000 R09: 0000000000000000
[  637.257665][T20370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.257676][T20370] R13: 0000000000000000 R14: 00007f64dc9b5fa0 R15: 00007ffff23f0b28
[  637.257705][T20370]  </TASK>
[  637.473305][    C0] vkms_vblank_simulate: vblank timer overrun
[  637.538953][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4263'.
[  637.575118][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4263'.
[  638.628510][T20408] netlink: 'syz.1.4276': attribute type 10 has an invalid length.
[  638.650556][T20410] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  638.852464][T20414] /dev/rnullb0: Can't open blockdev
[  639.498604][T14237] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  639.530996][ T5935] usb 6-1: new low-speed USB device number 105 using dummy_hcd
[  639.559491][T20423] /dev/rnullb0: Can't open blockdev
[  639.701158][T14237] usb 7-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  639.713813][ T5935] usb 6-1: Invalid ep0 maxpacket: 64
[  639.741307][T14237] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.787340][T14237] usb 7-1: Product: syz
[  639.801168][T14237] usb 7-1: Manufacturer: syz
[  639.815965][T14237] usb 7-1: SerialNumber: syz
[  639.851095][ T5935] usb 6-1: new low-speed USB device number 106 using dummy_hcd
[  639.859912][T14237] usb 7-1: config 0 descriptor??
[  639.899345][T14237] go7007 7-1:0.0: Sensoray 2250 found
[  639.926074][T14237] go7007 7-1:0.0: probe with driver go7007 failed with error -12
[  640.033543][ T5935] usb 6-1: Invalid ep0 maxpacket: 64
[  640.049699][ T5935] usb usb6-port1: attempt power cycle
[  640.087389][T14144] Bluetooth: hci3: unknown advertising packet type: 0x99
[  640.087435][T14144] Bluetooth: hci3: Malformed LE Event: 0x02
[  640.092571][   T43] usb 7-1: USB disconnect, device number 13
[  640.319753][T20445] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  640.421360][ T5935] usb 6-1: new low-speed USB device number 107 using dummy_hcd
[  640.481981][ T5935] usb 6-1: Invalid ep0 maxpacket: 64
[  640.612521][ T5935] usb 6-1: new low-speed USB device number 108 using dummy_hcd
[  640.671327][ T5935] usb 6-1: Invalid ep0 maxpacket: 64
[  640.689360][ T5935] usb usb6-port1: unable to enumerate USB device
[  640.991083][  T120] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  641.151417][  T120] usb 4-1: Using ep0 maxpacket: 16
[  641.158293][  T120] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  641.170524][  T120] usb 4-1: config 0 has no interface number 0
[  641.176721][  T120] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.187349][  T120] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  641.197418][  T120] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.207176][  T120] usb 4-1: config 0 descriptor??
[  641.221047][  T120] usbhid 4-1:0.1: couldn't find an input interrupt endpoint
[  642.208233][T20509] FAULT_INJECTION: forcing a failure.
[  642.208233][T20509] name failslab, interval 1, probability 0, space 0, times 0
[  642.224752][T20509] CPU: 1 UID: 0 PID: 20509 Comm: syz.6.4311 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  642.224778][T20509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  642.224788][T20509] Call Trace:
[  642.224796][T20509]  <TASK>
[  642.224804][T20509]  dump_stack_lvl+0x189/0x250
[  642.224831][T20509]  ? __pfx____ratelimit+0x10/0x10
[  642.224855][T20509]  ? __pfx_dump_stack_lvl+0x10/0x10
[  642.224877][T20509]  ? __pfx__printk+0x10/0x10
[  642.224902][T20509]  ? __pfx___might_resched+0x10/0x10
[  642.224922][T20509]  ? fs_reclaim_acquire+0x7d/0x100
[  642.224948][T20509]  should_fail_ex+0x414/0x560
[  642.224974][T20509]  should_failslab+0xa8/0x100
[  642.224996][T20509]  __kmalloc_noprof+0xcb/0x4f0
[  642.225013][T20509]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  642.225033][T20509]  ? sock_kmalloc+0xd6/0x160
[  642.225060][T20509]  sock_kmalloc+0xd6/0x160
[  642.225082][T20509]  hash_recvmsg+0x1d4/0x840
[  642.225109][T20509]  ? __pfx_hash_recvmsg+0x10/0x10
[  642.225130][T20509]  sock_recvmsg_nosec+0x186/0x1c0
[  642.225156][T20509]  ____sys_recvmsg+0x3aa/0x460
[  642.225185][T20509]  ? __pfx_____sys_recvmsg+0x10/0x10
[  642.225221][T20509]  ? import_iovec+0x74/0xa0
[  642.225244][T20509]  ___sys_recvmsg+0x1b5/0x510
[  642.225269][T20509]  ? __pfx____sys_recvmsg+0x10/0x10
[  642.225320][T20509]  ? __might_fault+0xb0/0x130
[  642.225343][T20509]  do_recvmmsg+0x307/0x770
[  642.225371][T20509]  ? __pfx_do_recvmmsg+0x10/0x10
[  642.225403][T20509]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  642.225445][T20509]  __x64_sys_recvmmsg+0x190/0x240
[  642.225469][T20509]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  642.225486][T20509]  ? rcu_is_watching+0x15/0xb0
[  642.225513][T20509]  ? do_syscall_64+0xbe/0x3b0
[  642.225540][T20509]  do_syscall_64+0xfa/0x3b0
[  642.225561][T20509]  ? lockdep_hardirqs_on+0x9c/0x150
[  642.225583][T20509]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.225600][T20509]  ? clear_bhb_loop+0x60/0xb0
[  642.225621][T20509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.225638][T20509] RIP: 0033:0x7fb97878e9a9
[  642.225654][T20509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  642.225669][T20509] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  642.225688][T20509] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  642.225701][T20509] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  642.225713][T20509] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  642.225731][T20509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  642.225741][T20509] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  642.225770][T20509]  </TASK>
[  642.496339][    C1] vkms_vblank_simulate: vblank timer overrun
[  642.576437][T20511] FAULT_INJECTION: forcing a failure.
[  642.576437][T20511] name failslab, interval 1, probability 0, space 0, times 0
[  642.590247][T20511] CPU: 1 UID: 0 PID: 20511 Comm: syz.6.4312 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  642.590273][T20511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  642.590284][T20511] Call Trace:
[  642.590292][T20511]  <TASK>
[  642.590300][T20511]  dump_stack_lvl+0x189/0x250
[  642.590326][T20511]  ? __pfx____ratelimit+0x10/0x10
[  642.590349][T20511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  642.590390][T20511]  ? __pfx__printk+0x10/0x10
[  642.590416][T20511]  ? __pfx___might_resched+0x10/0x10
[  642.590435][T20511]  ? fs_reclaim_acquire+0x7d/0x100
[  642.590467][T20511]  should_fail_ex+0x414/0x560
[  642.590493][T20511]  should_failslab+0xa8/0x100
[  642.590514][T20511]  __kmalloc_noprof+0xcb/0x4f0
[  642.590531][T20511]  ? kfree+0x4d/0x440
[  642.590544][T20511]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  642.590566][T20511]  tomoyo_realpath_from_path+0xe3/0x5d0
[  642.590585][T20511]  ? tomoyo_domain+0xd9/0x130
[  642.590605][T20511]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  642.590626][T20511]  tomoyo_path_number_perm+0x1e8/0x5a0
[  642.590649][T20511]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  642.590684][T20511]  ? __lock_acquire+0xab9/0xd20
[  642.590721][T20511]  ? __fget_files+0x2a/0x420
[  642.590747][T20511]  ? __fget_files+0x2a/0x420
[  642.590768][T20511]  ? __fget_files+0x3a0/0x420
[  642.590788][T20511]  ? __fget_files+0x2a/0x420
[  642.590814][T20511]  security_file_ioctl+0xcb/0x2d0
[  642.590838][T20511]  __se_sys_ioctl+0x47/0x170
[  642.590860][T20511]  do_syscall_64+0xfa/0x3b0
[  642.590882][T20511]  ? lockdep_hardirqs_on+0x9c/0x150
[  642.590903][T20511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.590924][T20511]  ? clear_bhb_loop+0x60/0xb0
[  642.590945][T20511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.590962][T20511] RIP: 0033:0x7fb97878e9a9
[  642.590978][T20511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  642.590994][T20511] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  642.591013][T20511] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  642.591027][T20511] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  642.591037][T20511] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  642.591048][T20511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  642.591059][T20511] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  642.591088][T20511]  </TASK>
[  642.591224][T20511] ERROR: Out of memory at tomoyo_realpath_from_path.
