last executing test programs:

3.777216996s ago: executing program 3 (id=884):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x8000, 0xc0000)
r3 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000bc4000/0x4000)=nil, &(0x7f00008d6000/0x3000)=nil, 0x4000})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x200)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r4, 0x100, 0x0)
getdents64(r4, 0x0, 0x0)
ioctl$EVIOCGSW(r2, 0x8040451b, &(0x7f0000019200)=""/139)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

3.715988749s ago: executing program 1 (id=885):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
pipe2$9p(&(0x7f00000001c0), 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000021000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0)

3.68367673s ago: executing program 1 (id=886):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]})
ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x12, r0, 0x5809000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r3, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff})
write$binfmt_aout(r4, 0x0, 0x9ffc)
getdents64(r3, &(0x7f0000000100)=""/59, 0x3b)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async)
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}) (async)
ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000080)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x12, r0, 0x5809000) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) (async)
pwritev2(r3, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) (async)
write$binfmt_aout(r4, 0x0, 0x9ffc) (async)
getdents64(r3, &(0x7f0000000100)=""/59, 0x3b) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0) (async)

3.455704826s ago: executing program 1 (id=889):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000980), r0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x7ff, 0x0, 0x0, 0x8a}, 0x9c)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x180000000)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000100)=0x80000000, 0x4)
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10)
listen(r5, 0x208)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000000), &(0x7f0000000040)=0x8)
sendto$unix(r3, 0x0, 0x0, 0x2000080, &(0x7f0000000d40)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)=ANY=[@ANYBLOB='$\x00\x00\t', @ANYRES16=r1, @ANYBLOB="010029bd7000ffdbdf250900000008001400150000000500130001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
r8 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
readv(r8, &(0x7f0000000400)=[{&(0x7f0000000140)=""/103, 0x67}, {&(0x7f0000000200)=""/122, 0x7a}, {&(0x7f0000000280)=""/108, 0x6c}, {&(0x7f0000000300)=""/94, 0x5e}, {&(0x7f0000000380)=""/124, 0x7c}], 0x5)

3.417060519s ago: executing program 3 (id=890):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async, rerun: 32)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async, rerun: 32)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x1, 0x3}}) (async, rerun: 64)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) (rerun: 64)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000180)='asymmetric\x00', &(0x7f0000000140)=@keyring={'key_or_keyring:', r3}) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200c0801}, 0x0) (async)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) (async)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f0000000000)=0x41) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000002) (async)
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f0000000040)={{&(0x7f00004be000/0x2000)=nil, 0x2000}, 0x1})
mremap(&(0x7f00007e2000/0x3000)=nil, 0x3000, 0x6000, 0x0, &(0x7f0000203000/0x6000)=nil) (async)
getsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, 0x0, &(0x7f0000000240))

3.259882756s ago: executing program 3 (id=892):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$PTP_PIN_GETFUNC2(r2, 0xc0603d0f, &(0x7f0000000100)={'\x00', 0x6, 0x1, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000180))
write$tun(r4, &(0x7f0000000380)={@val={0x20}, @void, @eth={@broadcast, @random="dff306308693", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x32, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x0, 0x0, 0x8}}}}}}, 0x2e)

3.047938209s ago: executing program 3 (id=895):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x2200}, 0x0)

2.899711433s ago: executing program 3 (id=900):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000004003000608000008000e"], 0x24}}, 0x0)

2.881277577s ago: executing program 0 (id=901):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="03dd"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000002000)=ANY=[@ANYBLOB="12010000facf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x1, 'w'}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000003c0)={0x20, 0x16, 0x2, "f2ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="001494"], 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f00000004c0)={0x34, &(0x7f0000000000)={0x0, 0x10, 0x1, '_'}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write(r0, 0x81, 0xfffffffffffffd77, &(0x7f0000000000)="00012c61020000001c11447298a9538f168516ff037f291e463685b0139216171afd0eafbd9c28d93b8b8fbdd59f3d473eb9d29d3de65dea17")
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d87213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc775510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c30540e0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000200)={0x14, &(0x7f0000000140)={0x20, 0x6, 0x52, {0x52, 0xd, "d009a58e45b9ce7b5408c069cc915817300785146e91c3d1547de3b5202f4ed59f5487b150e8301750f99224047f37ed91813f303184b757f5d339b4df5d73923b31cce7139ac5abbb8a738cd203b4fe"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x40, 0xa, 0xb5, "0d2622075d073b9974280d4d3ffe4669a2296d24aeaa2b21bdc78eab430133ccd699a1b4c637f0d4dbf87d6b763bbd3a4970081af5df1d68a63df06d66dc397c09aa1d013e7ac174871b4bfa240baa4d5eadaf62036681f4af49d4e1c38b9c72afa6a956b5f4fd549387feb07765aa2fcbc8169e3bd2361daeaa41aaaa6139ecc1604a55fbf4a30b608ffdd30b070ec2e9803bd9115b8c873e3af05225454fcf34ef0c33578d65ab1af371212308e04f0f54d9be11"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x70, 0x22f6, 0x1, 0x9, 0xc, 0x7, 0xfc3, 0xbb, 0x6, 0x7, 0x0, 0x360a}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0x3ff}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x84d}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0x5}, &(0x7f00000004c0)={0x20, 0x89, 0xa, 0xfffe}})

2.854975095s ago: executing program 3 (id=902):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)=0x8)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pipe(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="b54da97ad4455a7589da700e7b3930cf3e08acf7bb59936ff82bd8f5939fbeac555b7c5adbc0ba23d09079392db3fd846c540027ce570c824a3ad46b4539bf3878336b2e67003dfa51cff688290fbb62dd482a4290732d6a1043ea29203d503475a50fb053f62fd04a2ae39bec80b17f2fd2896e78a080ca6aff15aea2c5ac91a3da7c99820ca9876fdc1e2ef6755cbd8be5ecff11e876bb687ba40c579fa592c7c2f419f77c0279145b75d7c507ed74b8fdcf1361594b9f61aeb6c7daf2e5b1f03ab2a9d1877a488480a10b0f952e81017c7dd1d887db1ceaff91131b", 0xdd}, {&(0x7f0000001480)="91adae1bcb0d2ff55b8b775a64a90e8119c0c1c4449bf8f3b9ec1d1f517a062f4087dc310de7f9f6b171774ca5c3954769464f10b6463381601478a5e19281c75ca8a3baa988a8e847e9b533b7e05afe645bd2dda561cd84563fc40176bbf1258cac6caaccf92555e75d0b7714e53ab8fdd64385e92cbf6b222a7823f6ce629cbbf16858cacdbd4308f76de6b4150a27", 0x90}, {&(0x7f0000001540)="c59e6722ec13a5ecd23386a50b9aa3766ddfa6522a717bb0684ff252f48c6f01ac5b4f0e1ff9d4b5e09b8c3ae696d691180653b536ed83ad8eab6355cb8356a5da39ca5c4af2232ea510a66c534fea4c6ae5f8a81becc4f20656e1fe76b4072d042cd382f953e89f1e70fa679de9384f2f9454d6c5732b65e644d857afc646bc1ebf86602a769af1f73d4c350d6eb7a8277fb9e48cb7cb891145e958fe508dbb8b0b1c69d6b6b66c067e1b16e7a1228e29cb7d34da6656cffb7b9491d3d74b094d7d82b7036d1ee3908a28fcb394c903a1b087874d53b2f92f", 0xd9}], 0x3, 0x1)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
splice(r2, 0x0, r4, 0x0, 0xe, 0xa)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0)

1.283901488s ago: executing program 2 (id=903):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0)
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
pipe(&(0x7f0000000600))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35f5ff00000000000700ff020000000000000000000000000001"], 0xfdef)

1.19684421s ago: executing program 0 (id=904):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
sendmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a5", 0x1}], 0x1, &(0x7f0000008380)=ANY=[], 0x20000}}], 0x1, 0x24004851)

1.159396851s ago: executing program 2 (id=905):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)

1.017282258s ago: executing program 0 (id=906):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000002480)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf0e3a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b1794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746063d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c5169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a60000564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9de9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc549000000000000000015a34abef947b5b9a950e780662de18873e55899c92db3ad00437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb00800000000000000ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c040000002b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e400", 0x1000}}, 0x101a)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x100, 0x0, 0x7000000, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}})

1.017172556s ago: executing program 2 (id=907):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}, 0x1, 0x20}, 0x0)

923.024427ms ago: executing program 2 (id=908):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x62a02, 0x0)
fadvise64(r2, 0x65f, 0x2, 0x5) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000)
mlock(&(0x7f00002a3000/0x3000)=nil, 0x3000)

824.327752ms ago: executing program 0 (id=909):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="000086dd000411001400000000006eec00be0044320100000000050000000000ffff7f000001ff020000000000000000000000000001"], 0x7a)

731.905792ms ago: executing program 2 (id=910):
syz_80211_inject_frame(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="80000000080251000001080211000000aa09b799c0d700000000000000000000be687fd2ad", @ANYRESHEX], 0xb5)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000003000000000000aaff0200000000000000000000000000013a"], 0xfdef)

609.335758ms ago: executing program 0 (id=911):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
sendmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a5", 0xffffffffffffff34}], 0x1, &(0x7f0000008380)=ANY=[], 0x2230}}], 0x1, 0x24004851)

570.214599ms ago: executing program 0 (id=912):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x8, 0x80002, 0x5, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0xd, 0x0, 0x0, 0x800000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x3, {0x5, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, {0x0, 0x2000000000, 0x0, 0x2, 0x0, 0x0, 0x4, 0x4, 0x4, 0x2000, 0x7, r2, 0x0, 0xf0ee, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
open(&(0x7f00000001c0)='./file0/file0\x00', 0x1800, 0x0)
socket$key(0xf, 0x3, 0x2)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)

347.992253ms ago: executing program 1 (id=913):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="000086dd000411001400000000006eec00be00446c010000000000ff00000000ffff7f000001ff020000000000000000000000000001"], 0x7a)

253.278284ms ago: executing program 1 (id=914):
clock_adjtime(0x0, &(0x7f00000001c0)={0x8b8d, 0x1000000000000, 0x2, 0x9, 0x0, 0xfffffffffffffffd, 0xe00, 0x0, 0x0, 0xffc99a3b, 0x0, 0x6, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x10007f, 0x0, 0x0, 0x0, 0x60d2, 0x0, 0x5, 0x1, 0x2})

