last executing test programs:

3m13.467559582s ago: executing program 2 (id=1103):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1)
ioctl$IOCTL_GET_NUM_DEVICES(0xffffffffffffffff, 0x40046104, &(0x7f0000000080))
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
io_setup(0x8, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x0, &(0x7f0000000140))
r3 = eventfd2(0x9, 0x80800)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
io_submit(r2, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f0000000180)="9cbe7a12b26e70970298a35be7973572e0083322427956aaa39d87cce0991bb586d7e3bdab2113b619d46f38c6ea9d9447e05403e3266c4291a28de7705f96aea750917c463d0f8baad5154e5de844bd736464cc6a", 0x55, 0x7fffffffffffffff, 0x0, 0x3, r3}])
syz_usb_connect$uac1(0x3, 0x111, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xff, 0x3, 0x1, 0x8, 0x10, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x200, 0x8}, [@extension_unit={0x7, 0x24, 0x8, 0x3, 0x1, 0xb3}, @extension_unit={0xd, 0x24, 0x8, 0x6, 0x2, 0xc4, "654735d6ec6c"}, @mixer_unit={0xb, 0x24, 0x4, 0x6, 0x8b, "b4244399d54f"}, @processing_unit={0x9, 0x24, 0x7, 0x2, 0x0, 0x3, '1C'}, @mixer_unit={0x6, 0x24, 0x4, 0x4, 0x2, "f7"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0xfb, 0x2, 0x5, 0x31, '^'}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0x8, 0x10, "030f"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x6cc, 0x0, 0xb, "411dc443f606"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x2, 0x0, 0x6, 'O[E'}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x2, 0x5, 0x80, 'c', "b4f5"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x6, 0x2, 0x3, {0x7, 0x25, 0x1, 0xc0, 0x0, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x2, 0x8001, 0x1, "584addfe4c1c9e26"}, @as_header={0x7, 0x24, 0x1, 0x8, 0x8, 0x1005}, @as_header={0x7, 0x24, 0x1, 0x2, 0x7, 0x5}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x0, 0x3, 0xc2, "cc"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x5, 0x0, 0x81, "c72697dea38f"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x6, 0xb, 0xd, {0x7, 0x25, 0x1, 0x0, 0x2d, 0xf}}}}}}}]}}, &(0x7f00000009c0)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x451, 0xff, 0xf3, 0xff, 0x10, 0xb3}, 0x19a, &(0x7f0000000400)={0x5, 0xf, 0x19a, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x15, 0x0, 0x59}, @generic={0xcf, 0x10, 0x4, "0fe1c64d7e10861dfed5fe22d01a58803f50b9631feeb34d0e38fc2b7f2e6b5521f406efc77a6f116ac5e58acbcb44563868846092c6ab78214a74016e5588c532e73c504978278c866eb96538de6afbfc810c8b4ab85b7974464e497f06012bf35c61309a6ca2a95d0c26d5158c0b748ee86b1abec5e3f573b40d10f901f66d86c37bb6fbc53f430a1ff701c9b446619efe9c0176283020ca8ecab8ac70995c77b95d2b58e17f342cc6d8e24f9ae3e0ffed5f5c960e7a3482ddca63d37ac9477b60e5717fef33a3d072b0a6"}, @ptm_cap={0x3}, @ssp_cap={0x18, 0x10, 0xa, 0x1, 0x3, 0x2ef4, 0x7700, 0x1519, [0x3f00, 0xff0000, 0xfe8030]}, @generic={0xa1, 0x10, 0x2, "958bd0ed21c8ad5bed4dc54fba7295a3c4b5a44c37995e03bddff37295988a3423cc7bced0c283aaa8313db46711a6fec5e360c7bdf907334b7c36b3c892230056d135d3ab658138979c872c7f232941e65e6fee9564cdbe0ecef34793a42c29b11e4b444c1a89e549a0f579ab4dbd98070540dd8454534c51629d1dd871dc61a05d3c0cfcdcd5b44557406ab94d195be0c90c167be78ed19d501311126c"}]}, 0x7, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x340a}}, {0xff, &(0x7f0000000600)=@string={0xff, 0x3, "7af9e193df9ade825b21f701fcf1abde8cab15c52af912a8ea0a2b37ff7ba6e919740a21efc2ba567903b8426754f8ef65d832c9efd68ac6003efc47c55bb9de4b77e823880472b18e724db260aac8c789e4e6acd66f83b9b2d338d73a1de0ddd39901e40f955ec0331c60a9aa623cac3bdae43189965dde715f08c5c9ea63d348a8619d08fd367516e5381fe47c594111144eaa7497be1c1f097f41742dbeb3bf6b7211c2f22266b3fc212a7507559572854f503e82c125af2951b552800c1d06f07313d2977ed31251331494f8f6b466da03761802ee406ec53d161bffc473ad111f46c76426d344795c4554fc41ccc6f9cff22c8357dc4b19a2c59f"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x404}}, {0xc4, &(0x7f0000000740)=@string={0xc4, 0x3, "66b3105f05aa0c02b9a0cef620eb0e6c6ac73bb5c7e0e71f9299bb0ec62067986b66c126fc3fbfb1091075d3d63524595515052e6a9874c37d2f91de3a8932017f5d6955284590e6a4245a38bd6be4729eeecee3c0dade4ba45348ba27a0b6fe199845b7c66dc1b14f84401a0af874d9e29f6de9a09a7d207c5d785f3be96f533f24c0d65f779f97070efa09aca6b3568ca347a81a3780f7ac059c8ea7121b7a89658ff8154b99c60dc62465c9577ef353d5c4ce8662551ae52df7e4f302376672e6"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x812}}, {0xf1, &(0x7f00000008c0)=@string={0xf1, 0x3, "b7be3d2a3469ceecaa75dee54e072cbe454a667cfb2676a442471e365ca6f0dede7deb99c9f8451cf93312e2c7cae17d7084aeb83d592a0687ba249118c5b2cd99444f4a017b64ed8c8f28f04f4aee1c8f011843853d6b0b976f667ea3a4674296db4296ff1bc35d8f2fb6ff3070d0fc930008e888d48f9c0381c89284e144f670b8cdf20adf86b73ad29bed409395efcbd56cb96bf6b91973b43948a00945cf45326c57da2559a62fddc54feddc9be1d53d9989e2f9ae276735c5b06f913c6c86321956eb0ff031830d1f5742c9d956a753e3fe09dc93b173fd2acbce4dc13cca16f5286d5f0eab34fa2718b110b3"}}]})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000a80)=&(0x7f0000000a40))
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000ac0)={0x1})
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000b00)={0x0, 0x0, 0x3, 0x0, '\x00', [{0xf7, 0x8, 0xfffffffffffffff8, 0x0, 0x6, 0x5}, {0x7, 0x3, 0xfffffffeffffffff, 0x2, 0x4, 0x8}], ['\x00', '\x00', '\x00']})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000cc0)={0x2, &(0x7f0000000c80)=[{0x800, 0x3, 0x7, 0x5}, {0x5, 0x4, 0x2, 0x1}]})
r7 = syz_open_dev$vcsn(&(0x7f0000000d00), 0x0, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000d40)=@x86={0xb3, 0x7, 0x7, 0x0, 0x4, 0x9, 0x7d, 0x9, 0x10, 0xf9, 0x5, 0x7, 0x0, 0x40, 0x2, 0xa, 0xe, 0x9, 0x5, '\x00', 0x10, 0x8})
io_cancel(r2, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x8, 0x75e2, r7, &(0x7f0000000d80)="ee6639462c895db35caa77b3cc4fdf51905a5ab7ca85cf83329a867eb0859ebc706d7fc82a50e574cc6f8bd3cd4f9e0ac2b2663c9ff8f032f2e0b3fb", 0x3c, 0x40, 0x0, 0x2, r7}, &(0x7f0000000e00))
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000ec0)={0xa, &(0x7f0000000e40)=[{0x4, 0x0, 0x57}, {0x1ff, 0x1, 0x6, 0x8}, {0x4, 0x3, 0x4, 0x3}, {0x10, 0x1, 0x2c, 0x8}, {0x1, 0x2, 0xff, 0x3}, {0x46be, 0x4, 0x76, 0xfff}, {0x0, 0xb2, 0x1, 0x100}, {0x832, 0xec, 0x0, 0x5}, {0x5c9, 0x0, 0x73, 0x8}, {0x2, 0x4, 0x0, 0x2}]})
ioctl$KVM_SET_FPU(r5, 0x41a0ae8d, &(0x7f0000000f00)={'\x00', 0x1986, 0x2, 0x0, 0x0, 0x0, 0x8080000, 0x2000, '\x00', 0x345310a0})
ioctl$KVM_SET_TSC_KHZ(r5, 0xaea2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r7, &(0x7f0000001180)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x10, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd}, 0x10}}, 0x45)
ioctl$KVM_GET_XSAVE(r7, 0x9000aea4, &(0x7f00000011c0))
bind$inet6(r7, &(0x7f00000021c0)={0xa, 0x4e21, 0x9, @mcast2, 0x64}, 0x1c)
r8 = dup2(r0, r1)
r9 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002640), 0x2)
r10 = syz_open_pts(r7, 0x2900)
io_submit(r2, 0x7, &(0x7f0000002980)=[&(0x7f0000002300)={0x0, 0x0, 0x0, 0x1, 0x7fff, r0, &(0x7f0000002200)="472457352c04d716fa988521358e8a50082ed119110ccb6df87423938fbfaaea6c201f6acf5f62ec677ad3b6eb285d94764852bd50583232917e5f2ba8762f46a220aeb1dd457a8173d8321b38f7a5a796ad48389f6b189cca3264e40d757c844d27df48b54a406388c04cdb683f6f0603ec6b717b7cc2cc143a7ffff2461278c53b714e6d0b6c995946c7314fbaf904da95bc956cf53c853d56d80019a89bfbf7d60e4515c462d278c06188d759f565204b241cfe09c26e343023db452425e6279de47e161893f20cc384292725030cebd67d7c11c70b9f", 0xd8, 0x3, 0x0, 0x1}, &(0x7f0000002440)={0x0, 0x0, 0x0, 0x1, 0x3ff, r5, &(0x7f0000002340)="d5a149b3cebfec9c3931971403d8fcd00062f22dbd104198210d8da5522e8fa90eddca4da84dc9686b1a791fedf1029e66dd68c4586be93e02162708258cd326b7914debb4bc65b5fa54a2c8e38a9a044c80106477048f06cda5d55299072bf8af63dbf62eaa8cbf0af52bc65616f57542b93bed2dd719f407d3ccd1d09a0a42239c0a715da42333ae7e3bc074bce2b6d070d456583bbac69d9722d34ee18d9662c065b77bcefa1fe8f4b33dff5a34b999c447950b0a562620f369588074556d69a142bc6f9c9ddd98d0fd1b542566e1eea81fb7938e9c8d43285b027a4867b29095085453c0c6bd3f3702dc6bfda995662a1c13ba", 0xf5, 0x0, 0x0, 0x2, r8}, &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x3, 0x6, r1, &(0x7f0000002480)="15482953e4d52dc1dba9a6e4cbc508a76bbc54f116d46e76882317cd69", 0x1d, 0x2, 0x0, 0x2, r7}, &(0x7f0000002600)={0x0, 0x0, 0x0, 0x7, 0x7, r6, &(0x7f0000002500)="65a8d8fe89be6937a977164b3125755861aa340fa418ff77897d1b1e8e21f33c75b51b6a9c051b527a519fea7152025d374449067290335f6d34446a0bed4ca5322cf2c99b894376a3351b9386b5a4751c218593717449c62c23e0d4cafbf0173a7edcc2bb61e2af555e0b6e69c231d37a47eee7e9e34896921dbe1798e63ea337cdebe0556d6862b9370d112281c20b68dfeb7d9c912ceced738e510d76f4b227066f3024fdedc6e24ddf286a03c07b0406f59af0fd8ddcb90f1fe07e9f57e33b78ebdba2cb0309bfa402f556fc49b081130b1c085006c2db3e986e80a2e74d5e6da99d1e834bfa3d165673f2ff8329eb35318657ff", 0xf6, 0x6, 0x0, 0x2, r7}, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x4, 0xe, r9, &(0x7f0000002680)="a1cf2702bb16a71c1983740c564edd48a9c00b019601054386de7137e6fb090d23217328484e6ccffc72a97b2ae72e570fb26a8b685099f9f4b06fd43e14b344f03966de95902e911e802b4c7902434e9e4722a4a9e62db4f00cf8257ca0649c8467af4f8c50566c750d6b573a5bd0af75f788f3b84cdf56cb0ec562e45e5469c2deccc2da8596df69344ed0e4af2324be89298d8bd00514119929e651e77844cc3f9b69894340c1816df3ff91b0da9d27c5f0ffd7590508301059705bb98b6bb761", 0xc2, 0x87f7}, &(0x7f00000028c0)={0x0, 0x0, 0x0, 0x7, 0x9, r10, &(0x7f00000027c0)="ddf98e53582e4b984bab5292a448f75791b97232cffeac332a865ab4b6d2364a5820161893037e7195f6dd2f6d9e1cedd7d9eaf389852d4ba4e10caddfdd5ff2c5831a2d981fd38c916367b3cb6a02f1ceb51883d26310b3c9ceaf8c3f82300fe2cd7b90d32da9b1478d5510d85603171a721ffcfa44cbafcd566620f0f2c62f867200fbc20fcc577d5542e66bd1b9e570c02b960ab5791edd302c7d40af7130e4a24ed3f67fa35ff7120ba86c71231deec32ba980678a88b5642422ac03cc427a4ed2a4eeb50bfa8fc61bc3571cebc4cd945a3e874d2282c0fb9bdb5e538561bf1caa6d46dc561584519cec", 0xec, 0x7fff, 0x0, 0x2, r7}, &(0x7f0000002940)={0x0, 0x0, 0x0, 0x1, 0x3, r4, &(0x7f0000002900)="75670ff6407ba906f5497116ef42346ee82c6432522898695c0db2b438b79d70ae9ce9127492537e0acd83", 0x2b, 0x8000000000000000, 0x0, 0x1, r3}])

3m12.12323629s ago: executing program 2 (id=1111):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ufs\x00', 0x0, 0x0)

3m12.058917908s ago: executing program 2 (id=1112):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x5a3c2)
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000080)=0xd0)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000080)=0xd0)
close(0x3)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000240)={0x2, 0x2, 0x5})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89fe, &(0x7f0000000340)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x0, 0x200, 0x2, 0x7, 0x9, 0x0, 0x5, 0x9, 0x2, 0xca1, 0x8, 0x1, 0x6, 0xff, 0x9, 0x3, 0x7, 0x7, 0xb, 0x64, 0x1000, 0xc}})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000306b240c50f27128eda010203010902120001000000000904"], 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000002c0)={0x47, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x74)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
dup(r5)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/57, 0x39}, {&(0x7f0000002980)=""/4103, 0x1007}, {&(0x7f0000000ac0)=""/66, 0x42}, {&(0x7f0000000580)=""/109, 0x6d}, {&(0x7f0000000600)=""/206, 0xce}], 0x5}, 0x2100)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
preadv(r9, &(0x7f0000000080), 0x0, 0xffeffffe, 0x1007)

3m11.223199548s ago: executing program 2 (id=1118):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x20200) (async)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @pic={0xa, 0x6, 0xfb, 0x3, 0x8, 0x6, 0xe, 0xc, 0x4, 0xa, 0x80, 0x7, 0xc, 0x9, 0x2, 0x4}}) (async)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x10001, 0x4, 0xffff1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
personality(0x5400004)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x22401, 0x0)
fcntl$lock(r5, 0x7, &(0x7f00000000c0)={0x1, 0x0, 0x7fffffffffffffff, 0xc0}) (async)
r6 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000340)={r6})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x7dfff000)

3m10.815829515s ago: executing program 2 (id=1120):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x200000, 0x0) (async)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) (async)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r1) (async)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) (async)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x6000)
setresuid(0xee01, r5, r5)
fstat(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) (async)
connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) (async)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) (async)
ioctl$int_in(r7, 0x5421, &(0x7f0000000140)=0x1) (async)
writev(r7, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
mount$fuse(0x0, &(0x7f00000001c0)='./cgroup/file0\x00', &(0x7f0000000200), 0x3, &(0x7f0000000300)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize', 0x3d, 0x1200}}, {@blksize={'blksize', 0x3d, 0xe00}}, {@allow_other}], [{@measure}, {@fsname={'fsname', 0x3d, 'e%*'}}, {@permit_directio}, {@smackfshat={'smackfshat', 0x3d, '-)\x9c)+'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@uid_lt={'uid<', r6}}, {@appraise}]}})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r2, 0x200, 0x70bd28, 0x25dfdbff, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xa}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x4040800)

3m9.835477972s ago: executing program 2 (id=1125):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xe02, 0x0)
fadvise64(r0, 0x65f, 0x2, 0x5)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fallocate(r3, 0x1, 0x100000000, 0x10000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000010180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r4, &(0x7f00000102c0)={0x0, 0x0, &(0x7f0000010280)={&(0x7f00000101c0)={0x2c, r5, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x844)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r4)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="04002dbd7008000000060002000000000006000e009700000000000000009e224a3816816d82536be4f43cb2e82f617e617257fc30a0ce5db1cf799eb7fa76936e019f223bc6b76697dfb130c598c17849500a586c3269148118823ff3a4e606f00c1c065f4c4e87227e5e912dc207bfb670147a05ce86ff470958fee606c75986f2c71ae7de4a0400000000000000be900c07479e4500000000000000000695aa42536b9f837da4f97f0f17ac611afbce19a1452f4df6df2af3d118a3921db546f47ddf5b5c730fa1d5ba5a91f9614b48b311fb79f661c024c1aa7f17d3296192423bf7b175649fb1ca092e2f047fb95dc8ebd5473efa80b39bba95214311bb648b69069821cbbe91374093bc3d070b0cc2"], 0x24}, 0x1, 0x0, 0x0, 0x4008011}, 0x8001)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45819000)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r7, 0x2285, 0x0)
r8 = fcntl$dupfd(r7, 0x0, r7)
write$sndseq(r8, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r8, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r8, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {0x0, 0x1}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0x2000000, 0x6}, {0x0, 0x2}, {}, @time=@time={0x2, 0xd8}}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {0x0, 0xce}, {}, @connect={{0x8}}}, {0x0, 0x0, 0xc, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r8, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r7, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r8, 0x4058534c, &(0x7f0000000200)={0x4, 0x6, 0x6, 0x3, 0xd8d, 0x1fd5})
write$sndseq(r8, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r8, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000540)=0xc)
r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r9, 0x111, 0x2, 0x1, 0x4)

2m54.322429998s ago: executing program 32 (id=1125):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xe02, 0x0)
fadvise64(r0, 0x65f, 0x2, 0x5)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fallocate(r3, 0x1, 0x100000000, 0x10000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000010180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r4, &(0x7f00000102c0)={0x0, 0x0, &(0x7f0000010280)={&(0x7f00000101c0)={0x2c, r5, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x844)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r4)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="04002dbd7008000000060002000000000006000e009700000000000000009e224a3816816d82536be4f43cb2e82f617e617257fc30a0ce5db1cf799eb7fa76936e019f223bc6b76697dfb130c598c17849500a586c3269148118823ff3a4e606f00c1c065f4c4e87227e5e912dc207bfb670147a05ce86ff470958fee606c75986f2c71ae7de4a0400000000000000be900c07479e4500000000000000000695aa42536b9f837da4f97f0f17ac611afbce19a1452f4df6df2af3d118a3921db546f47ddf5b5c730fa1d5ba5a91f9614b48b311fb79f661c024c1aa7f17d3296192423bf7b175649fb1ca092e2f047fb95dc8ebd5473efa80b39bba95214311bb648b69069821cbbe91374093bc3d070b0cc2"], 0x24}, 0x1, 0x0, 0x0, 0x4008011}, 0x8001)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45819000)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r7, 0x2285, 0x0)
r8 = fcntl$dupfd(r7, 0x0, r7)
write$sndseq(r8, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r8, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r8, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {0x0, 0x1}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0x2000000, 0x6}, {0x0, 0x2}, {}, @time=@time={0x2, 0xd8}}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {0x0, 0xce}, {}, @connect={{0x8}}}, {0x0, 0x0, 0xc, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r8, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r7, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r8, 0x4058534c, &(0x7f0000000200)={0x4, 0x6, 0x6, 0x3, 0xd8d, 0x1fd5})
write$sndseq(r8, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r8, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000540)=0xc)
r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r9, 0x111, 0x2, 0x1, 0x4)

2m21.801378425s ago: executing program 3 (id=1448):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000100)={0x2}, 0x1)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100153a42908f00a71729188010203010902240001060000000904020002ffffff0009050b0000000000000905dd"], 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x40010, r1, 0x45806000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x28, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0xe}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040010}, 0x48800)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000380)={<r5=>0x0, 0x44, "97b8f38b96092bbb9053a73b945bea4e37763650e3bcc6a702be4f0a65248b2d802c8afee9c5735266aeb495a52ea1d0feffa7e9c5ac9cfcd9c11673e19de40b0d30873c"}, &(0x7f0000000400)=0x4c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000440)={r5, 0x49, "5f57ac0ddf3dbe9ac9303175bfbea3baf22ea0902bae1150b78eaa8eaa5966138567d729a8cd107dbedf17437ae24710210fe2d0dac35785b4dd64a23a05fe7d501d4b976d21530f9b"}, &(0x7f00000004c0)=0x51)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedb2a25010000001400070000000009000000000000000000000001050003008800000a000000"], 0x38}, 0x1, 0x0, 0x0, 0x40c4}, 0xc044)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000020605000000000000000000000000000c000300686173683a6970000900020073797a30000000000c000300686173683a69700013000300686173683a6e65742c69666163650000050005000a00000005000400000000000900020073797a300000000005000500050000002630ca4d449514605ecd65bfd89df3c9463574274f71d0127012955cf97bf5ea9cc41bb918c8f4cf08f4b0b6c00d275698a4bdaa6706150db3905e393de1737abdf41a2a921947da986220c8167cfe5ac8c5632cb60b1a6c26183b5bf015fa0479f39d16"], 0x70}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendto$inet(r6, &(0x7f0000000080), 0x0, 0x24020804, &(0x7f0000000140)={0x2, 0x4e24, @multicast2}, 0x10)