[  642.795452][    C1] vkms_vblank_simulate: vblank timer overrun
[  642.809741][T20516] /dev/rnullb0: Can't open blockdev
[  642.817008][T20511] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  642.833729][  T120] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  642.928405][T20520] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4315'.
[  642.937510][T20520] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4315'.
[  643.039462][T20523] FAULT_INJECTION: forcing a failure.
[  643.039462][T20523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.054325][T20523] CPU: 1 UID: 0 PID: 20523 Comm: syz.6.4316 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  643.054351][T20523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  643.054362][T20523] Call Trace:
[  643.054370][T20523]  <TASK>
[  643.054378][T20523]  dump_stack_lvl+0x189/0x250
[  643.054414][T20523]  ? __pfx____ratelimit+0x10/0x10
[  643.054437][T20523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  643.054459][T20523]  ? __pfx__printk+0x10/0x10
[  643.054481][T20523]  ? __might_fault+0xb0/0x130
[  643.054513][T20523]  should_fail_ex+0x414/0x560
[  643.054539][T20523]  _copy_from_user+0x2d/0xb0
[  643.054560][T20523]  drm_mode_atomic_ioctl+0x6ba/0xcb0
[  643.054606][T20523]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  643.054650][T20523]  ? do_raw_spin_unlock+0x122/0x240
[  643.054676][T20523]  ? _raw_spin_unlock+0x28/0x50
[  643.054696][T20523]  ? drm_is_current_master+0x19f/0x200
[  643.054720][T20523]  drm_ioctl_kernel+0x2cc/0x390
[  643.054743][T20523]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  643.054763][T20523]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  643.054796][T20523]  drm_ioctl+0x67f/0xb10
[  643.054822][T20523]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  643.054847][T20523]  ? __pfx_drm_ioctl+0x10/0x10
[  643.054882][T20523]  ? __fget_files+0x2a/0x420
[  643.054909][T20523]  ? bpf_lsm_file_ioctl+0x9/0x20
[  643.054926][T20523]  ? __pfx_drm_ioctl+0x10/0x10
[  643.054948][T20523]  __se_sys_ioctl+0xf9/0x170
[  643.054971][T20523]  do_syscall_64+0xfa/0x3b0
[  643.054992][T20523]  ? lockdep_hardirqs_on+0x9c/0x150
[  643.055014][T20523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.055031][T20523]  ? clear_bhb_loop+0x60/0xb0
[  643.055052][T20523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.055069][T20523] RIP: 0033:0x7fb97878e9a9
[  643.055086][T20523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.055100][T20523] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  643.055120][T20523] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  643.055133][T20523] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  643.055145][T20523] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  643.055156][T20523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.055167][T20523] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  643.055197][T20523]  </TASK>
[  643.067289][  T120] usb 2-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  643.327692][  T120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.336705][  T120] usb 2-1: Product: syz
[  643.340953][  T120] usb 2-1: Manufacturer: syz
[  643.345554][  T120] usb 2-1: SerialNumber: syz
[  643.356652][  T120] usb 2-1: config 0 descriptor??
[  643.570736][T20507] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  643.606717][  T120] int51x1 2-1:0.0: probe with driver int51x1 failed with error -22
[  643.755485][  T120] usb 4-1: USB disconnect, device number 52
[  644.757559][ T5882] usb 2-1: USB disconnect, device number 111
[  645.215446][T20554] block nbd6: NBD_DISCONNECT
[  645.268813][T20556] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  645.303558][T20554] ip6tnl0: mtu less than device minimum
[  645.732248][T20571] /dev/rnullb0: Can't open blockdev
[  645.920181][ T5934] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  646.095444][ T5934] usb 4-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  646.125168][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.149991][ T5934] usb 4-1: Product: syz
[  646.158553][ T5934] usb 4-1: Manufacturer: syz
[  646.173452][ T5934] usb 4-1: SerialNumber: syz
[  646.200577][ T5934] usb 4-1: config 0 descriptor??
[  646.240882][ T5934] go7007 4-1:0.0: Sensoray 2250 found
[  646.253570][ T5934] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  646.412795][T14144] Bluetooth: hci0: unknown advertising packet type: 0x99
[  646.412858][T14144] Bluetooth: hci0: Malformed LE Event: 0x02
[  646.428057][  T120] usb 4-1: USB disconnect, device number 53
[  646.609608][ T5934] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  646.652287][T20591] FAULT_INJECTION: forcing a failure.
[  646.652287][T20591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.667093][T20591] CPU: 0 UID: 0 PID: 20591 Comm: syz.5.4336 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  646.667121][T20591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.667132][T20591] Call Trace:
[  646.667141][T20591]  <TASK>
[  646.667149][T20591]  dump_stack_lvl+0x189/0x250
[  646.667177][T20591]  ? __pfx____ratelimit+0x10/0x10
[  646.667201][T20591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.667223][T20591]  ? __pfx__printk+0x10/0x10
[  646.667258][T20591]  should_fail_ex+0x414/0x560
[  646.667285][T20591]  _copy_to_user+0x31/0xb0
[  646.667306][T20591]  simple_read_from_buffer+0xe1/0x170
[  646.667342][T20591]  proc_fail_nth_read+0x1b3/0x220
[  646.667364][T20591]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  646.667384][T20591]  ? rw_verify_area+0x2a6/0x4d0
[  646.667402][T20591]  ? __lock_acquire+0xab9/0xd20
[  646.667419][T20591]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  646.667439][T20591]  vfs_read+0x1fd/0x980
[  646.667458][T20591]  ? fdget_pos+0x247/0x320
[  646.667478][T20591]  ? __pfx___mutex_lock+0x10/0x10
[  646.667502][T20591]  ? __pfx_vfs_read+0x10/0x10
[  646.667524][T20591]  ? __fget_files+0x2a/0x420
[  646.667551][T20591]  ? __fget_files+0x3a0/0x420
[  646.667572][T20591]  ? __fget_files+0x2a/0x420
[  646.667603][T20591]  ksys_read+0x145/0x250
[  646.667626][T20591]  ? __pfx_ksys_read+0x10/0x10
[  646.667644][T20591]  ? rcu_is_watching+0x15/0xb0
[  646.667670][T20591]  ? do_syscall_64+0xbe/0x3b0
[  646.667697][T20591]  do_syscall_64+0xfa/0x3b0
[  646.667718][T20591]  ? lockdep_hardirqs_on+0x9c/0x150
[  646.667740][T20591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.667757][T20591]  ? clear_bhb_loop+0x60/0xb0
[  646.667778][T20591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.667795][T20591] RIP: 0033:0x7f64dc78d3bc
[  646.667812][T20591] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  646.667827][T20591] RSP: 002b:00007f64dd696030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  646.667847][T20591] RAX: ffffffffffffffda RBX: 00007f64dc9b5fa0 RCX: 00007f64dc78d3bc
[  646.667861][T20591] RDX: 000000000000000f RSI: 00007f64dd6960a0 RDI: 0000000000000004
[  646.667872][T20591] RBP: 00007f64dd696090 R08: 0000000000000000 R09: 0000000000000000
[  646.667883][T20591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  646.667894][T20591] R13: 0000000000000000 R14: 00007f64dc9b5fa0 R15: 00007ffff23f0b28
[  646.667924][T20591]  </TASK>
[  647.039525][ T5934] usb 2-1: Using ep0 maxpacket: 16
[  647.048114][ T5934] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  647.057310][ T5934] usb 2-1: config 0 has no interface number 0
[  647.064081][ T5934] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  647.074397][ T5934] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  647.084482][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.114531][ T5934] usb 2-1: config 0 descriptor??