223.333053ms ago: executing program 1 (id=915):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000240)=0x3, 0x4)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x125002, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r3, 0x3b88, &(0x7f00000001c0)={0xc})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x80000)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000980)={0xfe0, r7, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x8d}, @NL80211_ATTR_CSA_IES={0xfbc, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x12, 0xba, [0x5, 0x6, 0x8000, 0x2, 0x4b, 0x9, 0xae5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0xffff]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0xbc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa5, 0x3, "081e492cd08c88e67951c9e0a5d3d9b5ae2a47cc062d39976be7de0f99c78612a9fcad3a74fbf5eb9cfadec1ec3732a00f53409e1a614719929bb5b7b9de7511afd9b4c2c56def0374f06d2cad184c90cac91c30ef3e11e26af5fdce3f7d4b41608ff56d9eba22b8881b5834e1eb0b4662787c956d491f1a03cf258cdec8429bf3886d311089a62ea9f7317ecdf635705d844fd46f0f7e303e55d0d1f1857e6000"}, @NL80211_FTM_RESP_ATTR_LCI={0xd, 0x2, "abf83c359c1b709d19"}]}], @beacon_params=[@NL80211_ATTR_IE_PROBE_RESP={0x7, 0x7f, [@dsss={0x3, 0x1, 0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x249, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x2}, @device_b, @device_b, @initial, {0x3, 0x6}}, 0x8, @random=0x9, 0x100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x30}, {0x9}, {0x48, 0x1}, {0x6c, 0x1}]}, @void, @val={0x4, 0x6, {0xfc, 0x6, 0xfffe, 0x7}}, @val={0x6, 0x2, 0x4d86}, @void, @val={0x25, 0x3, {0x1, 0x78, 0xfc}}, @void, @val={0x3c, 0x4, {0x0, 0x3, 0x40, 0x5}}, @val={0x2d, 0x1a, {0x1, 0x0, 0x2, 0x0, {0x6, 0x0, 0x0, 0x277, 0x0, 0x1, 0x1}, 0x1, 0x0, 0x2b}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x1, 0x1, 0x0, 0xc5, 0x11}}, @val={0x76, 0x6, {0x8, 0x1, 0x1a, 0x371}}, [{0xdd, 0x9e, "299cef4163785088527e7858eb0a7e1b27b76fd88244cf2ea5af4ff59538eb3de66c9b43c82b8763e50f12447d469fb995cd3326d0728ed5a35f5688cda5b1a00505a56bbed32b085c2239d96db4e167ce248c7f18cb8e57631a6e2f72ab810b3382468173d7e15316c8b012ed86aadd8ca3ee97e79e14c55d67c10aaa47c720093fde00629704618b04212f364910eb9c425488a953449059f223ec748c"}, {0xdd, 0x81, "c120b03dd28e736ce801bcf4ab686b8a2fefbd3a8d43140de976a56c7864e7d2272ccb82314815d06de6cbe0d7ffacd3fd67a48dc0af1ab50c51ed581dd4fcd7fe581ed46f775581a0cf9a07c06ea2f1647b6e5660541a26b61d7f55b21b22be436754fb25e10fab089613cb59c3a7281a13eb3e1fbb55d1d57ef1b65315d4dfbb"}, {0xdd, 0xa2, "e37e2372d43de03cf965b529e09c898ebd33f8430c61652d1f9e691e3f0b7e21f9a7cdeafe26ca8d76db38eefa2c23d6d1dbc940d31172a9b22fd55e56d35437b9b3e611c45d2959f88160fea1943015dd245cce73fc75b8663289ba3acbf3102944ce40d5324a6c5f4abcea7dfbf1de2fe8bf48a657c484d218f9b2cbac175e0b51a9d3018ce62bae0c677725ac226c1bac714a3a7c0be24255393dd32b2365abdc"}]}}, @NL80211_ATTR_BEACON_HEAD={0xe1, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x9}, @device_a, @broadcast, @random="82768bd5effa", {0x5, 0x7}}, 0x8000000000000001, @default, 0xc21c, @void, @val, @val={0x3, 0x1}, @void, @val={0x6, 0x2, 0x7f}, @val={0x5, 0x97, {0x7, 0x40, 0xe, "d8cb8f1f495101525bed4d8c5ead4c11d9b24552ac8afb37d40df18a05d5dd3c8f9b26592d48b92bfd7d28ce568dcd2f559806e8599660baf262453667cc99e45c5c9c410a6be0b87abb5820c857ed609c659ffee82d965d00f01e0050c28fe8b9c50a3844e2827fc478653ae71e3f4ac5e2ed62b5c44130ff92acba3fe9bea71ff94e6ec239fb4c69928d20e2dc2c6a12c27970"}}, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x1, 0x7}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5482e668ee86c2cc}}, @void}}], @beacon_params=[@NL80211_ATTR_IE={0x14d, 0x2a, [@random_vendor={0xdd, 0x5c, "59dfb387d0a6efc1497e990cac981e37cdd8f4403e8fc567b661aca4e0381faa45ff6f80a80d086f4ba115a10cfe9354fdb5210e032dd099b31fe9c97aae567c2b03c6aae15092fcad115825663917295a2dd441f7ecc7fa5f486822"}, @measure_req={0x26, 0xe9, {0x7f, 0xaa, 0x7, "e65460ea76cb57ee4aeeb2be8ba0d37917f4f42877a73a993ef193817e96d3747a216b89f8130db8e07deebcfd1eab3c35367005cfc417da1ca8207b3b0647b10f0463bb64dc64377c57aa056ec615310eaf68c8db596cf2da230c0a31e5c3d3e32b206944cd3349f5efb9a82e6efa72546228804fd9d0ef9fffa46e2cdcf55be796ac57f7d1a87bca55365f6f7dbc79ca7dad79e2cf9cffe79a54c9127b3172aa01e7ae21657137d454880760461d53aef1cd6e84d16af803a81eecd0cd7195165ed3a861df5a338d0785c2eee3d1244962a678b61ff04503351ba0bc522addc47b4fc6a5c2"}}]}, @NL80211_ATTR_PROBE_RESP={0x395, 0x91, "ff64a398bbb1c52b95d241ee0239d8e7856928333226b96f8b183c1ec8e8b9f7e41e286edc01d12ccc867d4de5e4ce1b3243f1725045fec8666e472c8866ef69d53414cdce2e7bd951c5da4a593e29171deeb02c5eef8d6fc87d45851b3aef75476d0453da652c26c664116f0fa70bf7b38d74e12d15418a3124e8eef7949a8815132bb216fe0c1d079c0fb2f79c31346da1ccbb0e6fbcac1c0a1267e89d16c674369b3eff44d00534f29414b457e5131d0e86eeec22de13f492c1e7e3125dd0ade997a97af335b5ce10674a90876003714cff5105359d3e780c291d78d46fadf88d28b0340282d3249cf0252be5987dda61f104e016e40d59f8d70e2518ab0a914c4bf5b5670b91d5a7951aeb7f52284240a2335e226727d73ab3790dad7fd8560511363ba2715a852c253bb21de66f18f322563e75b4f01696012ca4610fd1e2dd2441044cf30f208cd48143b1c11c3d162b0195c98ec3427437f4daeec240e563d34987202e95d23400da938723d5c9a8577b1f3153771578239c10e32023eba8b6ec8868ae7f7cc5a66685cb0815a9809d23c623b7ed9bf6590cd1a2d9676adda79b80264ad8543c854e6d2f4e26cad8f2001b637c4c5ddef802dbc988f4c285d761485914b836009df3cca7e640fbcd52dc77ae3d2aa487b996b88bfab56699cc4e2bd5253d3e1d7b56fa6d305643a5e42081dd7e4d285bfb5fa3e75f62fb88dbd3d37c16cca8adc1ea8a578b560b79fa6d5b279ee0e65eaef66009d3001a0faf2604c81a6acff52683467f43963629ae731595d6ff620aee141e844130d1bf6bd9762ebbb7263236bd7ece3fd44d31a3ca0317898ef9a1581c0693ffc180e1aee7b25af4239683623a2eb3d547aa0d9606704090b9ae0f53c8c34d7f08f4f216337cf05e1ffe93c60980deff5366dc1a0731873015eec4f12fcd7434dd49be4e6c5141fc09b27640b34afbb9f6551b0a058b0d95125699c2a1895da59694cf2ccc65478a42b16e4e08a9e6c13c823666047789e446dd1eef9487672ffc54268069db84cb44c6b33ab032e9c068573255dbbee7824247518464f31134a58cdee3e46452e2b23fbc70b0b689fa7c718177c8f5b18f0a5e6a95a5fde727383fa222746190dc6cf14ea83f7ec00d444c1961b45ca2079377f9139f58b62d3b235fd9e3759868fa9b53301afab7021c91c2c34bef5a3c14affe405bd62ad8d120982659310fa95f358fbb449c58bb420123140c091a81cc5d49fc70e7ad8c2b4dbc44d1a8e19b15e5d34b05e5a9bc98fb"}], @beacon_params=[@NL80211_ATTR_IE={0x15, 0x2a, [@challenge={0x10, 0x1, 0xa6}, @mesh_chsw={0x76, 0x6, {0xf7, 0x3, 0x30, 0x3}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0xc, 0xa, 0x3}}]}], @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x160, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xcd, 0x3, "0aace53823ef6d2509600b84857460907cd97cf14a478c9271673b20c00b530c502a46feced50109c0d77ecda0f2934137fe7d7edeff47e19f3f9138bf4b7a3f7dbd0248e2bf210a6ac60bfc5d614de4272306927f99229eba81f3abe460ca787673de19688c8a82df46b0f34f0d0c880c71e0087f5bc0f4e5915596b2d4015919fda56c9697c80527e5c271e8cab36180e44a1a068180cff08fbde4851c4d7059d552b04a19d5248551c284cc43f02b44c355fb2f5a677ee1fd20d4e76a8a27d98e5866f0bf8364e8"}, @NL80211_FTM_RESP_ATTR_LCI={0x3d, 0x2, "aa64fd13d4552237ddb390f2fadf4bc7e04f1254a35c723e2a039bc2e02599ce7754e5acef2ed4d1b6735078991f37a2a8b52761561fc73c5c"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x42, 0x3, "54769e3bf725fcb353e8946ec697cb5d9c88899b24dd7bd30a060d02a64650045ae3971b1671416e294f39d7cbcea94a4446d22451aee04069323b7c00f4"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x215, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x4}, @device_b, @broadcast, @random="ada3a6254ec5", {0x8, 0x9}, @value=@ver_80211n={0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}}, 0x1, @random=0x17, 0x4, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x2, [{0x18}, {0x3, 0x1}]}, @val={0x3, 0x1, 0xc}, @val={0x4, 0x6, {0xc, 0x3, 0x8, 0x51}}, @val={0x6, 0x2, 0x3}, @val={0x5, 0x73, {0x1, 0xc8, 0x4, "5824c39f05e15f41b03eaaabc9f81dd18fbdf1ed491cedcc4efba71f937a0deedcba6a3193e17a07633b57ae937c8dc8190e4896751742ac5bceaae12b148600626ce59697d682a816b719f548fd0671e026ba3e2b333ce861391758ba7f53665bcb6a6ef17645555d6d94ce88ed8f55"}}, @val={0x25, 0x3, {0x0, 0x2c, 0x4}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @void, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x10}}, @void, [{0xdd, 0xc7, "d7e7b37ae541a53c0aeeb3fbf4e9f6c69f9bbbaf572270facea4ca8cecfe5974017f82858b1311b9e6b10242388b1df89ed14b2856976aec2d0c2d292cbbed99172f6a2f2ee125787b7a2f26f480eadf2351c956702d9ee1d799b6f974318c5b0698caecbd80288afa33e264ed6c28584bfd7fb2e188d678fc8c1d39408baa096cd7e131a5d6c4a46205467c1650ad7162786ccf58ba4a8c577fbd5786e50bed28ca30571289b3329a750040bc2541fb77d1d0ec8e4b4a5584636076255b220e5462730a06ea9e"}, {0xdd, 0x15, "7743fc25dbae4220bb265ce6fb0315139282e1aa56"}, {0xdd, 0x66, "61249fe94e145de9d9107a5d2074c7b57eb4fdedc3ba9d49dc0272da9fdf0b5c8738433ffeb093596d83ed12c608060c73fcd2f6c7f59322d465d68fa97d332e03ce0c93054e5ff2a8a7e6a1a4482866263f6242115b8e0ad6fc609ef340287d763ef8cf14bb"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x1a1, 0x7f, [@ssid={0x0, 0x14, @random="0f85efa77a2a60c40d983970057f1951d8fb37ad"}, @measure_req={0x26, 0x4d, {0xe, 0x0, 0x3f, "4129bf900eca4a0cd5361fade1fb3c9b91ff99813ce9b418a1da4f766581964f4e6269e39ea919820ce6dc479705f689139fd18d484745d75eace4dba2c27a31eb1783688110a658fce5"}}, @chsw_timing={0x68, 0x4, {0xd, 0xfff}}, @chsw_timing={0x68, 0x4, {0x7, 0xfffe}}, @tim={0x5, 0x39, {0x6, 0x19, 0x1, "d64eb4f507f0099799fcac3084edead1acaee8e130b8f2c4356059b185b60ecf914d8527785cbea41a175ea7eb9969e3620ab0f01149"}}, @perr={0x84, 0xef, {0x81, 0xf, [{{0x0, 0x1}, @broadcast, 0x7, @value=@device_b, 0xb}, {{}, @device_b, 0x2, @void, 0xd}, {{0x0, 0x1}, @device_a, 0x2, @value=@broadcast, 0x2d}, {{0x0, 0x1}, @broadcast, 0x870, @value, 0x1b}, {{}, @device_b, 0x3ff, @void, 0x35}, {{}, @broadcast, 0x0, @void, 0xa}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x1b}, {{}, @device_a, 0x8, @void, 0x1d}, {{}, @broadcast, 0x10, @void, 0x41}, {{}, @broadcast, 0x400, @void, 0x2b}, {{0x0, 0x1}, @device_b, 0x80, @value=@broadcast, 0x10}, {{0x0, 0x1}, @device_a, 0x0, @value, 0x1c}, {{0x0, 0x1}, @device_a, 0x100, @value=@broadcast, 0x21}, {{}, @device_a, 0x4, @void, 0x5}, {{}, @device_a, 0x4, @void, 0x10}]}}]}, @NL80211_ATTR_BEACON_TAIL={0x9, 0xf, [@channel_switch={0x25, 0x3, {0x1, 0x24, 0x7f}}]}, @NL80211_ATTR_PROBE_RESP={0x17d, 0x91, "0b9b6516ec8e8a77a7ed7896912aad6ad21ea30cc323f607d70b0189a4fd1f33ea67869fcd7d19fcd39649ee18a91cb12912d52cfae245d92af5b87c2ee1c6d01c28a43776369f4fa5095eafb4e8d3dd12d3de102b2b38b884b507ff1d521fad06df6870d00e1bb0e93786556891760bd9e35d2a8b4e454346d458edbdff8c8cf653e3c9c7ac56b37c19f53cc498d66f6c9a19467b8dc9462259caad18361b6a07ecb933c47a2aa2d351215bbea3fdd353baa030caa7e971cf178a33272d56e822c4f2ea1002e905e7c4df68fac54f1dc8945f8282327362ab623e979e5159fa5120331475fada08b815e7e28b060914cec6cc04356e56320c8131ce5fe459ddc052b87087c772c7d59b4546a126e9b1436ea51606fdd82cc42d8bb86bc22631a5b2273ff786b5072db830fd3eda63bf9b41b7612578800e6f0f1a4cddfd0dff644621ec86970a043c371f42bb88e0ed39601e6bcc5abbb863650bdfdeeb8defb31303fcb8d20f9b1326b860d628d560f4436ad42d3ed7dafc"}]]}]}, 0xfe0}, 0x1, 0x0, 0x0, 0x9}, 0x4000004)
r8 = accept4$alg(r4, 0x0, 0x0, 0x80000)
sendmmsg$alg(r8, &(0x7f0000002980)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="cb8e363f2486d7bf4a8bc2f5e05a86875d8788e66617e2cfe55a2fcdc8c9b3cda2bcd2cb5f68b5c1fc763d40600b", 0x2e}, {&(0x7f0000000240)="954c", 0x2}], 0x2, 0x0, 0x0, 0x4004}], 0x1, 0x200048d1)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)

0s ago: executing program 2 (id=916):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
sendmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a5", 0x1}], 0x1, &(0x7f0000008380)=ANY=[], 0x2230}}], 0x1, 0x24004851) (fail_nth: 5)

kernel console output (not intermixed with test programs):