2m20.467510658s ago: executing program 3 (id=1449):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x2, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf, 0x79}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x820}, 0x40020)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r3, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x3, 0x1c}}}}, [@NL80211_ATTR_PS_STATE={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004000}, 0x10008004)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000001800)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000017c0)={&(0x7f0000000440)={0x1338, r4, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x98, 0x33, @data_frame={@a_msdu=@type11={{0x0, 0x2, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x40}, @device_b, @device_a, @from_mac, {0x0, 0x9}, @device_a, @value={0x9, 0x0, 0x1, 0x1, 0x6}}, @a_msdu=[{@device_a, @broadcast, 0x65, "75b2bf021f6ac05615502bf6b7098fb3ad7e3e6f773b42b88af8784fcb53121f5a421f1ac8dec7052861ac501c8cc0e5a5a88b6b38067474a598d687c47a14d092b59f4d8cdf6e45a6cbe73117fff16738b02ed469fafec8f8830ddc4bc1aa62930fdaefd8"}]}}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@cts={{}, {0x1}, @device_b}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x113a, 0x33, @data_frame={@a_msdu=@type10={{0x0, 0x2, 0x9, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x5f5}, @initial, @broadcast, @initial, {0xf, 0x9}, "", @value={0x3, 0x0, 0x1, 0x1, 0x7f}}, @a_msdu=[{@device_a, @broadcast, 0x39, "3ce7266a095e023e02d3f6c7a7eede481e3d3b57b4c78c1935540e7fb24af2c7c308a11371fd021e8f5a3957a6aaaf199ba5034d708f76b830"}, {@device_b, @device_a, 0x50, "5e529c914cde6ab74e7a742c05e7181187b63bf67512ea3f7e95b8f1591243c8c36bf84f06a006f7b402183c05ba2acf8505bba4d87b4f83d97f817164e7cce410c1e3282e12aa17ab0809f0543c1c68"}, {@broadcast, @device_a, 0x1000, "0ad2939967f72104cbcb248f06261483b1069917e08c8174172842ce1d21b488e6f62503a490a8b151d35d660add63fdf01c4632966bc610e48deb4e9f550c6dad61763aebf9144fe55f6d3d553d07b05d830835b6559ba28a7ace9a6bc7363bd66240a34e3fa1ba8d1dcea622e19fdb3594ecef01b5edc232de71eb3c35e839b1dfad15728b814375c161b7ec12b5ec8f2f57532f0359fb8d3cac2cb230c7aa97a8b94219b825f379e5f6eb16b942e6ad9f6fd3cb2e72b54a5553b1a15e9c938203c588c65e53ff5d5f94ee09a238dcce976210659897f548cc826e25f9312e6dda3be16bfb1fafafd03ab46c1356d2509fcdcf59e146a648c3c7d0666097c1ccf450891bc566d3bfa8836f31573db9b37048455969178bc521e074bafcdd1d1264b417564f03bcb6cfb23a466ced089b06516822be59867957fbbf125afaf0bed5c1efbe02a4cd8458328424261a87827ef32bda3986f3be2a053924865407a1c5bcb9638abe96a1537251a74713f8e538f5507e3d17f147beaef957f0467b76003e304d15178e0036459bfd866612992245905225ddf5138418a8cb6c8284c6854fd1dd54beeb9d0c8b87e063b226bcc490e169cf72f8ae369e727a12c606f5da358b379cef767f68ea1feadd45c3fe8b62c7c6c83149c7044d723727e07433825fef299beca675fa167535e802d242dfd83d00fb555906567aeacd07b95a20c02e44878a76d00b9822196cf7ac752c8443cafd48ca4decd02f39ab27cc4fa4f2eeddfe4ac329ce8ee54c6d0a037e240a19b6309255bee68655b8f5eb4569571edfd1e9942340535e68bca23b890c9ad680c9f8ae56e0e9ed7d06d2cb5c245a15185a23fb3d51bfe2b90c60390a050d3adc9c45e5fed5bee32190735cd0f9ee0b3b99e026ef69c4a524b8d7bbed3697bd33d49b1425fb1bec85e4f009f413740f5d31896675c25481c16de5d21ce008cfba052779f648656ba7f64f169e8888fd68df200a8900157cdcc15319eefb9ae1ca3640255f2254f1532655d216f6a2aba0d553470ca60b28bc3a85ec146fa38bd68ff3839779e22127c9a5fc939a7afb21f1f625eecf3efd4291a310ee66f98f93f972f940c1265e49c378088b2e79f20c0928514828ac81be38dce3049be70703547696400bf651fc0a469e39715860ec84b14f41048e213ac2cb4cbe950924ee38b2303a6b041a2ece1c39fd5501eb609c8e5e8216886c5cae5d10841095a25b71c43a860373a05774093e571c69c15232eb49a1b4a4711e68fd61646bff40735e5839ad69c1bf643713d1abac0c59adf1d740e1aa544d70a90b0a917692673b376a105a33ed5abbe6f339dabea5c4881e90e50f989cd8bd4e3e620e83c17d4de61d38fbd1bec37533b1999465fcd812174c58b360599a8c50adbbe5b019e83bf2fa303d202b23d087a70771dbf4f35cb4e3b16f34866ea9072c5823505f0add8ac0691d9d05dc6fbca46916e3412e1aca966270bf29107e34a1bdcc89b9dbbad2d25a9b0f2dfaf3f560bc57371e46f62df0623cb5060cc632f349707b50319eec8007a9485a090c08ca84a7de55376975c22900450427349bc6c8ae2ada45b55de459ac6ee6b8a607d62a602902838059bc8764549158ecc47f0dbc7c27837882c54107883bfa2a145342cabb8ade115cf27b7a00c8297c07739cde46838d23a6a02d20cb97d2534374682feb8babc25e32a8611916a6661c1ffd3fe7f88261ce048ebace7bbe6830ab0e5bfd8efc172e0d0ca2bf77e27c4cee9fd02c232fadad2c7253ce4cde7f7c5aa1cf59c07619c5596ff391a1ec90b65ac3e77aaaaff9832ed9fad59f2d64f81dcae1ac4dc7e9fe954a693319e19ec3d59365b1c40b655bf0f685c5b07d37d306b8b46e3559b10d1adf01a637e93578e2742bfbc2f5d5e9b087dc1fd72dd66c2f87e3ea76712294126fd6e7459c9baf19b8eba06ee931db6f02ea26a44debaca451f7271de64fdeaf2c8259efa5f182ebdac5483006d8f6f0fc935aa58e623362b87e15dc13072ad2064596aa75bcf56011d7d3e07817c48d2de77e1af6f8984171f2df31e329b2052244a937f481b054f978c48ee71c8699b8acd4ba6d1b705a771aa9a94bb44d17a5435f4099276592107a5b3d015b6f68ba76647fdc1a8f1e9a4cdc85d02184ee0d1ca81cbd878a87eb1861c0fbae84d5b4a3e1ec5dd384f034818d3f32ce89693d7296ad5d7ca25a2c4ea2299bae0737911c28f78f154f5c69f8618ad723b1b3a357de5f3dcde58feb68cd56704cac3e57ff2cca0870dc8054501fee1fa9b89a20bb628d803502c453d742f554fce3fe2f0cdbc4b5583f192f9b2cce89b4c83ee0c2133723828c6a70dbb003d7b922394a3caf54e39b523e4212e38e2633c8592cb199676cc1557cd333ce467aff88317b4fa09fb67e877a07f02d0b49eedaed8e73eba64e92be61ef9bcc24e7410d0cb1912a62defc57dbb5237a480f41d90efe0d3d2da6319a7d17f3412c21cd798e1f2e7e5a6aad7aa85ccb043a4f5e4deae2ba3e8efbe38d2bfce0cf69a976c2b20ed9b47a6f00fcf2b6d7a40c835ae02d37ceb9875379f3822f1c7a0fa001d217230ced54168d28b1b629dc9f40c9bb14da51930a73dc04ef2d961b9138844f230772a3bcdeb928875e4528447035a61c31e9a1195bbecba068cefacee7a3d79294f55b90f17852cda6ff240adf52912e686325bd62782ed37ee1603733e4a4bfc3a573906ff789441ede100ab5e4d4013af17398895c7ec7693dd5d86410e44f354b88c63dd9f1dd60bdaa40680f11f70863953d3a66973f65a85e173d255dddd7b5183991fb36105817b8b374c5f03a8e0b81d05361e732a0fd5380200631d5a259b3cb8fda9453fc2ccf55344ba080d4b5d8f416600e8c8030ac7d5113ec7bd261d535869424fe1edc12b2925b7ce5f6b811a8fb2055f66b7a668b290af399d90b8826a3c3d46a9dd8c5c5c3ed18775b834d877b7c20382c1167defab031758a3ed06f2502fa9e3b091cecb3bd735d40b08e61446940149fc00623f2f40b5bbf12d5ffeddfaeff22f50d2d9c700d15042ba2b80c94d37f1b4829c0b8e68a234a905bb5d2b2d597cbe06b375be5984816a104b05e548675adec35815761222c0167bb7c0965dcd217892cf5821cab040b98d809fb409e44b4a3b3fe3c4c0e4103e4274a967a7fc7db9277e7cb06633d9febec3bbb1d65a6eb091b906d96ff3b763d5f656ba59f2944848b7ab4e95f5d873bc01f8de5566786ca724a55bc7d1ccf74558e729eda167dad3cf66b2b017aeebd0724c744f5149aea01f9f3a0672e76211aefa453fc0a19e6c375cc0219f1a616382f583e41eb5ddf05e6933d7b38a5daddb734f6247c04304bb63c489b1430c9cccc53b32ef67f0b72c563756f8136f42afe62415cf6eb43cd897ed3224229799a2878e062de1b9c04ae2e6e883021f280b946344689a8f7e76a8973fa6474de9bce91d6a1022ee772a3bcaa09a0baba5ee36a86dbe4bad531a5b7fe7d5415a381163bd40544a1115713995aaf3ff96628ca824e0d4443d9ae9351ce7b76a529a18ac3c44dfea83ccaabcc70c527e3137b5c3244628485fc13d07441973a2cead5e8c1e96c09671a5def8a983895a81002fef97ec2b725310adb5966b4857f65b290f40add3fbedbc47a1bc908d83007f6991ffe544d2c539e75bfe4dbf539f8f16e508c859c076d66e37bfdd8bb4a59e2c809ec913d182c343a3234be4fee7ecef4174383a4adb0ae9dca29c36d7505fe536077b24cd291bd0520df5a663a479d261fb737c77152cff693716dfb4eb2a03eec4c4a00b7e162c89b47e6e4b36f79fc35666d729b0fd6e11abbe985a2454dc0d08b75dd0c4ad425602f084950491ba24daa9a7ba4c0f9249ac2593d67eba26ef6ead42739af3ff484a66fb46b9c1f355e55ce288c6d99667adbf1c50600de743d985c19df1474259065b8dbc9e7c4d9b0b8b90f71bb7d6b32976d99a1e766df4e9dbc8392930fe00c369c442d8119fe3e97c2775ad92f472868a8b869a6af490b74d1b9d135c390807f07a8c31d42b2b785a5405647e30b0bbe1f5133985d5d13f0b6ca2193e71bccdb5b5ff70b796fae605418088b7689f7af508ec4430c4192f2590052e9a619c8cba3b22a7d29c698568c4c37d38ab1a6870dd188543742791bc150ad35c79cf9ac63131286e1f87d2e38a7dfbdc7f606167f8cbe9026adf35ae371a3e6c6122ab5cf194e6f11a073ff81f4e87e0f379ad0b13e3d7a487de3aaa186be714977f8bc0482b602141a4e59c8f0c43e5d6d630dd791a6eb55656aa5df762074d722da743f65a3a1ce6f4bdf9b8b0151b830cf9905739627cb2e608b9c73e5a2603469afec833c23fda2b354e25d95eaa7a83abb7695ab564b9c4d4cdc0650086c8015a3de4de10b31720e597279f59be0900045a7eabc3f7974f61a092b3c6a18574ca2f84b3c08811f4680f91de57f8272b30571046ffa0972ed711779491267d0f0ab34cff376d4014b6f3218dc1663c2e2d1a4d3b9211749c5eda4b99fd5484995817d47c97ac287ceffb8c9bd14194399d167ae6df54feae50e6b50d414f7f92ac5666d0a8d843ef176fe90215183903bed22451f4dc27218254b5386a6842f17f537eb86dba168351b7213d88e68dde965b8523556410167985980d12707f9b549f18a001fe78bcbd7177a86f656f1ddc3fae2abf1629ffbc1bca7d5d5761960d7e255bdb1ca18d9fb074134dec7fbf6c2ed536fde91f48c887c1c0dd5de2c4fa970e131ca8baaf21b746973e96fe65c0669e54ec0806e0b6b72528e69c171f5b92170d28019292db0297be6b9d54aefba3c9a32a3e8cfbc02048cb1f45f8fa84f4a9f8689f9470ab0e8725379598f3899639e76a3c0e0761d28034ea0a7e442ea7a68f1fbd3cece6a2dfb0183e05307b4d3b0df27d7d67784cada5ca530e51ff5315fb9e665fe4b3a2773db4b9eeea97b532ab117cf17304a77517ac86a4c5bdfa04dc349145bc9a572822710572ab724c7c040bd1d1a83f76b1f49a02a62894c79cad9164fbe2fa040393d991e0d1034d5b01b27cddae5ae48ba614d0980a6addd4851bd92d69f7cb6a526e40d11ea121620d0062faec37b82c6b37e56bfb7fb45a45683f9e04d5579405b6a43423a263a16cd872ff64fd19295dd4a0c4a5b9b6c0d861d30cc4da6f674a3469a900afa2db7989daf7ab5ca240f1e47ed3ffadb3e78bd30459c239f609a76589d994b1ee5f5f5d1254693e6b6387bbffa6e3317e745aaa716ce39e9961e9f2e30a72ae9d436a76a70c9e8d896696519db2df600ff0fb961461d5771a2af59de18e3eb90f9a159c359536f63b37186431b8f99de4a47a186181b8662635368de8a4d1d00b3596eda92d9486d5e12576f5aecac346b913a0344ec1a3cc0293462e3c433f1fbe6c0290135cd9af0144e349349d276a2e03ea065be51e43f6a0be4de456ec9f2fc961430abfcead03c4baa14240721fe9cfc716e65c9358f5b541b5b3f256f4e7afb97856178a6d54a686264f88b2bb03b36b512fbcd664c198c343cea0e557d17ffe9bd2b8d0a4dcb491a5ffb68ed50ea6962b68875bc0b58ede542e401e82ead574f24d1249fbb6d6f5585ed42bb0017bf817c1762084f2a21eba656759cfc35062b15213aac3b258760a026614c5aa6b6c1949e7912547c233b64cae8329a32b3a13103205cfd53a4b86dc03336307f2a520b630357d506ebdfd25428fd7dc1ea62668e38af66b1f30fc2"}, {@broadcast, @broadcast, 0x55, "41a8614475685f9538c362a17fe44bb811dabc71e5161ccf644803b96551b4cc25274c6ff40ecc5fed223cc426a154f70db79609c835b93275313a250e16b546aa6ff9506e6cf74da2d5cb49cee13e59198cf15c35"}]}}, @NL80211_ATTR_FRAME={0x11c, 0x33, @data_frame={@a_msdu=@type00={{0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1}, @broadcast, @device_a, @initial, {0x8, 0xf55}}, @a_msdu=[{@device_b, @device_a, 0xa5, "f9df468c8530512f71269de016d8b297bf137dd1cd9eef77cce9f59e2d752e3501f2e2aa835337f762c73020de6b22f1aa218e04f244663b49689e2172c4117a5fa526ab5763f83d54a380f674ab4251b8df182b265150999f49ba8f51c6e54e066c0f4327680031a077cfce06e024b7ecb60bce100fc60a913adadfce797066b962a18f9dadff2f312d13946ffae7483494b306aa77257996b0236694107b7cbc1a0f6d42"}, {@device_a, @device_a, 0x3e, "f96c1b9d98bdc34f3ad968848fd984b766af81c466a78f8100b45f1c429e06a62e1c5f893adf43b1d78784fb51927f224ff2cd2e4676cf42eacf421a6dc8"}]}}]}, 0x1338}, 0x1, 0x0, 0x0, 0x4000840}, 0x0)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r5, 0x0, 0x1, &(0x7f0000001840)=0x1, 0x4)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001880)='/sys/kernel/profiling', 0x40042, 0x141)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r6, &(0x7f0000001980)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001940)={&(0x7f0000001900)={0x24, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20064011}, 0xc810)
sendmsg$FOU_CMD_DEL(r6, &(0x7f0000001a80)={&(0x7f00000019c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x1c, 0x0, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000)
syz_genetlink_get_family_id$l2tp(&(0x7f0000001ac0), r6)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000001bc0)={&(0x7f0000001b00)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001b80)={&(0x7f0000001b40)={0x2c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004040}, 0x801)
keyctl$describe(0x6, 0x0, &(0x7f0000001c00)=""/132, 0x84)
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000001d80)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000001d40)=[0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000001dc0)={&(0x7f0000001cc0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r7, 0xbbbbbbbb})
syz_open_dev$dri(&(0x7f0000001e00), 0x489, 0x10000)
r8 = syz_usb_connect(0x5, 0xb2a, &(0x7f0000001e40)={{0x12, 0x1, 0x0, 0xcd, 0xbe, 0xb5, 0x40, 0x56e, 0x5004, 0x7731, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb18, 0x3, 0x6, 0x3, 0x20, 0xbe, [{{0x9, 0x4, 0xff, 0x5, 0xe, 0xd9, 0x22, 0x1, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0xc}, [@processing_unit={0x9, 0x24, 0x7, 0x1, 0x2, 0x2, "7d11"}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x204, 0x1, 0x7, 0x9, 0x3c, 0x4}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x202, 0x6, 0x1, 0x400, 0x7, 0x1}]}], [{{0x9, 0x5, 0xc, 0x0, 0x20, 0x97, 0x81, 0x28, [@generic={0x49, 0x11, "acdcb4f05adb9cbdb1213ae34ed0370016fd153bcf66b2773ddf65732e7341e9b152b856d55c96fa5ffa5c59580c06432c39334dc275007e5e7575797a97aa6ea150c3af9d7c29"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x2}]}}, {{0x9, 0x5, 0x6, 0x4, 0x10, 0xfd, 0x5, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x2, 0x9e8}]}}, {{0x9, 0x5, 0x4, 0x2, 0x200, 0x93, 0x15, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xfa, 0xca}]}}, {{0x9, 0x5, 0xb, 0x1, 0x10, 0x80, 0x9, 0x10, [@generic={0xd3, 0x21, "93c95d9763dd9a5b838a26aaeb24bd54ae26911db677330515242ca5a22768bcdd0d3fbec07c615402d655bd4546b72468d06659d34d7bed2c06299cb3f2dd25ac86492300e10f1f550ac0de3b65b00fe6ddddd0b8cf46d0d649d9e4ea3105f72792f4f8f62b7177e2b3b2e086463deb88b55a2f53532a083701d9e4c4d76af5cc4a5b869ad264465efc884df57b084a444e6d823643bfdfca8be20e927abd370e7efe0699d7c1b49a774f6e097f1cae01bb817ede660c3051f88d034f44d08596ca2737addb9aa3e235d27ae1dffbe600"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x1}]}}, {{0x9, 0x5, 0x0, 0x4, 0x20, 0x5, 0x0, 0x6, [@generic={0xc3, 0x1, "835b83073b9141ced0e93cad2de5617571e6af1fd96dc94568aca0004e10f791075e382f2d2a566f03b69c131fe6c63b4bbd46826353ad0a38b7bbbaf9243f6aaa02897ab12858ed253763018a51cb0521edd4893d5e8c1eeb9317c6323dbdc956773e0b8bb552d7d8bab3aca0d5aa1ccb537e716401c1298cbbbfb5702d698ffa6eea7917c42a4b98680d340dd953293aa2f5f7e74852d461564b9199bb69908155cb0a408407f438ceb8eda0565c865f31c487e58f22525a6e227fc22bf4cd66"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x4, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x80, 0x4}, @generic={0xbf, 0x6, "6e2cb62cd3e07d09423c6358b18ed38289397fd6de2effb79a23af1f4d1f3e026e529cc750e8bb0897efdf66d73ad01a6b06cdb48c6c7830b45a10f28265bcf386540affe440c04f887971852fc39c9568a9f57e3572e1ba88551ddf02e980ef95fb6467eb2689ab137e74611ce0cc1124347ca970c2df7ba3e3adb21d0eb5e5f9726d1d37ff1fa1a83cb7aab8e6925d221989bea857bb0197862d09a24ff71fb23035eee8727f4463d3324df861ba3e331b4a68013966cb2faff4718a"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x3ff, 0x6, 0x7, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xff, 0x8}]}}, {{0x9, 0x5, 0xe, 0x0, 0x620, 0x7f, 0x7, 0x81, [@generic={0x36, 0xb, "058f1b332081acdc1b0eaad11572dda1b0d6e9f2ce24d26c8f221669ef6030d1e7f63c37eac4ecd41eefc8ffab4916d788677159"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x4, 0x1, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0xff81}]}}, {{0x9, 0x5, 0x1, 0x4, 0x3ff, 0x9, 0x3, 0xdb, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x1}, @generic={0xdf, 0xc, "7763878ee89226e78448a6ce5559ca9ac6397f3da5516befe163b8dde39bd4eb50f819fabe752d521b36b3b9c15085e621f6b4b582c266fb8f585952445c953f598d3264757296a7aac7e52db9c5b8645a2718ffeaa076416558de01b8f9c6ddaa6a972a5998472da6fbfce9e55d2397965b5d4c74a407db2ab2063f4ed7e2a493e9bf406ac2fcd761171f83365c1b58f0a301f1d04609ed85792f3af645db93e7385543e60470688771e4357eedd6410f388b31ae9865a428aa53c478769ff973df28d1e0b3a8d472bbc39069df154ba703183c741ad245df9691c028"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x200, 0x9, 0x1, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xb, 0xfff}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0x1000}]}}, {{0x9, 0x5, 0x80, 0x3, 0x10, 0x6, 0x4, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x7}]}}, {{0x9, 0x5, 0xf, 0x0, 0x20, 0x1, 0x5, 0x7f, [@generic={0xcd, 0xb, "3519f0e06d9615b11d52ffd2b5b6bc96980de9ec1881ed8090e24d9e5da42a1fb176022a06d544cf809bd8d2a64ee5de2d6d7d8acd78388045fbc03af602bca133112057711ae38554ce92c6c5f739f97d8c00ff689e6e821d2b473502c30a4245d8803db7479b716502023f3bcf13d8a65ab2ffc853a30120c5f2e03c1f63e81c67fd031932ff40855dc49f2b0a6ecfa683f8d785423553e0384c81ca35b78060be81a7d32da5078d4bf44b42ea297d2495888fa31a5240cc9a18d9414a6d59dbb4a0a7505236cd08f019"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x400, 0x5, 0x1, 0xff, [@generic={0x90, 0x22, "0d9f8e655010cb13460b2f9dba78cc418d5ec509c2f386480c062e9bbb356be3c167dfea26eef7d47c428165aa374cbd48e208d8cd4bc7aa3c9e670e764597cf61c4a0ba770bc847869b159e5db3ff4d453cf68fa5139a364f86dc93a85efaaada6c4421f91112d95038f88ef0ecf8eb5e0d24e0f57976e65c8c3605dd7b78bcda099f35f54c18cf1499eb2e5b24"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x1}]}}]}}, {{0x9, 0x4, 0xea, 0x7, 0x1, 0x4, 0x53, 0x38, 0x5, [@uac_control={{0xa, 0x24, 0x1, 0x6}, [@mixer_unit={0xa, 0x24, 0x4, 0x6, 0x5, "dadf2bb382"}, @mixer_unit={0x7, 0x24, 0x4, 0x1, 0x9, "f16f"}, @processing_unit={0x8, 0x24, 0x7, 0x4, 0x3, 0x8f, 'U'}, @feature_unit={0xb, 0x24, 0x6, 0x2, 0x4, 0x2, [0x8, 0x5], 0x1}, @feature_unit={0x11, 0x24, 0x6, 0x4, 0x1, 0x5, [0x6, 0x9, 0xa, 0x9, 0x6]}]}], [{{0x9, 0x5, 0x80, 0x0, 0x40, 0x9, 0x2, 0x2, [@generic={0x3, 0x23, '>'}]}}]}}, {{0x9, 0x4, 0x3b, 0x5d, 0x8, 0xff, 0x50, 0x30, 0x3, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "0792c1e5ce"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x7, 0x4}, [@network_terminal={0x7, 0x24, 0xa, 0xbc, 0xc, 0xff, 0x4}, @acm={0x4, 0x24, 0x2, 0x2}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @country_functional={0x8, 0x24, 0x7, 0x2, 0x1, [0x7]}, @country_functional={0x12, 0x24, 0x7, 0x56, 0x6, [0x8, 0x9, 0x5, 0x1, 0x4, 0x200]}, @acm={0x4, 0x24, 0x2, 0xa}]}, @hid_hid={0x9, 0x21, 0x0, 0x7f, 0x1, {0x22, 0xafb}}], [{{0x9, 0x5, 0xd, 0x10, 0x20, 0x9, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x4}]}}, {{0x9, 0x5, 0x6, 0xc, 0x10, 0x5, 0x40, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x7}]}}, {{0x9, 0x5, 0xb, 0x10, 0x10, 0x1, 0x5, 0x7, [@generic={0xb6, 0x2, "abf37108b489a22dcf58820c7ffb7a9a01bfa05c743ffdb9baf7c720c9823d26b176bbe87da4a0313c270c4f8a10361a0904e1510c5bf34c06ba6a06adf60174c7bd8b6af927e7ae4c38bb1be8907c765e59676cd07b05d32ce840b05e57f68f4b88b42dd4d343d2f1a660a877faea5aba405df756e1b982c1df90b92d49e62bd39199027fd611b7c955b91e30a70304bcf06d54a445f7ec00e77570bbdd7951e76995ffd263bcefa25f136fe129098b34020b76"}, @generic={0xae, 0x5, "365a0160be2f482a5193d344ab7572f4451ec606c7ee53d52ce16a0d1fc773a8e82b09e7195d3d69ee2b69c3e448cce8b50242fec2db192f88091095d0dbab76252c0ea2c8d0c7eab1576fa58b8db62587e8a70903d91ac2ff97af6e8639d3570706b46af54cfee34b8ee7aaacc0d37ece00ae08ddf4bd53ae546fc539cfe8f21e81ab194b833fcb448ccb59371c9b5ac55b991c1884ab6acf898e32ba1320e735bef1819faf0560e4ee205e"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x20, 0xf0, 0xff, 0x0, [@generic={0xcc, 0x5, "c1c314da8da1ec44956ac58dbf9c662876dca81945de85b1d08c03606514828b154e5f80e6c1a9cfa92a1f4b33f5d66087dfb7f9e7a0a94f93c41f09e1c5ba9cb936f6a877add9e4715d3b1ede1a01d74867109fafa5bb389bd9657c234e53d6443109afb72567ce936f5268fe2ca7f91acb79fe8d2b977625ccaeb04cfd1bfa847e4b56e21c3056b718c72792cc6f3293a6604e04878b23cefefdc1bd0f2cfbbea0a8083980b5bff4593f7b780a959fdd572a8b3481326885fc9715bbade026e7a1ec728ab34fbb24cc"}]}}, {{0x9, 0x5, 0xa, 0x1, 0x40, 0xff, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0xfd}]}}, {{0x9, 0x5, 0x1, 0x2, 0x10, 0x1, 0x47, 0xe1, [@generic={0xf5, 0x21, "532a939b760ad296451e5091a1e4d70ddaa0236a2e247e4d52c8f18e2d5238767e8864a3392b7b6cc6e21ebdc7b5bcb4e4a691bc201149215a9ca03b3fd930dc1374140a2ea7de349107b8dbfb26428bace3a67d0a8f6be40b4e5ed92acca99ce9b561dbcb290d0d4659d33621e77c8c2f6e94abea42a7e5ecc7f64658fc099634a2449a07c142f47ebb09587af786b395441602433173bc42c950a8f7ae8c9dc9f958da49daf2f2b1aed6ee1d2b4c8cf8a2e13d975e9427a5961a4d3e3f235608878c549c2982877ca4ee4bb911b4b73d35e3ec3fe834514281538b4c12ef91d307e6ef133ac1a79d2c7a21382db6fd9791a7"}, @generic={0x3e, 0x10, "b274873e2d67b5a9ee4a4b85e5aacb3949ed7eecfab48702ca7eadcfd7bc04ec928cdbc47179c9852046c2c0dae13f8cb252412dc5186bcdfa0dfeb8"}]}}, {{0x9, 0x5, 0x80, 0x3, 0x400, 0xaa, 0x5, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x90}, @generic={0x7d, 0x21, "47301b9e32862b31eaa72f8550beca343f9d3a7862acc0bb9b71d7095a2a402125b42324f3f513de2cbb3bcff2e2bfb95dc4d52743046fbaf95010f3110285be20e169957d79501384c5af3c941f5236d291d8ede6485cd7bd4681addba5fa921143cca2e49de838709e69e8d7fef0fe22a83b2d39847a4423c30b"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x8, 0x2a, 0x8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9a, 0x3ff}]}}]}}]}}]}}, &(0x7f0000002b80)={0xa, &(0x7f0000002980)={0xa, 0x6, 0x110, 0x1, 0x48, 0x4, 0x10, 0x3}, 0xc, &(0x7f00000029c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x9, 0x9, 0x1}]}, 0x3, [{0xc9, &(0x7f0000002a00)=@string={0xc9, 0x3, "5ebf78eb159c54186a4897f4a9ae66d3fdb4730ece4605f7d15ae66ad2c3a6c841ce721967d47bdc14a83ec034d0a69f7fe88ebc48d900b049667fa2f785aac6cb3bd6ed0e1737efa2d0dfed241bd51b39011e49de91570250110aa8bea82fb0f1e37a0b1a2d19ead5f77d7cff1b574e43efd023b59b6abec32997322c4f72e29a5c9340ba4fcb9fe9bad64e749dfd0ce5ae6fb5764b778eb6f751864d518c8790dc95e3b184123f3d17d609679b632d28738b4420ba634b9e5eada5e8fc5337eb4102b1266588"}}, {0x4, &(0x7f0000002b00)=@lang_id={0x4, 0x3, 0x80a}}, {0x4, &(0x7f0000002b40)=@lang_id={0x4, 0x3, 0x458}}]})
syz_usb_control_io$cdc_ncm(r8, &(0x7f0000002d00)={0x14, &(0x7f0000002bc0)={0x0, 0x11, 0xc2, {0xc2, 0x20, "104f19f433673df76b2ff5442497bb6b00883445fad66797dea03b1d0c85e4e8033ac34f7007231e99592ba14ea65a970eb06076a974d2b6f07b3bd8dc9f679f5b7ad52925efebb27da8f5908a057b6ec0dc7d788edaed71fbb924b119bb636890acf82abfebf1648881b3f82e471017f129b0beee0e2282ed45900eadf534d73c3c9366d8b400b0adaf4bb767914c81b7391870f361a86d30f2486abe8eb2b83d765fe88b42d47c1c4d9e7e24f2e2ee299147c4adf11de8332ed557b40c0b2f"}}, &(0x7f0000002cc0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000003000)={0x44, &(0x7f0000002d40)={0x60, 0x6, 0xd1, "1d556386062f3c46e51587653c0ee93101d4cea0b653551eaf19cbf1dd506312442aef3db7f1ca5fee36b114ba6025a1b9dde433c2e41492205eaaf3256b0473374886d1ce8d231e18ef2c470787d53def9d09dcc25f07e9026b8374f72f2871d2441eb04c27aac8491805c1f6077e8b67972c6450834f03a7c0f11b987571dc8882a0cd090b4e1b030dd53256e1d1a82c341dba3d4d24625afcba8c1dab69509d1d07119890a70b9ad81791ecc29591bb8c96067e501b410eff3a2e198372c91583c7947b3a8b41eb09be10724a362979"}, &(0x7f0000002e40)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000002e80)={0x0, 0x8, 0x1, 0x94}, &(0x7f0000002ec0)={0x20, 0x80, 0x1c, {0x1, 0x2, 0x8, 0xc683, 0x9, 0x9, 0x3, 0xfffffff0, 0x5, 0x3, 0x0, 0x5}}, &(0x7f0000002f00)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000002f40)={0x20, 0x83, 0x2}, &(0x7f0000002f80)={0x20, 0x87, 0x2, 0xc}, &(0x7f0000002fc0)={0x20, 0x89, 0x2, 0x1}})
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000030c0), r0)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000003180)={&(0x7f0000003080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000003140)={&(0x7f0000003100)={0x2c, r9, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003200), r6)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r10, &(0x7f0000003300)={&(0x7f00000031c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000032c0)={&(0x7f0000003240)={0x44, r11, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0xc040}, 0x10)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r6, &(0x7f0000003400)={&(0x7f0000003340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000033c0)={&(0x7f0000003380)={0x2c, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x60}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2b}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0x400)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_STATION(r12, &(0x7f0000003500)={&(0x7f0000003440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000034c0)={&(0x7f0000003480)={0x2c, r3, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x154}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20000840)