[  647.124290][ T5934] usbhid 2-1:0.1: couldn't find an input interrupt endpoint
[  647.396985][T20608] netlink: 'syz.5.4341': attribute type 5 has an invalid length.
[  647.405735][T20608] netlink: 176 bytes leftover after parsing attributes in process `syz.5.4341'.
[  647.533205][T14144] Bluetooth: hci1: Dropping invalid advertising data
[  647.540331][T14144] Bluetooth: hci1: unknown advertising packet type: 0x80
[  647.540358][T14144] Bluetooth: hci1: Malformed LE Event: 0x02
[  647.775562][T20624] /dev/rnullb0: Can't open blockdev
[  648.190101][ T5903] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  648.380398][ T5903] usb 7-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  648.399983][ T5903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.417410][ T5903] usb 7-1: Product: syz
[  648.418046][T20645] /dev/rnullb0: Can't open blockdev
[  648.422848][ T5903] usb 7-1: Manufacturer: syz
[  648.440064][ T5903] usb 7-1: SerialNumber: syz
[  648.452396][ T5903] usb 7-1: config 0 descriptor??
[  648.464883][ T5903] go7007 7-1:0.0: Sensoray 2250 found
[  648.475276][ T5903] go7007 7-1:0.0: probe with driver go7007 failed with error -12
[  648.688639][T14144] Bluetooth: hci3: unknown advertising packet type: 0x99
[  648.688689][T14144] Bluetooth: hci3: Malformed LE Event: 0x02
[  648.689611][   T43] usb 7-1: USB disconnect, device number 14
[  648.784120][T20655] FAULT_INJECTION: forcing a failure.
[  648.784120][T20655] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.805679][T20655] CPU: 0 UID: 0 PID: 20655 Comm: syz.3.4353 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  648.805705][T20655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.805715][T20655] Call Trace:
[  648.805722][T20655]  <TASK>
[  648.805729][T20655]  dump_stack_lvl+0x189/0x250
[  648.805756][T20655]  ? __pfx____ratelimit+0x10/0x10
[  648.805776][T20655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.805796][T20655]  ? __pfx__printk+0x10/0x10
[  648.805817][T20655]  ? __might_fault+0xb0/0x130
[  648.805846][T20655]  should_fail_ex+0x414/0x560
[  648.805870][T20655]  _copy_from_user+0x2d/0xb0
[  648.805889][T20655]  ___sys_recvmsg+0x12e/0x510
[  648.805912][T20655]  ? __pfx____sys_recvmsg+0x10/0x10
[  648.805956][T20655]  ? __might_fault+0xb0/0x130
[  648.805976][T20655]  do_recvmmsg+0x307/0x770
[  648.806008][T20655]  ? __pfx_do_recvmmsg+0x10/0x10
[  648.806036][T20655]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  648.806076][T20655]  __x64_sys_recvmmsg+0x190/0x240
[  648.806097][T20655]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  648.806113][T20655]  ? rcu_is_watching+0x15/0xb0
[  648.806149][T20655]  ? do_syscall_64+0xbe/0x3b0
[  648.806175][T20655]  do_syscall_64+0xfa/0x3b0
[  648.806195][T20655]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.806217][T20655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.806233][T20655]  ? clear_bhb_loop+0x60/0xb0
[  648.806254][T20655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.806271][T20655] RIP: 0033:0x7fecd5b8e9a9
[  648.806288][T20655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.806302][T20655] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  648.806321][T20655] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  648.806334][T20655] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  648.806346][T20655] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  648.806357][T20655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  648.806367][T20655] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  648.806396][T20655]  </TASK>
[  649.021175][    C0] vkms_vblank_simulate: vblank timer overrun
[  649.159489][T20651] /dev/rnullb0: Can't open blockdev
[  649.220866][ T1116] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  649.438414][  T120] usb 2-1: USB disconnect, device number 112
[  649.499300][ T5934] usb 6-1: new high-speed USB device number 109 using dummy_hcd
[  649.519668][T20672] /dev/rnullb0: Can't open blockdev
[  649.544857][T20674] FAULT_INJECTION: forcing a failure.