_hcd
[  104.755905][   T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  104.764875][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  104.776897][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  104.786474][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.790303][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  104.812626][   T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  104.814524][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  104.834514][   T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  104.847302][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  104.848280][   T24] usb 4-1: Product: syz
[  104.857298][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  104.857347][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  104.857367][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.860031][    T9] usb 3-1: config 0 descriptor??
[  104.872286][   T24] usb 4-1: Manufacturer: syz
[  104.916181][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  104.921438][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  104.937290][   T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  104.943446][   T24] cdc_wdm 4-1:1.0: Unknown control protocol
[  104.971900][ T6745] binder_alloc: binder_alloc_mmap_handler: 6744 200000ffd000-200001000000 already mapped failed -16
[  104.984635][ T6745] binder_alloc: 6744: binder_alloc_buf, no vma
[  105.160372][ T6752] netlink: 'syz.1.274': attribute type 2 has an invalid length.
[  105.199914][   T24] usb 4-1: USB disconnect, device number 10
[  105.289923][    T9] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max
[  105.309419][    T9] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  105.467767][ T6762] netlink: 104 bytes leftover after parsing attributes in process `syz.0.278'.
[  105.742055][   T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  105.848379][ T6776] FAULT_INJECTION: forcing a failure.
[  105.848379][ T6776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.862469][ T6776] CPU: 0 UID: 0 PID: 6776 Comm: syz.0.284 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  105.862489][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.862497][ T6776] Call Trace:
[  105.862502][ T6776]  <TASK>
[  105.862508][ T6776]  dump_stack_lvl+0x189/0x250
[  105.862526][ T6776]  ? __pfx____ratelimit+0x10/0x10
[  105.862543][ T6776]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.862556][ T6776]  ? __pfx__printk+0x10/0x10
[  105.862578][ T6776]  should_fail_ex+0x414/0x560
[  105.862612][ T6776]  _copy_to_user+0x31/0xb0
[  105.862628][ T6776]  simple_read_from_buffer+0xe1/0x170
[  105.862649][ T6776]  proc_fail_nth_read+0x1df/0x250
[  105.862665][ T6776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  105.862680][ T6776]  ? rw_verify_area+0x258/0x650
[  105.862695][ T6776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  105.862709][ T6776]  vfs_read+0x200/0x980
[  105.862727][ T6776]  ? __pfx___mutex_lock+0x10/0x10
[  105.862745][ T6776]  ? __pfx_vfs_read+0x10/0x10
[  105.862760][ T6776]  ? __fget_files+0x2a/0x420
[  105.862780][ T6776]  ? __fget_files+0x3a0/0x420
[  105.862795][ T6776]  ? __fget_files+0x2a/0x420
[  105.862818][ T6776]  ksys_read+0x145/0x250
[  105.862834][ T6776]  ? __pfx_ksys_read+0x10/0x10
[  105.862846][ T6776]  ? rcu_is_watching+0x15/0xb0
[  105.862864][ T6776]  ? do_syscall_64+0xbe/0x3b0
[  105.862884][ T6776]  do_syscall_64+0xfa/0x3b0
[  105.862900][ T6776]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.862918][ T6776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.862933][ T6776]  ? clear_bhb_loop+0x60/0xb0
[  105.862950][ T6776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.862964][ T6776] RIP: 0033:0x7fda8718d33c
[  105.862978][ T6776] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  105.862989][ T6776] RSP: 002b:00007fda880e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  105.863004][ T6776] RAX: ffffffffffffffda RBX: 00007fda873b5fa0 RCX: 00007fda8718d33c
[  105.863015][ T6776] RDX: 000000000000000f RSI: 00007fda880e40a0 RDI: 0000000000000004
[  105.863023][ T6776] RBP: 00007fda880e4090 R08: 0000000000000000 R09: 0000000000000000
[  105.863033][ T6776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.863041][ T6776] R13: 0000000000000000 R14: 00007fda873b5fa0 R15: 00007ffee90a4ce8
[  105.863067][ T6776]  </TASK>
[  105.981672][   T24] usb 2-1: Using ep0 maxpacket: 8
[  106.178198][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  106.196470][   T24] usb 2-1: config 129 has an invalid interface number: 71 but max is 0
[  106.215459][   T24] usb 2-1: config 129 has no interface number 0
[  106.232783][   T24] usb 2-1: config 129 interface 71 has no altsetting 0
[  106.255337][   T24] usb 2-1: New USB device found, idVendor=2013, idProduct=0262, bcdDevice=5b.8b
[  106.278612][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.297029][   T24] usb 2-1: Product: syz
[  106.307642][   T24] usb 2-1: Manufacturer: syz
[  106.317776][   T24] usb 2-1: SerialNumber: syz
[  106.351609][ T6790] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  106.360389][ T6790] UDF-fs: Scanning with blocksize 4096 failed
[  106.450092][ T6792] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  106.505406][ T6794] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  106.525014][ T6794] VFS: Can't find a romfs filesystem on dev rnullb0.
[  106.525014][ T6794] 
[  106.597383][   T24] usb 2-1: USB disconnect, device number 12
[  106.659066][ T6800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'.
[  106.786147][ T6805] trusted_key: syz.3.303 sent an empty control message without MSG_MORE.
[  106.924234][ T6812] netlink: 20 bytes leftover after parsing attributes in process `syz.0.298'.
[  107.063299][ T6818] netlink: 20 bytes leftover after parsing attributes in process `syz.0.300'.
[  107.277489][   T30] audit: type=1326 audit(6881821110.938:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6825 comm="syz.1.305" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0
[  107.329672][ T6830] netlink: 'syz.1.305': attribute type 11 has an invalid length.
[  107.356524][ T5874] usb 3-1: USB disconnect, device number 9
[  108.000369][ T5874] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  108.170472][ T5874] usb 1-1: Using ep0 maxpacket: 32
[  108.181807][ T5874] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  108.209863][ T5874] usb 1-1: config 0 has no interface number 0
[  108.224091][ T5874] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  108.241617][ T5874] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  108.246373][   T30] audit: type=1800 audit(6881821111.909:4): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.319" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  108.271033][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.271059][ T5874] usb 1-1: Product: syz
[  108.271071][ T5874] usb 1-1: Manufacturer: syz
[  108.271082][ T5874] usb 1-1: SerialNumber: syz
[  108.273814][ T5874] usb 1-1: config 0 descriptor??
[  108.344479][ T5874] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  108.363483][ T5874] em28xx 1-1:0.132: Video interface 132 found:
[  108.646027][ T6878] netlink: 'syz.3.325': attribute type 27 has an invalid length.
[  108.763749][ T5874] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  108.820634][ T6880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  108.855869][ T5874] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  108.873131][ T5874] em28xx 1-1:0.132: board has no eeprom
[  108.891301][ T6890] tipc: New replicast peer: 255.255.255.255
[  108.898281][ T6890] tipc: Enabled bearer <udp:syz2>, priority 10
[  108.934885][ T5874] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  108.953854][ T5874] em28xx 1-1:0.132: analog set to bulk mode.
[  108.969049][   T24] em28xx 1-1:0.132: Registering V4L2 extension
[  108.995802][ T5874] usb 1-1: USB disconnect, device number 14
[  109.028102][ T5874] em28xx 1-1:0.132: Disconnecting em28xx
[  109.157643][ T6899] vxfs: WRONG superblock magic 00000000 at 1
[  109.186271][ T6899] vxfs: WRONG superblock magic 00000000 at 8
[  109.206895][ T6899] vxfs: can't find superblock.
[  109.235462][   T24] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  109.252449][   T24] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  109.271468][   T24] em28xx 1-1:0.132: No AC97 audio processor
[  109.282869][   T24] usb 1-1: Decoder not found
[  109.287513][   T24] em28xx 1-1:0.132: failed to create media graph
[  109.328837][   T24] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  109.353555][   T24] em28xx 1-1:0.132: Remote control support is not available for this card.
[  109.369570][ T5874] em28xx 1-1:0.132: Closing input extension
[  109.405316][ T5874] em28xx 1-1:0.132: Freeing device
[  109.429876][ T6910] netlink: 'syz.2.336': attribute type 4 has an invalid length.
[  109.493488][ T6910] netlink: 'syz.2.336': attribute type 4 has an invalid length.
[  109.629142][ T6919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.341'.
[  109.815299][ T6929] 9p filesystem being mounted at /94/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  109.898051][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'.
[  110.129652][   T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  110.291175][   T24] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  110.306165][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  110.330711][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  110.330766][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.332699][   T24] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  110.332726][   T24] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  110.332745][   T24] usb 1-1: Product: syz
[  110.332757][   T24] usb 1-1: Manufacturer: syz
[  110.342869][   T24] cdc_wdm 1-1:1.0: skipping garbage
[  110.342889][   T24] cdc_wdm 1-1:1.0: skipping garbage
[  110.345060][   T24] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  110.345078][   T24] cdc_wdm 1-1:1.0: Unknown control protocol
[  110.392186][   T30] audit: type=1326 audit(7049593274.063:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6955 comm="syz.1.357" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0
[  110.494541][ T6958] netlink: 'syz.1.357': attribute type 11 has an invalid length.
[  110.548339][    C1] cdc_wdm 1-1:1.0: unknown notification 63 received: index 770 len 2305
[  110.570054][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.578730][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.619580][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.662854][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.706511][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.729941][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.748377][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.763389][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.789902][    C1] cdc_wdm 1-1:1.0: unknown notification 63 received: index 770 len 2305
[  110.802250][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.824774][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.891214][    T9] usb 1-1: USB disconnect, device number 15
[  111.193151][ T6983] netlink: 'syz.2.366': attribute type 27 has an invalid length.
[  111.279040][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  111.362392][ T6989] netlink: 'syz.1.370': attribute type 27 has an invalid length.
[  111.371073][ T6991] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'.
[  111.385180][ T6992] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'.
[  111.386050][ T6993] netlink: 32 bytes leftover after parsing attributes in process `syz.3.369'.
[  111.439390][ T6991] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'.
[  111.457894][ T6995] loop8: detected capacity change from 0 to 7
[  111.471920][ T5985] Dev loop8: unable to read RDB block 7
[  111.479106][ T5985]  loop8: unable to read partition table
[  111.484332][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  111.485073][ T5985] loop8: partition table beyond EOD, 
[  111.494599][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.496884][ T5985] truncated
[  111.545335][   T30] audit: type=1800 audit(7049593275.192:6): pid=6997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.372" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  111.546559][ T6995] Dev loop8: unable to read RDB block 7
[  111.576879][ T6995]  loop8: unable to read partition table
[  111.579334][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  111.584029][ T6995] loop8: partition table beyond EOD, truncated
[  111.599552][ T6995] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  111.639077][   T24] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  111.652998][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.666257][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  111.687888][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  111.702792][    T9] usb 1-1: Product: syz
[  111.710930][    T9] usb 1-1: Manufacturer: syz
[  111.750588][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  111.770061][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  111.789189][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  111.795123][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[  111.841916][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  111.863340][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  111.875008][   T24] usb 4-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  111.885138][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.897804][   T24] usb 4-1: config 0 descriptor??
[  111.946072][ T7007] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  112.017864][ T7009] tipc: New replicast peer: 255.255.255.255
[  112.025784][ T7009] tipc: Enabled bearer <udp:syz2>, priority 10
[  112.162103][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  112.168158][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  112.196546][   T24] usb 4-1: USB disconnect, device number 11
[  112.279630][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE
[  112.495006][ T7027] /dev/rnullb0: Can't open blockdev
[  112.601007][ T7033] /dev/rnullb0: Can't open blockdev
[  112.682928][ T7030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.078754][ T6083] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  113.265495][ T6083] usb 2-1: not running at top speed; connect to a high speed hub
[  113.286196][ T6083] usb 2-1: config 1 has an invalid interface number: 196 but max is 3
[  113.301941][ T6083] usb 2-1: config 1 has an invalid interface number: 45 but max is 3
[  113.309962][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[  113.320351][ T6083] usb 2-1: config 1 has an invalid interface number: 219 but max is 3
[  113.328592][ T6083] usb 2-1: config 1 has an invalid interface number: 233 but max is 3
[  113.336932][ T6083] usb 2-1: config 1 has an invalid interface number: 90 but max is 3
[  113.345127][ T6083] usb 2-1: config 1 has 5 interfaces, different from the descriptor's value: 4
[  113.354213][ T6083] usb 2-1: config 1 has no interface number 0
[  113.363059][ T6083] usb 2-1: config 1 has no interface number 1
[  113.369271][ T6083] usb 2-1: config 1 has no interface number 2
[  113.376374][ T6083] usb 2-1: config 1 has no interface number 3
[  113.382610][ T6083] usb 2-1: config 1 has no interface number 4
[  113.388860][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  113.403094][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  113.438911][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  113.469507][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an endpoint descriptor with address 0xB4, changing to 0x84
[  113.485647][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x84 has invalid maxpacket 62828, setting to 64
[  113.501271][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x9 has an invalid bInterval 67, changing to 4
[  113.536225][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x9 has invalid maxpacket 1024, setting to 1023
[  113.552262][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has 7 endpoint descriptors, different from the interface descriptor's value: 6
[  113.566317][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an endpoint descriptor with address 0x9D, changing to 0x8D
[  113.593896][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  113.612974][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has a duplicate endpoint with address 0x9, skipping
[  113.623734][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  113.649499][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has a duplicate endpoint with address 0xF, skipping
[  113.668121][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has 6 endpoint descriptors, different from the interface descriptor's value: 7
[  113.681778][ T7066] netlink: 36 bytes leftover after parsing attributes in process `syz.3.402'.
[  113.688814][ T5915] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  113.691449][ T6083] usb 2-1: config 1 interface 233 altsetting 2 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  113.710032][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  113.720824][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x9, skipping
[  113.763001][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  113.774729][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  113.787091][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x82, skipping
[  113.797985][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  113.808932][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  113.819679][ T6083] usb 2-1: config 1 interface 233 altsetting 2 endpoint 0xB has invalid maxpacket 512, setting to 64
[  113.830854][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0xE, skipping
[  113.835475][ T7068] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.844115][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  113.869063][ T6083] usb 2-1: too many endpoints for config 1 interface 90 altsetting 60: 205, using maximum allowed: 30
[  113.871014][ T5915] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  113.880459][ T6083] usb 2-1: config 1 interface 90 altsetting 60 has 0 endpoint descriptors, different from the interface descriptor's value: 205