2m18.807702837s ago: executing program 3 (id=1460):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r1)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0x0, 0x0, 0x2}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x0, 0x0)
ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
read$FUSE(r4, &(0x7f0000000600)={0x2020}, 0x2020)
syz_emit_vhci(&(0x7f0000002640)=ANY=[@ANYBLOB="04020706000700020008517503d91c8a1cc0164ac23653733faf91ea63cdda49109e80f92749c37ad72a6f660819e2d50902c8c7f24de0596270c4eadd74b96a6d558c682787ea74fc6fa9afa17a2f8ab11d02e9dab40a7a71349aae66ad7a8294ecb12fff16bb623f3b1f37c4cbff6460292bf6451a0a913d2243cadb1cf8e71af89f18f3fa96c2453d56cf4a4b767fdc328efb930310a3ec6fb1a77043bde606097794b0bd5c0f0a"], 0xa) (async)
syz_emit_vhci(&(0x7f0000002640)=ANY=[@ANYBLOB="04020706000700020008517503d91c8a1cc0164ac23653733faf91ea63cdda49109e80f92749c37ad72a6f660819e2d50902c8c7f24de0596270c4eadd74b96a6d558c682787ea74fc6fa9afa17a2f8ab11d02e9dab40a7a71349aae66ad7a8294ecb12fff16bb623f3b1f37c4cbff6460292bf6451a0a913d2243cadb1cf8e71af89f18f3fa96c2453d56cf4a4b767fdc328efb930310a3ec6fb1a77043bde606097794b0bd5c0f0a"], 0xa)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01"], 0xfc}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200c0810}, 0x44004)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a30000000001400038008000240000000000800014000000000140000001100"], 0x68}}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a30000000001400038008000240000000000800014000000000140000001100"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="88010000170a0101"], 0x188}}, 0x0) (async)
sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="88010000170a0101"], 0x188}}, 0x0)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010300a6ff0540cdabeecdb905000000010902220001000000000904000001010351000905f6fefffffff000072501", @ANYRES8=r7], 0x0) (async)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010300a6ff0540cdabeecdb905000000010902220001000000000904000001010351000905f6fefffffff000072501", @ANYRES8=r7], 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f00005d6000/0x1000)=nil, 0x1000, 0x15)
mmap(&(0x7f0000870000/0x2000)=nil, 0x2000, 0x5a051feb1e984a1b, 0x10, r3, 0x7dfff000)

2m17.089349228s ago: executing program 3 (id=1475):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000340)=0x1, 0x4)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
close(0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000280)='./cgroup\x00', 0xc)
pipe2$watch_queue(&(0x7f00000002c0), 0x80)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_80211_join_ibss(&(0x7f00000001c0)='wlan1\x00', &(0x7f0000000380)=@default_ibss_ssid, 0x6, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0xe)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x18}}, 0x0)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
creat(&(0x7f0000000000)='./cgroup\x00', 0x4)
getpeername$unix(r3, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e)
socket$inet_udp(0x2, 0x2, 0x0) (async)
setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000340)=0x1, 0x4) (async)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) (async)
close(0x3) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
umount2(&(0x7f0000000280)='./cgroup\x00', 0xc) (async)
pipe2$watch_queue(&(0x7f00000002c0), 0x80) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
syz_80211_join_ibss(&(0x7f00000001c0)='wlan1\x00', &(0x7f0000000380)=@default_ibss_ssid, 0x6, 0x0) (async)
landlock_restrict_self(0xffffffffffffffff, 0xe) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x18}}, 0x0) (async)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00') (async)
creat(&(0x7f0000000000)='./cgroup\x00', 0x4) (async)
getpeername$unix(r3, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e) (async)

2m16.932150738s ago: executing program 3 (id=1478):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, 0x0, 0x8800)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) (async)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_cmd={0x25, 0x4, 0x4, 0x0, 0x0, 0x4, 0x0, 0x2, 0xff, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x6}}) (async)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800}) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x4, 0x3, 0x3f00})

2m16.551851512s ago: executing program 3 (id=1479):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead", 0x51}], 0x2}], 0x1, 0x40800)
recvmsg$qrtr(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000700)=""/195, 0xc3}], 0x1, 0x0, 0x0, 0x10000}, 0x38, 0x10020)
read$FUSE(r1, &(0x7f0000000700)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='nv\x00', 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
connect(r4, &(0x7f0000000080)=@hci={0x1f, 0x4, 0x3}, 0x80)
ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f00000001c0)={0x1, 0x2, 0x1000, 0xaa, &(0x7f0000000100)="f89067be89a204bca928139a0ae98fc2b4752e1d120740f5ea9ac170f5a8f5bb4fdbb43f7ecc18753e87b048e3c386ef90d11f436e6d89c18d2c87d72124ab6dabc362ad504963bfcfecf52583d0d2db6054367034ce4215cca837ec837d0c6568783180dcb75b86aab9ea1a1c617d2716f70409a8ccde3a08f05433b2217dad6996285cc1bc068d28771c52a96de517d540819798eba6e8b802b702bdc6c3b52387764171f88895370d", 0x70, 0x0, &(0x7f0000000000)="c561faac200368da9bd2418d128ec1ed75595f9e4600c1dd9a707f99f9e397b7b5d484e3f31ffc8b3bce650310000f4093f041442eb3736501e4f5eacece3b5853afc2237ce08e5f6fbbc29e51f45e1b4b37557f5303e8f464c89ddb32e799e74717af36221737c0c9ed26c83b437e16"})

2m16.248611582s ago: executing program 33 (id=1479):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead", 0x51}], 0x2}], 0x1, 0x40800)
recvmsg$qrtr(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000700)=""/195, 0xc3}], 0x1, 0x0, 0x0, 0x10000}, 0x38, 0x10020)
read$FUSE(r1, &(0x7f0000000700)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='nv\x00', 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
connect(r4, &(0x7f0000000080)=@hci={0x1f, 0x4, 0x3}, 0x80)
ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f00000001c0)={0x1, 0x2, 0x1000, 0xaa, &(0x7f0000000100)="f89067be89a204bca928139a0ae98fc2b4752e1d120740f5ea9ac170f5a8f5bb4fdbb43f7ecc18753e87b048e3c386ef90d11f436e6d89c18d2c87d72124ab6dabc362ad504963bfcfecf52583d0d2db6054367034ce4215cca837ec837d0c6568783180dcb75b86aab9ea1a1c617d2716f70409a8ccde3a08f05433b2217dad6996285cc1bc068d28771c52a96de517d540819798eba6e8b802b702bdc6c3b52387764171f88895370d", 0x70, 0x0, &(0x7f0000000000)="c561faac200368da9bd2418d128ec1ed75595f9e4600c1dd9a707f99f9e397b7b5d484e3f31ffc8b3bce650310000f4093f041442eb3736501e4f5eacece3b5853afc2237ce08e5f6fbbc29e51f45e1b4b37557f5303e8f464c89ddb32e799e74717af36221737c0c9ed26c83b437e16"})

7.248339597s ago: executing program 5 (id=2350):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$packet(0x11, 0x2, 0x300)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x8000000, 0x6000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000})
r3 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xd1, 0x2d, 0xd0, 0x20, 0x11f5, 0x5, 0x2780, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x62, 0x0, 0x2, 0x6e, 0xec, 0x61, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)

4.548915796s ago: executing program 1 (id=2384):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f20c06635000001000f22c00f01c36565d8046766660f388129a5660fd9430d0f3a0fcc35f20f38f14029f20fc24686490e", 0x32}], 0x1, 0x8, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.775223109s ago: executing program 1 (id=2391):
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2)
write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x18a0a2, 0x0)

2.703678724s ago: executing program 5 (id=2394):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendto$packet(r3, &(0x7f00000002c0)="48357e0287af48ffa745b497a54e0eec1bf2c69011f35b48339d15afaef1bd7efe075ff441b16e244b8b05fe09e29583ad142567826dfa5cbc6f979b050015bde8c4441cd0fa6be03213181bfe84743015ec12ced8b1aa8f44e5c30afac6f9fd2ab1303be0d1b2c02533bcc97cce7da9b507b053b11821323590d379e9e350a3291fbedb6382de878b7a56e4e38c7f746d0424029f5d49b04697a4", 0xfffffffffffffe20, 0x0, 0x0, 0x0)

2.652316766s ago: executing program 1 (id=2396):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180), 0x4)
copy_file_range(r0, &(0x7f0000000080), 0xffffffffffffffff, 0x0, 0xfffffffffffffff8, 0x0)

2.347949512s ago: executing program 1 (id=2397):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)

2.040222899s ago: executing program 1 (id=2402):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'pcmmio\x00', [0x10d, 0x9, 0x1, 0xa, 0x0, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x8, 0x5, 0x6, 0x4, 0x7fffffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x65c, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0x1, 0x4, 0x3, 0x7, 0x5, 0x5]})

1.915642998s ago: executing program 1 (id=2403):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$packet(0x11, 0x2, 0x300)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x8000000, 0x6000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000})
r3 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xd1, 0x2d, 0xd0, 0x20, 0x11f5, 0x5, 0x2780, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x62, 0x0, 0x2, 0x6e, 0xec, 0x61, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800)

1.558486328s ago: executing program 0 (id=2406):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
fsync(r0)

1.434440278s ago: executing program 5 (id=2408):
userfaultfd(0x801)
syz_open_procfs(0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
write$binfmt_aout(r3, 0x0, 0xffffffdb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
write$binfmt_aout(r1, 0x0, 0xffffffdb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

1.395221338s ago: executing program 4 (id=2409):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x43, 0x80300)
close_range(r0, 0xffffffffffffffff, 0x0)

1.343929544s ago: executing program 0 (id=2410):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x1000)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

1.214515652s ago: executing program 4 (id=2411):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)