[  649.544857][T20674] name failslab, interval 1, probability 0, space 0, times 0
[  649.568497][T20674] CPU: 1 UID: 0 PID: 20674 Comm: syz.1.4357 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  649.568524][T20674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.568535][T20674] Call Trace:
[  649.568543][T20674]  <TASK>
[  649.568551][T20674]  dump_stack_lvl+0x189/0x250
[  649.568579][T20674]  ? __pfx____ratelimit+0x10/0x10
[  649.568601][T20674]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.568623][T20674]  ? __pfx__printk+0x10/0x10
[  649.568651][T20674]  ? __pfx___might_resched+0x10/0x10
[  649.568669][T20674]  ? fs_reclaim_acquire+0x7d/0x100
[  649.568695][T20674]  should_fail_ex+0x414/0x560
[  649.568720][T20674]  should_failslab+0xa8/0x100
[  649.568741][T20674]  __kmalloc_cache_noprof+0x70/0x3d0
[  649.568760][T20674]  ? vkms_plane_duplicate_state+0x8d/0x110
[  649.568794][T20674]  vkms_plane_duplicate_state+0x8d/0x110
[  649.568819][T20674]  drm_atomic_get_plane_state+0x25a/0x5a0
[  649.568844][T20674]  drm_atomic_set_property+0x221/0x30f0
[  649.568874][T20674]  ? __pfx_drm_atomic_set_property+0x10/0x10
[  649.568915][T20674]  drm_mode_atomic_ioctl+0x6f9/0xcb0
[  649.568950][T20674]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  649.568992][T20674]  ? do_raw_spin_unlock+0x122/0x240
[  649.569017][T20674]  ? _raw_spin_unlock+0x28/0x50
[  649.569035][T20674]  ? drm_is_current_master+0x19f/0x200
[  649.569057][T20674]  drm_ioctl_kernel+0x2cc/0x390
[  649.569078][T20674]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  649.569097][T20674]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  649.569129][T20674]  drm_ioctl+0x67f/0xb10
[  649.569155][T20674]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  649.569181][T20674]  ? __pfx_drm_ioctl+0x10/0x10
[  649.569216][T20674]  ? __fget_files+0x2a/0x420
[  649.569242][T20674]  ? bpf_lsm_file_ioctl+0x9/0x20
[  649.569260][T20674]  ? __pfx_drm_ioctl+0x10/0x10
[  649.569282][T20674]  __se_sys_ioctl+0xf9/0x170
[  649.569305][T20674]  do_syscall_64+0xfa/0x3b0
[  649.569326][T20674]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.569348][T20674]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.569365][T20674]  ? clear_bhb_loop+0x60/0xb0
[  649.569385][T20674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.569402][T20674] RIP: 0033:0x7f5fc818e9a9
[  649.569418][T20674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.569434][T20674] RSP: 002b:00007f5fc906a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  649.569454][T20674] RAX: ffffffffffffffda RBX: 00007f5fc83b5fa0 RCX: 00007f5fc818e9a9
[  649.569468][T20674] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  649.569481][T20674] RBP: 00007f5fc906a090 R08: 0000000000000000 R09: 0000000000000000
[  649.569492][T20674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  649.569504][T20674] R13: 0000000000000000 R14: 00007f5fc83b5fa0 R15: 00007ffe78ed0bd8
[  649.569534][T20674]  </TASK>
[  649.679821][ T5934] usb 6-1: Using ep0 maxpacket: 32
[  649.901186][ T5934] usb 6-1: too many configurations: 101, using maximum allowed: 8
[  649.902337][ T5934] usb 6-1: config index 0 descriptor too short (expected 259, got 36)
[  649.902362][ T5934] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 2
[  649.902393][ T5934] usb 6-1: can't read configurations, error -22
[  650.029060][ T5934] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[  650.045979][T20685] Invalid source name
[  650.049958][T20686] Invalid source name
[  650.050242][T20685] UBIFS error (pid: 20685): cannot open "ubifs", error -22
[  650.053965][T20686] UBIFS error (pid: 20686): cannot open "ubifs", error -22
[  650.164151][T20687] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  650.190895][ T5934] usb 6-1: Using ep0 maxpacket: 32
[  650.197121][ T5934] usb 6-1: too many configurations: 101, using maximum allowed: 8
[  650.207921][ T5934] usb 6-1: config index 0 descriptor too short (expected 259, got 36)
[  650.219546][ T5934] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 2
[  650.274447][ T5934] usb 6-1: can't read configurations, error -22
[  650.293614][ T5934] usb usb6-port1: attempt power cycle
[  650.446567][T20698] netlink: 'syz.6.4367': attribute type 10 has an invalid length.
[  650.747928][ T5934] usb 6-1: new high-speed USB device number 111 using dummy_hcd
[  650.772492][ T5934] usb 6-1: Using ep0 maxpacket: 32
[  650.778407][ T5934] usb 6-1: too many configurations: 101, using maximum allowed: 8
[  650.793014][ T5934] usb 6-1: config index 0 descriptor too short (expected 259, got 36)
[  650.803509][ T5934] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 2
[  650.820734][ T5934] usb 6-1: can't read configurations, error -22
[  650.948946][ T5934] usb 6-1: new high-speed USB device number 112 using dummy_hcd
[  650.990489][ T5934] usb 6-1: Using ep0 maxpacket: 32
[  651.003362][ T5934] usb 6-1: too many configurations: 101, using maximum allowed: 8
[  651.040253][ T5934] usb 6-1: config index 0 descriptor too short (expected 259, got 36)
[  651.082969][ T5934] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 2
[  651.093964][ T5934] usb 6-1: can't read configurations, error -22
[  651.101984][ T5934] usb usb6-port1: unable to enumerate USB device
[  651.167902][T20713] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  651.554516][T20741] /dev/rnullb0: Can't open blockdev
[  651.580247][T20745] netlink: 'syz.6.4382': attribute type 12 has an invalid length.
[  652.333611][  T120] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  652.475546][T20780] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  652.487830][T20780] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  652.529166][  T120] usb 2-1: Using ep0 maxpacket: 8
[  652.541189][  T120] usb 2-1: unable to get BOS descriptor or descriptor too short
[  652.555294][  T120] usb 2-1: config 1 has an invalid interface number: 211 but max is 0
[  652.573445][  T120] usb 2-1: config 1 has no interface number 0
[  652.585170][  T120] usb 2-1: config 1 interface 211 has no altsetting 0
[  652.607442][  T120] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0
[  652.640547][  T120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.681205][  T120] usb 2-1: Product: syz
[  652.695806][  T120] usb 2-1: Manufacturer: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨ｺㇶ憻稒觊凥恱񋸇
[  652.731609][  T120] usb 2-1: SerialNumber: syz
[  652.977228][T20798] FAULT_INJECTION: forcing a failure.
[  652.977228][T20798] name failslab, interval 1, probability 0, space 0, times 0
[  652.989201][  T120] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected
[  652.993255][T20798] CPU: 1 UID: 0 PID: 20798 Comm: syz.3.4403 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  652.993281][T20798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  652.993292][T20798] Call Trace:
[  652.993299][T20798]  <TASK>
[  652.993307][T20798]  dump_stack_lvl+0x189/0x250
[  652.993334][T20798]  ? __pfx____ratelimit+0x10/0x10
[  652.993356][T20798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.993378][T20798]  ? __pfx__printk+0x10/0x10
[  652.993402][T20798]  ? __pfx___might_resched+0x10/0x10
[  652.993423][T20798]  ? fs_reclaim_acquire+0x7d/0x100
[  652.993448][T20798]  should_fail_ex+0x414/0x560
[  652.993474][T20798]  should_failslab+0xa8/0x100
[  652.993503][T20798]  __kmalloc_noprof+0xcb/0x4f0
[  652.993520][T20798]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  652.993539][T20798]  ? sock_kmalloc+0xd6/0x160
[  652.993562][T20798]  sock_kmalloc+0xd6/0x160
[  652.993583][T20798]  hash_recvmsg+0x1d4/0x840
[  652.993608][T20798]  ? __pfx_hash_recvmsg+0x10/0x10
[  652.993628][T20798]  sock_recvmsg_nosec+0x186/0x1c0
[  652.993652][T20798]  ____sys_recvmsg+0x3aa/0x460
[  652.993680][T20798]  ? __pfx_____sys_recvmsg+0x10/0x10
[  652.993714][T20798]  ? import_iovec+0x74/0xa0
[  652.993735][T20798]  ___sys_recvmsg+0x1b5/0x510
[  652.993759][T20798]  ? __pfx____sys_recvmsg+0x10/0x10
[  652.993809][T20798]  ? __might_fault+0xb0/0x130
[  652.993831][T20798]  do_recvmmsg+0x307/0x770
[  652.993857][T20798]  ? __pfx_do_recvmmsg+0x10/0x10
[  652.993888][T20798]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  652.993928][T20798]  __x64_sys_recvmmsg+0x190/0x240
[  652.993950][T20798]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  652.993967][T20798]  ? rcu_is_watching+0x15/0xb0
[  652.993993][T20798]  ? do_syscall_64+0xbe/0x3b0
[  652.994019][T20798]  do_syscall_64+0xfa/0x3b0
[  652.994039][T20798]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.994060][T20798]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.994077][T20798]  ? clear_bhb_loop+0x60/0xb0
[  652.994097][T20798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.994113][T20798] RIP: 0033:0x7fecd5b8e9a9
[  652.994129][T20798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.994144][T20798] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  652.994162][T20798] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  652.994175][T20798] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  652.994187][T20798] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  652.994197][T20798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  652.994208][T20798] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  652.994235][T20798]  </TASK>
[  653.223705][    C0] vkms_vblank_simulate: vblank timer overrun
[  653.302380][  T120] ftdi_sio ttyUSB0: unknown device type: 0x90e0
[  653.315731][  T120] usb 2-1: USB disconnect, device number 113
[  653.329523][  T120] ftdi_sio 2-1:1.211: device disconnected
[  653.339325][ T5935] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  653.504984][T20804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4405'.