[  113.893722][ T5915] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  113.905899][ T6083] usb 2-1: config 1 interface 196 has no altsetting 0
[  113.914568][ T5915] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  113.925155][ T6083] usb 2-1: config 1 interface 45 has no altsetting 0
[  113.930201][ T5915] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.936691][ T6083] usb 2-1: config 1 interface 219 has no altsetting 0
[  113.949445][ T5915] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  113.957486][ T6083] usb 2-1: config 1 interface 233 has no altsetting 0
[  113.963972][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  113.978816][ T7068] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  113.986428][ T7068] /dev/rnullb0: Can't open blockdev
[  113.994781][ T5915] usb 3-1: Product: syz
[  114.020872][ T6083] usb 2-1: config 1 interface 90 has no altsetting 0
[  114.043987][ T6083] usb 2-1: New USB device found, idVendor=12d1, idProduct=143f, bcdDevice= 0.00
[  114.054763][    T9] usb 1-1: USB disconnect, device number 16
[  114.072645][ T5915] usb 3-1: Manufacturer: syz
[  114.095342][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.105856][ T6083] usb 2-1: Product: 㰁
[  114.111232][ T6083] usb 2-1: Manufacturer: ࡃ
[  114.126132][ T5915] cdc_wdm 3-1:1.0: skipping garbage
[  114.136002][ T5915] cdc_wdm 3-1:1.0: skipping garbage
[  114.136360][ T6083] usb 2-1: SerialNumber: 憶₂뤺灤澍嶓ﯙ蝒⍭藁㸯衜棃ᖯ헒댦뇺윺룔訵ᬊ⍇⧱㸝ꬠ伻ỉ儬橘攏ᆷ끪᎔샺具곌賷걀喪找
[  114.155160][ T5915] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  114.177832][ T5915] cdc_wdm 3-1:1.0: Unknown control protocol
[  114.182962][ T7042] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  114.263214][ T7074] netlink: 'syz.0.405': attribute type 4 has an invalid length.
[  114.284782][ T7074] netlink: 'syz.0.405': attribute type 4 has an invalid length.
[  114.342784][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.407'.
[  114.381924][   T24] usb 3-1: USB disconnect, device number 10
[  114.422626][ T6083] usb-storage 2-1:1.196: USB Mass Storage device detected
[  114.485215][ T7082] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  114.491036][ T6083] usb-storage 2-1:1.45: USB Mass Storage device detected
[  114.493274][ T7082] UDF-fs: Scanning with blocksize 4096 failed
[  114.572454][ T6083] usb-storage 2-1:1.219: USB Mass Storage device detected
[  114.627567][ T6083] usb-storage 2-1:1.233: USB Mass Storage device detected
[  114.742429][ T6083] option 2-1:1.233: GSM modem (1-port) converter detected
[  114.763745][ T6083] usb-storage 2-1:1.90: USB Mass Storage device detected
[  114.852148][ T6083] usb 2-1: USB disconnect, device number 13
[  114.880813][ T6083] option 2-1:1.233: device disconnected
[  115.112082][ T7110] netlink: 'syz.0.414': attribute type 27 has an invalid length.
[  115.204206][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.211971][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.358454][   T30] audit: type=1326 audit(7217365439.022:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7120 comm="syz.2.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0
[  115.456865][ T7126] netlink: 'syz.2.418': attribute type 11 has an invalid length.
[  115.522205][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.550225][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.630700][ T7133] input: syz0 as /devices/virtual/input/input9
[  115.712849][ T7136] netlink: 'syz.1.423': attribute type 27 has an invalid length.
[  115.761262][   T59] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  115.779738][   T59] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  115.798644][   T59] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  115.816410][ T7138] /dev/loop0: Can't open blockdev
[  115.826371][   T59] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  115.903723][ T7142] netlink: 104 bytes leftover after parsing attributes in process `syz.1.426'.
[  116.384223][ T7154] tty tty1: ldisc open failed (-12), clearing slot 0
[  116.522019][ T7161] vxfs: WRONG superblock magic 00000000 at 1
[  116.529608][ T7161] vxfs: WRONG superblock magic 00000000 at 8
[  116.535731][ T7161] vxfs: can't find superblock.
[  116.633100][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.3.436'.
[  116.677564][ T5874] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  116.695652][ T7167] netlink: 124 bytes leftover after parsing attributes in process `syz.3.437'.
[  116.827513][ T5874] usb 3-1: device descriptor read/64, error -71
[  116.947447][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  117.067381][ T5874] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  117.098124][ T7174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.110070][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  117.119885][    T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  117.129607][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  117.144428][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  117.153579][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.162047][    T9] usb 4-1: Product: syz
[  117.166214][    T9] usb 4-1: Manufacturer: syz
[  117.170852][    T9] usb 4-1: SerialNumber: syz
[  117.181172][    T9] hub 4-1:1.0: bad descriptor, ignoring hub
[  117.187996][    T9] hub 4-1:1.0: probe with driver hub failed with error -5
[  117.197336][ T5874] usb 3-1: device descriptor read/64, error -71
[  117.308597][ T5874] usb usb3-port1: attempt power cycle
[  117.388568][    T9] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  117.440697][    T9] usb 4-1: USB disconnect, device number 12
[  117.445949][ T7178] netlink: 12 bytes leftover after parsing attributes in process `syz.3.441'.
[  117.461216][    T9] usblp0: removed
[  117.520697][ T7180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'.
[  117.573507][ T7182] warning: `syz.3.443' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  117.659611][ T5874] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  117.678664][ T7184] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'.
[  117.705689][ T5874] usb 3-1: device descriptor read/8, error -71
[  117.743570][ T7188] netlink: 40 bytes leftover after parsing attributes in process `syz.3.446'.
[  117.946833][ T5874] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  117.967353][ T5874] usb 3-1: device descriptor read/8, error -71
[  117.998368][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  118.046777][ T5915] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  118.078922][ T5874] usb usb3-port1: unable to enumerate USB device
[  118.148541][   T24] usb 1-1: config 0 has an invalid descriptor of length 30, skipping remainder of the config
[  118.158854][   T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  118.170146][   T24] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  118.179463][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.188098][   T24] usb 1-1: Product: syz
[  118.192270][   T24] usb 1-1: Manufacturer: syz
[  118.196974][   T24] usb 1-1: SerialNumber: syz
[  118.204544][   T24] usb 1-1: config 0 descriptor??
[  118.213686][ T5915] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  118.223346][ T5915] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  118.234286][ T5915] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  118.243393][ T5915] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.256342][ T5915] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  118.265460][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  118.273476][ T5915] usb 4-1: Product: syz
[  118.277705][ T5915] usb 4-1: Manufacturer: syz
[  118.287544][ T5915] cdc_wdm 4-1:1.0: skipping garbage
[  118.292779][ T5915] cdc_wdm 4-1:1.0: skipping garbage
[  118.299956][ T5915] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  118.305911][ T5915] cdc_wdm 4-1:1.0: Unknown control protocol
[  118.412029][ T5156] Bluetooth: hci0: unexpected cc 0x0402 length: 4 > 1
[  118.555950][ T5915] usb 4-1: USB disconnect, device number 13
[  119.119072][ T7193] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  119.128016][ T7193] netlink: 'syz.3.448': attribute type 2 has an invalid length.
[  119.407764][ T5915] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  119.589859][ T5915] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  119.622747][ T5915] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  119.634627][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.650645][ T5915] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  119.845886][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  119.868504][ T6083] usb 4-1: USB disconnect, device number 14
[  119.998519][    T9] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  120.007543][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.020095][    T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  120.029568][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.037640][    T9] usb 3-1: Product: syz
[  120.041826][    T9] usb 3-1: Manufacturer: syz
[  120.047162][    T9] usb 3-1: SerialNumber: syz
[  120.053557][    T9] usb 3-1: config 0 descriptor??
[  120.061834][    T9] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  120.068187][    T9] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  120.267175][ T7202] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  120.274884][ T7202] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  120.286814][ T5915] usb 3-1: USB disconnect, device number 15
[  120.565769][ T7208] input: syz0 as /devices/virtual/input/input12
[  120.738431][ T5915] usb 1-1: USB disconnect, device number 17
[  121.190378][   T30] audit: type=1326 audit(7217365444.859:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.2.459" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0
[  121.293020][ T7224] netlink: 'syz.2.459': attribute type 11 has an invalid length.
[  121.774671][ T7234] __nla_validate_parse: 1 callbacks suppressed
[  121.774684][ T7234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.464'.
[  122.367573][ T7262] loop8: detected capacity change from 0 to 7
[  122.375771][ T7262] Dev loop8: unable to read RDB block 7
[  122.381705][ T7262]  loop8: unable to read partition table
[  122.390141][ T7262] loop8: partition table beyond EOD, truncated
[  122.396902][ T7262] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  122.397041][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  122.476399][    T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  122.564990][   T24] usb 3-1: device descriptor read/64, error -71
[  122.614985][    T9] usb 1-1: device descriptor read/64, error -71
[  122.764903][ T5874] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  122.804909][   T24] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  122.854801][    T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  122.916439][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.927555][ T5874] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  122.936764][   T24] usb 3-1: device descriptor read/64, error -71
[  122.943039][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.953127][ T5874] usb 4-1: config 0 descriptor??
[  122.984808][    T9] usb 1-1: device descriptor read/64, error -71
[  123.045146][   T24] usb usb3-port1: attempt power cycle
[  123.094900][    T9] usb usb1-port1: attempt power cycle
[  123.404668][   T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  123.434542][    T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  123.436450][   T24] usb 3-1: device descriptor read/8, error -71
[  123.451074][ T5874] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  123.460304][    T9] usb 1-1: device descriptor read/8, error -71
[  123.471773][ T5874] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0004/input/input14
[  123.581405][ T5874] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  123.705750][    T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  123.716717][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  123.725128][    T9] usb 1-1: device descriptor read/8, error -71
[  123.755309][   T24] usb 3-1: device descriptor read/8, error -71
[  123.836847][    T9] usb usb1-port1: unable to enumerate USB device
[  123.864457][   T24] usb usb3-port1: unable to enumerate USB device
[  123.985537][   T24] usb 4-1: USB disconnect, device number 15
[  124.712340][ T7276] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  124.753051][ T7278] tipc: New replicast peer: 255.255.255.255
[  124.759664][ T7278] tipc: Enabled bearer <udp:syz2>, priority 10
[  125.437189][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.488'.
[  125.487795][ T7295] sp0: Synchronizing with TNC
[  125.494002][ T7296] sp0: Found TNC
[  125.518789][ T7296] [U] �`
[  125.543847][   T24] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  125.597265][ T7300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.490'.
[  125.667479][ T5874] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  125.706200][   T30] audit: type=1326 audit(7217365449.381:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.3.492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0
[  125.734068][   T24] usb 3-1: Using ep0 maxpacket: 32
[  125.740876][   T24] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  125.749644][   T24] usb 3-1: config 0 has no interface number 0
[  125.756705][   T24] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  125.770163][   T24] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  125.779404][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.787603][   T24] usb 3-1: Product: syz
[  125.791782][   T24] usb 3-1: Manufacturer: syz
[  125.796569][   T24] usb 3-1: SerialNumber: syz
[  125.803918][   T24] usb 3-1: config 0 descriptor??
[  125.814315][   T24] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  125.815070][ T7305] netlink: 'syz.3.492': attribute type 11 has an invalid length.
[  125.824133][   T24] em28xx 3-1:0.132: Video interface 132 found:
[  125.845710][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.856991][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.867353][ T5874] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  125.877321][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.888660][ T5874] usb 1-1: config 0 descriptor??
[  126.098786][ T7307] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  126.111833][ T7307] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  126.120083][ T5874] samsung 0003:0419:0600.0005: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0
[  126.305903][ T5874] usb 1-1: USB disconnect, device number 22
[  126.825215][ T5874] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  126.993262][ T5874] usb 4-1: Using ep0 maxpacket: 16
[  126.999911][ T5874] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  127.008446][ T5874] usb 4-1: config 0 has no interface number 0
[  127.017753][ T5874] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  127.027041][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.035157][ T5874] usb 4-1: Product: syz
[  127.039352][ T5874] usb 4-1: Manufacturer: syz
[  127.044042][ T5874] usb 4-1: SerialNumber: syz
[  127.051585][ T5874] usb 4-1: config 0 descriptor??
[  127.059884][ T5874] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  127.105376][   T24] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[  127.178593][   T24] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  127.188411][   T24] em28xx 3-1:0.132: board has no eeprom
[  127.266121][   T24] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  127.274155][   T24] em28xx 3-1:0.132: analog set to bulk mode.
[  127.280301][ T5915] em28xx 3-1:0.132: Registering V4L2 extension
[  127.314704][ T7328] netlink: 'syz.1.500': attribute type 27 has an invalid length.
[  127.347797][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  127.371189][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  127.391093][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  127.402640][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  127.472237][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  127.483729][ T5891] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  127.483902][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  127.510887][ T5874] gspca_spca1528: reg_w err -71
[  127.521787][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  127.533999][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  127.543187][ T5874] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71
[  127.559862][ T5874] usb 4-1: USB disconnect, device number 16
[  127.576371][ T6097] udevd[6097]: setting owner of /dev/bus/usb/004/016 to uid=0, gid=0 failed: No such file or directory
[  127.606590][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  127.618745][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  127.629806][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  127.639863][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[  127.648902][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[  127.658862][ T5915] em28xx 3-1:0.132: Config register raw data: 0xfffffffb
[  127.663224][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  127.667718][ T5915] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  127.679519][ T5915] em28xx 3-1:0.132: No AC97 audio processor
[  127.685914][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short
[  127.697998][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  127.703167][ T5915] usb 3-1: Decoder not found
[  127.710345][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  127.725856][ T5915] em28xx 3-1:0.132: failed to create media graph
[  127.729796][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  127.745971][ T5891] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[  127.755768][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  127.756162][ T5915] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  127.772367][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  127.775111][ T5915] em28xx 3-1:0.132: Remote control support is not available for this card.
[  127.803790][    T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  127.811439][ T5891] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  127.833637][ T5891] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  127.844031][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.852027][ T5891] usb 1-1: Product: syz