1.10084678s ago: executing program 4 (id=2412):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f20c06635000001000f22c00f01c36565d8046766660f388129a5660fd9430d0f3a0fcc35f20f38f14029f20fc24686490e", 0x32}], 0x1, 0x8, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

1.075995559s ago: executing program 5 (id=2413):
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83)
readahead(r0, 0x7fffffff, 0x10000)

955.83499ms ago: executing program 5 (id=2414):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x18a0a2, 0x0)

918.994792ms ago: executing program 4 (id=2415):
r0 = inotify_init1(0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x1, 0xe, 0x2}, 0x14)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28)
close_range(r0, 0xffffffffffffffff, 0x0)

862.809095ms ago: executing program 5 (id=2416):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
msgctl$MSG_STAT(0x0, 0xb, &(0x7f00000009c0)=""/213)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_clone(0x80800011, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
prctl$PR_SCHED_CORE(0x3e, 0xfffffffffffffffe, r1, 0x2, 0x0)
r2 = fsopen(0x0, 0x0)
fsmount(r2, 0x0, 0x8)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002080)='/proc/asound/seq/timer\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000000)={0x2020}, 0x2020)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04f74120"], 0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000100)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @dev={0xfe, 0x80, '\x00', 0x15}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000240)="fc", 0x1}], 0x1}}], 0x1, 0x4c040)

479.909914ms ago: executing program 0 (id=2417):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF2(r0, 0x402c542d, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2)

203.180284ms ago: executing program 4 (id=2418):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x200081, 0x4c)
mknodat$loop(r0, &(0x7f0000000180)='./file0\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
fsync(r1)

167.506734ms ago: executing program 0 (id=2419):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000180)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0x14)

22.394203ms ago: executing program 0 (id=2420):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401040000000001dc"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)

22.235506ms ago: executing program 4 (id=2421):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f00000001c0)='ntfs3\x00', 0x8000, 0x0)

0s ago: executing program 0 (id=2422):
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83)
readahead(r0, 0x7fffffff, 0x10000)

kernel console output (not intermixed with test programs):