[  653.514583][ T5935] usb 4-1: Using ep0 maxpacket: 16
[  653.520658][T20804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4405'.
[  653.532840][ T5935] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  653.541430][ T5935] usb 4-1: config 0 has no interface number 0
[  653.561357][ T5935] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  653.599012][ T5935] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  653.625793][ T5935] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  653.665374][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.715885][T20806] FAULT_INJECTION: forcing a failure.
[  653.715885][T20806] name failslab, interval 1, probability 0, space 0, times 0
[  653.720129][ T5935] usb 4-1: config 0 descriptor??
[  653.743842][T20806] CPU: 1 UID: 0 PID: 20806 Comm: syz.6.4406 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  653.743868][T20806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  653.743879][T20806] Call Trace:
[  653.743887][T20806]  <TASK>
[  653.743899][T20806]  dump_stack_lvl+0x189/0x250
[  653.743926][T20806]  ? __pfx____ratelimit+0x10/0x10
[  653.743950][T20806]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.743972][T20806]  ? __pfx__printk+0x10/0x10
[  653.744001][T20806]  ? __pfx___might_resched+0x10/0x10
[  653.744021][T20806]  ? fs_reclaim_acquire+0x7d/0x100
[  653.744047][T20806]  should_fail_ex+0x414/0x560
[  653.744073][T20806]  should_failslab+0xa8/0x100
[  653.744095][T20806]  __kmalloc_cache_noprof+0x70/0x3d0
[  653.744115][T20806]  ? vhost_task_create+0xf6/0x290
[  653.744140][T20806]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  653.744166][T20806]  vhost_task_create+0xf6/0x290
[  653.744188][T20806]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  653.744207][T20806]  ? __pfx_vhost_task_create+0x10/0x10
[  653.744237][T20806]  ? __pfx_vhost_task_fn+0x10/0x10
[  653.744279][T20806]  kvm_mmu_post_init_vm+0x14c/0x300
[  653.744302][T20806]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  653.744331][T20806]  ? __mutex_trylock_common+0x153/0x260
[  653.744357][T20806]  ? __pfx___mutex_trylock_common+0x10/0x10
[  653.744379][T20806]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  653.744403][T20806]  ? rcu_is_watching+0x15/0xb0
[  653.744424][T20806]  ? trace_contention_end+0x39/0x120
[  653.744445][T20806]  ? look_up_lock_class+0x74/0x170
[  653.744469][T20806]  ? register_lock_class+0x51/0x320
[  653.744494][T20806]  ? __lock_acquire+0xab9/0xd20
[  653.744543][T20806]  kvm_vcpu_ioctl+0x95c/0xe90
[  653.744571][T20806]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  653.744590][T20806]  ? __lock_acquire+0xab9/0xd20
[  653.744627][T20806]  ? __fget_files+0x2a/0x420
[  653.744653][T20806]  ? __fget_files+0x2a/0x420
[  653.744672][T20806]  ? __fget_files+0x3a0/0x420
[  653.744699][T20806]  ? __fget_files+0x2a/0x420
[  653.744725][T20806]  ? bpf_lsm_file_ioctl+0x9/0x20
[  653.744743][T20806]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  653.744765][T20806]  __se_sys_ioctl+0xf9/0x170
[  653.744788][T20806]  do_syscall_64+0xfa/0x3b0
[  653.744809][T20806]  ? lockdep_hardirqs_on+0x9c/0x150
[  653.744830][T20806]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.744847][T20806]  ? clear_bhb_loop+0x60/0xb0
[  653.744868][T20806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.744885][T20806] RIP: 0033:0x7fb97878e9a9
[  653.744902][T20806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.744917][T20806] RSP: 002b:00007fb97962f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  653.744936][T20806] RAX: ffffffffffffffda RBX: 00007fb9789b5fa0 RCX: 00007fb97878e9a9
[  653.744949][T20806] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  653.744960][T20806] RBP: 00007fb97962f090 R08: 0000000000000000 R09: 0000000000000000
[  653.744971][T20806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.744982][T20806] R13: 0000000000000000 R14: 00007fb9789b5fa0 R15: 00007fff203bb5d8
[  653.745012][T20806]  </TASK>
[  654.130629][  T120] usb 6-1: new full-speed USB device number 113 using dummy_hcd
[  654.300341][  T120] usb 6-1: not running at top speed; connect to a high speed hub
[  654.318342][  T120] usb 6-1: config 2 has an invalid interface number: 227 but max is 0
[  654.346055][  T120] usb 6-1: config 2 has no interface number 0
[  654.362130][  T120] usb 6-1: config 2 interface 227 has no altsetting 0
[  654.376262][  T120] usb 6-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=2c.d4
[  654.396401][  T120] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.404837][  T120] usb 6-1: Product: syz
[  654.411165][  T120] usb 6-1: Manufacturer: syz
[  654.415834][  T120] usb 6-1: SerialNumber: syz
[  654.490921][ T5935] usbhid 4-1:0.1: can't add hid device: -71
[  654.499395][ T5935] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  654.510893][ T5935] usb 4-1: USB disconnect, device number 54
[  654.628219][ T5882] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  654.644357][  T120] gspca_main: pac7311-2.14.0 probing 093a:2601
[  654.652728][  T120] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -71
[  654.661852][  T120] pac7311 6-1:2.227: probe with driver pac7311 failed with error -71
[  654.675829][  T120] usb 6-1: USB disconnect, device number 113
[  654.768217][ T5882] usb 2-1: device descriptor read/64, error -71
[  655.023357][ T5882] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  655.049406][T20826] FAULT_INJECTION: forcing a failure.