[  127.856452][ T5891] usb 1-1: Manufacturer: syz
[  127.861106][ T5891] usb 1-1: SerialNumber: syz
[  127.868810][ T5891] usb 1-1: config 0 descriptor??
[  127.874973][ T7325] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  127.886471][ T5891] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  127.902426][ T5874] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  127.932114][ T5891] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -12
[  127.970652][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  127.974342][    T9] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  128.005849][    T9] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  128.015226][    T9] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  128.026521][    T9] usb 2-1: config 220 has no interface number 2
[  128.032885][    T9] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  128.046113][    T9] usb 2-1: config 220 interface 0 has no altsetting 0
[  128.053040][    T9] usb 2-1: config 220 interface 76 has no altsetting 0
[  128.059999][    T9] usb 2-1: config 220 interface 1 has no altsetting 0
[  128.069208][    T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  128.078546][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.096975][ T5874] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.106002][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.107141][ T5891] usb 1-1: USB disconnect, device number 23
[  128.120016][ T5874] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  128.123555][    T9] usb 2-1: Product: syz
[  128.137283][    T9] usb 2-1: Manufacturer: syz
[  128.138935][ T5874] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.142676][    T9] usb 2-1: SerialNumber: syz
[  128.157186][ T5874] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.168245][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.185243][ T5874] usb 4-1: Product: syz
[  128.189525][ T5874] usb 4-1: Manufacturer: syz
[  128.205342][ T5874] cdc_wdm 4-1:1.0: skipping garbage
[  128.210777][ T5874] cdc_wdm 4-1:1.0: skipping garbage
[  128.219138][ T5874] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  128.226884][ T5874] cdc_wdm 4-1:1.0: Unknown control protocol
[  128.254515][ T6083] usb 3-1: USB disconnect, device number 20
[  128.266730][ T6083] em28xx 3-1:0.132: Disconnecting em28xx
[  128.280188][ T6083] em28xx 3-1:0.132: Closing input extension
[  128.297972][ T6083] em28xx 3-1:0.132: Freeing device
[  128.376355][ T7334] /dev/rnullb0: Can't open blockdev
[  128.402835][    T9] usb 2-1: selecting invalid altsetting 0
[  128.423589][    T9] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  128.429989][    T9] usb 2-1: No valid video chain found.
[  128.461623][    T9] usb 2-1: selecting invalid altsetting 0
[  128.461704][ T7343] /dev/rnullb0: Can't open blockdev
[  128.468979][    T9] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  128.486814][ T5874] usb 4-1: USB disconnect, device number 17
[  128.494846][    T9] usb 2-1: USB disconnect, device number 14
[  128.566375][ T7345] /dev/rnullb0: Can't open blockdev
[  128.871962][ T6083] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  128.987943][ T7364] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  129.027531][ T6083] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.045250][ T6083] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  129.068227][ T6083] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  129.070219][ T7366] process 'syz.1.515' launched './file1' with NULL argv: empty string added
[  129.077853][ T6083] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  129.098960][ T6083] usb 3-1: SerialNumber: syz
[  129.100864][ T7368] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  129.204550][ T7373] netlink: 'syz.0.519': attribute type 39 has an invalid length.
[  129.241898][   T30] audit: type=1326 audit(7385137612.916:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7374 comm="syz.3.518" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feaad18e929 code=0x0
[  129.343001][ T6083] usb 3-1: 0:2 : does not exist
[  129.348072][ T6083] usb 3-1: unit 5: unexpected type 0x0d
[  129.382617][ T6083] usb 3-1: USB disconnect, device number 21
[  129.424793][ T7339] udevd[7339]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  129.796678][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.526'.
[  129.919678][   T30] audit: type=1326 audit(7385137613.586:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7397 comm="syz.0.528" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda8718e929 code=0x0
[  129.950324][ T7400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.529'.
[  130.023850][ T7403] hpfs: Bad magic ... probably not HPFS
[  130.200314][ T7411] loop8: detected capacity change from 0 to 7
[  130.218931][ T7411] Dev loop8: unable to read RDB block 7
[  130.229587][ T7411]  loop8: unable to read partition table
[  130.238922][ T7411] loop8: partition table beyond EOD, truncated
[  130.248275][ T7411] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  130.276707][   T30] audit: type=1326 audit(7385137613.947:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7414 comm="syz.3.535" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0
[  130.378049][ T7418] netlink: 'syz.3.535': attribute type 11 has an invalid length.
[  130.976380][ T7437] netlink: 'syz.1.543': attribute type 4 has an invalid length.
[  131.005355][ T7437] netlink: 'syz.1.543': attribute type 4 has an invalid length.
[  131.025585][ T7441] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.544'.
[  131.036059][ T7441] netlink: 6332 bytes leftover after parsing attributes in process `syz.0.544'.
[  131.071297][ T5915] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  131.137159][ T7444] netlink: 'syz.3.545': attribute type 27 has an invalid length.
[  131.226757][ T7450] netlink: 104 bytes leftover after parsing attributes in process `syz.0.548'.
[  131.252780][ T5915] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  131.262232][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.276621][ T5915] usb 3-1: config 0 descriptor??
[  131.292195][ T5915] cp210x 3-1:0.0: cp210x converter detected
[  131.340427][ T7454] fuse: Unknown parameter '0xffffffffffffffff'
[  131.431084][   T43] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  131.484952][ T7461] input: syz0 as /devices/virtual/input/input15
[  131.610915][   T43] usb 4-1: Using ep0 maxpacket: 16
[  131.623036][   T43] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  131.631589][   T43] usb 4-1: config 0 has no interface number 0
[  131.637807][   T43] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  131.649398][   T43] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  131.662571][   T43] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  131.672129][   T43] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  131.680345][   T43] usb 4-1: Product: syz
[  131.684862][   T43] usb 4-1: SerialNumber: syz
[  131.695718][ T5915] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  131.703683][   T43] usb 4-1: config 0 descriptor??
[  131.717677][   T43] cm109 4-1:0.8: invalid payload size 0, expected 4
[  131.728072][   T43] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input16
[  131.946827][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  131.956487][ T5915] usb 3-1: cp210x converter now attached to ttyUSB0
[  132.003567][ T7468] vxfs: WRONG superblock magic 00000000 at 1
[  132.009843][ T7468] vxfs: WRONG superblock magic 00000000 at 8
[  132.017784][ T7468] vxfs: can't find superblock.
[  132.100581][ T7470] fuse: Bad value for 'fd'
[  132.307300][ T7482] qnx4: no qnx4 filesystem (no root dir).
[  132.450242][ T6083] usb 4-1: USB disconnect, device number 18
[  132.465072][ T6083] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  132.518920][ T7489] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  132.630486][    T9] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  132.785780][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.792284][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  132.802072][    T9] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  132.802278][ T5915] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  132.811400][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.829441][    T9] usb 2-1: config 0 descriptor??
[  132.972965][ T5915] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  132.981652][ T5915] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.992168][ T5915] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  133.001538][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.014587][ T5915] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  133.024389][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  133.032762][ T5915] usb 1-1: Product: syz
[  133.037079][ T5915] usb 1-1: Manufacturer: syz
[  133.049073][ T5915] cdc_wdm 1-1:1.0: skipping garbage
[  133.059366][ T5915] cdc_wdm 1-1:1.0: skipping garbage
[  133.068209][ T5915] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  133.074447][ T5915] cdc_wdm 1-1:1.0: Unknown control protocol
[  133.234055][ T7495] netlink: 20 bytes leftover after parsing attributes in process `syz.3.568'.
[  133.289578][ T7497] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  133.324568][ T6083] usb 1-1: USB disconnect, device number 24
[  133.749849][ T5915] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  133.853863][   T43] usb 3-1: USB disconnect, device number 22
[  133.865457][   T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  133.886105][ T5915] usb 4-1: device descriptor read/64, error -71
[  133.926662][   T43] cp210x 3-1:0.0: device disconnected
[  133.972238][ T7508] netlink: 'syz.2.573': attribute type 39 has an invalid length.
[  134.046532][ T7486] qnx4: no qnx4 filesystem (no root dir).
[  134.062506][ T7486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.083025][ T7486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.107243][    T9] pegasus 2-1:0.0: can't reset MAC
[  134.124105][    T9] pegasus 2-1:0.0: probe with driver pegasus failed with error -5
[  134.140186][ T5915] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  134.159170][    T9] usb 2-1: USB disconnect, device number 15
[  134.299554][ T5915] usb 4-1: device descriptor read/64, error -71
[  134.329582][   T43] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  134.410990][ T5915] usb usb4-port1: attempt power cycle
[  134.499357][   T43] usb 1-1: Using ep0 maxpacket: 8
[  134.506134][   T43] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[  134.517994][   T43] usb 1-1: config 0 has an invalid interface number: 49 but max is 2
[  134.526829][   T43] usb 1-1: config 0 has no interface number 1
[  134.546158][ T7520] syz.2.577: attempt to access beyond end of device
[  134.546158][ T7520] loop2: rw=0, sector=64, nr_sectors = 8 limit=0
[  134.546308][   T43] usb 1-1: config 0 has no interface number 2
[  134.569354][ T7520] syz.2.577: attempt to access beyond end of device
[  134.569354][ T7520] loop2: rw=0, sector=120, nr_sectors = 8 limit=0
[  134.570421][   T43] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  134.582566][ T7520] Mount JFS Failure: -5
[  134.595874][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.606915][   T43] usb 1-1: config 0 descriptor??
[  134.616480][   T43] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22
[  134.749382][ T5915] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  134.781654][ T5915] usb 4-1: device descriptor read/8, error -71
[  134.985687][   T24] usb 1-1: USB disconnect, device number 25
[  135.029106][ T5915] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  135.049552][ T5915] usb 4-1: device descriptor read/8, error -71
[  135.159901][ T5915] usb usb4-port1: unable to enumerate USB device
[  135.199087][ T5891] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  135.291953][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.582'.
[  135.339327][ T5891] usb 2-1: device descriptor read/64, error -71
[  135.592293][ T5891] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  135.674851][ T7541] netlink: 20 bytes leftover after parsing attributes in process `syz.2.586'.
[  135.743917][ T5891] usb 2-1: device descriptor read/64, error -71
[  135.859109][ T5891] usb usb2-port1: attempt power cycle
[  136.099378][ T7559] loop8: detected capacity change from 0 to 7
[  136.107765][ T7559] Dev loop8: unable to read RDB block 7
[  136.122601][ T7559]  loop8: unable to read partition table
[  136.130037][ T7559] loop8: partition table beyond EOD, truncated
[  136.136599][ T7559] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  136.203882][ T5891] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  136.232942][ T5891] usb 2-1: device descriptor read/8, error -71
[  136.488380][    T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  136.498409][ T5891] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  136.498525][ T7569] /dev/rnullb0: Can't open blockdev
[  136.530119][ T5891] usb 2-1: device descriptor read/8, error -71
[  136.648968][ T5891] usb usb2-port1: unable to enumerate USB device
[  136.682589][    T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  136.692725][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.704834][   T30] audit: type=1326 audit(7552909845.385:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.3.602" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0
[  136.706426][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  136.736070][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.748840][    T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  136.757895][    T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  136.766143][    T9] usb 3-1: Product: syz
[  136.770373][    T9] usb 3-1: Manufacturer: syz
[  136.782073][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  136.787704][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  136.795571][    T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  136.801589][    T9] cdc_wdm 3-1:1.0: Unknown control protocol
[  136.814467][ T7580] netlink: 'syz.3.602': attribute type 11 has an invalid length.
[  137.139861][ T5915] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  137.231238][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE
[  137.241117][   T43] usb 3-1: USB disconnect, device number 23
[  137.278067][ T5915] usb 1-1: device descriptor read/64, error -71
[  137.528032][ T5915] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  137.560127][ T7585] netlink: 'syz.3.603': attribute type 27 has an invalid length.
[  137.604970][ T7587] netlink: 32 bytes leftover after parsing attributes in process `syz.3.604'.
[  137.615682][ T7587] /dev/rnullb0: Can't open blockdev
[  137.667891][ T5915] usb 1-1: device descriptor read/64, error -71
[  137.724989][ T7593] netlink: 104 bytes leftover after parsing attributes in process `syz.3.606'.
[  137.778106][ T5915] usb usb1-port1: attempt power cycle
[  137.911694][ T7603] cgroup: Name too long
[  137.919881][ T5156] Bluetooth: Frame is too long (len 18, expected len 4)
[  138.078925][ T7611] qnx4: no qnx4 filesystem (no root dir).
[  138.080684][ T7609] input: syz0 as /devices/virtual/input/input17
[  138.085439][ T7612] netlink: 'syz.3.613': attribute type 4 has an invalid length.
[  138.119680][ T5915] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  138.143492][ T7612] netlink: 'syz.3.613': attribute type 4 has an invalid length.
[  138.168746][ T5915] usb 1-1: device descriptor read/8, error -71
[  138.232976][ T7616] vxfs: WRONG superblock magic 00000000 at 1
[  138.239313][ T7616] vxfs: WRONG superblock magic 00000000 at 8
[  138.245550][ T7616] vxfs: can't find superblock.
[  138.417640][ T5915] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  138.438676][ T5915] usb 1-1: device descriptor read/8, error -71
[  138.497686][    T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  138.527634][ T6083] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  138.548078][ T5915] usb usb1-port1: unable to enumerate USB device
[  138.627533][    T9] usb 3-1: device descriptor read/64, error -71
[  138.680116][ T6083] usb 2-1: unable to get BOS descriptor or descriptor too short
[  138.688413][ T6083] usb 2-1: not running at top speed; connect to a high speed hub
[  138.697114][ T6083] usb 2-1: config 0 has an invalid interface number: 122 but max is 0
[  138.705577][ T6083] usb 2-1: config 0 has no interface number 0
[  138.711986][ T6083] usb 2-1: config 0 interface 122 has no altsetting 0
[  138.722474][ T6083] usb 2-1: string descriptor 0 read error: -22
[  138.728996][ T6083] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=9a.f6
[  138.739206][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.750343][ T6083] usb 2-1: config 0 descriptor??
[  138.870743][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  138.950519][ T7625] devtmpfs: Too few inodes for current use
[  138.961019][ T7625] hpfs: Bad magic ... probably not HPFS
[  138.965645][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.978885][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.007861][    T9] usb 3-1: device descriptor read/64, error -71
[  139.071565][ T5915] usb 2-1: USB disconnect, device number 20
[  139.118092][    T9] usb usb3-port1: attempt power cycle
[  139.255004][ T7635] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  139.294061][ T7637] netlink: 20 bytes leftover after parsing attributes in process `syz.3.626'.
[  139.430609][ T7649] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  139.467461][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  139.499609][    T9] usb 3-1: device descriptor read/8, error -71
[  139.621454][ T7653] hpfs: Bad magic ... probably not HPFS
[  139.697330][ T6083] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  139.737306][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  139.758294][    T9] usb 3-1: device descriptor read/8, error -71
[  139.789615][ T7659] netlink: 'syz.1.633': attribute type 39 has an invalid length.
[  139.862295][ T6083] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  139.871604][    T9] usb usb3-port1: unable to enumerate USB device