1,1/1:3395850684/3395850687
[  318.583197][T12005] tipc: Failed to remove unknown binding: 66,1,1/1:3395850684/3395850687
[  318.602471][T12005] tipc: Failed to remove unknown binding: 66,1,1/1:3395850684/3395850687
[  318.616569][  T986] usb 1-1: USB disconnect, device number 76
[  318.688615][T12007] /dev/rnullb0: Can't open blockdev
[  318.848025][T12014] /dev/rnullb0: Can't open blockdev
[  318.875114][T12021] /dev/rnullb0: Can't open blockdev
[  319.170683][T12037] /dev/rnullb0: Can't open blockdev
[  319.212679][T12041] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  319.231274][T12041] /dev/rnullb0: Can't open blockdev
[  319.740247][T12056] syzkaller1: entered promiscuous mode
[  319.836999][T12056] syzkaller1: entered allmulticast mode
[  319.873087][T12056] /dev/rnullb0: Can't open blockdev
[  319.953290][T12061] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  320.023304][T12062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1605'.
[  320.077319][T12061] /dev/rnullb0: Can't open blockdev
[  320.192964][T12069] blkio.reset_stats is deprecated
[  320.288469][T12072] /dev/rnullb0: Can't open blockdev
[  320.304374][  T986] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  320.494337][  T986] usb 6-1: too many configurations: 103, using maximum allowed: 8
[  320.528933][  T986] usb 6-1: unable to read config index 0 descriptor/start: -61
[  320.549713][  T986] usb 6-1: can't read configurations, error -61
[  320.697214][  T986] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  320.892192][  T986] usb 6-1: too many configurations: 103, using maximum allowed: 8
[  320.922198][  T986] usb 6-1: unable to read config index 0 descriptor/start: -61
[  320.943958][  T986] usb 6-1: can't read configurations, error -61
[  320.960655][  T986] usb usb6-port1: attempt power cycle
[  320.994375][    T9] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  321.035045][ T5900] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  321.154534][    T9] usb 2-1: device descriptor read/64, error -71
[  321.209518][ T5900] usb 1-1: config 0 has no interfaces?
[  321.224423][ T5900] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  321.235771][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.256886][ T5900] usb 1-1: config 0 descriptor??
[  321.324599][  T986] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  321.376133][  T986] usb 6-1: too many configurations: 103, using maximum allowed: 8
[  321.394289][    T9] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  321.399342][  T986] usb 6-1: unable to read config index 0 descriptor/start: -61
[  321.415466][  T986] usb 6-1: can't read configurations, error -61
[  321.480249][T12078] binder: 12077:12078 ioctl c0306201 200000000000 returned -14
[  321.496210][ T5900] usb 1-1: USB disconnect, device number 77
[  321.556137][  T986] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  321.564283][    T9] usb 2-1: device descriptor read/64, error -71
[  321.588816][  T986] usb 6-1: too many configurations: 103, using maximum allowed: 8
[  321.621616][  T986] usb 6-1: unable to read config index 0 descriptor/start: -61
[  321.644324][  T986] usb 6-1: can't read configurations, error -61
[  321.651197][  T986] usb usb6-port1: unable to enumerate USB device
[  321.677923][    T9] usb usb2-port1: attempt power cycle
[  321.730309][T12088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1614'.
[  321.760131][T12089] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1614'.
[  322.031512][    T9] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  322.087456][    T9] usb 2-1: device descriptor read/8, error -71
[  322.324502][    T9] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  322.363101][    T9] usb 2-1: device descriptor read/8, error -71
[  322.494718][    T9] usb usb2-port1: unable to enumerate USB device
[  323.267398][T12119] /dev/rnullb0: Can't open blockdev
[  323.359763][T12121] /dev/rnullb0: Can't open blockdev
[  323.597751][T12125] /dev/rnullb0: Can't open blockdev
[  323.716566][ T5900] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  323.858671][T12129] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1627'.
[  323.868954][T12129] /dev/rnullb0: Can't open blockdev
[  323.887979][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  323.916701][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  323.931463][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  323.949353][ T5900] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  323.960478][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.991615][ T5900] usb 1-1: config 0 descriptor??
[  324.107564][T12136] /dev/rnullb0: Can't open blockdev
[  324.426240][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.434021][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.442792][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.450869][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.459137][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.467793][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.475828][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.483598][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.491765][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.499922][ T5900] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0
[  324.521536][ T5900] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  324.707167][T12123] sp0: Synchronizing with TNC
[  324.793046][T12149] sp0: Synchronizing with TNC
[  324.871150][    T9] usb 1-1: USB disconnect, device number 78
[  325.147268][T12153] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1634'.
[  325.314353][   T43] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  325.474746][   T43] usb 2-1: Using ep0 maxpacket: 16
[  325.481639][   T43] usb 2-1: config 254 has an invalid interface number: 235 but max is 0
[  325.494395][   T43] usb 2-1: config 254 has no interface number 0
[  325.500759][   T43] usb 2-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32
[  325.510637][T12162] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1637'.
[  325.511790][   T43] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  325.526889][T12162] tipc: Invalid UDP bearer configuration
[  325.531550][T12162] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  325.534001][   T43] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  325.557818][   T43] usb 2-1: config 254 interface 235 has no altsetting 0
[  325.567609][   T43] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  325.577330][   T43] usb 2-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3
[  325.585938][   T43] usb 2-1: Product: syz
[  325.590216][   T43] usb 2-1: Manufacturer: syz
[  325.595825][   T43] usb 2-1: SerialNumber: syz
[  325.605491][T12151] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  326.022179][T12151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.034776][T12151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.049780][   T43] usbtest 2-1:254.235: couldn't get endpoints, -71
[  326.063716][   T43] usbtest 2-1:254.235: probe with driver usbtest failed with error -71
[  326.089920][   T43] usb 2-1: USB disconnect, device number 69
[  326.848923][T12177] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1638'.
[  326.858330][T12177] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1638'.
[  326.872910][T12177] /dev/rnullb0: Can't open blockdev
[  327.452684][T12191] /dev/sg0: Can't lookup blockdev
[  327.517969][   T43] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  327.664348][   T43] usb 2-1: device descriptor read/64, error -71
[  327.870098][T12203] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1645'.
[  327.895970][T12203] /dev/rnullb0: Can't open blockdev
[  327.924280][   T43] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  328.048544][T12212] /dev/rnullb0: Can't open blockdev
[  328.094335][   T43] usb 2-1: device descriptor read/64, error -71
[  328.205501][   T43] usb usb2-port1: attempt power cycle
[  328.574331][   T43] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  328.590705][T12238] netlink: 'syz.0.1654': attribute type 7 has an invalid length.
[  328.602341][T12238] netlink: 'syz.0.1654': attribute type 3 has an invalid length.
[  328.602362][T12238] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1654'.
[  328.619144][   T43] usb 2-1: device descriptor read/8, error -71
[  328.854361][   T43] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  328.884921][   T43] usb 2-1: device descriptor read/8, error -71
[  329.004539][   T43] usb usb2-port1: unable to enumerate USB device
[  329.088412][T12252] overlay: Bad value for 'workdir'
[  329.385985][   T43] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  329.545791][   T43] usb 6-1: not running at top speed; connect to a high speed hub
[  329.567151][   T43] usb 6-1: config 10 has an invalid interface number: 102 but max is 0
[  329.577384][   T43] usb 6-1: config 10 has no interface number 0
[  329.583631][   T43] usb 6-1: config 10 interface 102 altsetting 5 endpoint 0xB has invalid maxpacket 927, setting to 64
[  329.614318][   T43] usb 6-1: config 10 interface 102 has no altsetting 0
[  329.624065][   T43] usb 6-1: New USB device found, idVendor=9022, idProduct=d421, bcdDevice=c1.e2
[  329.634434][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.642487][   T43] usb 6-1: Product: syz
[  329.664236][   T43] usb 6-1: Manufacturer: syz
[  329.677154][   T43] usb 6-1: SerialNumber: syz
[  329.729032][T12281] bridge0: entered allmulticast mode
[  329.737029][T12283] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1662'.
[  329.750775][T12283] bridge_slave_1: left allmulticast mode
[  329.757333][T12283] bridge_slave_1: left promiscuous mode
[  329.798938][T12283] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.821712][T12283] bridge_slave_0: left allmulticast mode
[  329.834299][T12283] bridge_slave_0: left promiscuous mode
[  329.842112][T12283] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.892263][T12283] bridge0 (unregistering): left allmulticast mode
[  329.916480][T12252] overlay: Bad value for 'workdir'
[  329.979269][   T43] dvb-usb: found a 'TeVii S421 PCI' in warm state.
[  330.017966][   T43] dw2102: su3000_power_ctrl: 1, initialized 0
[  330.066551][   T43] dvb-usb: bulk message failed: -22 (2/0)
[  330.095847][   T43] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  330.126740][   T43] dvb-usb: TeVii S421 PCI error while loading driver (-19)
[  330.194487][   T43] usb 6-1: USB disconnect, device number 6
[  330.360885][T12307] netlink: 'syz.4.1666': attribute type 10 has an invalid length.
[  330.386301][T12307] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1666'.
[  330.438134][T12307] batman_adv: batadv0: Adding interface: virt_wifi0
[  330.462279][T12307] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.526083][T12307] batman_adv: batadv0: Interface activated: virt_wifi0
[  330.801118][T12328] /dev/rnullb0: Can't open blockdev
[  330.989191][T12338] /dev/rnullb0: Can't open blockdev
[  331.146148][T12344] ./file0: Can't lookup blockdev
[  331.155022][T12342] /dev/rnullb0: Can't open blockdev
[  331.299430][T12352] fuse: blksize only supported for fuseblk
[  331.483342][T12361] /dev/rnullb0: Can't open blockdev
[  331.560492][T12367] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1684'.
[  331.611453][T12367] /dev/rnullb0: Can't open blockdev
[  331.739499][T12374] program syz.0.1686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  331.847758][T12376] Malformed UNC in devname
[  331.847758][T12376] 
[  331.889532][T12376] CIFS: VFS: Malformed UNC in devname
[  332.095644][T12388] bio_check_eod: 3 callbacks suppressed
[  332.095665][T12388] syz.1.1689: attempt to access beyond end of device
[  332.095665][T12388] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  332.104822][T12387] fuse: Bad value for 'group_id'
[  332.137806][T12387] fuse: Bad value for 'group_id'
[  332.182575][T12387] /dev/rnullb0: Can't open blockdev
[  332.188432][T12388] EXT4-fs (nbd1): unable to read superblock
[  332.390576][T12397] /dev/rnullb0: Can't open blockdev
[  332.497357][T12400] zonefs (nullb0) ERROR: Not a zoned block device
[  332.715674][T12413] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1696'.
[  332.775995][   T43] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  332.792174][T12413] /dev/rnullb0: Can't open blockdev
[  332.964912][   T43] usb 1-1: Using ep0 maxpacket: 32
[  332.989160][   T43] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  333.017272][   T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40
[  333.037005][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.069585][   T43] usb 1-1: Product: syz
[  333.081933][   T43] usb 1-1: Manufacturer: syz
[  333.094321][   T43] usb 1-1: SerialNumber: syz
[  333.319512][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  333.320062][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  333.372519][   T43] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input25
[  333.377369][ T5207] bcm5974 1-1:1.0: could not read from device
[  333.388549][T12431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1701'.
[  333.389667][T12431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1701'.
[  333.419071][T12431] cifs: Unknown parameter '
[  333.419071][T12431] '
[  333.479420][ T5207] bcm5974 1-1:1.0: could not read from device
[  333.484763][   T43] usb 1-1: USB disconnect, device number 79
[  334.021703][T12446] FAULT_INJECTION: forcing a failure.
[  334.021703][T12446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.088774][T12446] CPU: 0 UID: 0 PID: 12446 Comm: syz.5.1704 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  334.088805][T12446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.088827][T12446] Call Trace:
[  334.088836][T12446]  <TASK>
[  334.088844][T12446]  dump_stack_lvl+0x189/0x250
[  334.088877][T12446]  ? __pfx____ratelimit+0x10/0x10
[  334.088899][T12446]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.088927][T12446]  ? __pfx__printk+0x10/0x10
[  334.088955][T12446]  ? __might_fault+0xb0/0x130
[  334.088998][T12446]  should_fail_ex+0x414/0x560
[  334.089024][T12446]  _copy_from_user+0x2d/0xb0
[  334.089045][T12446]  ___sys_sendmsg+0x158/0x2a0
[  334.089076][T12446]  ? __pfx____sys_sendmsg+0x10/0x10
[  334.089163][T12446]  ? __fget_files+0x2a/0x420
[  334.089189][T12446]  ? __fget_files+0x3a0/0x420
[  334.089242][T12446]  __x64_sys_sendmsg+0x19b/0x260
[  334.089272][T12446]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  334.089310][T12446]  ? __pfx_ksys_write+0x10/0x10
[  334.089329][T12446]  ? rcu_is_watching+0x15/0xb0
[  334.089361][T12446]  ? do_syscall_64+0xbe/0x3b0
[  334.089389][T12446]  do_syscall_64+0xfa/0x3b0
[  334.089410][T12446]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.089431][T12446]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.089452][T12446]  ? clear_bhb_loop+0x60/0xb0
[  334.089477][T12446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.089497][T12446] RIP: 0033:0x7fd22238e929
[  334.089523][T12446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.089542][T12446] RSP: 002b:00007fd2231dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  334.089568][T12446] RAX: ffffffffffffffda RBX: 00007fd2225b5fa0 RCX: 00007fd22238e929
[  334.089583][T12446] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005
[  334.089596][T12446] RBP: 00007fd2231dd090 R08: 0000000000000000 R09: 0000000000000000
[  334.089608][T12446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.089621][T12446] R13: 0000000000000000 R14: 00007fd2225b5fa0 R15: 00007ffe06999af8
[  334.089650][T12446]  </TASK>
[  334.301054][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.536857][T12459] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1707'.
[  334.584363][  T986] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  334.596037][T12464] /dev/rnullb0: Can't open blockdev
[  334.744694][  T986] usb 2-1: Using ep0 maxpacket: 8
[  334.763486][  T986] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 77, changing to 10
[  334.794669][  T986] usb 2-1: config 1 interface 0 has no altsetting 0
[  334.816487][  T986] usb 2-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  334.834580][  T986] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.858377][  T986] usb 2-1: Product: syz
[  334.870680][  T986] usb 2-1: Manufacturer: syz
[  334.881230][  T986] usb 2-1: SerialNumber: syz
[  335.320940][  T986] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input26
[  335.339029][T12478] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  335.668587][ T5207] bcm5974 2-1:1.0: could not read from device
[  335.678309][  T986] usb 2-1: USB disconnect, device number 74
[  336.008418][T12499] FAULT_INJECTION: forcing a failure.
[  336.008418][T12499] name failslab, interval 1, probability 0, space 0, times 0
[  336.080913][T12499] CPU: 0 UID: 0 PID: 12499 Comm: syz.5.1715 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  336.080943][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  336.080956][T12499] Call Trace:
[  336.080964][T12499]  <TASK>
[  336.080972][T12499]  dump_stack_lvl+0x189/0x250
[  336.081005][T12499]  ? __pfx____ratelimit+0x10/0x10
[  336.081026][T12499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.081054][T12499]  ? __pfx__printk+0x10/0x10
[  336.081096][T12499]  ? __pfx___might_resched+0x10/0x10
[  336.081126][T12499]  should_fail_ex+0x414/0x560
[  336.081153][T12499]  should_failslab+0xa8/0x100
[  336.081174][T12499]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  336.081206][T12499]  ? __alloc_skb+0x112/0x2d0
[  336.081234][T12499]  __alloc_skb+0x112/0x2d0
[  336.081262][T12499]  netlink_sendmsg+0x5c6/0xb30
[  336.081296][T12499]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.081319][T12499]  ? aa_sock_msg_perm+0xf1/0x1d0
[  336.081340][T12499]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  336.081365][T12499]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.081388][T12499]  __sock_sendmsg+0x219/0x270
[  336.081422][T12499]  ____sys_sendmsg+0x505/0x830
[  336.081454][T12499]  ? __pfx_____sys_sendmsg+0x10/0x10
[  336.081489][T12499]  ? import_iovec+0x74/0xa0
[  336.081512][T12499]  ___sys_sendmsg+0x21f/0x2a0
[  336.081541][T12499]  ? __pfx____sys_sendmsg+0x10/0x10
[  336.081605][T12499]  ? __fget_files+0x2a/0x420
[  336.081629][T12499]  ? __fget_files+0x3a0/0x420
[  336.081663][T12499]  __x64_sys_sendmsg+0x19b/0x260
[  336.081691][T12499]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  336.081745][T12499]  ? __pfx_ksys_write+0x10/0x10
[  336.081764][T12499]  ? rcu_is_watching+0x15/0xb0
[  336.081796][T12499]  ? do_syscall_64+0xbe/0x3b0
[  336.081835][T12499]  do_syscall_64+0xfa/0x3b0
[  336.081855][T12499]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.081876][T12499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.081895][T12499]  ? clear_bhb_loop+0x60/0xb0
[  336.081919][T12499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.081939][T12499] RIP: 0033:0x7fd22238e929
[  336.081957][T12499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.081972][T12499] RSP: 002b:00007fd2231dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  336.081993][T12499] RAX: ffffffffffffffda RBX: 00007fd2225b5fa0 RCX: 00007fd22238e929
[  336.082007][T12499] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005
[  336.082019][T12499] RBP: 00007fd2231dd090 R08: 0000000000000000 R09: 0000000000000000
[  336.082030][T12499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.082072][T12499] R13: 0000000000000000 R14: 00007fd2225b5fa0 R15: 00007ffe06999af8
[  336.082103][T12499]  </TASK>
[  336.351113][    C0] vkms_vblank_simulate: vblank timer overrun
[  336.958872][T12516] /dev/rnullb0: Can't open blockdev
[  337.169034][T12529] /dev/rnullb0: Can't open blockdev
[  337.698258][T12541] /dev/rnullb0: Can't open blockdev
[  338.118217][T12551] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1726'.
[  338.141103][T12551] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1726'.
[  338.162991][T12551] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1726'.
[  338.192202][T12551] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1726'.
[  338.267831][T12551] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  338.280073][T12551] /dev/rnullb0: Can't open blockdev
[  338.500224][T12560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1731'.
[  338.541695][T12560] /dev/rnullb0: Can't open blockdev
[  338.912302][T12576] /dev/rnullb0: Can't open blockdev
[  338.963207][T12576] /dev/rnullb0: Can't open blockdev
[  338.976570][T12576] /dev/rnullb0: Can't open blockdev
[  338.983638][T12576] /dev/rnullb0: Can't open blockdev
[  338.995266][T12576] /dev/rnullb0: Can't open blockdev
[  339.015847][T12576] /dev/rnullb0: Can't open blockdev
[  339.037623][T12580] /dev/rnullb0: Can't open blockdev
[  339.045253][T12576] /dev/rnullb0: Can't open blockdev
[  339.052406][T12576] /dev/rnullb0: Can't open blockdev
[  339.065256][T12576] /dev/rnullb0: Can't open blockdev
[  339.093181][T12576] /dev/rnullb0: Can't open blockdev
[  339.106954][T12576] /dev/rnullb0: Can't open blockdev
[  339.129725][T12576] /dev/rnullb0: Can't open blockdev
[  339.165029][T12576] /dev/rnullb0: Can't open blockdev
[  339.182473][T12576] /dev/rnullb0: Can't open blockdev
[  339.219962][T12576] /dev/rnullb0: Can't open blockdev
[  339.239756][T12576] /dev/rnullb0: Can't open blockdev
[  339.262927][T12576] /dev/rnullb0: Can't open blockdev
[  339.292126][T12576] /dev/rnullb0: Can't open blockdev
[  339.313716][T12576] /dev/rnullb0: Can't open blockdev
[  339.345366][T12576] /dev/rnullb0: Can't open blockdev
[  339.369106][T12576] /dev/rnullb0: Can't open blockdev
[  339.375902][T12576] /dev/rnullb0: Can't open blockdev
[  339.395570][T12576] /dev/rnullb0: Can't open blockdev
[  339.408139][T12576] /dev/rnullb0: Can't open blockdev
[  339.424379][T12576] /dev/rnullb0: Can't open blockdev
[  339.430687][T12576] /dev/rnullb0: Can't open blockdev
[  339.454998][T12576] /dev/rnullb0: Can't open blockdev
[  339.465376][T12576] /dev/rnullb0: Can't open blockdev
[  339.478797][T12576] /dev/rnullb0: Can't open blockdev
[  339.506159][T12576] /dev/rnullb0: Can't open blockdev
[  339.528190][T12576] /dev/rnullb0: Can't open blockdev
[  339.573984][T12576] /dev/rnullb0: Can't open blockdev
[  339.615490][T12576] /dev/rnullb0: Can't open blockdev
[  339.731192][T12599] netlink: 'syz.5.1740': attribute type 13 has an invalid length.
[  339.772397][T12599] macvtap0: entered promiscuous mode
[  339.815915][T12604] /dev/rnullb0: Can't open blockdev
[  339.828985][T12599] macvtap0: refused to change device tx_queue_len
[  340.233925][T12616] program syz.5.1744 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  340.354439][  T986] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  340.530635][  T986] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.552753][  T986] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.575804][  T986] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  340.586672][  T986] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.605868][  T986] usb 1-1: config 0 descriptor??
[  340.619199][T12625] /dev/rnullb0: Can't open blockdev
[  340.694888][T12626] /dev/rnullb0: Can't open blockdev
[  341.049422][  T986] hid_parser_main: 5 callbacks suppressed
[  341.049449][  T986] greenasia 0003:0E8F:0012.0011: unknown main item tag 0x0
[  341.084595][  T986] greenasia 0003:0E8F:0012.0011: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.0-1/input0
[  341.113418][  T986] greenasia 0003:0E8F:0012.0011: no inputs found
[  341.250992][    T9] usb 1-1: USB disconnect, device number 80
[  341.424827][   T30] audit: type=1326 audit(1752562800.226:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12623 comm="syz.4.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f5838e929 code=0x7fc00000
[  341.447160][    C1] vkms_vblank_simulate: vblank timer overrun
[  341.718939][T12649] ./file0: Can't lookup blockdev
[  341.929180][T12654] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  342.140678][T12664] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1757'.
[  342.150359][T12664] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1757'.
[  342.159425][T12664] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1757'.
[  342.168621][T12664] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1757'.
[  342.190266][T12664] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  342.197462][T12664] /dev/rnullb0: Can't open blockdev
[  342.638369][T12652] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  342.644935][T12652] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  342.651490][T12652] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  342.657766][T12652] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  342.663834][T12652] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  342.673787][T12652] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  342.977647][T12682] /dev/rnullb0: Can't open blockdev
[  343.482095][T12696] /dev/rnullb0: Can't open blockdev
[  343.879711][T12707] /dev/rnullb0: Can't open blockdev
[  343.894427][ T5865] Bluetooth: hci1: command 0x0406 tx timeout
[  344.122076][T12718] /dev/rnullb0: Can't open blockdev
[  344.128198][ T5900] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  344.285703][ T5900] usb 6-1: device descriptor read/64, error -71
[  344.545634][ T5900] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  344.694477][ T5900] usb 6-1: device descriptor read/64, error -71
[  344.695166][ T5865] Bluetooth: hci0: command 0x0c1a tx timeout
[  344.701066][ T5856] Bluetooth: hci2: command 0x0c1a tx timeout
[  344.701133][ T5856] Bluetooth: hci3: command 0x0406 tx timeout
[  344.730359][T12743] /dev/rnullb0: Can't open blockdev
[  344.822773][T12747] /dev/rnullb0: Can't open blockdev
[  344.839382][ T5900] usb usb6-port1: attempt power cycle
[  345.054487][T12754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1780'.
[  345.068108][T12754] /dev/rnullb0: Can't open blockdev
[  345.184398][ T5900] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  345.218218][ T5900] usb 6-1: device descriptor read/8, error -71
[  345.464355][ T5900] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  345.498465][ T5900] usb 6-1: device descriptor read/8, error -71
[  345.626625][ T5900] usb usb6-port1: unable to enumerate USB device
[  345.774594][T12789] /dev/rnullb0: Can't open blockdev
[  345.780664][T12789] /dev/rnullb0: Can't open blockdev
[  345.786726][T12789] /dev/rnullb0: Can't open blockdev
[  345.792696][T12789] /dev/rnullb0: Can't open blockdev
[  345.798772][T12789] /dev/rnullb0: Can't open blockdev
[  345.804846][T12789] /dev/rnullb0: Can't open blockdev
[  345.813875][T12789] /dev/rnullb0: Can't open blockdev
[  345.823630][T12789] /dev/rnullb0: Can't open blockdev
[  345.831331][T12788] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  346.042478][T12803] syz.0.1792: attempt to access beyond end of device
[  346.042478][T12803] loop0: rw=0, sector=0, nr_sectors = 1 limit=0
[  346.056473][T12803] hpfs: hpfs_map_sector(): read error
[  346.247351][T12811] /dev/rnullb0: Can't open blockdev
[  346.342517][T12819] /dev/rnullb0: Can't open blockdev
[  346.433685][T12823] syz.0.1798: attempt to access beyond end of device
[  346.433685][T12823] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  346.447110][T12823] SQUASHFS error: Failed to read block 0x0: -5
[  346.453350][T12823] unable to read squashfs_super_block
[  346.510411][T12830] /dev/rnullb0: Can't open blockdev
[  346.775988][ T5856] Bluetooth: hci0: command 0x0c1a tx timeout
[  346.886390][  T986] usb 1-1: new full-speed USB device number 81 using dummy_hcd
[  347.042247][T12825] cgroup: fork rejected by pids controller in /syz1
[  347.059182][  T986] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  347.072197][  T986] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  347.083670][  T986] usb 1-1: config 135 has no interface number 0
[  347.097593][  T986] usb 1-1: config 135 interface 230 has no altsetting 0
[  347.109205][  T986] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  347.125796][  T986] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.141849][  T986] usb 1-1: Product: syz
[  347.154352][  T986] usb 1-1: Manufacturer: syz
[  347.159186][  T986] usb 1-1: SerialNumber: syz
[  347.426556][T12864] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  347.438878][T12866] /dev/rnullb0: Can't open blockdev
[  347.528854][  T986] usb 1-1: USB disconnect, device number 81
[  347.684374][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  347.834520][    T9] usb 6-1: Using ep0 maxpacket: 32
[  347.842045][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  347.853250][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  347.864117][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  347.874700][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.885180][    T9] usb 6-1: config 0 descriptor??
[  347.893842][    T9] hub 6-1:0.0: USB hub found
[  348.028421][T12874] netlink: 'syz.1.1805': attribute type 4 has an invalid length.
[  348.059302][T12874] netlink: 'syz.1.1805': attribute type 2 has an invalid length.
[  348.105121][    T9] hub 6-1:0.0: 1 port detected
[  348.134056][T12880] /dev/rnullb0: Can't open blockdev
[  348.713435][    T9] hub 6-1:0.0: activate --> -90
[  348.854506][ T5856] Bluetooth: hci0: command 0x0c1a tx timeout
[  348.957075][T12905] /dev/rnullb0: Can't open blockdev
[  349.173547][ T5900] usb 6-1: USB disconnect, device number 11
[  349.657134][T12925] /dev/rnullb0: Can't open blockdev
[  349.919483][T12939] FAULT_INJECTION: forcing a failure.
[  349.919483][T12939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.952509][T12939] CPU: 1 UID: 0 PID: 12939 Comm: syz.5.1824 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  349.952538][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  349.952551][T12939] Call Trace:
[  349.952559][T12939]  <TASK>
[  349.952568][T12939]  dump_stack_lvl+0x189/0x250
[  349.952602][T12939]  ? __pfx____ratelimit+0x10/0x10
[  349.952625][T12939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.952654][T12939]  ? __pfx__printk+0x10/0x10
[  349.952711][T12939]  should_fail_ex+0x414/0x560
[  349.952738][T12939]  _copy_to_user+0x31/0xb0