[  655.049406][T20826] name failslab, interval 1, probability 0, space 0, times 0
[  655.063530][T20826] CPU: 1 UID: 0 PID: 20826 Comm: syz.3.4414 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  655.063555][T20826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.063566][T20826] Call Trace:
[  655.063574][T20826]  <TASK>
[  655.063581][T20826]  dump_stack_lvl+0x189/0x250
[  655.063609][T20826]  ? __pfx____ratelimit+0x10/0x10
[  655.063631][T20826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  655.063653][T20826]  ? __pfx__printk+0x10/0x10
[  655.063677][T20826]  ? __pfx___might_resched+0x10/0x10
[  655.063697][T20826]  ? fs_reclaim_acquire+0x7d/0x100
[  655.063724][T20826]  should_fail_ex+0x414/0x560
[  655.063750][T20826]  should_failslab+0xa8/0x100
[  655.063772][T20826]  __kmalloc_cache_noprof+0x70/0x3d0
[  655.063790][T20826]  ? vkms_atomic_crtc_duplicate_state+0x78/0x190
[  655.063820][T20826]  vkms_atomic_crtc_duplicate_state+0x78/0x190
[  655.063845][T20826]  drm_atomic_get_crtc_state+0x19a/0x460
[  655.063869][T20826]  drm_atomic_get_plane_state+0x4c8/0x5a0
[  655.063893][T20826]  drm_atomic_set_property+0x221/0x30f0
[  655.063922][T20826]  ? __pfx_drm_atomic_set_property+0x10/0x10
[  655.063962][T20826]  drm_mode_atomic_ioctl+0x6f9/0xcb0
[  655.063999][T20826]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  655.064043][T20826]  ? do_raw_spin_unlock+0x122/0x240
[  655.064069][T20826]  ? _raw_spin_unlock+0x28/0x50
[  655.064088][T20826]  ? drm_is_current_master+0x19f/0x200
[  655.064111][T20826]  drm_ioctl_kernel+0x2cc/0x390
[  655.064134][T20826]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  655.064153][T20826]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  655.064184][T20826]  drm_ioctl+0x67f/0xb10
[  655.064209][T20826]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  655.064228][T20826]  ? __pfx_drm_ioctl+0x10/0x10
[  655.064248][T20826]  ? __fget_files+0x2a/0x420
[  655.064265][T20826]  ? bpf_lsm_file_ioctl+0x9/0x20
[  655.064276][T20826]  ? __pfx_drm_ioctl+0x10/0x10
[  655.064288][T20826]  __se_sys_ioctl+0xf9/0x170
[  655.064302][T20826]  do_syscall_64+0xfa/0x3b0
[  655.064317][T20826]  ? lockdep_hardirqs_on+0x9c/0x150
[  655.064330][T20826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.064340][T20826]  ? clear_bhb_loop+0x60/0xb0
[  655.064352][T20826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.064362][T20826] RIP: 0033:0x7fecd5b8e9a9
[  655.064378][T20826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.064387][T20826] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  655.064398][T20826] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  655.064406][T20826] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000d
[  655.064413][T20826] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  655.064419][T20826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  655.064425][T20826] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  655.064441][T20826]  </TASK>
[  655.433520][ T5882] usb 2-1: device descriptor read/64, error -71
[  655.467203][T20829] /dev/rnullb0: Can't open blockdev
[  655.485674][T20829] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4416'.
[  655.548407][ T5882] usb usb2-port1: attempt power cycle
[  655.803139][T20840] netlink: 'syz.5.4421': attribute type 10 has an invalid length.
[  656.003543][ T5882] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  656.030119][ T5882] usb 2-1: device descriptor read/8, error -71
[  656.277918][ T5882] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  656.311259][ T5882] usb 2-1: device descriptor read/8, error -71
[  656.435624][ T5882] usb usb2-port1: unable to enumerate USB device
[  656.760177][T20863] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4431'.
[  656.782118][T20863] /dev/rnullb0: Can't open blockdev
[  657.060216][T20870] netlink: 'syz.3.4433': attribute type 12 has an invalid length.
[  657.598071][   T43] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  657.768634][T20903] /dev/rnullb0: Can't open blockdev
[  657.773274][T20902] FAULT_INJECTION: forcing a failure.
[  657.773274][T20902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.787862][   T43] usb 7-1: Using ep0 maxpacket: 16
[  657.798134][T20902] CPU: 0 UID: 0 PID: 20902 Comm: syz.3.4445 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  657.798160][T20902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  657.798170][T20902] Call Trace:
[  657.798177][T20902]  <TASK>
[  657.798185][T20902]  dump_stack_lvl+0x189/0x250
[  657.798212][T20902]  ? __pfx____ratelimit+0x10/0x10
[  657.798233][T20902]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.798254][T20902]  ? __pfx__printk+0x10/0x10
[  657.798277][T20902]  ? __might_fault+0xb0/0x130
[  657.798306][T20902]  should_fail_ex+0x414/0x560
[  657.798331][T20902]  _copy_from_user+0x2d/0xb0
[  657.798349][T20902]  ___sys_recvmsg+0x12e/0x510
[  657.798373][T20902]  ? __pfx____sys_recvmsg+0x10/0x10
[  657.798418][T20902]  ? __might_fault+0xb0/0x130
[  657.798439][T20902]  do_recvmmsg+0x307/0x770
[  657.798464][T20902]  ? __pfx_do_recvmmsg+0x10/0x10
[  657.798493][T20902]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  657.798533][T20902]  __x64_sys_recvmmsg+0x190/0x240
[  657.798555][T20902]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  657.798571][T20902]  ? rcu_is_watching+0x15/0xb0
[  657.798595][T20902]  ? do_syscall_64+0xbe/0x3b0
[  657.798621][T20902]  do_syscall_64+0xfa/0x3b0
[  657.798639][T20902]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.798659][T20902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.798676][T20902]  ? clear_bhb_loop+0x60/0xb0
[  657.798694][T20902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.798708][T20902] RIP: 0033:0x7fecd5b8e9a9
[  657.798724][T20902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.798739][T20902] RSP: 002b:00007fecd69bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  657.798758][T20902] RAX: ffffffffffffffda RBX: 00007fecd5db5fa0 RCX: 00007fecd5b8e9a9
[  657.798770][T20902] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  657.798781][T20902] RBP: 00007fecd69bf090 R08: 0000000000000000 R09: 0000000000000000
[  657.798793][T20902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  657.798803][T20902] R13: 0000000000000000 R14: 00007fecd5db5fa0 R15: 00007fffb0293c68
[  657.798832][T20902]  </TASK>
[  657.803404][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  657.959384][T20908] /dev/rnullb0: Can't open blockdev
[  657.996278][   T43] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  658.097710][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.170821][   T43] usb 7-1: Product: syz
[  658.187696][   T43] usb 7-1: Manufacturer: syz
[  658.196649][   T43] usb 7-1: SerialNumber: syz
[  658.205230][   T43] usb 7-1: config 0 descriptor??