[  139.878215][ T6083] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  139.890737][ T6083] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  139.910278][ T6083] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.935166][ T6083] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  139.945852][ T6083] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  139.954408][ T6083] usb 4-1: Product: syz
[  139.961903][ T6083] usb 4-1: Manufacturer: syz
[  139.983862][ T6083] cdc_wdm 4-1:1.0: skipping garbage
[  139.993153][ T6083] cdc_wdm 4-1:1.0: skipping garbage
[  140.011710][ T6083] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  140.022426][ T6083] cdc_wdm 4-1:1.0: Unknown control protocol
[  140.261692][  T979] usb 4-1: USB disconnect, device number 23
[  140.426597][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.642'.
[  140.522154][ T7688] nfs: Unknown parameter '/dev/rnullb0'
[  140.669717][ T7693] netlink: 20 bytes leftover after parsing attributes in process `syz.1.646'.
[  140.865467][ T7710] loop8: detected capacity change from 0 to 7
[  140.876088][ T7339] Dev loop8: unable to read RDB block 7
[  140.881820][ T7339]  loop8: unable to read partition table
[  140.888670][ T7339] loop8: partition table beyond EOD, truncated
[  140.910468][ T7710] Dev loop8: unable to read RDB block 7
[  140.916083][ T7710]  loop8: unable to read partition table
[  140.922149][ T7710] loop8: partition table beyond EOD, truncated
[  140.931070][ T7710] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  141.066543][ T5915] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  141.206497][ T5915] usb 4-1: device descriptor read/64, error -71
[  141.211567][ T7726] /dev/rnullb0: Can't open blockdev
[  141.300747][   T30] audit: type=1326 audit(7720682777.985:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7729 comm="syz.1.662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0
[  141.322850][ T7730] netlink: 'syz.0.663': attribute type 27 has an invalid length.
[  141.349013][ T7733] /dev/rnullb0: Can't open blockdev
[  141.353397][ T7734] netlink: 'syz.1.662': attribute type 11 has an invalid length.
[  141.418268][ T7738] netlink: 104 bytes leftover after parsing attributes in process `syz.2.666'.
[  141.468102][ T5915] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  141.618626][ T5915] usb 4-1: device descriptor read/64, error -71
[  141.668569][ T7750] input: syz0 as /devices/virtual/input/input18
[  141.747221][ T5915] usb usb4-port1: attempt power cycle
[  141.754168][ T7752] /dev/rnullb0: Can't open blockdev
[  141.895542][ T7757] netlink: 'syz.0.675': attribute type 4 has an invalid length.
[  141.907830][ T7757] netlink: 'syz.0.675': attribute type 4 has an invalid length.
[  142.046323][  T979] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  142.096290][ T5915] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  142.116893][ T5915] usb 4-1: device descriptor read/8, error -71
[  142.209281][  T979] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  142.221001][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  142.236409][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  142.249087][  T979] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  142.262575][  T979] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  142.272548][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.283419][  T979] usb 3-1: config 0 descriptor??
[  142.366289][ T5915] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  142.406814][ T5915] usb 4-1: device descriptor read/8, error -71
[  142.517397][ T5915] usb usb4-port1: unable to enumerate USB device
[  142.665220][ T7775] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  142.705716][  T979] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max
[  142.740357][  T979] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  142.881482][ T7781] binder: 7778:7781 ioctl c0306201 200000000640 returned -22
[  142.958103][ T7785] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  143.043009][ T7787] Bluetooth: MGMT ver 1.23
[  143.204751][ T7792] netlink: 'syz.1.690': attribute type 39 has an invalid length.
[  143.235356][ T7794] hfs: can't find a HFS filesystem on dev nullb0
[  143.409657][ T7800] /dev/rnullb0: Can't open blockdev
[  143.652890][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'.
[  143.741090][ T7814] /dev/rnullb0: Can't open blockdev
[  143.854388][ T7819] netlink: 20 bytes leftover after parsing attributes in process `syz.3.703'.
[  143.946172][  T979] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  143.980597][ T7825] nvme_fabrics: unknown parameter or missing value 'in�M�j��p=so&��'�۽��켣Y��d�S����R~��ob�����1(�4�wp�' in ctrl creation request
[  144.020838][ T7825] nvme_fabrics: missing parameter 'transport=%s'
[  144.027314][ T7825] nvme_fabrics: missing parameter 'nqn=%s'
[  144.127747][  T979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  144.138701][  T979] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  144.149017][  T979] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  144.158286][  T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  144.167639][  T979] usb 2-1: SerialNumber: syz
[  144.195858][ T5874] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  144.358269][ T5874] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  144.366951][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  144.377247][ T5874] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  144.386673][ T5874] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.402057][ T5874] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  144.414122][   T43] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  144.421809][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  144.429964][ T5874] usb 4-1: Product: syz
[  144.434208][ T5874] usb 4-1: Manufacturer: syz
[  144.451919][ T5874] cdc_wdm 4-1:1.0: skipping garbage
[  144.465731][ T5874] cdc_wdm 4-1:1.0: skipping garbage
[  144.484856][ T5874] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device
[  144.492511][ T5874] cdc_wdm 4-1:1.0: Unknown control protocol
[  144.567174][  T979] usb 2-1: 0:2 : does not exist
[  144.575646][   T43] usb 1-1: device descriptor read/64, error -71
[  144.582939][  T979] usb 2-1: USB disconnect, device number 21
[  144.613715][ T7339] udevd[7339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  144.717859][ T5915] usb 3-1: USB disconnect, device number 28
[  144.785152][ T5874] usb 4-1: USB disconnect, device number 28
[  144.835469][   T43] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  144.894461][ T7845] loop8: detected capacity change from 0 to 7
[  144.903301][ T7845] Dev loop8: unable to read RDB block 7
[  144.909862][ T7845]  loop8: unable to read partition table
[  144.915741][ T7845] loop8: partition table beyond EOD, truncated
[  144.921914][ T7845] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  144.975481][   T43] usb 1-1: device descriptor read/64, error -71
[  145.095700][   T43] usb usb1-port1: attempt power cycle
[  145.275829][ T5874] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  145.445317][   T43] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  145.463511][ T5874] usb 3-1: config index 0 descriptor too short (expected 65183, got 72)
[  145.476129][   T43] usb 1-1: device descriptor read/8, error -71
[  145.484893][ T5874] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  145.504657][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.513637][ T5874] usb 3-1: Product: syz
[  145.518211][ T5874] usb 3-1: Manufacturer: syz
[  145.522831][ T5874] usb 3-1: SerialNumber: syz
[  145.610227][ T5874] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  145.643369][ T5915] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  145.735135][   T43] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  145.756952][   T43] usb 1-1: device descriptor read/8, error -71
[  145.786874][  T979] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  145.844433][ T7849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.853396][ T7869] netlink: 'syz.1.722': attribute type 27 has an invalid length.
[  145.870683][   T43] usb usb1-port1: unable to enumerate USB device
[  145.879652][ T7850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.879909][ T7849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.889716][ T7850] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.944881][  T979] usb 4-1: Using ep0 maxpacket: 32
[  145.957670][  T979] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  145.974910][  T979] usb 4-1: config 0 has no interface number 0
[  145.981836][  T979] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  145.993795][ T6083] usb 3-1: USB disconnect, device number 29
[  146.010913][  T979] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  146.036912][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.054855][  T979] usb 4-1: Product: syz
[  146.074341][  T979] usb 4-1: Manufacturer: syz
[  146.084452][  T979] usb 4-1: SerialNumber: syz
[  146.092714][ T7878] netlink: 104 bytes leftover after parsing attributes in process `syz.2.725'.
[  146.095656][  T979] usb 4-1: config 0 descriptor??
[  146.118666][  T979] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  146.145278][  T979] em28xx 4-1:0.132: Video interface 132 found:
[  146.230805][ T7882] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  146.293119][ T7888] input: syz0 as /devices/virtual/input/input19
[  146.385508][ T7890] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  146.394334][ T7890] VFS: Can't find a romfs filesystem on dev rnullb0.
[  146.394334][ T7890] 
[  146.408696][ T7893] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  146.412285][ T7892] vxfs: WRONG superblock magic 00000000 at 1
[  146.416022][ T7893] /dev/rnullb0: Can't open blockdev
[  146.421990][ T7892] vxfs: WRONG superblock magic 00000000 at 8
[  146.437657][ T7892] vxfs: can't find superblock.
[  146.496799][   T30] audit: type=1326 audit(7888457503.166:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.2.732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0
[  146.518391][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.523818][  T979] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  146.563064][ T7900] netlink: 'syz.2.732': attribute type 11 has an invalid length.
[  146.604323][  T979] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  146.613648][  T979] em28xx 4-1:0.132: board has no eeprom
[  146.675513][  T979] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  146.683413][  T979] em28xx 4-1:0.132: analog set to bulk mode.
[  146.693091][    T9] em28xx 4-1:0.132: Registering V4L2 extension
[  146.704967][ T5915] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  146.719918][ T7906] syzkaller1: entered promiscuous mode
[  146.721376][  T979] usb 4-1: USB disconnect, device number 29
[  146.727541][ T7906] syzkaller1: entered allmulticast mode
[  146.739991][ T5915] ath9k_htc: Failed to initialize the device
[  146.752404][  T979] em28xx 4-1:0.132: Disconnecting em28xx
[  146.761927][ T6083] usb 3-1: ath9k_htc: USB layer deinitialized
[  146.872762][    T9] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  146.887578][    T9] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  146.895229][    T9] em28xx 4-1:0.132: No AC97 audio processor
[  146.902299][    T9] usb 4-1: Decoder not found
[  146.907164][    T9] em28xx 4-1:0.132: failed to create media graph
[  146.913510][    T9] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  146.922347][    T9] em28xx 4-1:0.132: Remote control support is not available for this card.
[  146.931224][  T979] em28xx 4-1:0.132: Closing input extension
[  146.942294][  T979] em28xx 4-1:0.132: Freeing device
[  147.035362][   T43] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  147.168335][   T43] usb 2-1: device descriptor read/64, error -71
[  147.261557][ T7923] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  147.268044][ T7924] netlink: 'syz.0.740': attribute type 4 has an invalid length.
[  147.283271][ T7924] netlink: 'syz.0.740': attribute type 4 has an invalid length.
[  147.426161][   T43] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  147.474026][ T7931] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  147.575016][   T43] usb 2-1: device descriptor read/64, error -71
[  147.696833][   T43] usb usb2-port1: attempt power cycle
[  147.750509][ T7937] netlink: 'syz.2.747': attribute type 39 has an invalid length.
[  148.054430][   T43] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  148.091080][   T43] usb 2-1: device descriptor read/8, error -71
[  148.238261][ T7951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'.
[  148.312927][ T7955] /dev/rnullb0: Can't open blockdev
[  148.344275][ T6083] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  148.354568][   T43] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  148.392173][ T7958] netlink: 28 bytes leftover after parsing attributes in process `syz.2.756'.
[  148.401772][   T43] usb 2-1: device descriptor read/8, error -71
[  148.494692][ T6083] usb 1-1: Using ep0 maxpacket: 16
[  148.512034][ T6083] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  148.524299][   T43] usb usb2-port1: unable to enumerate USB device
[  148.527670][ T6083] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  148.542164][ T6083] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.553812][ T6083] usb 1-1: Product: syz
[  148.558489][ T6083] usb 1-1: Manufacturer: syz
[  148.563108][ T6083] usb 1-1: SerialNumber: syz
[  148.582571][ T6083] usb 1-1: config 0 descriptor??
[  148.597918][ T6083] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  148.607827][ T6083] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  148.761297][ T7976] /dev/rnullb0: Can't open blockdev
[  148.861886][ T7980] loop8: detected capacity change from 0 to 7
[  148.871447][ T7980] Dev loop8: unable to read RDB block 7
[  148.877293][ T7980]  loop8: unable to read partition table
[  148.883409][ T7980] loop8: partition table beyond EOD, truncated
[  148.893452][ T7980] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  149.279026][ T7995] FAULT_INJECTION: forcing a failure.
[  149.279026][ T7995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.296331][ T7995] CPU: 1 UID: 0 PID: 7995 Comm: syz.2.770 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  149.296357][ T7995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.296367][ T7995] Call Trace:
[  149.296374][ T7995]  <TASK>
[  149.296381][ T7995]  dump_stack_lvl+0x189/0x250
[  149.296412][ T7995]  ? __pfx____ratelimit+0x10/0x10
[  149.296433][ T7995]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.296450][ T7995]  ? __pfx__printk+0x10/0x10
[  149.296468][ T7995]  ? __might_fault+0xb0/0x130
[  149.296495][ T7995]  should_fail_ex+0x414/0x560
[  149.296526][ T7995]  _copy_from_user+0x2d/0xb0
[  149.296544][ T7995]  ___sys_sendmsg+0x158/0x2a0
[  149.296564][ T7995]  ? __pfx____sys_sendmsg+0x10/0x10
[  149.296616][ T7995]  ? __fget_files+0x2a/0x420
[  149.296636][ T7995]  ? __fget_files+0x3a0/0x420
[  149.296668][ T7995]  __sys_sendmmsg+0x227/0x430
[  149.296690][ T7995]  ? __pfx___sys_sendmmsg+0x10/0x10
[  149.296704][ T7995]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  149.296750][ T7995]  ? ksys_write+0x22a/0x250
[  149.296772][ T7995]  ? __pfx_ksys_write+0x10/0x10
[  149.296788][ T7995]  ? rcu_is_watching+0x15/0xb0
[  149.296811][ T7995]  __x64_sys_sendmmsg+0xa0/0xc0
[  149.296830][ T7995]  do_syscall_64+0xfa/0x3b0
[  149.296849][ T7995]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.296869][ T7995]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.296884][ T7995]  ? clear_bhb_loop+0x60/0xb0
[  149.296904][ T7995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.296920][ T7995] RIP: 0033:0x7f3aa478e929
[  149.296940][ T7995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.296954][ T7995] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  149.296972][ T7995] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929
[  149.296984][ T7995] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003
[  149.296995][ T7995] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000
[  149.297005][ T7995] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001
[  149.297016][ T7995] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8
[  149.297043][ T7995]  </TASK>
[  149.519221][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.589045][ T5915] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  149.717445][ T6083] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  149.767403][ T5915] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  149.777671][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.787212][ T5915] usb 4-1: Product: syz
[  149.791520][ T5915] usb 4-1: Manufacturer: syz
[  149.797626][ T5915] usb 4-1: SerialNumber: syz
[  149.812164][ T5915] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  149.829700][   T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  149.842715][ T6083] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  149.895915][ T6083] em28xx 1-1:0.0: board has no eeprom
[  149.977690][ T6083] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  149.985822][ T6083] em28xx 1-1:0.0: dvb set to bulk mode.
[  149.991447][  T979] em28xx 1-1:0.0: Binding DVB extension
[  150.052318][ T8001] netlink: 20 bytes leftover after parsing attributes in process `syz.1.772'.
[  150.082212][  T979] em28xx 1-1:0.0: Registering input extension
[  150.083691][ T8001] /dev/rnullb0: Can't open blockdev
[  150.314219][ T5915] usb 4-1: USB disconnect, device number 30
[  150.612227][ T5874] hid_parser_main: 6 callbacks suppressed
[  150.612248][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.640118][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.652497][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.667572][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.684075][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.696489][ T8009] syz.2.775: vmalloc error: size 33177600, failed to allocated page array size 64800, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  150.717996][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.725813][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  150.734450][ T8009] CPU: 1 UID: 0 PID: 8009 Comm: syz.2.775 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  150.734474][ T8009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.734486][ T8009] Call Trace:
[  150.734493][ T8009]  <TASK>
[  150.734500][ T8009]  dump_stack_lvl+0x189/0x250
[  150.734527][ T8009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.734546][ T8009]  ? __pfx__printk+0x10/0x10
[  150.734565][ T8009]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  150.734584][ T8009]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  150.734605][ T8009]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  150.734627][ T8009]  warn_alloc+0x214/0x310
[  150.734655][ T8009]  ? __pfx_warn_alloc+0x10/0x10
[  150.734682][ T8009]  ? __get_vm_area_node+0x28f/0x300
[  150.734701][ T8009]  ? vb2_vmalloc_alloc+0xef/0x340
[  150.734754][ T8009]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  150.734805][ T8009]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  150.734831][ T8009]  ? __kasan_kmalloc+0x93/0xb0
[  150.734854][ T8009]  vmalloc_user_noprof+0xad/0xf0
[  150.734874][ T8009]  ? vb2_vmalloc_alloc+0xef/0x340
[  150.734892][ T8009]  vb2_vmalloc_alloc+0xef/0x340
[  150.734909][ T8009]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  150.734932][ T8009]  __vb2_queue_alloc+0x9c2/0x15a0
[  150.734980][ T8009]  vb2_core_reqbufs+0xc31/0x1420
[  150.735019][ T8009]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  150.735048][ T8009]  ? __vb2_init_fileio+0x1e8/0xff0
[  150.735073][ T8009]  __vb2_init_fileio+0x318/0xff0
[  150.735094][ T8009]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.735116][ T8009]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  150.735147][ T8009]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  150.735176][ T8009]  vb2_core_poll+0x4c1/0x840
[  150.735203][ T8009]  vb2_fop_poll+0x168/0x380
[  150.735223][ T8009]  ? __fget_files+0x2a/0x420
[  150.735245][ T8009]  ? __pfx_vb2_fop_poll+0x10/0x10
[  150.735266][ T8009]  v4l2_poll+0x144/0x2c0
[  150.735285][ T8009]  ? __pfx_v4l2_poll+0x10/0x10
[  150.735305][ T8009]  do_sys_poll+0x8c9/0x1070
[  150.735333][ T8009]  ? do_sys_poll+0x3b1/0x1070
[  150.735362][ T8009]  ? __pfx_do_sys_poll+0x10/0x10
[  150.735388][ T8009]  ? futex_unqueue+0x22/0x240
[  150.735407][ T8009]  ? __pfx___pollwait+0x10/0x10
[  150.735431][ T8009]  ? __pfx_pollwake+0x10/0x10
[  150.735507][ T8009]  ? futex_wait+0x285/0x360
[  150.735532][ T8009]  ? __pfx_futex_wait+0x10/0x10
[  150.735589][ T8009]  ? __pfx_do_futex+0x10/0x10
[  150.735610][ T8009]  ? set_user_sigmask+0xc7/0x1b0
[  150.735627][ T8009]  ? __pfx_set_user_sigmask+0x10/0x10
[  150.735655][ T8009]  __se_sys_ppoll+0x1ff/0x260
[  150.735679][ T8009]  ? __pfx___se_sys_ppoll+0x10/0x10
[  150.735701][ T8009]  ? rcu_is_watching+0x15/0xb0
[  150.735723][ T8009]  ? do_syscall_64+0xbe/0x3b0
[  150.735742][ T8009]  ? __x64_sys_ppoll+0x20/0xc0
[  150.735765][ T8009]  do_syscall_64+0xfa/0x3b0
[  150.735785][ T8009]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.735805][ T8009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.735822][ T8009]  ? clear_bhb_loop+0x60/0xb0
[  150.735842][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.735858][ T8009] RIP: 0033:0x7f3aa478e929
[  150.735873][ T8009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.735887][ T8009] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  150.735905][ T8009] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929
[  150.735918][ T8009] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000200
[  150.735929][ T8009] RBP: 00007f3aa4810b39 R08: 0000000000000000 R09: 0000000000000000
[  150.735939][ T8009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  150.735950][ T8009] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8
[  150.735978][ T8009]  </TASK>
[  150.736145][ T8009] Mem-Info:
[  151.111631][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  151.119262][   T43] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  151.126798][   T43] ath9k_htc: Failed to initialize the device
[  151.132779][ T8009] active_anon:6624 inactive_anon:0 isolated_anon:0
[  151.132779][ T8009]  active_file:10905 inactive_file:48986 isolated_file:0
[  151.132779][ T8009]  unevictable:1862 dirty:47 writeback:0
[  151.132779][ T8009]  slab_reclaimable:11178 slab_unreclaimable:93828
[  151.132779][ T8009]  mapped:24878 shmem:1364 pagetables:1145
[  151.132779][ T8009]  sec_pagetables:0 bounce:0
[  151.132779][ T8009]  kernel_misc_reclaimable:0
[  151.132779][ T8009]  free:1317729 free_pcp:13024 free_cma:0
[  151.132888][ T8009] Node 0 active_anon:26496kB inactive_anon:0kB active_file:43620kB inactive_file:195748kB unevictable:5912kB isolated(anon):0kB isolated(file):0kB mapped:99512kB dirty:184kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11420kB pagetables:4440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  151.178641][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  151.178693][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0
[  151.184650][ T5915] usb 4-1: ath9k_htc: USB layer deinitialized
[  151.232414][   T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  151.242261][ T5874] hid-generic 00A0:0006:0003.0007: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  151.256561][ T8009] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  151.328461][ T8009] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  151.396356][ T8009] lowmem_reserve[]: 0 2496 2498 2498 2498
[  151.409414][ T8009] Node 0 DMA32 free:1364844kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22852kB inactive_anon:0kB active_file:43620kB inactive_file:194408kB unevictable:1712kB writepending:180kB present:3129332kB managed:2556912kB mlocked:176kB bounce:0kB free_pcp:43308kB local_pcp:22980kB free_cma:0kB
[  151.454737][   T24] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  151.463639][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.474158][ T8009] lowmem_reserve[]: 0 0 1 1 1
[  151.484287][ T8009] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1340kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  151.492655][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  151.537833][ T8009] lowmem_reserve[]: 0 0 0 0 0
[  151.541897][   T43] usb 1-1: USB disconnect, device number 34
[  151.556334][ T8009] Node 1 Normal free:3890712kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17744kB local_pcp:8672kB free_cma:0kB
[  151.597892][   T43] em28xx 1-1:0.0: Disconnecting em28xx
[  151.603919][   T43] em28xx 1-1:0.0: Closing input extension
[  151.607377][ T8022] netlink: 'syz.0.779': attribute type 27 has an invalid length.
[  151.616996][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.635711][ T8009] lowmem_reserve[]: 0 0 0 0 0
[  151.637560][   T24] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  151.641568][ T8009] Node 0 
[  151.655220][   T43] em28xx 1-1:0.0: Freeing device
[  151.671778][ T8009] DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  151.675541][   T24] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  151.699397][   T24] usb 2-1: Product: syz
[  151.708103][   T24] usb 2-1: Manufacturer: syz
[  151.711297][ T8009] Node 0 DMA32: 2*4kB (UM) 1*8kB (E) 335*16kB (UM) 296*32kB (UME) 232*64kB (UM) 15*128kB (UM) 8*256kB (ME) 7*512kB (UME) 8*1024kB (UM) 4*2048kB (ME) 320*4096kB (M) = 1364352kB
[  151.721977][   T24] cdc_wdm 2-1:1.0: skipping garbage
[  151.738534][ T8009] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  151.745163][   T24] cdc_wdm 2-1:1.0: skipping garbage
[  151.750944][ T8009] Node 1 Normal: 198*4kB (UM) 58*8kB (UME) 41*16kB (UME) 97*32kB (UME) 24*64kB (UME) 7*128kB (UM) 5*256kB (UME) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 946*4096kB (M) = 3890712kB
[  151.774084][  T979] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  151.775947][   T24] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  151.791496][   T24] cdc_wdm 2-1:1.0: Unknown control protocol
[  151.808289][ T8009] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  151.818591][ T8009] Node 0 hugepages_total=6 hugepages_free=3 hugepages_surp=4 hugepages_size=2048kB
[  151.828340][ T8009] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  151.838392][ T8009] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  151.848175][ T8009] 61283 total pagecache pages
[  151.853405][ T8009] 0 pages in swap cache
[  151.857780][ T8009] Free swap  = 124996kB
[  151.861931][ T8009] Total swap = 124996kB
[  151.872516][ T8009] 2097051 pages RAM
[  151.876394][ T8009] 0 pages HighMem/MovableOnly
[  151.881191][ T8009] 425845 pages reserved
[  151.885508][ T8009] 0 pages cma reserved
[  151.894389][ T8026] hpfs: Bad magic ... probably not HPFS
[  151.924666][  T979] usb 4-1: device descriptor read/64, error -71
[  152.011807][   T24] usb 2-1: USB disconnect, device number 26
[  152.071850][ T8030] netlink: 104 bytes leftover after parsing attributes in process `syz.2.783'.
[  152.172324][  T979] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  152.206929][ T8039] input: syz0 as /devices/virtual/input/input21
[  152.290527][ T8041] vxfs: WRONG superblock magic 00000000 at 1
[  152.307774][ T8041] vxfs: WRONG superblock magic 00000000 at 8
[  152.312278][  T979] usb 4-1: device descriptor read/64, error -71
[  152.314395][ T8041] vxfs: can't find superblock.
[  152.433171][  T979] usb usb4-port1: attempt power cycle
[  152.559462][ T8051] fuse: Unknown parameter ''
[  152.592249][    T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  152.702395][   T24] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  152.743749][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  152.753356][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.764206][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  152.773759][  T979] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  152.781799][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.797390][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  152.807410][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  152.815892][    T9] usb 1-1: Product: syz
[  152.820444][  T979] usb 4-1: device descriptor read/8, error -71
[  152.827173][    T9] usb 1-1: Manufacturer: syz
[  152.838439][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  152.843923][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  152.845797][ T8060] Mount JFS Failure: -22
[  152.856511][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  152.857542][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  152.864264][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[  152.894451][   T24] usb 3-1: config 0 has an invalid descriptor of length 76, skipping remainder of the config
[  152.907260][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  152.919622][   T24] usb 3-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=81.b0
[  152.931403][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.943900][   T24] usb 3-1: Product: syz
[  152.948102][   T24] usb 3-1: Manufacturer: syz
[  152.950343][ T8062] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  152.952744][   T24] usb 3-1: SerialNumber: syz
[  152.968688][   T24] usb 3-1: config 0 descriptor??
[  153.007824][   T30] audit: type=1326 audit(8224021285.689:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8063 comm="syz.1.798" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0
[  153.093950][  T979] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  153.109748][ T8065] netlink: 'syz.1.798': attribute type 11 has an invalid length.
[  153.113028][  T979] usb 4-1: device descriptor read/8, error -71
[  153.235450][  T979] usb usb4-port1: unable to enumerate USB device
[  153.251812][ T8066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.263574][ T8066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.297395][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE
[  153.304489][    C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  153.316121][    T9] usb 1-1: USB disconnect, device number 35
[  153.943785][ T8074] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  154.240621][ T8084] netlink: 'syz.1.804': attribute type 39 has an invalid length.
[  154.298666][ T8086] /dev/rnullb0: Can't open blockdev
[  154.421703][    T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  154.476136][ T8093] netlink: 'syz.1.807': attribute type 4 has an invalid length.
[  154.493323][ T8093] netlink: 'syz.1.807': attribute type 4 has an invalid length.
[  154.772222][  T979] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  154.921458][  T979] usb 4-1: Using ep0 maxpacket: 16
[  154.930630][  T979] usb 4-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2
[  154.943009][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.951020][  T979] usb 4-1: Product: syz
[  154.956758][  T979] usb 4-1: Manufacturer: syz
[  154.961466][  T979] usb 4-1: SerialNumber: syz
[  154.968540][  T979] usb 4-1: config 0 descriptor??
[  154.980964][  T979] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  155.002982][  T979] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  155.038647][ T5985] udevd[5985]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  155.182869][ T8092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.192802][ T8092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.206562][  T979] usb 4-1: USB disconnect, device number 35
[  155.394902][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.812'.
[  155.509447][   T24] usb 3-1: USB disconnect, device number 30
[  155.578646][ T8112] netlink: 28 bytes leftover after parsing attributes in process `syz.2.815'.
[  155.698413][ T8120] FAULT_INJECTION: forcing a failure.
[  155.698413][ T8120] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  155.714465][ T8120] CPU: 1 UID: 0 PID: 8120 Comm: syz.2.817 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  155.714490][ T8120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.714500][ T8120] Call Trace:
[  155.714507][ T8120]  <TASK>
[  155.714514][ T8120]  dump_stack_lvl+0x189/0x250
[  155.714538][ T8120]  ? __pfx____ratelimit+0x10/0x10
[  155.714560][ T8120]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.714579][ T8120]  ? __pfx__printk+0x10/0x10
[  155.714598][ T8120]  ? fs_reclaim_acquire+0x7d/0x100
[  155.714627][ T8120]  should_fail_ex+0x414/0x560
[  155.714657][ T8120]  prepare_alloc_pages+0x213/0x610
[  155.714686][ T8120]  __alloc_frozen_pages_noprof+0x123/0x370
[  155.714727][ T8120]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  155.714773][ T8120]  alloc_pages_mpol+0x232/0x4a0
[  155.714798][ T8120]  ___kmalloc_large_node+0x5f/0x1b0
[  155.714822][ T8120]  __kmalloc_large_node_noprof+0x18/0x90
[  155.714843][ T8120]  __kmalloc_noprof+0x36f/0x4f0
[  155.714860][ T8120]  ? sock_kmalloc+0xd6/0x160
[  155.714887][ T8120]  sock_kmalloc+0xd6/0x160
[  155.714907][ T8120]  ____sys_sendmsg+0x1b5/0x830
[  155.714930][ T8120]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.714956][ T8120]  ? import_iovec+0x74/0xa0
[  155.714977][ T8120]  ___sys_sendmsg+0x21f/0x2a0
[  155.714996][ T8120]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.715049][ T8120]  ? __fget_files+0x2a/0x420
[  155.715069][ T8120]  ? __fget_files+0x3a0/0x420
[  155.715101][ T8120]  __sys_sendmmsg+0x227/0x430
[  155.715124][ T8120]  ? __pfx___sys_sendmmsg+0x10/0x10
[  155.715138][ T8120]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  155.715186][ T8120]  ? ksys_write+0x22a/0x250
[  155.715207][ T8120]  ? __pfx_ksys_write+0x10/0x10
[  155.715224][ T8120]  ? rcu_is_watching+0x15/0xb0
[  155.715248][ T8120]  __x64_sys_sendmmsg+0xa0/0xc0
[  155.715267][ T8120]  do_syscall_64+0xfa/0x3b0
[  155.715286][ T8120]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.715305][ T8120]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.715321][ T8120]  ? clear_bhb_loop+0x60/0xb0
[  155.715341][ T8120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.715357][ T8120] RIP: 0033:0x7f3aa478e929
[  155.715372][ T8120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.715386][ T8120] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  155.715405][ T8120] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929
[  155.715418][ T8120] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003
[  155.715429][ T8120] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000
[  155.715439][ T8120] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001
[  155.715449][ T8120] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8
[  155.715477][ T8120]  </TASK>
[  155.720585][ T8118] sp0: Synchronizing with TNC
[  155.904855][ T8129] netlink: 'syz.3.821': attribute type 27 has an invalid length.
[  156.098458][ T8135] netlink: 104 bytes leftover after parsing attributes in process `syz.0.823'.
[  156.441917][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  156.520811][   T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  156.520811][  T979] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  156.591189][    T9] usb 2-1: Using ep0 maxpacket: 16
[  156.597942][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.608227][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  156.619512][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  156.629268][    T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  156.639117][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.653744][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  156.666534][    T9] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  156.676384][    T9] usb 2-1: Manufacturer: syz
[  156.676678][  T979] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  156.690120][  T979] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.701795][  T979] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  156.712586][  T979] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.714439][   T24] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  156.726429][  T979] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  156.743433][    T9] usb 2-1: config 0 descriptor??
[  156.748793][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.757909][   T24] usb 4-1: Product: syz
[  156.761343][  T979] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  156.762459][   T24] usb 4-1: Manufacturer: syz
[  156.774249][  T979] usb 1-1: Product: syz
[  156.779776][   T24] usb 4-1: SerialNumber: syz
[  156.780918][  T979] usb 1-1: Manufacturer: syz
[  156.792256][   T24] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  156.812034][   T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  156.827034][  T979] cdc_wdm 1-1:1.0: skipping garbage