[  349.952760][T12939]  simple_read_from_buffer+0xe1/0x170
[  349.952792][T12939]  proc_fail_nth_read+0x1df/0x250
[  349.952822][T12939]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.952853][T12939]  ? rw_verify_area+0x2a6/0x4d0
[  349.952871][T12939]  ? __lock_acquire+0xab9/0xd20
[  349.952891][T12939]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.952921][T12939]  vfs_read+0x200/0x980
[  349.952948][T12939]  ? __pfx___mutex_lock+0x10/0x10
[  349.952971][T12939]  ? __pfx_vfs_read+0x10/0x10
[  349.952993][T12939]  ? __fget_files+0x2a/0x420
[  349.953022][T12939]  ? __fget_files+0x3a0/0x420
[  349.953046][T12939]  ? __fget_files+0x2a/0x420
[  349.953080][T12939]  ksys_read+0x145/0x250
[  349.953116][T12939]  ? __pfx_ksys_read+0x10/0x10
[  349.953134][T12939]  ? rcu_is_watching+0x15/0xb0
[  349.953183][T12939]  ? do_syscall_64+0xbe/0x3b0
[  349.953211][T12939]  do_syscall_64+0xfa/0x3b0
[  349.953240][T12939]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.953262][T12939]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.953283][T12939]  ? clear_bhb_loop+0x60/0xb0
[  349.953308][T12939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.953328][T12939] RIP: 0033:0x7fd22238d33c
[  349.953347][T12939] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  349.953364][T12939] RSP: 002b:00007fd2231dd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  349.953386][T12939] RAX: ffffffffffffffda RBX: 00007fd2225b5fa0 RCX: 00007fd22238d33c
[  349.953401][T12939] RDX: 000000000000000f RSI: 00007fd2231dd0a0 RDI: 0000000000000004
[  349.953414][T12939] RBP: 00007fd2231dd090 R08: 0000000000000000 R09: 0000000000000000
[  349.953427][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.953439][T12939] R13: 0000000000000000 R14: 00007fd2225b5fa0 R15: 00007ffe06999af8
[  349.953472][T12939]  </TASK>
[  350.189279][    C1] vkms_vblank_simulate: vblank timer overrun
[  350.305293][T12950] /dev/rnullb0: Can't open blockdev
[  350.406370][T12954] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  350.426553][T12954] Error validating options; rc = [-22]
[  350.644160][T12961] /dev/rnullb0: Can't open blockdev
[  350.757264][T12965] /dev/rnullb0: Can't open blockdev
[  351.077180][T12978] /dev/rnullb0: Can't open blockdev
[  351.094621][T12977] /dev/rnullb0: Can't open blockdev
[  351.613043][T12999] /dev/rnullb0: Can't open blockdev
[  352.384857][ T5852] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  352.564331][ T5852] usb 2-1: Using ep0 maxpacket: 32
[  352.578376][ T5852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9
[  352.595409][ T5852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024
[  352.612606][ T5852] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  352.614925][T13043] /dev/rnullb0: Can't open blockdev
[  352.627623][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.636341][ T5852] usb 2-1: Product: syz
[  352.640618][ T5852] usb 2-1: Manufacturer: syz
[  352.645676][ T5852] usb 2-1: SerialNumber: syz
[  352.661611][ T5852] usb 2-1: config 0 descriptor??
[  352.713000][ T5852] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  352.879878][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.888833][T13052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.896030][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.898584][T13052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.917895][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.928723][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.941965][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.955061][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.964499][T13052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.980348][T13052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.989678][ T3503] usb 2-1: Failed to submit usb control message: -71
[  352.990004][ T6689] usb 2-1: USB disconnect, device number 76
[  352.997572][ T3503] usb 2-1: unable to send the bmi data to the device: -71
[  353.011101][ T3503] usb 2-1: unable to get target info from device
[  353.019008][ T3503] usb 2-1: could not get target info (-71)
[  353.028367][ T3503] usb 2-1: could not probe fw (-71)
[  354.154654][ T5852] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  354.354307][ T5852] usb 2-1: Using ep0 maxpacket: 8
[  354.361962][ T5852] usb 2-1: unable to get BOS descriptor or descriptor too short
[  354.372738][ T5852] usb 2-1: config 1 has an invalid interface number: 211 but max is 0
[  354.387856][ T5852] usb 2-1: config 1 has no interface number 0
[  354.400344][ T5852] usb 2-1: config 1 interface 211 has no altsetting 0
[  354.430959][ T5852] usb 2-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=90.e0
[  354.446505][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.465224][ T5852] usb 2-1: Product: syz
[  354.472052][ T5852] usb 2-1: Manufacturer: 缄鼿⣹쯅╓두ƒ宧퀕蘝⩵괏Ὦ麚⃔텰䪡䮅ꕹ얚欭℞鲹⴦褡멨ｺㇶ憻稒觊凥恱񋸇
[  354.495680][ T5852] usb 2-1: SerialNumber: syz
[  354.729311][T13078] /dev/rnullb0: Can't open blockdev
[  354.743533][ T5852] ftdi_sio 2-1:1.211: FTDI USB Serial Device converter detected
[  354.885556][ T5852] ftdi_sio ttyUSB0: unknown device type: 0x90e0
[  354.898646][ T5852] usb 2-1: USB disconnect, device number 77
[  354.908770][ T5852] ftdi_sio 2-1:1.211: device disconnected
[  355.645010][ T5852] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  355.659833][T13111] /dev/rnullb0: Can't open blockdev
[  355.801906][T13123] /dev/rnullb0: Can't open blockdev
[  355.838830][ T5852] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  355.857764][ T5852] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  355.873647][ T5852] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  355.886212][ T5852] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  355.896020][ T5852] usb 6-1: SerialNumber: syz
[  355.916705][ T5852] usb 6-1: bad CDC descriptors
[  356.484928][ T6689] usb 6-1: USB disconnect, device number 12
[  356.704089][T13150] /dev/rnullb0: Can't open blockdev
[  356.892764][T13165] binder: 13164:13165 ioctl c018620c 200000000580 returned -22
[  357.064662][ T5852] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  357.069200][T13172] /dev/rnullb0: Can't open blockdev
[  357.189240][T13176] /dev/rnullb0: Can't open blockdev
[  357.247105][ T5852] usb 2-1: Using ep0 maxpacket: 16
[  357.257333][ T5852] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  357.282363][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.300737][T13187] /dev/rnullb0: Can't open blockdev
[  357.309789][ T5852] usb 2-1: config 0 descriptor??
[  357.354302][ T5852] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  357.460205][T13195] /dev/rnullb0: Can't open blockdev
[  357.502869][T13194] cgroup: Bad value for 'name'
[  357.517980][T13194] /dev/rnullb0: Can't open blockdev
[  357.541738][ T5852] usb 2-1: Detected FT232B
[  357.606011][ T5852] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  357.644382][ T5852] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  357.679018][ T5852] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  357.731986][ T5852] usb 2-1: USB disconnect, device number 78
[  357.760319][T13207] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1891'.
[  357.780459][ T5852] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  357.827633][ T5852] ftdi_sio 2-1:0.0: device disconnected
[  357.970670][T13215] /dev/rnullb0: Can't open blockdev
[  358.676346][T13235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'.
[  358.884773][   T43] usb 1-1: new low-speed USB device number 82 using dummy_hcd
[  358.955203][T13241] /dev/rnullb0: Can't open blockdev
[  359.049250][   T43] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  359.074639][   T43] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x3 is Bulk; changing to Interrupt
[  359.095195][   T43] usb 1-1: config 1 interface 0 has no altsetting 0
[  359.111736][   T43] usb 1-1: string descriptor 0 read error: -22
[  359.118418][   T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  359.134270][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.158860][T13233] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  359.177181][T13233] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  359.182385][T13252] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1906'.
[  359.197481][   T43] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  359.265204][ T5856] Bluetooth: hci0: command 0x0c1a tx timeout
[  359.393193][T13233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  359.407224][T13233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.420337][ T5852] usb 1-1: USB disconnect, device number 82
[  359.474372][ T5900] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  359.628041][ T5900] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.645809][ T5900] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  359.667715][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  359.679163][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  359.689841][ T5900] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  359.705949][ T5900] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  359.718739][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  359.728271][ T5900] usb 6-1: Product: syz
[  359.732514][ T5900] usb 6-1: Manufacturer: syz
[  359.745823][ T5900] usb 6-1: SerialNumber: syz
[  359.761483][ T5900] usb 6-1: config 0 descriptor??
[  359.894486][T13282] cgroup: Unknown subsys name 'cpuset'
[  359.907505][T13282] /dev/rnullb0: Can't open blockdev
[  359.973736][ T5900] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  360.007129][ T5900] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  360.073933][T13292] /dev/rnullb0: Can't open blockdev
[  360.124556][T13294] /dev/rnullb0: Can't open blockdev
[  360.544564][ T5900] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -110
[  360.567561][ T5900] radio-si470x 6-1:0.0: si470x_get_scratch: si470x_get_report returned -110
[  360.587639][ T5900] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[  361.182903][   T30] audit: type=1326 audit(1752562819.996:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13316 comm="syz.0.1927" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa72bf8e929 code=0x0
[  361.770655][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.783383][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.793053][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.803166][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.811336][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.820842][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.832609][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.840718][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.852716][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.860812][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.872635][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.881118][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.890667][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.898982][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.907244][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.915305][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.923106][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.931278][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.939364][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.947455][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.955545][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.963299][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.971595][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.979684][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.987872][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  361.999639][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.007776][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.017729][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.027283][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.039932][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.051645][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.066431][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.076286][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.087884][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.098143][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.106607][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.115819][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.124595][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.141806][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.150151][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.158204][ T5900] usb 6-1: USB disconnect, device number 13
[  362.162046][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.179921][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.190153][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.234803][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.247259][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.257291][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.268839][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.279077][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.300440][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.310068][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.322391][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.331101][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.343638][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.353563][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.367162][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.380453][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.390050][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.408340][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.417497][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.428572][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.437451][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.448621][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.458102][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.468640][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.476761][T13321] binder: 13319:13321 ioctl c0306201 2000000003c0 returned -22
[  362.686919][T13336] netlink: 'syz.4.1933': attribute type 13 has an invalid length.
[  362.708850][T13336] fuse: Unknown parameter ''
[  362.709334][T13336] fuseblk: Bad value for 'fd'
[  362.858354][T13341] /dev/rnullb0: Can't open blockdev
[  362.905997][T13347] /dev/rnullb0: Can't open blockdev
[  362.985916][T13350] /dev/rnullb0: Can't open blockdev
[  362.992049][T13350] /dev/rnullb0: Can't open blockdev
[  363.330905][T13360] /dev/rnullb0: Can't open blockdev
[  363.376687][T13366] /dev/rnullb0: Can't open blockdev
[  363.664549][ T6689] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  363.794284][ T6689] usb 6-1: device descriptor read/64, error -71
[  364.034469][ T6689] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  364.184468][ T6689] usb 6-1: device descriptor read/64, error -71
[  364.204415][    T9] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  364.294656][ T6689] usb usb6-port1: attempt power cycle
[  364.354650][    T9] usb 2-1: Using ep0 maxpacket: 8
[  364.366756][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  364.381389][    T9] usb 2-1: config 4 interface 0 has no altsetting 0
[  364.393434][    T9] usb 2-1: string descriptor 0 read error: -22
[  364.400636][    T9] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  364.410007][    T9] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  364.431538][    T9] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  364.455355][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  364.472986][    T9] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  364.480820][    T9] usb 2-1: media controller created
[  364.508120][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  364.634502][ T6689] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  364.684921][ T6689] usb 6-1: device descriptor read/8, error -71
[  364.841793][T13377] /dev/rnullb0: Can't open blockdev
[  364.860281][  T986] usb 2-1: USB disconnect, device number 79
[  364.924345][ T6689] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  364.947556][ T6689] usb 6-1: device descriptor read/8, error -71
[  364.997431][T13405] /dev/rnullb0: Can't open blockdev
[  365.055177][ T6689] usb usb6-port1: unable to enumerate USB device
[  365.119799][T13410] /dev/rnullb0: Can't open blockdev
[  365.359537][T13420] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1959'.
[  365.360126][T13421] /dev/rnullb0: Can't open blockdev
[  365.380840][T13420] /dev/rnullb0: Can't open blockdev
[  365.516402][T13430] /dev/rnullb0: Can't open blockdev
[  365.693583][T13442] FAULT_INJECTION: forcing a failure.
[  365.693583][T13442] name failslab, interval 1, probability 0, space 0, times 0
[  365.706688][T13442] CPU: 1 UID: 0 PID: 13442 Comm: syz.0.1966 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  365.706718][T13442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.706736][T13442] Call Trace:
[  365.706744][T13442]  <TASK>
[  365.706752][T13442]  dump_stack_lvl+0x189/0x250
[  365.706786][T13442]  ? __pfx____ratelimit+0x10/0x10
[  365.706809][T13442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.706858][T13442]  ? __pfx__printk+0x10/0x10
[  365.706892][T13442]  ? __pfx___might_resched+0x10/0x10
[  365.706925][T13442]  should_fail_ex+0x414/0x560
[  365.706951][T13442]  should_failslab+0xa8/0x100
[  365.706973][T13442]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  365.707004][T13442]  ? __alloc_skb+0x112/0x2d0
[  365.707032][T13442]  __alloc_skb+0x112/0x2d0
[  365.707059][T13442]  netlink_sendmsg+0x5c6/0xb30
[  365.707094][T13442]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.707121][T13442]  ? aa_sock_msg_perm+0xf1/0x1d0
[  365.707159][T13442]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  365.707183][T13442]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.707208][T13442]  __sock_sendmsg+0x219/0x270
[  365.707242][T13442]  ____sys_sendmsg+0x505/0x830
[  365.707276][T13442]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.707312][T13442]  ? import_iovec+0x74/0xa0
[  365.707336][T13442]  ___sys_sendmsg+0x21f/0x2a0
[  365.707364][T13442]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.707430][T13442]  ? __fget_files+0x2a/0x420
[  365.707454][T13442]  ? __fget_files+0x3a0/0x420
[  365.707490][T13442]  __x64_sys_sendmsg+0x19b/0x260
[  365.707519][T13442]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  365.707556][T13442]  ? __pfx_ksys_write+0x10/0x10
[  365.707575][T13442]  ? rcu_is_watching+0x15/0xb0
[  365.707607][T13442]  ? do_syscall_64+0xbe/0x3b0
[  365.707634][T13442]  do_syscall_64+0xfa/0x3b0
[  365.707655][T13442]  ? lockdep_hardirqs_on+0x9c/0x150
[  365.707676][T13442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.707696][T13442]  ? clear_bhb_loop+0x60/0xb0
[  365.707720][T13442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.707746][T13442] RIP: 0033:0x7fa72bf8e929
[  365.707763][T13442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.707780][T13442] RSP: 002b:00007fa72cedc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.707802][T13442] RAX: ffffffffffffffda RBX: 00007fa72c1b5fa0 RCX: 00007fa72bf8e929
[  365.707817][T13442] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  365.707830][T13442] RBP: 00007fa72cedc090 R08: 0000000000000000 R09: 0000000000000000
[  365.707843][T13442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.707854][T13442] R13: 0000000000000000 R14: 00007fa72c1b5fa0 R15: 00007ffe8bce3e48
[  365.707885][T13442]  </TASK>
[  366.042351][T13444] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  366.049411][T13444] /dev/rnullb0: Can't open blockdev
[  366.074581][ T5900] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  366.244323][ T5900] usb 2-1: Using ep0 maxpacket: 8
[  366.251388][ T5900] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  366.261752][ T5900] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  366.278811][ T5900] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 200
[  366.295403][ T5900] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  366.308976][ T5900] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  366.320166][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.581571][ T5900] usb 2-1: GET_CAPABILITIES returned 0
[  366.611090][ T5900] usbtmc 2-1:16.0: can't read capabilities
[  366.716876][T13453] /dev/rnullb0: Can't open blockdev
[  366.740861][T13453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1971'.
[  366.757575][T13453] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1971'.
[  366.790147][    T9] usb 2-1: USB disconnect, device number 80
[  366.974695][ T5900] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  366.988283][T13437] random: crng reseeded on system resumption
[  367.144379][ T5900] usb 6-1: Using ep0 maxpacket: 8
[  367.157090][ T5900] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  367.166876][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.175367][ T5900] usb 6-1: Product: syz
[  367.179860][ T5900] usb 6-1: Manufacturer: syz
[  367.184642][ T5900] usb 6-1: SerialNumber: syz
[  367.193963][ T5900] usb 6-1: config 0 descriptor??
[  367.204499][ T5900] gspca_main: se401-2.14.0 probing 047d:5003
[  367.254852][    T9] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  367.414652][    T9] usb 2-1: Using ep0 maxpacket: 8
[  367.432586][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.444126][    T9] usb 2-1: New USB device found, idVendor=289d, idProduct=0075, bcdDevice= 0.00
[  367.467307][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.481444][    T9] usb 2-1: config 0 descriptor??
[  367.607448][ T5900] gspca_se401: ExtraFeatures: 99
[  367.615276][ T5900] gspca_se401: Too many frame sizes
[  367.810091][T13451] /dev/rnullb0: Can't open blockdev
[  367.838090][ T6689] usb 6-1: USB disconnect, device number 18
[  367.906412][    T9] hid (null): invalid report_size -1281265923
[  367.910475][T13483] /dev/rnullb0: Can't open blockdev
[  367.911701][    T9] hid-generic 0003:289D:0075.0012: ignoring exceeding usage max
[  367.919050][    T9] hid-generic 0003:289D:0075.0012: invalid report_size -1281265923
[  367.919080][    T9] hid-generic 0003:289D:0075.0012: item 0 4 1 7 parsing failed
[  367.920157][    T9] hid-generic 0003:289D:0075.0012: probe with driver hid-generic failed with error -22
[  368.106711][ T6689] usb 2-1: USB disconnect, device number 81
[  368.354333][ T5900] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  368.514462][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  368.523917][ T5900] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  368.545218][ T5900] usb 1-1: config 0 has no interface number 0
[  368.563638][ T5900] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.576216][ T5900] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.589399][ T5900] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  368.599653][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.619311][ T5900] usb 1-1: config 0 descriptor??
[  368.707704][T13501] FAULT_INJECTION: forcing a failure.
[  368.707704][T13501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.721133][T13501] CPU: 1 UID: 0 PID: 13501 Comm: syz.1.1985 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  368.721164][T13501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  368.721177][T13501] Call Trace:
[  368.721185][T13501]  <TASK>
[  368.721194][T13501]  dump_stack_lvl+0x189/0x250
[  368.721228][T13501]  ? __pfx____ratelimit+0x10/0x10
[  368.721250][T13501]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.721277][T13501]  ? __pfx__printk+0x10/0x10
[  368.721305][T13501]  ? __might_fault+0xb0/0x130
[  368.721346][T13501]  should_fail_ex+0x414/0x560
[  368.721373][T13501]  _copy_from_iter+0x1db/0x16f0
[  368.721408][T13501]  ? rcu_is_watching+0x15/0xb0
[  368.721435][T13501]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  368.721466][T13501]  ? __pfx__copy_from_iter+0x10/0x10
[  368.721496][T13501]  ? __build_skb_around+0x257/0x3e0
[  368.721526][T13501]  ? netlink_sendmsg+0x642/0xb30
[  368.721546][T13501]  ? skb_put+0x11b/0x210
[  368.721572][T13501]  netlink_sendmsg+0x6b2/0xb30
[  368.721604][T13501]  ? __pfx_netlink_sendmsg+0x10/0x10
[  368.721630][T13501]  ? aa_sock_msg_perm+0xf1/0x1d0
[  368.721653][T13501]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  368.721678][T13501]  ? __pfx_netlink_sendmsg+0x10/0x10
[  368.721701][T13501]  __sock_sendmsg+0x219/0x270
[  368.721735][T13501]  ____sys_sendmsg+0x505/0x830
[  368.721768][T13501]  ? __pfx_____sys_sendmsg+0x10/0x10
[  368.721804][T13501]  ? import_iovec+0x74/0xa0
[  368.721828][T13501]  ___sys_sendmsg+0x21f/0x2a0
[  368.721857][T13501]  ? __pfx____sys_sendmsg+0x10/0x10
[  368.721931][T13501]  ? __fget_files+0x2a/0x420
[  368.721956][T13501]  ? __fget_files+0x3a0/0x420
[  368.721991][T13501]  __x64_sys_sendmsg+0x19b/0x260
[  368.722019][T13501]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  368.722053][T13501]  ? __pfx_ksys_write+0x10/0x10
[  368.722070][T13501]  ? rcu_is_watching+0x15/0xb0
[  368.722102][T13501]  ? do_syscall_64+0xbe/0x3b0
[  368.722129][T13501]  do_syscall_64+0xfa/0x3b0
[  368.722148][T13501]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.722167][T13501]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.722186][T13501]  ? clear_bhb_loop+0x60/0xb0
[  368.722210][T13501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.722229][T13501] RIP: 0033:0x7f325898e929
[  368.722247][T13501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.722264][T13501] RSP: 002b:00007f32567f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  368.722286][T13501] RAX: ffffffffffffffda RBX: 00007f3258bb5fa0 RCX: 00007f325898e929
[  368.722299][T13501] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  368.722311][T13501] RBP: 00007f32567f6090 R08: 0000000000000000 R09: 0000000000000000
[  368.722323][T13501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.722335][T13501] R13: 0000000000000000 R14: 00007f3258bb5fa0 R15: 00007ffce85223b8
[  368.722366][T13501]  </TASK>
[  369.006538][    C1] vkms_vblank_simulate: vblank timer overrun
[  369.120136][T13505] /dev/rnullb0: Can't open blockdev
[  369.193760][T13507] /dev/rnullb0: Can't open blockdev
[  369.208659][T13507] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1989'.
[  369.223905][T13507] fuseblk: Unknown parameter 'uid<00000000000000000000'
[  369.374047][T13516] /dev/rnullb0: Can't open blockdev
[  369.569972][T13525] /dev/rnullb0: Can't open blockdev
[  369.934401][ T6689] usb 2-1: new full-speed USB device number 82 using dummy_hcd
[  370.038846][ T5900] usbhid 1-1:0.1: can't add hid device: -71
[  370.054372][    T9] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  370.062357][ T5900] usbhid 1-1:0.1: probe with driver usbhid failed with error -71
[  370.073877][ T5900] usb 1-1: USB disconnect, device number 83
[  370.119068][ T6689] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  370.144057][ T6689] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping
[  370.157235][ T6689] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  370.173497][ T6689] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  370.184536][ T6689] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.192617][ T6689] usb 2-1: Product: syz
[  370.197409][ T6689] usb 2-1: Manufacturer: syz
[  370.202041][ T6689] usb 2-1: SerialNumber: syz
[  370.214973][ T6689] usb 2-1: config 0 descriptor??
[  370.221577][    T9] usb 6-1: Using ep0 maxpacket: 8
[  370.231831][    T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[  370.257125][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.266421][    T9] usb 6-1: Product: syz
[  370.270647][    T9] usb 6-1: Manufacturer: syz
[  370.279549][    T9] usb 6-1: SerialNumber: syz
[  370.291071][    T9] usb 6-1: config 0 descriptor??
[  370.305074][    T9] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  370.314614][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  370.320367][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  370.336584][    T9] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  370.350352][    T9] usb 6-1: media controller created
[  370.380975][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  370.410963][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  370.422120][    T9] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  370.445398][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input29
[  370.467348][    T9] dvb-usb: schedule remote query interval to 50 msecs.
[  370.473333][T13529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.480937][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  370.483460][T13529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.494439][    T9] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  370.515456][T13529] netlink: 763 bytes leftover after parsing attributes in process `syz.1.1995'.
[  370.536443][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.542434][ T5900] dvb-usb: error while querying for an remote control event.
[  370.587947][T13542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.624429][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.637520][ T5900] dvb-usb: error while querying for an remote control event.
[  370.646689][T13542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.714410][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.724778][ T5900] dvb-usb: error while querying for an remote control event.
[  370.804410][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.815448][ T5900] dvb-usb: error while querying for an remote control event.
[  370.894317][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.903763][ T5900] dvb-usb: error while querying for an remote control event.
[  370.974292][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  370.985806][ T5900] dvb-usb: error while querying for an remote control event.
[  371.014928][T13545] FAULT_INJECTION: forcing a failure.
[  371.014928][T13545] name failslab, interval 1, probability 0, space 0, times 0