[  658.226328][   T43] hub 7-1:0.0: bad descriptor, ignoring hub
[  658.249408][   T43] hub 7-1:0.0: probe with driver hub failed with error -5
[  658.273572][   T43] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  658.337619][ T5903] usb 6-1: new high-speed USB device number 114 using dummy_hcd
[  658.408952][  T120] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  658.491815][ T5903] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.506197][ T5903] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  658.533588][ T5903] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  658.549867][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.558500][  T120] usb 2-1: device descriptor read/64, error -71
[  658.565599][ T5903] usb 6-1: Product: syz
[  658.566861][   T43] usb 7-1: USB disconnect, device number 15
[  658.576927][ T5903] usb 6-1: Manufacturer: syz
[  658.598277][ T5903] usb 6-1: SerialNumber: syz
[  658.630069][ T5903] cdc_mbim 6-1:1.0: skipping garbage
[  658.668537][T14237] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  658.798061][  T120] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  658.818668][T14237] usb 4-1: Using ep0 maxpacket: 8
[  658.831543][T14237] usb 4-1: unable to get BOS descriptor or descriptor too short
[  658.844036][T20915] input: syz1 as /devices/virtual/input/input38
[  658.845185][T14237] usb 4-1: config 7 has an invalid interface number: 204 but max is 0
[  658.862670][T14237] usb 4-1: config 7 has no interface number 0
[  658.870097][T14237] usb 4-1: too many endpoints for config 7 interface 204 altsetting 80: 241, using maximum allowed: 30
[  658.895086][T14237] usb 4-1: config 7 interface 204 altsetting 80 has 0 endpoint descriptors, different from the interface descriptor's value: 241
[  658.909035][T14237] usb 4-1: config 7 interface 204 has no altsetting 0
[  658.928200][  T120] usb 2-1: device descriptor read/64, error -71
[  658.934994][T14237] usb 4-1: string descriptor 0 read error: -22
[  658.941744][T14237] usb 4-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe
[  658.951269][T14237] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.981387][T14237] hub 4-1:7.204: bad descriptor, ignoring hub
[  659.006272][T14237] hub 4-1:7.204: probe with driver hub failed with error -5
[  659.047856][  T120] usb usb2-port1: attempt power cycle
[  659.181712][T14237] asix 4-1:7.204 (unnamed net_device) (uninitialized): invalid hw address, using random
[  659.230603][ T5903] cdc_mbim 6-1:1.0: bind() failure
[  659.264962][ T5903] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  659.272817][ T5903] cdc_ncm 6-1:1.1: bind() failure
[  659.297163][ T5903] usb 6-1: USB disconnect, device number 114
[  659.388952][  T120] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  659.409232][  T120] usb 2-1: device descriptor read/8, error -71
[  659.582670][T14237] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  659.597371][T14237] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  659.617441][ T5934] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  659.647311][  T120] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  659.668519][  T120] usb 2-1: device descriptor read/8, error -71
[  659.773433][T14237] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  659.787934][  T120] usb usb2-port1: unable to enumerate USB device
[  659.803928][T14237] asix 4-1:7.204 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  659.815982][ T5934] usb 7-1: Using ep0 maxpacket: 16
[  659.830066][ T5934] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  659.839133][ T5934] usb 7-1: config 0 has no interface number 0
[  659.845251][ T5934] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  659.856682][ T5934] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  659.871930][ T5934] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  659.882141][ T5934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.892273][ T5934] usb 7-1: config 0 descriptor??
[  660.002693][T14237] asix 4-1:7.204 eth9: register 'asix' at usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet, 1e:49:a1:0d:70:ee
[  660.218383][T14237] usb 4-1: reset high-speed USB device number 55 using dummy_hcd
[  660.326071][ T5934] usbhid 7-1:0.1: can't add hid device: -71
[  660.339433][ T5934] usbhid 7-1:0.1: probe with driver usbhid failed with error -71
[  660.365532][ T5934] usb 7-1: USB disconnect, device number 16
[  660.388872][T14237] usb 4-1: unable to get BOS descriptor or descriptor too short
[  660.980838][T20960] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  661.229478][T20971] netlink: 'syz.1.4463': attribute type 10 has an invalid length.
[  665.697094][ T5511] asix 4-1:7.204 eth9: Failed to read reg index 0x0000: -110
[  665.906473][ T5934] usb 4-1: USB disconnect, device number 55
[  665.913354][ T5934] asix 4-1:7.204 eth9: unregister 'asix' usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet
[  665.997244][ T5934] ------------[ cut here ]------------
[  666.003166][ T5934] WARNING: net/sched/sch_generic.c:1498 at dev_shutdown+0x3e1/0x440, CPU#0: kworker/0:6/5934
[  666.013956][ T5934] Modules linked in:
[  666.019079][ T5934] CPU: 0 UID: 0 PID: 5934 Comm: kworker/0:6 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  666.031714][ T5934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  666.042491][ T5934] Workqueue: usb_hub_wq hub_event
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  666.048026][ T5934] RIP: 0010:dev_shutdown+0x3e1/0x440
[  666.053781][ T5934] Code: b5 8a 9c f8 49 83 7d 00 00 75 19 e8 99 3a 39 f8 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 93 fb 01 cc e8 80 3a 39 f8 90 <0f> 0b 90 eb e1 e8 75 3a 39 f8 4c 89 e7 be 03 00 00 00 e8 78 9e 47
[  666.073958][ T5934] RSP: 0018:ffffc900051d7180 EFLAGS: 00010283
[  666.080768][ T5934] RAX: ffffffff8986c690 RBX: ffff88802fa104c8 RCX: 0000000000100000
[  666.088956][ T5934] RDX: ffffc90016c01000 RSI: 00000000000065ac RDI: 00000000000065ad
[  666.097621][ T5934] RBP: 0000000000000001 R08: ffffc900051d6f67 R09: 1ffff92000a3adec
[  666.105623][ T5934] R10: dffffc0000000000 R11: fffff52000a3aded R12: ffffffff8f97f050
[  666.113879][ T5934] R13: ffff88802fa105a8 R14: 1ffff11005f42099 R15: ffffffff8f97f040
[  666.122173][ T5934] FS:  0000000000000000(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
[  666.131804][ T5934] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  666.138923][ T5934] CR2: 00007f5fc9069f98 CR3: 000000002766a000 CR4: 00000000003526f0
[  666.146976][ T5934] DR0: ffffffffffffffff DR1: 000000000000008b DR2: 00000000000000ce
[  666.154959][ T5934] DR3: 0000000000007ffc DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  666.163361][ T5934] Call Trace:
[  666.167053][ T5934]  <TASK>
[  666.170000][ T5934]  unregister_netdevice_many_notify+0xe0f/0x1ff0
[  666.176841][ T5934]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  666.183626][ T5934]  ? __lock_acquire+0xab9/0xd20
[  666.188547][ T5934]  ? rtnl_net_dev_lock+0x257/0x2f0
[  666.193690][ T5934]  ? __pfx___mutex_lock+0x10/0x10
[  666.199021][ T5934]  unregister_netdevice_queue+0x33c/0x380
[  666.204769][ T5934]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  666.211271][ T5934]  ? rtnl_net_dev_lock+0x2de/0x2f0
[  666.216464][ T5934]  unregister_netdev+0x1f/0x60
[  666.221471][ T5934]  usbnet_disconnect+0xcd/0x380
[  666.226576][ T5934]  usb_unbind_interface+0x26b/0x910
[  666.233555][ T5934]  ? __pfx_usb_unbind_interface+0x10/0x10
[  666.239728][ T5934]  device_release_driver_internal+0x4d6/0x800
[  666.245831][ T5934]  bus_remove_device+0x34d/0x410
[  666.250852][ T5934]  device_del+0x511/0x8e0
[  666.255204][ T5934]  ? __pm_runtime_barrier+0x212/0x460
[  666.260840][ T5934]  ? __pfx_device_del+0x10/0x10
[  666.266623][ T5934]  ? __pfx___mutex_lock+0x10/0x10
[  666.271695][ T5934]  usb_disable_device+0x3e9/0x8a0
[  666.277359][ T5934]  usb_disconnect+0x330/0x950
[  666.282069][ T5934]  hub_event+0x1cf5/0x4a20
[  666.286610][ T5934]  ? do_raw_spin_lock+0x121/0x290
[  666.291666][ T5934]  ? register_lock_class+0x51/0x320
[  666.296937][ T5934]  ? __pfx_hub_event+0x10/0x10
[  666.301971][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.307954][ T5934]  ? _raw_spin_unlock_irq+0x23/0x50
[  666.313170][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.318938][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.324904][ T5934]  process_scheduled_works+0xade/0x17b0
[  666.330721][ T5934]  ? __pfx_process_scheduled_works+0x10/0x10
[  666.346807][ T5934]  worker_thread+0x8a0/0xda0
[  666.351449][ T5934]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  666.358387][ T5934]  ? __kthread_parkme+0x7b/0x200
[  666.363365][ T5934]  kthread+0x70e/0x8a0
[  666.367981][ T5934]  ? __pfx_worker_thread+0x10/0x10
[  666.373492][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.378147][ T5934]  ? _raw_spin_unlock_irq+0x23/0x50
[  666.383365][ T5934]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.388606][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.393215][ T5934]  ret_from_fork+0x3f9/0x770
[  666.397866][ T5934]  ? __pfx_ret_from_fork+0x10/0x10
[  666.403249][ T5934]  ? __switch_to_asm+0x39/0x70
[  666.408299][ T5934]  ? __switch_to_asm+0x33/0x70
[  666.413074][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.417819][ T5934]  ret_from_fork_asm+0x1a/0x30
[  666.422620][ T5934]  </TASK>
[  666.425885][ T5934] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  666.433169][ T5934] CPU: 0 UID: 0 PID: 5934 Comm: kworker/0:6 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  666.444724][ T5934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  666.454802][ T5934] Workqueue: usb_hub_wq hub_event
[  666.459857][ T5934] Call Trace:
[  666.463151][ T5934]  <TASK>
[  666.466091][ T5934]  dump_stack_lvl+0x99/0x250
[  666.470700][ T5934]  ? __asan_memcpy+0x40/0x70
[  666.475304][ T5934]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.480513][ T5934]  ? __pfx__printk+0x10/0x10
[  666.485113][ T5934]  vpanic+0x281/0x750
[  666.489086][ T5934]  ? __pfx_vpanic+0x10/0x10
[  666.493579][ T5934]  ? is_bpf_text_address+0x292/0x2b0
[  666.498855][ T5934]  ? is_bpf_text_address+0x26/0x2b0
[  666.504054][ T5934]  panic+0xb9/0xc0
[  666.507762][ T5934]  ? __pfx_panic+0x10/0x10
[  666.512172][ T5934]  ? ret_from_fork_asm+0x1a/0x30
[  666.517098][ T5934]  __warn+0x334/0x4c0
[  666.521070][ T5934]  ? dev_shutdown+0x3e1/0x440
[  666.525736][ T5934]  ? dev_shutdown+0x3e1/0x440
[  666.530398][ T5934]  report_bug+0x2be/0x4f0
[  666.534727][ T5934]  ? dev_shutdown+0x3e1/0x440
[  666.539401][ T5934]  ? dev_shutdown+0x3e1/0x440
[  666.544061][ T5934]  ? dev_shutdown+0x3e3/0x440
[  666.548723][ T5934]  handle_bug+0x84/0x160
[  666.552956][ T5934]  exc_invalid_op+0x1a/0x50
[  666.557445][ T5934]  asm_exc_invalid_op+0x1a/0x20
[  666.562415][ T5934] RIP: 0010:dev_shutdown+0x3e1/0x440
[  666.567698][ T5934] Code: b5 8a 9c f8 49 83 7d 00 00 75 19 e8 99 3a 39 f8 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 93 fb 01 cc e8 80 3a 39 f8 90 <0f> 0b 90 eb e1 e8 75 3a 39 f8 4c 89 e7 be 03 00 00 00 e8 78 9e 47
[  666.587309][ T5934] RSP: 0018:ffffc900051d7180 EFLAGS: 00010283
[  666.593385][ T5934] RAX: ffffffff8986c690 RBX: ffff88802fa104c8 RCX: 0000000000100000
[  666.601347][ T5934] RDX: ffffc90016c01000 RSI: 00000000000065ac RDI: 00000000000065ad
[  666.609309][ T5934] RBP: 0000000000000001 R08: ffffc900051d6f67 R09: 1ffff92000a3adec
[  666.617270][ T5934] R10: dffffc0000000000 R11: fffff52000a3aded R12: ffffffff8f97f050
[  666.625235][ T5934] R13: ffff88802fa105a8 R14: 1ffff11005f42099 R15: ffffffff8f97f040
[  666.633203][ T5934]  ? dev_shutdown+0x3e0/0x440
[  666.637888][ T5934]  unregister_netdevice_many_notify+0xe0f/0x1ff0
[  666.644222][ T5934]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  666.650978][ T5934]  ? __lock_acquire+0xab9/0xd20
[  666.655814][ T5934]  ? rtnl_net_dev_lock+0x257/0x2f0
[  666.660922][ T5934]  ? __pfx___mutex_lock+0x10/0x10
[  666.665947][ T5934]  unregister_netdevice_queue+0x33c/0x380
[  666.671659][ T5934]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  666.677895][ T5934]  ? rtnl_net_dev_lock+0x2de/0x2f0
[  666.683001][ T5934]  unregister_netdev+0x1f/0x60
[  666.687766][ T5934]  usbnet_disconnect+0xcd/0x380
[  666.692638][ T5934]  usb_unbind_interface+0x26b/0x910
[  666.697853][ T5934]  ? __pfx_usb_unbind_interface+0x10/0x10
[  666.703577][ T5934]  device_release_driver_internal+0x4d6/0x800
[  666.709647][ T5934]  bus_remove_device+0x34d/0x410
[  666.714588][ T5934]  device_del+0x511/0x8e0
[  666.718910][ T5934]  ? __pm_runtime_barrier+0x212/0x460
[  666.724273][ T5934]  ? __pfx_device_del+0x10/0x10
[  666.729122][ T5934]  ? __pfx___mutex_lock+0x10/0x10
[  666.734156][ T5934]  usb_disable_device+0x3e9/0x8a0
[  666.739195][ T5934]  usb_disconnect+0x330/0x950
[  666.743872][ T5934]  hub_event+0x1cf5/0x4a20
[  666.748303][ T5934]  ? do_raw_spin_lock+0x121/0x290
[  666.753334][ T5934]  ? register_lock_class+0x51/0x320
[  666.758558][ T5934]  ? __pfx_hub_event+0x10/0x10
[  666.763327][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.769048][ T5934]  ? _raw_spin_unlock_irq+0x23/0x50
[  666.774240][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.779956][ T5934]  ? process_scheduled_works+0x9ef/0x17b0
[  666.785673][ T5934]  process_scheduled_works+0xade/0x17b0
[  666.791235][ T5934]  ? __pfx_process_scheduled_works+0x10/0x10
[  666.797217][ T5934]  worker_thread+0x8a0/0xda0
[  666.801801][ T5934]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  666.808125][ T5934]  ? __kthread_parkme+0x7b/0x200
[  666.813059][ T5934]  kthread+0x70e/0x8a0
[  666.817132][ T5934]  ? __pfx_worker_thread+0x10/0x10
[  666.822244][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.826845][ T5934]  ? _raw_spin_unlock_irq+0x23/0x50
[  666.832036][ T5934]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.837225][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.841818][ T5934]  ret_from_fork+0x3f9/0x770
[  666.846412][ T5934]  ? __pfx_ret_from_fork+0x10/0x10
[  666.851532][ T5934]  ? __switch_to_asm+0x39/0x70
[  666.856299][ T5934]  ? __switch_to_asm+0x33/0x70
[  666.861064][ T5934]  ? __pfx_kthread+0x10/0x10
[  666.865653][ T5934]  ret_from_fork_asm+0x1a/0x30
[  666.870424][ T5934]  </TASK>
[  666.873723][ T5934] Kernel Offset: disabled
[  666.878043][ T5934] Rebooting in 86400 seconds..