[  371.053442][T13545] CPU: 1 UID: 0 PID: 13545 Comm: syz.0.1997 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  371.053474][T13545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.053488][T13545] Call Trace:
[  371.053496][T13545]  <TASK>
[  371.053505][T13545]  dump_stack_lvl+0x189/0x250
[  371.053541][T13545]  ? __pfx____ratelimit+0x10/0x10
[  371.053564][T13545]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.053593][T13545]  ? __pfx__printk+0x10/0x10
[  371.053630][T13545]  ? ref_tracker_alloc+0x318/0x460
[  371.053657][T13545]  should_fail_ex+0x414/0x560
[  371.053684][T13545]  should_failslab+0xa8/0x100
[  371.053707][T13545]  kmem_cache_alloc_noprof+0x73/0x3c0
[  371.053737][T13545]  ? skb_clone+0x212/0x3a0
[  371.053776][T13545]  skb_clone+0x212/0x3a0
[  371.053809][T13545]  __netlink_deliver_tap+0x404/0x850
[  371.053847][T13545]  ? netlink_deliver_tap+0x2e/0x1b0
[  371.053873][T13545]  netlink_deliver_tap+0x19c/0x1b0
[  371.053898][T13545]  netlink_unicast+0x730/0x8e0
[  371.053931][T13545]  netlink_sendmsg+0x805/0xb30
[  371.053965][T13545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.053994][T13545]  ? aa_sock_msg_perm+0xf1/0x1d0
[  371.054016][T13545]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  371.054042][T13545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  371.054067][T13545]  __sock_sendmsg+0x219/0x270
[  371.054103][T13545]  ____sys_sendmsg+0x505/0x830
[  371.054136][T13545]  ? __pfx_____sys_sendmsg+0x10/0x10
[  371.054174][T13545]  ? import_iovec+0x74/0xa0
[  371.054197][T13545]  ___sys_sendmsg+0x21f/0x2a0
[  371.054225][T13545]  ? __pfx____sys_sendmsg+0x10/0x10
[  371.054290][T13545]  ? __fget_files+0x2a/0x420
[  371.054314][T13545]  ? __fget_files+0x3a0/0x420
[  371.054350][T13545]  __x64_sys_sendmsg+0x19b/0x260
[  371.054378][T13545]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  371.054414][T13545]  ? __pfx_ksys_write+0x10/0x10
[  371.054432][T13545]  ? rcu_is_watching+0x15/0xb0
[  371.054464][T13545]  ? do_syscall_64+0xbe/0x3b0
[  371.054502][T13545]  do_syscall_64+0xfa/0x3b0
[  371.054523][T13545]  ? lockdep_hardirqs_on+0x9c/0x150
[  371.054543][T13545]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.054561][T13545]  ? clear_bhb_loop+0x60/0xb0
[  371.054584][T13545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.054602][T13545] RIP: 0033:0x7fa72bf8e929
[  371.054620][T13545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.054636][T13545] RSP: 002b:00007fa72cedc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  371.054657][T13545] RAX: ffffffffffffffda RBX: 00007fa72c1b5fa0 RCX: 00007fa72bf8e929
[  371.054671][T13545] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  371.054683][T13545] RBP: 00007fa72cedc090 R08: 0000000000000000 R09: 0000000000000000
[  371.054694][T13545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.054706][T13545] R13: 0000000000000000 R14: 00007fa72c1b5fa0 R15: 00007ffe8bce3e48
[  371.054736][T13545]  </TASK>
[  371.066827][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.365943][ T5900] dvb-usb: error while querying for an remote control event.
[  371.428079][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.433874][ T5900] dvb-usb: error while querying for an remote control event.
[  371.504283][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.511719][ T5900] dvb-usb: error while querying for an remote control event.
[  371.524324][  T986] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  371.574419][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.580386][ T5900] dvb-usb: error while querying for an remote control event.
[  371.644301][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.650107][ T5900] dvb-usb: error while querying for an remote control event.
[  371.674304][  T986] usb 1-1: device descriptor read/64, error -71
[  371.685720][T13554] /dev/rnullb0: Can't open blockdev
[  371.735299][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.741097][ T5900] dvb-usb: error while querying for an remote control event.
[  371.805318][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.811192][ T5900] dvb-usb: error while querying for an remote control event.
[  371.839975][T13559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.854001][T13559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.869799][ T5856] Bluetooth: hci3: SCO packet for unknown connection handle 48
[  371.871050][ T5856] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  371.881811][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.886923][ T5856] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  371.908536][ T5900] dvb-usb: error while querying for an remote control event.
[  371.925127][  T986] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  371.942393][T13562] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2004'.
[  371.952046][T13562] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  371.960526][T13562] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  371.984288][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  371.990089][ T5900] dvb-usb: error while querying for an remote control event.
[  372.021801][T13564] FAULT_INJECTION: forcing a failure.
[  372.021801][T13564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.037319][T13564] CPU: 1 UID: 0 PID: 13564 Comm: syz.4.2005 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  372.037349][T13564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.037362][T13564] Call Trace:
[  372.037370][T13564]  <TASK>
[  372.037378][T13564]  dump_stack_lvl+0x189/0x250
[  372.037414][T13564]  ? __pfx____ratelimit+0x10/0x10
[  372.037446][T13564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.037475][T13564]  ? __pfx__printk+0x10/0x10
[  372.037503][T13564]  ? __might_fault+0xb0/0x130
[  372.037547][T13564]  should_fail_ex+0x414/0x560
[  372.037574][T13564]  _copy_from_iter+0x1db/0x16f0
[  372.037617][T13564]  ? __pfx__copy_from_iter+0x10/0x10
[  372.037651][T13564]  ? rcu_is_watching+0x15/0xb0
[  372.037678][T13564]  ? trace_kmalloc+0x1f/0xd0
[  372.037707][T13564]  ? kernfs_fop_write_iter+0x158/0x4f0
[  372.037736][T13564]  kernfs_fop_write_iter+0x19f/0x4f0
[  372.037768][T13564]  vfs_write+0x54b/0xa90
[  372.037795][T13564]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  372.037820][T13564]  ? __pfx_vfs_write+0x10/0x10
[  372.037854][T13564]  ? __fget_files+0x2a/0x420
[  372.037890][T13564]  ksys_write+0x145/0x250
[  372.037915][T13564]  ? __pfx_ksys_write+0x10/0x10
[  372.037934][T13564]  ? rcu_is_watching+0x15/0xb0
[  372.037966][T13564]  ? do_syscall_64+0xbe/0x3b0
[  372.037993][T13564]  do_syscall_64+0xfa/0x3b0
[  372.038015][T13564]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.038036][T13564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.038056][T13564]  ? clear_bhb_loop+0x60/0xb0
[  372.038081][T13564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.038101][T13564] RIP: 0033:0x7f5f5838e929
[  372.038118][T13564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.038135][T13564] RSP: 002b:00007f5f591f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  372.038156][T13564] RAX: ffffffffffffffda RBX: 00007f5f585b5fa0 RCX: 00007f5f5838e929
[  372.038170][T13564] RDX: 0000000000000012 RSI: 0000200000000140 RDI: 0000000000000004
[  372.038183][T13564] RBP: 00007f5f591f7090 R08: 0000000000000000 R09: 0000000000000000
[  372.038195][T13564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.038207][T13564] R13: 0000000000000000 R14: 00007f5f585b5fa0 R15: 00007ffdc2823398
[  372.038230][T13564]  </TASK>
[  372.054477][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  372.077138][  T986] usb 1-1: device descriptor read/64, error -71
[  372.084842][ T5900] dvb-usb: error while querying for an remote control event.
[  372.159515][T13567] /dev/rnullb0: Can't open blockdev
[  372.233129][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  372.233155][ T5900] dvb-usb: error while querying for an remote control event.
[  372.284357][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[  372.289678][  T986] usb usb1-port1: attempt power cycle
[  372.303024][ T5900] dvb-usb: error while querying for an remote control event.
[  372.372349][T13571] FAULT_INJECTION: forcing a failure.
[  372.372349][T13571] name failslab, interval 1, probability 0, space 0, times 0
[  372.390607][T13571] CPU: 1 UID: 0 PID: 13571 Comm: syz.4.2007 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  372.390639][T13571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.390652][T13571] Call Trace:
[  372.390662][T13571]  <TASK>
[  372.390671][T13571]  dump_stack_lvl+0x189/0x250
[  372.390706][T13571]  ? __pfx____ratelimit+0x10/0x10
[  372.390729][T13571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.390758][T13571]  ? __pfx__printk+0x10/0x10
[  372.390789][T13571]  ? __pfx___might_resched+0x10/0x10
[  372.390815][T13571]  ? fs_reclaim_acquire+0x7d/0x100
[  372.390843][T13571]  should_fail_ex+0x414/0x560
[  372.390870][T13571]  should_failslab+0xa8/0x100
[  372.390891][T13571]  __kmalloc_noprof+0xcb/0x4f0
[  372.390920][T13571]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  372.390945][T13571]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  372.390981][T13571]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  372.391020][T13571]  genl_family_rcv_msg_doit+0xb8/0x300
[  372.391057][T13571]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  372.391089][T13571]  ? rcu_is_watching+0x15/0xb0
[  372.391119][T13571]  ? apparmor_capable+0x137/0x1b0
[  372.391147][T13571]  ? bpf_lsm_capable+0x9/0x20
[  372.391164][T13571]  ? security_capable+0x7e/0x2e0
[  372.391202][T13571]  genl_rcv_msg+0x60e/0x790
[  372.391238][T13571]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.391264][T13571]  ? ref_tracker_free+0x63a/0x7d0
[  372.391285][T13571]  ? __pfx_ethnl_act_cable_test_tdr+0x10/0x10
[  372.391312][T13571]  ? __pfx_ref_tracker_free+0x10/0x10
[  372.391346][T13571]  netlink_rcv_skb+0x205/0x470
[  372.391370][T13571]  ? __pfx_genl_rcv_msg+0x10/0x10
[  372.391400][T13571]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  372.391448][T13571]  ? down_read+0x1ad/0x2e0
[  372.391475][T13571]  genl_rcv+0x28/0x40
[  372.391501][T13571]  netlink_unicast+0x759/0x8e0
[  372.391533][T13571]  netlink_sendmsg+0x805/0xb30
[  372.391568][T13571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.391598][T13571]  ? aa_sock_msg_perm+0xf1/0x1d0
[  372.391620][T13571]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  372.391645][T13571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.391669][T13571]  __sock_sendmsg+0x219/0x270
[  372.391705][T13571]  ____sys_sendmsg+0x505/0x830
[  372.391738][T13571]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.391776][T13571]  ? import_iovec+0x74/0xa0
[  372.391800][T13571]  ___sys_sendmsg+0x21f/0x2a0
[  372.391829][T13571]  ? __pfx____sys_sendmsg+0x10/0x10
[  372.391897][T13571]  ? __fget_files+0x2a/0x420
[  372.391921][T13571]  ? __fget_files+0x3a0/0x420
[  372.391957][T13571]  __x64_sys_sendmsg+0x19b/0x260
[  372.391988][T13571]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  372.392025][T13571]  ? __pfx_ksys_write+0x10/0x10
[  372.392054][T13571]  ? do_syscall_64+0xbe/0x3b0
[  372.392081][T13571]  do_syscall_64+0xfa/0x3b0
[  372.392102][T13571]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.392123][T13571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.392144][T13571]  ? clear_bhb_loop+0x60/0xb0
[  372.392169][T13571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.392189][T13571] RIP: 0033:0x7f5f5838e929
[  372.392207][T13571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.392224][T13571] RSP: 002b:00007f5f591f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.392246][T13571] RAX: ffffffffffffffda RBX: 00007f5f585b5fa0 RCX: 00007f5f5838e929
[  372.392261][T13571] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  372.392274][T13571] RBP: 00007f5f591f7090 R08: 0000000000000000 R09: 0000000000000000
[  372.392287][T13571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.392299][T13571] R13: 0000000000000000 R14: 00007f5f585b5fa0 R15: 00007ffdc2823398
[  372.392331][T13571]  </TASK>
[  372.394257][ T5852] dvb-usb: bulk message failed: -22 (1/0)
[  372.693897][  T986] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  372.707480][ T5852] dvb-usb: error while querying for an remote control event.
[  372.760346][  T986] usb 1-1: device descriptor read/8, error -71
[  372.904251][ T5852] dvb-usb: bulk message failed: -22 (1/0)
[  372.904392][ T5856] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  372.910039][ T5852] dvb-usb: error while querying for an remote control event.
[  372.944488][ T5856] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  372.953218][ T5856] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  372.971080][ T5852] dvb-usb: bulk message failed: -22 (1/0)
[  372.986186][ T5852] dvb-usb: error while querying for an remote control event.
[  372.996027][   T24] usb 6-1: USB disconnect, device number 19
[  373.084315][  T986] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  373.124918][  T986] usb 1-1: device descriptor read/8, error -71
[  373.137673][   T24] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  373.223856][T13589] FAULT_INJECTION: forcing a failure.
[  373.223856][T13589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.241285][T13589] CPU: 0 UID: 0 PID: 13589 Comm: syz.1.2014 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  373.241317][T13589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  373.241330][T13589] Call Trace:
[  373.241339][T13589]  <TASK>
[  373.241348][T13589]  dump_stack_lvl+0x189/0x250
[  373.241383][T13589]  ? __pfx____ratelimit+0x10/0x10
[  373.241406][T13589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.241444][T13589]  ? __pfx__printk+0x10/0x10
[  373.241486][T13589]  should_fail_ex+0x414/0x560
[  373.241513][T13589]  _copy_to_user+0x31/0xb0
[  373.241537][T13589]  simple_read_from_buffer+0xe1/0x170
[  373.241572][T13589]  proc_fail_nth_read+0x1df/0x250
[  373.241605][T13589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  373.241639][T13589]  ? rw_verify_area+0x2a6/0x4d0
[  373.241658][T13589]  ? __lock_acquire+0xab9/0xd20
[  373.241687][T13589]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  373.241717][T13589]  vfs_read+0x200/0x980
[  373.241744][T13589]  ? __pfx___mutex_lock+0x10/0x10
[  373.241768][T13589]  ? __pfx_vfs_read+0x10/0x10
[  373.241792][T13589]  ? __fget_files+0x2a/0x420
[  373.241822][T13589]  ? __fget_files+0x3a0/0x420
[  373.241845][T13589]  ? __fget_files+0x2a/0x420
[  373.241880][T13589]  ksys_read+0x145/0x250
[  373.241904][T13589]  ? __pfx_ksys_read+0x10/0x10
[  373.241923][T13589]  ? rcu_is_watching+0x15/0xb0
[  373.241952][T13589]  ? do_syscall_64+0xbe/0x3b0
[  373.241974][T13589]  do_syscall_64+0xfa/0x3b0
[  373.241991][T13589]  ? lockdep_hardirqs_on+0x9c/0x150
[  373.242007][T13589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.242023][T13589]  ? clear_bhb_loop+0x60/0xb0
[  373.242043][T13589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.242058][T13589] RIP: 0033:0x7f325898d33c
[  373.242073][T13589] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  373.242086][T13589] RSP: 002b:00007f32567f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  373.242104][T13589] RAX: ffffffffffffffda RBX: 00007f3258bb5fa0 RCX: 00007f325898d33c
[  373.242116][T13589] RDX: 000000000000000f RSI: 00007f32567f60a0 RDI: 0000000000000005
[  373.242126][T13589] RBP: 00007f32567f6090 R08: 0000000000000000 R09: 0000000000000000
[  373.242136][T13589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.242145][T13589] R13: 0000000000000000 R14: 00007f3258bb5fa0 R15: 00007ffce85223b8
[  373.242170][T13589]  </TASK>
[  373.245093][  T986] usb usb1-port1: unable to enumerate USB device
[  373.517295][T13596] FAULT_INJECTION: forcing a failure.
[  373.517295][T13596] name failslab, interval 1, probability 0, space 0, times 0
[  373.530194][T13596] CPU: 1 UID: 0 PID: 13596 Comm: syz.4.2017 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  373.530224][T13596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  373.530237][T13596] Call Trace:
[  373.530245][T13596]  <TASK>
[  373.530254][T13596]  dump_stack_lvl+0x189/0x250
[  373.530288][T13596]  ? __pfx____ratelimit+0x10/0x10
[  373.530312][T13596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.530340][T13596]  ? __pfx__printk+0x10/0x10
[  373.530384][T13596]  ? __pfx___might_resched+0x10/0x10
[  373.530410][T13596]  ? fs_reclaim_acquire+0x7d/0x100
[  373.530437][T13596]  should_fail_ex+0x414/0x560
[  373.530464][T13596]  should_failslab+0xa8/0x100
[  373.530486][T13596]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  373.530518][T13596]  ? __alloc_skb+0x112/0x2d0
[  373.530546][T13596]  __alloc_skb+0x112/0x2d0
[  373.530575][T13596]  netlink_ack+0x146/0xa50
[  373.530594][T13596]  ? __pfx_genl_rcv_msg+0x10/0x10
[  373.530621][T13596]  ? ref_tracker_free+0x63a/0x7d0
[  373.530646][T13596]  ? __pfx_ref_tracker_free+0x10/0x10
[  373.530681][T13596]  netlink_rcv_skb+0x28c/0x470
[  373.530705][T13596]  ? __pfx_genl_rcv_msg+0x10/0x10
[  373.530736][T13596]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  373.530778][T13596]  ? down_read+0x1ad/0x2e0
[  373.530806][T13596]  genl_rcv+0x28/0x40
[  373.530832][T13596]  netlink_unicast+0x759/0x8e0
[  373.530865][T13596]  netlink_sendmsg+0x805/0xb30
[  373.530900][T13596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  373.530927][T13596]  ? aa_sock_msg_perm+0xf1/0x1d0
[  373.530950][T13596]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  373.530976][T13596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  373.531001][T13596]  __sock_sendmsg+0x219/0x270
[  373.531047][T13596]  ____sys_sendmsg+0x505/0x830
[  373.531080][T13596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  373.531115][T13596]  ? import_iovec+0x74/0xa0
[  373.531138][T13596]  ___sys_sendmsg+0x21f/0x2a0
[  373.531166][T13596]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.531230][T13596]  ? __fget_files+0x2a/0x420
[  373.531255][T13596]  ? __fget_files+0x3a0/0x420
[  373.531291][T13596]  __x64_sys_sendmsg+0x19b/0x260
[  373.531320][T13596]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  373.531365][T13596]  ? __pfx_ksys_write+0x10/0x10
[  373.531384][T13596]  ? rcu_is_watching+0x15/0xb0
[  373.531416][T13596]  ? do_syscall_64+0xbe/0x3b0
[  373.531443][T13596]  do_syscall_64+0xfa/0x3b0
[  373.531464][T13596]  ? lockdep_hardirqs_on+0x9c/0x150
[  373.531484][T13596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.531504][T13596]  ? clear_bhb_loop+0x60/0xb0
[  373.531527][T13596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.531547][T13596] RIP: 0033:0x7f5f5838e929
[  373.531564][T13596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.531581][T13596] RSP: 002b:00007f5f591f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  373.531602][T13596] RAX: ffffffffffffffda RBX: 00007f5f585b5fa0 RCX: 00007f5f5838e929
[  373.531616][T13596] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  373.531628][T13596] RBP: 00007f5f591f7090 R08: 0000000000000000 R09: 0000000000000000
[  373.531641][T13596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.531652][T13596] R13: 0000000000000000 R14: 00007f5f585b5fa0 R15: 00007ffdc2823398
[  373.531683][T13596]  </TASK>
[  374.082216][T13608] /dev/rnullb0: Can't open blockdev
[  374.220775][T13611] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  374.529353][T13628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  374.564065][T13628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  374.585528][T13628] Bluetooth: MGMT ver 1.23
[  374.618942][T13628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  374.640538][T13628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.240193][T13656] /dev/rnullb0: Can't open blockdev
[  375.315501][T13659] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2037'.
[  375.364454][T13659] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2037'.
[  375.373473][T13659] tipc: Started in network mode
[  375.387512][T13659] tipc: Node identity ffe407, cluster identity 4711
[  375.398422][T13659] tipc: Node number set to 16770055
[  375.461909][T13664] syzkaller1: entered promiscuous mode
[  375.478660][T13664] syzkaller1: entered allmulticast mode
[  375.500497][T13664] /dev/rnullb0: Can't open blockdev
[  375.747843][T13673] FAULT_INJECTION: forcing a failure.
[  375.747843][T13673] name failslab, interval 1, probability 0, space 0, times 0
[  375.774293][ T6689] usb 1-1: new full-speed USB device number 88 using dummy_hcd
[  375.788592][T13673] CPU: 0 UID: 0 PID: 13673 Comm: syz.1.2041 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  375.788620][T13673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.788633][T13673] Call Trace:
[  375.788642][T13673]  <TASK>
[  375.788651][T13673]  dump_stack_lvl+0x189/0x250
[  375.788684][T13673]  ? __pfx____ratelimit+0x10/0x10
[  375.788706][T13673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.788734][T13673]  ? __pfx__printk+0x10/0x10
[  375.788777][T13673]  should_fail_ex+0x414/0x560
[  375.788804][T13673]  should_failslab+0xa8/0x100
[  375.788826][T13673]  kmem_cache_alloc_noprof+0x73/0x3c0
[  375.788854][T13673]  ? skb_clone+0x212/0x3a0
[  375.788887][T13673]  skb_clone+0x212/0x3a0
[  375.788918][T13673]  __netlink_deliver_tap+0x404/0x850
[  375.788955][T13673]  ? netlink_deliver_tap+0x2e/0x1b0
[  375.788979][T13673]  netlink_deliver_tap+0x19c/0x1b0
[  375.789003][T13673]  netlink_sendskb+0x68/0x140
[  375.789025][T13673]  netlink_rcv_skb+0x28c/0x470
[  375.789048][T13673]  ? __pfx_genl_rcv_msg+0x10/0x10
[  375.789078][T13673]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  375.789118][T13673]  ? down_read+0x1ad/0x2e0
[  375.789163][T13673]  genl_rcv+0x28/0x40
[  375.789193][T13673]  netlink_unicast+0x759/0x8e0
[  375.789226][T13673]  netlink_sendmsg+0x805/0xb30
[  375.789278][T13673]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.789306][T13673]  ? aa_sock_msg_perm+0xf1/0x1d0
[  375.789329][T13673]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  375.789355][T13673]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.789380][T13673]  __sock_sendmsg+0x219/0x270
[  375.789416][T13673]  ____sys_sendmsg+0x505/0x830
[  375.789460][T13673]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.789498][T13673]  ? import_iovec+0x74/0xa0
[  375.789522][T13673]  ___sys_sendmsg+0x21f/0x2a0
[  375.789552][T13673]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.789620][T13673]  ? __fget_files+0x2a/0x420
[  375.789645][T13673]  ? __fget_files+0x3a0/0x420
[  375.789682][T13673]  __x64_sys_sendmsg+0x19b/0x260
[  375.789717][T13673]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  375.789755][T13673]  ? __pfx_ksys_write+0x10/0x10
[  375.789775][T13673]  ? rcu_is_watching+0x15/0xb0
[  375.789808][T13673]  ? do_syscall_64+0xbe/0x3b0
[  375.789835][T13673]  do_syscall_64+0xfa/0x3b0
[  375.789856][T13673]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.789877][T13673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.789898][T13673]  ? clear_bhb_loop+0x60/0xb0
[  375.789923][T13673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.789943][T13673] RIP: 0033:0x7f325898e929
[  375.789961][T13673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.789979][T13673] RSP: 002b:00007f32567f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  375.790001][T13673] RAX: ffffffffffffffda RBX: 00007f3258bb5fa0 RCX: 00007f325898e929
[  375.790016][T13673] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  375.790029][T13673] RBP: 00007f32567f6090 R08: 0000000000000000 R09: 0000000000000000
[  375.790042][T13673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.790054][T13673] R13: 0000000000000000 R14: 00007f3258bb5fa0 R15: 00007ffce85223b8
[  375.790086][T13673]  </TASK>
[  376.007525][ T6689] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  376.284035][T13684] netlink: 'syz.5.2045': attribute type 29 has an invalid length.
[  376.301247][ T6689] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  376.304833][T13684] netlink: 'syz.5.2045': attribute type 29 has an invalid length.
[  376.310673][ T6689] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.327674][ T6689] usb 1-1: Product: syz
[  376.331920][ T6689] usb 1-1: Manufacturer: syz
[  376.337080][ T6689] usb 1-1: SerialNumber: syz
[  376.359418][ T6689] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  376.387457][T13684] netlink: 'syz.5.2045': attribute type 29 has an invalid length.
[  376.417347][T13684] netlink: 'syz.5.2045': attribute type 29 has an invalid length.
[  376.562646][T13687] program syz.1.2046 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  376.684301][    T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  376.769061][ T6689] usb 1-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  376.814296][    T9] usb 6-1: device descriptor read/64, error -71
[  376.916125][T13694] /dev/rnullb0: Can't open blockdev
[  377.064420][    T9] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  377.204272][    T9] usb 6-1: device descriptor read/64, error -71
[  377.314908][    T9] usb usb6-port1: attempt power cycle
[  377.667245][    T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  377.707199][    T9] usb 6-1: device descriptor read/8, error -71
[  377.900138][T13716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  377.917168][T13716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  377.958731][    T9] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  377.984899][    T9] usb 6-1: device descriptor read/8, error -71
[  378.094687][    T9] usb usb6-port1: unable to enumerate USB device
[  378.367547][T13720] FAULT_INJECTION: forcing a failure.
[  378.367547][T13720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.384205][T13720] CPU: 0 UID: 0 PID: 13720 Comm: syz.4.2053 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  378.384233][T13720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  378.384246][T13720] Call Trace:
[  378.384255][T13720]  <TASK>
[  378.384263][T13720]  dump_stack_lvl+0x189/0x250
[  378.384297][T13720]  ? __pfx____ratelimit+0x10/0x10
[  378.384318][T13720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.384351][T13720]  ? __pfx__printk+0x10/0x10
[  378.384393][T13720]  should_fail_ex+0x414/0x560
[  378.384419][T13720]  _copy_to_user+0x31/0xb0
[  378.384440][T13720]  simple_read_from_buffer+0xe1/0x170
[  378.384469][T13720]  proc_fail_nth_read+0x1df/0x250
[  378.384502][T13720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.384534][T13720]  ? rw_verify_area+0x2a6/0x4d0
[  378.384552][T13720]  ? __lock_acquire+0xab9/0xd20
[  378.384573][T13720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.384602][T13720]  vfs_read+0x200/0x980
[  378.384627][T13720]  ? __pfx___mutex_lock+0x10/0x10
[  378.384649][T13720]  ? __pfx_vfs_read+0x10/0x10
[  378.384672][T13720]  ? __fget_files+0x2a/0x420
[  378.384702][T13720]  ? __fget_files+0x3a0/0x420
[  378.384725][T13720]  ? __fget_files+0x2a/0x420
[  378.384760][T13720]  ksys_read+0x145/0x250
[  378.384784][T13720]  ? __pfx_ksys_read+0x10/0x10
[  378.384818][T13720]  ? rcu_is_watching+0x15/0xb0
[  378.384852][T13720]  ? do_syscall_64+0xbe/0x3b0
[  378.384880][T13720]  do_syscall_64+0xfa/0x3b0
[  378.384901][T13720]  ? lockdep_hardirqs_on+0x9c/0x150
[  378.384922][T13720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.384943][T13720]  ? clear_bhb_loop+0x60/0xb0
[  378.384968][T13720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.384995][T13720] RIP: 0033:0x7f5f5838d33c
[  378.385013][T13720] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  378.385030][T13720] RSP: 002b:00007f5f591f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  378.385052][T13720] RAX: ffffffffffffffda RBX: 00007f5f585b5fa0 RCX: 00007f5f5838d33c
[  378.385067][T13720] RDX: 000000000000000f RSI: 00007f5f591f70a0 RDI: 0000000000000004
[  378.385080][T13720] RBP: 00007f5f591f7090 R08: 0000000000000000 R09: 0000000000000000
[  378.385103][T13720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  378.385115][T13720] R13: 0000000000000000 R14: 00007f5f585b5fa0 R15: 00007ffdc2823398
[  378.385146][T13720]  </TASK>
[  378.629808][    C0] vkms_vblank_simulate: vblank timer overrun
[  378.727516][T13723] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  378.782018][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  378.794664][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  378.857868][T13727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.872389][T13727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.884652][T13727] /dev/rnullb0: Can't open blockdev
[  378.897191][T13727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.906154][T13727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.936663][   T24] usb 1-1: USB disconnect, device number 88
[  379.304563][T13684] ALSA: mixer_oss: invalid OSS volume ''
[  379.395689][T13743] /dev/rnullb0: Can't open blockdev
[  379.558051][T13754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.569978][T13754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.591766][T13754] can0: slcan on ttyS3.
[  379.676217][T13754] can0 (unregistered): slcan off ttyS3.
[  379.753457][T13760] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2068'.
[  379.765770][T13760] /dev/rnullb0: Can't open blockdev
[  379.820051][T13753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.829757][T13753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.845199][    T9] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  380.164417][  T986] usb 1-1: new low-speed USB device number 89 using dummy_hcd
[  380.239062][ T5856] Bluetooth: hci3: unexpected event for opcode 0x080b
[  380.286503][T13772] /dev/rnullb0: Can't open blockdev
[  380.317390][  T986] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  380.326879][  T986] usb 1-1: config 0 has no interface number 0
[  380.333048][  T986] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  380.354690][  T986] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  380.365631][  T986] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  380.374694][    T9] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  380.386067][  T986] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.398808][  T986] usb 1-1: config 0 descriptor??
[  380.430166][T13765] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  380.455208][  T986] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  380.526028][T13780] /dev/rnullb0: Can't open blockdev
[  380.538820][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.549020][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  380.560590][    T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  380.570006][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.578396][    T9] usb 6-1: Product: syz
[  380.582618][    T9] usb 6-1: Manufacturer: syz
[  380.587349][    T9] usb 6-1: SerialNumber: syz
[  380.671978][ T5852] usb 1-1: USB disconnect, device number 89
[  380.813332][    T9] usb 6-1: 0:2 : does not exist
[  380.833044][    T9] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  380.863686][    T9] usb 6-1: USB disconnect, device number 25
[  380.911101][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.577852][T13795] /dev/rnullb0: Can't open blockdev
[  381.725298][T13798] /dev/rnullb0: Can't open blockdev
[  381.906497][T13801] binder: 13799:13801 ioctl c018620b 200000000000 returned -14
[  381.998766][ T5172] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  382.009524][ T5172] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  382.023568][ T5172] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  382.040844][ T5172] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  382.061579][ T5172] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  382.105448][T13807] /dev/rnullb0: Can't open blockdev
[  382.117007][T13809] /dev/rnullb0: Can't open blockdev
[  382.144371][T13806] hsr0: entered allmulticast mode
[  382.149479][T13806] hsr_slave_0: entered allmulticast mode
[  382.155288][T13806] hsr_slave_1: entered allmulticast mode
[  382.227689][T13811] /dev/rnullb0: Can't open blockdev
[  382.293991][T13813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.320915][T13813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.369952][T13815] binder: 13814:13815 ioctl c018620c 200000000140 returned -1
[  382.496165][T13823] syz.5.2089: attempt to access beyond end of device
[  382.496165][T13823] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[  382.568295][T13825] /dev/rnullb0: Can't open blockdev
[  382.738502][T13803] chnl_net:caif_netlink_parms(): no params data found
[  382.779607][T13834] /dev/rnullb0: Can't open blockdev
[  382.894011][T13803] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.902416][T13803] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.912957][T13803] bridge_slave_0: entered allmulticast mode
[  382.922608][T13803] bridge_slave_0: entered promiscuous mode
[  382.931528][T13803] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.938984][T13803] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.946334][ T5852] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  382.954333][T13803] bridge_slave_1: entered allmulticast mode
[  382.982906][T13803] bridge_slave_1: entered promiscuous mode
[  383.050094][T13803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.065796][T13803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.123577][T13803] team0: Port device team_slave_0 added
[  383.136573][ T5852] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  383.141666][T13803] team0: Port device team_slave_1 added
[  383.146209][ T5852] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.175297][ T5852] usb 6-1: config 0 descriptor??
[  383.227379][T13803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.234524][T13803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.261584][T13803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.280977][T13803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  383.292006][T13803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.318886][T13803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  383.380285][ T5172] Bluetooth: hci3: unexpected event for opcode 0x2028
[  383.408482][T13803] hsr_slave_0: entered promiscuous mode
[  383.420387][T13803] hsr_slave_1: entered promiscuous mode
[  383.438244][T13803] debugfs: 'hsr0' already exists in 'hsr'
[  383.444049][T13803] Cannot create hsr debugfs directory
[  383.612365][T13860] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2100'.
[  383.739579][T13803] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.855037][T13803] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.931963][T13803] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.025614][T13803] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.135244][ T5172] Bluetooth: hci4: command tx timeout
[  384.184405][T13803] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  384.195648][T13803] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  384.207731][T13803] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  384.219872][T13803] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  384.336756][T13803] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.361884][T13803] 8021q: adding VLAN 0 to HW filter on device team0
[  384.376521][ T3446] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.383710][ T3446] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.404102][ T3446] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.411300][ T3446] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.673095][T13803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.727520][T13803] veth0_vlan: entered promiscuous mode
[  384.744370][T13803] veth1_vlan: entered promiscuous mode
[  384.785101][T13803] veth0_macvtap: entered promiscuous mode
[  384.797495][T13803] veth1_macvtap: entered promiscuous mode
[  384.820600][T13803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  384.834464][T13803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  384.839087][ T5852] pegasus 6-1:0.0: can't reset MAC
[  384.860046][ T5852] pegasus 6-1:0.0: probe with driver pegasus failed with error -5
[  384.860637][ T3512] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  384.886636][ T3512] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  384.895020][ T5852] usb 6-1: USB disconnect, device number 26
[  384.912742][ T3512] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.923825][ T3512] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  385.010187][ T6002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.023723][ T6002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.059082][ T3512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.067673][ T3512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  386.214856][ T5172] Bluetooth: hci4: command tx timeout
[  386.260735][T13909] batadv_slave_1: entered promiscuous mode
[  386.504521][ T5937] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  386.640534][T13912] /dev/rnullb0: Can't open blockdev
[  386.649822][T13913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.659005][T13913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.676800][ T5937] usb 6-1: config 54 has an invalid descriptor of length 0, skipping remainder of the config
[  386.690121][ T5937] usb 6-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=d1.6e
[  386.700549][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.708985][ T5937] usb 6-1: Product: syz
[  386.713282][ T5937] usb 6-1: Manufacturer: syz
[  386.718343][ T5937] usb 6-1: SerialNumber: syz
[  386.733902][ T5937] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  386.741889][ T5937] dvb-usb: bulk message failed: -22 (3/0)
[  386.769329][ T5937] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  386.787436][ T5937] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19)
[  386.796063][ T5937] dvb_usb_umt_010 6-1:54.0: probe with driver dvb_usb_umt_010 failed with error -22
[  386.864533][   T43] usb 1-1: new full-speed USB device number 90 using dummy_hcd
[  386.933725][ T5937] usb 6-1: USB disconnect, device number 27
[  386.939731][T13908] batadv_slave_1: left promiscuous mode
[  387.028305][   T43] usb 1-1: not running at top speed; connect to a high speed hub
[  387.038108][   T43] usb 1-1: config 2 has an invalid interface number: 145 but max is 0
[  387.046745][   T43] usb 1-1: config 2 has no interface number 0
[  387.052876][   T43] usb 1-1: config 2 interface 145 has no altsetting 0
[  387.062080][   T43] usb 1-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=5e.bc
[  387.071398][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.080687][   T43] usb 1-1: Product: syz
[  387.085017][   T43] usb 1-1: Manufacturer: syz
[  387.089662][   T43] usb 1-1: SerialNumber: syz
[  387.359163][   T43] usb 1-1: bad CDC descriptors
[  387.366817][   T43] usb 1-1: unsupported MDLM descriptors
[  387.377610][   T43] usb 1-1: USB disconnect, device number 90
[  387.516602][T13915] /dev/rnullb0: Can't open blockdev
[  387.641414][T13917] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2111'.
[  387.944447][   T43] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  387.977118][T13921] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  388.116819][   T43] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  388.126235][   T43] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  388.137064][   T43] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  388.147782][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  388.159234][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  388.172631][   T43] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  388.181955][   T43] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  388.190060][   T43] usb 6-1: Product: syz
[  388.194608][   T43] usb 6-1: Manufacturer: syz
[  388.210678][   T43] cdc_wdm 6-1:1.0: skipping garbage
[  388.216142][   T43] cdc_wdm 6-1:1.0: skipping garbage
[  388.223053][   T43] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  388.229526][   T43] cdc_wdm 6-1:1.0: Unknown control protocol
[  388.294667][ T5172] Bluetooth: hci4: command tx timeout
[  388.334318][  T986] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  388.484336][  T986] usb 1-1: Using ep0 maxpacket: 16
[  388.491769][  T986] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  388.501060][  T986] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.514526][  T986] usb 1-1: config 0 descriptor??
[  388.525304][  T986] gspca_main: sonixj-2.14.0 probing 0471:0327
[  388.821498][T13925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.832437][T13925] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.843526][T13925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.854682][T13925] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.866369][T13925] /dev/rnullb0: Can't open blockdev
[  390.271866][T13949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.286084][T13949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.379121][ T5172] Bluetooth: hci4: command tx timeout
[  390.384371][  T986] gspca_sonixj: i2c_w8 err -110
[  390.421397][  T986] sonixj 1-1:0.0: probe with driver sonixj failed with error -110
[  390.814506][ T5900] usb 6-1: USB disconnect, device number 28
[  392.251429][   T43] usb 1-1: USB disconnect, device number 91
[  392.580826][T13978] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  393.751588][T13999] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2136'.
[  398.132735][   T30] audit: type=1804 audit(1752562856.946:18): pid=14047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2151" name="/newroot/140/file1" dev="fuse" ino=1 res=1 errno=0
[  398.153360][    C1] vkms_vblank_simulate: vblank timer overrun
[  398.184017][   T30] audit: type=1800 audit(1752562856.946:19): pid=14047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2151" name="/" dev="fuse" ino=1 res=0 errno=0
[  398.249232][   T30] audit: type=1800 audit(1752562856.946:20): pid=14044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2151" name="/" dev="fuse" ino=1 res=0 errno=0
[  398.548510][T14064] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  398.566904][T14064] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  398.579658][T14064] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  398.591396][T14064] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  398.601598][T14064] kvm: requested 170133 ns i8254 timer period limited to 200000 ns
[  398.610977][T14064] kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[  398.622096][T14064] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  398.631347][T14064] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  399.765072][T14071] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2157'.
[  399.796925][T14073] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2159'.
[  399.806623][T14073] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2159'.
[  399.971599][T14079] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2161'.
[  401.287705][   T24] usb 2-1: USB disconnect, device number 82
[  403.026029][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  403.045859][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  403.063941][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  403.079298][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  403.092613][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  403.588288][ T5852] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  403.784329][ T5852] usb 1-1: Using ep0 maxpacket: 8
[  403.824454][ T5852] usb 1-1: unable to get BOS descriptor or descriptor too short
[  403.885932][ T5852] usb 1-1: config 4 interface 0 has no altsetting 0
[  403.913824][ T5852] usb 1-1: string descriptor 0 read error: -22
[  403.954837][ T5852] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  403.994301][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.027626][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.109650][ T5852] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  404.190704][ T5852] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  404.286118][ T5852] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  404.293350][ T5852] usb 1-1: media controller created
[  404.411287][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.512388][ T5852] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  404.755562][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.034116][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.175045][ T5856] Bluetooth: hci1: command tx timeout
[  405.757116][ T5852] zl10353_read_register: readreg error (reg=127, ret==0)
[  405.901171][T14116] chnl_net:caif_netlink_parms(): no params data found
[  405.931693][   T36] bridge_slave_1: left allmulticast mode
[  405.941033][   T36] bridge_slave_1: left promiscuous mode
[  405.948099][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  405.993547][ T5852] usb 1-1: USB disconnect, device number 92
[  405.995121][   T36] bridge_slave_0: left allmulticast mode
[  406.016684][   T36] bridge_slave_0: left promiscuous mode
[  406.033993][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.740854][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  406.765725][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  406.781489][   T36] bond0 (unregistering): Released all slaves
[  406.853917][T14152] lo speed is unknown, defaulting to 1000
[  407.110783][   T36] tipc: Disabling bearer <udp:syz1>
[  407.133288][T14152] lo speed is unknown, defaulting to 1000
[  407.155935][   T36] tipc: Left network mode
[  407.237429][T14152] lo speed is unknown, defaulting to 1000
[  407.254732][ T5856] Bluetooth: hci1: command tx timeout
[  407.268995][T14152] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  407.293263][T14152] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  407.519502][T14152] lo speed is unknown, defaulting to 1000
[  407.531805][T14116] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.564381][T14116] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.571688][T14116] bridge_slave_0: entered allmulticast mode
[  407.592987][T14116] bridge_slave_0: entered promiscuous mode
[  407.636977][T14152] lo speed is unknown, defaulting to 1000
[  407.646342][T14116] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.653709][T14116] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.694483][T14116] bridge_slave_1: entered allmulticast mode
[  407.735536][T14116] bridge_slave_1: entered promiscuous mode
[  407.862373][T14152] lo speed is unknown, defaulting to 1000
[  407.921964][T14152] lo speed is unknown, defaulting to 1000
[  407.992923][T14152] lo speed is unknown, defaulting to 1000
[  408.000593][T14116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  408.043790][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[  408.053544][T14116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  408.078123][T14152] lo speed is unknown, defaulting to 1000
[  408.114095][T14152] lo speed is unknown, defaulting to 1000
[  408.140197][T14152] lo speed is unknown, defaulting to 1000
[  408.149973][T14116] team0: Port device team_slave_0 added
[  408.162072][T14116] team0: Port device team_slave_1 added
[  408.212319][   T36] hsr_slave_0: left promiscuous mode
[  408.232315][   T36] hsr_slave_1: left promiscuous mode
[  408.256263][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  408.271792][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  408.286060][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  408.305219][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  408.330585][   T36] veth1_macvtap: left promiscuous mode
[  408.339261][   T36] veth0_macvtap: left promiscuous mode
[  408.345535][   T36] veth1_vlan: left promiscuous mode
[  408.351102][   T36] veth0_vlan: left promiscuous mode
[  408.515509][   T36] pim6reg (unregistering): left allmulticast mode
[  409.335630][ T5172] Bluetooth: hci1: command tx timeout
[  409.642093][T14116] batman_adv: batadv0: Adding interface: batadv_slave_0
[  409.649343][T14116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.676864][T14116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  409.727604][T14116] batman_adv: batadv0: Adding interface: batadv_slave_1
[  409.735267][T14116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.761443][T14116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  409.869683][T14116] hsr_slave_0: entered promiscuous mode
[  409.876647][T14116] hsr_slave_1: entered promiscuous mode
[  410.042970][   T36] IPVS: stop unused estimator thread 0...
[  410.058727][ T5172] Bluetooth: hci3: command 0x1003 tx timeout
[  410.069136][ T5856] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  410.303554][T14234] siw: device registration error -23
[  410.783806][T14235] syzkaller1: entered promiscuous mode
[  410.824273][T14235] syzkaller1: entered allmulticast mode
[  411.254831][T14256] trusted_key: syz.0.2211 sent an empty control message without MSG_MORE.
[  411.416311][ T5856] Bluetooth: hci1: command tx timeout
[  412.280752][T14265] lo speed is unknown, defaulting to 1000
[  412.465096][T14116] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  412.493023][T14116] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  412.527903][T14116] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  412.580583][T14116] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  412.602410][T14276] siw: device registration error -23
[  413.111191][T14116] 8021q: adding VLAN 0 to HW filter on device bond0
[  413.161557][T14116] 8021q: adding VLAN 0 to HW filter on device team0
[  413.222642][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.229904][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  413.267771][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.275021][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  414.108606][T14116] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.172852][T14337] overlayfs: failed to resolve './file1': -2
[  414.250732][T14116] veth0_vlan: entered promiscuous mode
[  414.813336][T14116] veth1_vlan: entered promiscuous mode
[  414.983735][T14116] veth0_macvtap: entered promiscuous mode
[  415.043928][T14116] veth1_macvtap: entered promiscuous mode
[  415.101010][T14116] batman_adv: batadv0: Interface activated: batadv_slave_0
[  415.161420][T14116] batman_adv: batadv0: Interface activated: batadv_slave_1
[  415.220603][   T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  415.271893][   T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  415.316538][   T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  415.357090][   T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  415.528895][ T3503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.564424][ T3503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.660412][  T806] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.700606][  T806] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.229424][T14484] 9pnet_fd: Insufficient options for proto=fd
[  422.928440][T14510] 9pnet_fd: Insufficient options for proto=fd
[  424.462798][T14546] 9pnet_fd: Insufficient options for proto=fd
[  425.043454][ T5852] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  425.444567][ T5852] usb 1-1: Using ep0 maxpacket: 32
[  425.484265][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.495418][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  425.533642][ T5852] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  425.553354][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.592716][ T5852] usb 1-1: config 0 descriptor??
[  426.061121][ T5852] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  426.459989][  T986] usb 1-1: USB disconnect, device number 93
[  427.816758][T14652] 9pnet_fd: Insufficient options for proto=fd
[  428.194315][  T986] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  428.348030][  T986] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  428.359282][  T986] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  428.371045][  T986] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  428.380477][  T986] usb 1-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0
[  428.388940][  T986] usb 1-1: Product: syz
[  428.398503][T14662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  428.414111][  T986] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  429.174936][ T5172] Bluetooth: hci3: command 0x1003 tx timeout
[  429.181457][ T5856] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  429.284563][T14680] 9pnet_fd: Insufficient options for proto=fd
[  429.375693][ T5937] usb 1-1: USB disconnect, device number 94
[  429.694349][  T986] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  429.753461][T14699] overlayfs: failed to resolve './file1': -2
[  429.834370][  T986] usb 6-1: device descriptor read/64, error -71
[  429.968729][T14705] 9pnet_fd: Insufficient options for proto=fd
[  430.094355][  T986] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  430.224381][  T986] usb 6-1: device descriptor read/64, error -71
[  430.267721][T14722] overlayfs: failed to resolve './file0': -2
[  430.334954][  T986] usb usb6-port1: attempt power cycle
[  430.461309][T14730] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  430.533853][T14734] 9pnet_fd: Insufficient options for proto=fd
[  430.721244][  T986] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  430.755061][  T986] usb 6-1: device descriptor read/8, error -71
[  430.788755][T14749] overlayfs: failed to resolve './file0': -2
[  431.132693][T14760] 9pnet_fd: Insufficient options for proto=fd
[  431.206721][  T986] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  431.642974][  T986] usb 6-1: device descriptor read/8, error -71
[  431.904985][  T986] usb usb6-port1: unable to enumerate USB device
[  431.917554][T14763] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2383'.
[  432.206279][T14777] overlayfs: failed to resolve './file0': -2
[  433.723062][T14785] 9pnet_fd: Insufficient options for proto=fd
[  434.924494][ T5852] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  435.054742][ T5852] usb 2-1: device descriptor read/64, error -71
[  435.164080][T14827] lo speed is unknown, defaulting to 1000
[  435.304254][ T5852] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  435.421424][T14835] overlayfs: failed to resolve './file0': -2
[  435.444344][ T5852] usb 2-1: device descriptor read/64, error -71
[  435.564698][ T5852] usb usb2-port1: attempt power cycle
[  435.610385][T14827] netlink: 'syz.0.2410': attribute type 4 has an invalid length.
[  435.804314][ T5856] Bluetooth: hci0: unexpected event for opcode 0x2041
[  435.914475][ T5852] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  435.970074][ T5852] usb 2-1: device descriptor read/8, error -71
[  436.224314][ T5852] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  436.285067][ T5852] usb 2-1: device descriptor read/8, error -71
[  436.396078][ T5852] usb usb2-port1: unable to enumerate USB device
[  436.428716][T14856] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2420'.
[  436.491339][T14859] ------------[ cut here ]------------
[  436.492103][T14860] overlayfs: failed to resolve './file0': -2
[  436.497264][T14859] kernel BUG at fs/buffer.c:1582!
[  436.500446][T14859] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  436.514667][T14859] CPU: 1 UID: 0 PID: 14859 Comm: syz.4.2421 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  436.526339][T14859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  436.536410][T14859] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[  436.541741][T14859] Code: 4c 89 e2 e8 a6 50 bd 02 e9 42 ff ff ff e8 5c 9d 77 ff 48 89 df 48 c7 c6 e0 35 ba 8b e8 2d 76 c0 ff 90 0f 0b e8 45 9d 77 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[  436.561366][T14859] RSP: 0018:ffffc90002e77790 EFLAGS: 00010287
[  436.567451][T14859] RAX: ffffffff8248785b RBX: ffffea0001609e00 RCX: 0000000000080000
[  436.575488][T14859] RDX: ffffc900185f1000 RSI: 0000000000001134 RDI: 0000000000001135
[  436.583475][T14859] RBP: dffffc0000000000 R08: ffffea0001609e07 R09: 1ffffd40002c13c0
[  436.591453][T14859] R10: dffffc0000000000 R11: fffff940002c13c1 R12: 0000000000000002
[  436.599433][T14859] R13: 0000000000004000 R14: ffff888052a1a740 R15: 0000000000004000
[  436.607410][T14859] FS:  00007f5f591f76c0(0000) GS:ffff8881258b4000(0000) knlGS:0000000000000000
[  436.616342][T14859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  436.622927][T14859] CR2: 000000110c3775d1 CR3: 000000003068c000 CR4: 00000000003526f0
[  436.630917][T14859] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005
[  436.638913][T14859] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  436.647001][T14859] Call Trace:
[  436.650300][T14859]  <TASK>
[  436.653253][T14859]  folio_alloc_buffers+0x3a0/0x640
[  436.658405][T14859]  bdev_getblk+0x286/0x660
[  436.662840][T14859]  __bread_gfp+0x89/0x3c0
[  436.667186][T14859]  ntfs_bread+0xc2/0x1e0
[  436.671532][T14859]  ntfs_fill_super+0x63d/0x40b0
[  436.676448][T14859]  ? format_decode+0x5ee/0xe30
[  436.681252][T14859]  ? vsnprintf+0xe11/0xf00
[  436.685705][T14859]  ? __pfx_ntfs_fill_super+0x10/0x10
[  436.691015][T14859]  ? sb_set_blocksize+0x85/0x180
[  436.695966][T14859]  ? setup_bdev_super+0x4c1/0x5b0
[  436.701000][T14859]  get_tree_bdev_flags+0x40b/0x4d0
[  436.706121][T14859]  ? __pfx_ntfs_fill_super+0x10/0x10
[  436.711415][T14859]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  436.717146][T14859]  vfs_get_tree+0x92/0x2b0
[  436.721572][T14859]  do_new_mount+0x2a2/0x9e0
[  436.726084][T14859]  ? ns_capable+0x8a/0xf0
[  436.730537][T14859]  ? __pfx_do_new_mount+0x10/0x10
[  436.735568][T14859]  ? path_mount+0x61c/0xfe0
[  436.740078][T14859]  ? user_path_at+0x44/0x60
[  436.744602][T14859]  __se_sys_mount+0x317/0x410
[  436.749296][T14859]  ? __pfx___se_sys_mount+0x10/0x10
[  436.754502][T14859]  ? rcu_is_watching+0x15/0xb0
[  436.759281][T14859]  ? do_syscall_64+0xbe/0x3b0
[  436.763969][T14859]  ? __x64_sys_mount+0x20/0xc0
[  436.768746][T14859]  do_syscall_64+0xfa/0x3b0
[  436.773265][T14859]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.778479][T14859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.784562][T14859]  ? clear_bhb_loop+0x60/0xb0
[  436.789260][T14859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.795169][T14859] RIP: 0033:0x7f5f5838e929
[  436.799936][T14859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.819556][T14859] RSP: 002b:00007f5f591f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  436.827981][T14859] RAX: ffffffffffffffda RBX: 00007f5f585b5fa0 RCX: 00007f5f5838e929
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  436.835959][T14859] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000200000000040
[  436.843945][T14859] RBP: 00007f5f58410b39 R08: 0000000000000000 R09: 0000000000000000
[  436.851945][T14859] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000
[  436.859937][T14859] R13: 0000000000000000 R14: 00007f5f585b5fa0 R15: 00007ffdc2823398
[  436.867929][T14859]  </TASK>
[  436.870961][T14859] Modules linked in:
[  436.876584][T14859] ---[ end trace 0000000000000000 ]---
[  436.884863][T14859] RIP: 0010:folio_set_bh+0x1dc/0x1e0
[  436.909281][T14859] Code: 4c 89 e2 e8 a6 50 bd 02 e9 42 ff ff ff e8 5c 9d 77 ff 48 89 df 48 c7 c6 e0 35 ba 8b e8 2d 76 c0 ff 90 0f 0b e8 45 9d 77 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
[  437.006733][T14859] RSP: 0018:ffffc90002e77790 EFLAGS: 00010287
[  437.054291][T14859] RAX: ffffffff8248785b RBX: ffffea0001609e00 RCX: 0000000000080000
[  437.124840][T14859] RDX: ffffc900185f1000 RSI: 0000000000001134 RDI: 0000000000001135
[  437.132889][T14859] RBP: dffffc0000000000 R08: ffffea0001609e07 R09: 1ffffd40002c13c0
[  437.185981][T14859] R10: dffffc0000000000 R11: fffff940002c13c1 R12: 0000000000000002
[  437.194031][T14859] R13: 0000000000004000 R14: ffff888052a1a740 R15: 0000000000004000
[  437.224208][T14859] FS:  00007f5f591f76c0(0000) GS:ffff8881258b4000(0000) knlGS:0000000000000000
[  437.233209][T14859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  437.253978][T14859] CR2: 00007ffc92c71f1c CR3: 000000003068c000 CR4: 00000000003526f0
[  437.294254][T14859] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005
[  437.302403][T14859] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  437.367358][T14859] Kernel panic - not syncing: Fatal exception
[  437.373962][T14859] Kernel Offset: disabled
[  437.378342][T14859] Rebooting in 86400 seconds..