[  156.839174][ T8152] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  156.845756][  T979] cdc_wdm 1-1:1.0: skipping garbage
[  156.877845][  T979] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  156.900983][  T979] cdc_wdm 1-1:1.0: Unknown control protocol
[  156.923419][   T30] audit: type=1326 audit(8224021289.611:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8153 comm="syz.2.831" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0
[  157.027372][ T8157] netlink: 'syz.2.831': attribute type 11 has an invalid length.
[  157.043833][    T9] rc_core: IR keymap rc-hauppauge not found
[  157.049769][    T9] Registered IR keymap rc-empty
[  157.068892][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.080142][  T979] usb 4-1: USB disconnect, device number 36
[  157.121661][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.125897][   T24] usb 1-1: USB disconnect, device number 37
[  157.137277][ T8163] netlink: 20 bytes leftover after parsing attributes in process `syz.3.833'.
[  157.162947][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  157.184748][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input22
[  157.220321][ T8165] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  157.229343][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.260493][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.273880][ T8168] netlink: 'syz.3.835': attribute type 39 has an invalid length.
[  157.280302][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.301182][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.320420][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.340294][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.360305][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.380237][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.400229][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.420216][    T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  157.442720][    T9] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  157.452649][    T9] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  157.468035][    T9] usb 2-1: USB disconnect, device number 27
[  157.641310][ T8173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.801926][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  157.894031][   T43] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  157.907589][   T43] ath9k_htc: Failed to initialize the device
[  157.919970][  T979] usb 4-1: ath9k_htc: USB layer deinitialized
[  157.927583][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.841'.
[  157.961591][    T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  157.980088][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.011600][    T9] usb 2-1: config 0 descriptor??
[  158.034716][    T9] gspca_main: spca508-2.14.0 probing 8086:0110
[  158.234314][    T9] gspca_spca508: reg_read err -32
[  158.256894][    T9] gspca_spca508: reg_read err -32
[  158.272722][    T9] gspca_spca508: reg_read err -32
[  158.296942][ T8188] netlink: 28 bytes leftover after parsing attributes in process `syz.0.844'.
[  158.571700][   T43] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  158.580529][    T9] gspca_spca508: reg write: error -71
[  158.595431][    T9] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[  158.625729][    T9] usb 2-1: USB disconnect, device number 28
[  158.729612][   T43] usb 4-1: Using ep0 maxpacket: 32
[  158.745384][   T43] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  158.763180][   T43] usb 4-1: config 0 has no interface number 0
[  158.771589][   T43] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  158.786841][   T43] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  158.798587][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.809631][   T43] usb 4-1: Product: syz
[  158.813826][   T43] usb 4-1: Manufacturer: syz
[  158.819003][   T43] usb 4-1: SerialNumber: syz
[  158.831062][   T43] usb 4-1: config 0 descriptor??
[  158.844011][   T43] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  158.855507][   T43] em28xx 4-1:0.132: Video interface 132 found:
[  158.864719][ T8199] FAULT_INJECTION: forcing a failure.
[  158.864719][ T8199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.884043][ T8199] CPU: 0 UID: 0 PID: 8199 Comm: syz.2.848 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  158.884068][ T8199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.884079][ T8199] Call Trace:
[  158.884085][ T8199]  <TASK>
[  158.884092][ T8199]  dump_stack_lvl+0x189/0x250
[  158.884116][ T8199]  ? __pfx____ratelimit+0x10/0x10
[  158.884138][ T8199]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.884155][ T8199]  ? __pfx__printk+0x10/0x10
[  158.884172][ T8199]  ? __might_fault+0xb0/0x130
[  158.884201][ T8199]  should_fail_ex+0x414/0x560
[  158.884232][ T8199]  _copy_from_user+0x2d/0xb0
[  158.884246][ T8199]  ____sys_sendmsg+0x2fe/0x830
[  158.884259][ T8199]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.884273][ T8199]  ? import_iovec+0x74/0xa0
[  158.884284][ T8199]  ___sys_sendmsg+0x21f/0x2a0
[  158.884294][ T8199]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.884343][ T8199]  ? __fget_files+0x2a/0x420
[  158.884365][ T8199]  ? __fget_files+0x3a0/0x420
[  158.884394][ T8199]  __sys_sendmmsg+0x227/0x430
[  158.884412][ T8199]  ? __pfx___sys_sendmmsg+0x10/0x10
[  158.884419][ T8199]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  158.884446][ T8199]  ? ksys_write+0x22a/0x250
[  158.884465][ T8199]  ? __pfx_ksys_write+0x10/0x10
[  158.884481][ T8199]  ? rcu_is_watching+0x15/0xb0
[  158.884504][ T8199]  __x64_sys_sendmmsg+0xa0/0xc0
[  158.884523][ T8199]  do_syscall_64+0xfa/0x3b0
[  158.884542][ T8199]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.884554][ T8199]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.884563][ T8199]  ? clear_bhb_loop+0x60/0xb0
[  158.884575][ T8199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.884584][ T8199] RIP: 0033:0x7f3aa478e929
[  158.884593][ T8199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.884603][ T8199] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  158.884621][ T8199] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929
[  158.884633][ T8199] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003
[  158.884644][ T8199] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000
[  158.884654][ T8199] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001
[  158.884664][ T8199] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8
[  158.884692][ T8199]  </TASK>
[  159.213816][ T8206] netlink: 'syz.0.850': attribute type 27 has an invalid length.
[  159.325015][ T8213] netlink: 16 bytes leftover after parsing attributes in process `syz.0.853'.
[  159.349250][   T43] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  159.430941][   T43] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  159.454650][   T43] em28xx 4-1:0.132: board has no eeprom
[  159.499203][   T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  159.520140][   T43] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  159.535040][   T43] em28xx 4-1:0.132: analog set to bulk mode.
[  159.541194][ T5874] em28xx 4-1:0.132: Registering V4L2 extension
[  159.547641][ T8221] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  159.559378][   T43] usb 4-1: USB disconnect, device number 37
[  159.580769][   T43] em28xx 4-1:0.132: Disconnecting em28xx
[  159.659631][   T24] usb 3-1: Using ep0 maxpacket: 32
[  159.667176][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.678218][ T8225] qnx4: no qnx4 filesystem (no root dir).
[  159.691983][   T24] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13
[  159.702654][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.710839][   T24] usb 3-1: Product: syz
[  159.718066][   T24] usb 3-1: Manufacturer: syz
[  159.722831][   T24] usb 3-1: SerialNumber: syz
[  159.731239][   T24] usb 3-1: config 0 descriptor??
[  159.744200][   T24] rndis_host 3-1:0.0: skipping garbage
[  159.750223][   T24] usb 3-1: bad CDC descriptors
[  159.787110][ T5874] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  159.794863][ T5874] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  159.803662][ T5874] em28xx 4-1:0.132: No AC97 audio processor
[  159.811897][ T5874] usb 4-1: Decoder not found
[  159.816508][ T5874] em28xx 4-1:0.132: failed to create media graph
[  159.823556][ T5874] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  159.840117][ T5874] em28xx 4-1:0.132: Remote control support is not available for this card.
[  159.854673][   T43] em28xx 4-1:0.132: Closing input extension
[  159.866375][   T43] em28xx 4-1:0.132: Freeing device
[  159.915515][ T8232] netlink: 'syz.1.860': attribute type 27 has an invalid length.
[  159.939959][    T9] usb 3-1: USB disconnect, device number 31
[  160.113156][ T8240] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  160.127670][ T8241] netlink: 'syz.1.865': attribute type 39 has an invalid length.
[  160.158843][ T5874] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  160.319510][ T5874] usb 1-1: Using ep0 maxpacket: 16
[  160.331821][ T5874] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  160.340393][ T5874] usb 1-1: config 1 has no interface number 0
[  160.346494][ T5874] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  160.357538][ T5874] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  160.369099][ T5874] usb 1-1: config 1 interface 105 has no altsetting 0
[  160.378175][ T5874] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  160.387311][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.395400][ T5874] usb 1-1: Product: syz
[  160.401249][ T5874] usb 1-1: Manufacturer: syz
[  160.405830][ T5874] usb 1-1: SerialNumber: syz
[  160.413182][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  160.422295][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  160.542965][ T6083] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  160.636175][   T30] audit: type=1326 audit(8224021293.323:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8260 comm="syz.2.873" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0
[  160.710390][ T6083] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  160.719141][ T6083] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  160.729565][ T6083] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  160.738957][ T6083] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.750947][ T8262] netlink: 'syz.2.873': attribute type 11 has an invalid length.
[  160.760868][ T6083] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  160.770857][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  160.778919][ T6083] usb 2-1: Product: syz
[  160.783071][ T6083] usb 2-1: Manufacturer: syz
[  160.792821][ T6083] cdc_wdm 2-1:1.0: skipping garbage
[  160.798036][ T6083] cdc_wdm 2-1:1.0: skipping garbage
[  160.809771][ T6083] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  160.815683][ T6083] cdc_wdm 2-1:1.0: Unknown control protocol
[  160.861976][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  160.871177][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  161.059620][ T6083] usb 2-1: USB disconnect, device number 29
[  161.448650][ T8273] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'.
[  161.482582][ T8231] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  161.522167][ T5874] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  161.551659][ T5874] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  161.593674][ T5874] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  161.629626][ T5874] usb 1-1: USB disconnect, device number 38
[  161.637653][ T5874] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  161.755521][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  161.765307][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  161.776448][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  161.854186][ T8286] vxfs: WRONG superblock magic 00000000 at 1
[  161.860823][ T8286] vxfs: WRONG superblock magic 00000000 at 8
[  161.866849][ T8286] vxfs: can't find superblock.
[  161.947295][ T8290] netlink: 'syz.1.885': attribute type 27 has an invalid length.
[  162.122376][ T8297] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  162.426275][ T8315] binder: 8314:8315 ioctl c0603d0f 200000000100 returned -22
[  162.626055][ T8316] Process accounting resumed
[  162.632255][ T8323] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  162.640424][ T5874] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  162.827554][ T5874] usb 2-1: Using ep0 maxpacket: 32
[  162.838820][ T5874] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  162.847019][ T5874] usb 2-1: config 0 has no interface number 0
[  162.864710][ T5874] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  162.879665][ T5874] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  162.888964][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.896973][ T5874] usb 2-1: Product: syz
[  162.901311][ T5874] usb 2-1: Manufacturer: syz
[  162.905912][ T5874] usb 2-1: SerialNumber: syz
[  162.914161][ T5874] usb 2-1: config 0 descriptor??
[  162.924233][ T5874] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  162.937888][ T5874] em28xx 2-1:0.132: Video interface 132 found:
[  163.077377][   T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  163.077431][    T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  163.167613][ T8340] MTD: Attempt to mount non-MTD device "/dev/nbd3"
[  163.174758][ T8340] syz.3.902: attempt to access beyond end of device
[  163.174758][ T8340] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  163.249319][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.259763][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  163.269052][   T24] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  163.270112][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  163.278800][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.297270][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  163.306104][   T24] usb 3-1: config 0 descriptor??
[  163.312450][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  163.322914][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.338756][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  163.349668][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  163.358475][    T9] usb 1-1: Product: syz
[  163.362650][    T9] usb 1-1: Manufacturer: syz
[  163.374862][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  163.381853][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  163.390794][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  163.396717][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[  163.583629][ T8337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.594143][ T8337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.788686][   T24] Bluetooth: Can't get version to change to load ram patch err
[  163.796332][   T24] Bluetooth: Loading patch file failed
[  163.811575][   T24] ath3k 3-1:0.0: probe with driver ath3k failed with error -71
[  163.822955][   T24] usb 3-1: USB disconnect, device number 32
[  163.886751][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE
[  163.894659][    C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  163.909045][   T43] usb 1-1: USB disconnect, device number 39
[  164.208683][ T5874] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[  164.279833][ T5874] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  164.288684][ T5874] em28xx 2-1:0.132: board has no eeprom
[  164.347053][ T5874] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  164.361624][ T5874] em28xx 2-1:0.132: analog set to bulk mode.
[  164.386737][   T43] em28xx 2-1:0.132: Registering V4L2 extension
[  164.467935][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  164.487025][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  164.507285][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  164.518843][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  164.551940][ T8350] Mount JFS Failure: -22
[  164.610661][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  164.635296][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  164.646372][ T8353] netlink: 20 bytes leftover after parsing attributes in process `syz.2.907'.
[  164.655666][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  164.656006][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  164.680343][ T8355] loop8: detected capacity change from 0 to 7
[  164.713339][ T8355] Dev loop8: unable to read RDB block 7
[  164.716104][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  164.719754][ T8355]  loop8: unable to read partition table
[  164.748879][ T8355] loop8: partition table beyond EOD, truncated
[  164.756021][ T8355] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  164.779264][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  164.802568][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  164.827760][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[  164.862707][   T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[  164.887101][   T43] em28xx 2-1:0.132: Config register raw data: 0xfffffffb
[  164.920973][   T43] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[  164.934661][   T43] em28xx 2-1:0.132: No AC97 audio processor
[  164.963128][   T43] usb 2-1: Decoder not found
[  164.967973][   T43] em28xx 2-1:0.132: failed to create media graph
[  164.978721][   T43] em28xx 2-1:0.132: V4L2 device video103 deregistered
[  164.995656][   T43] em28xx 2-1:0.132: Remote control support is not available for this card.
[  165.091276][ T8362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.236788][   T43] usb 2-1: USB disconnect, device number 30
[  165.243451][   T43] em28xx 2-1:0.132: Disconnecting em28xx
[  165.265815][   T43] em28xx 2-1:0.132: Closing input extension
[  165.280052][   T43] em28xx 2-1:0.132: Freeing device
[  165.643318][ T8379] FAULT_INJECTION: forcing a failure.
[  165.643318][ T8379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.657749][ T8379] CPU: 0 UID: 0 PID: 8379 Comm: syz.2.916 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  165.657774][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.657784][ T8379] Call Trace:
[  165.657792][ T8379]  <TASK>
[  165.657800][ T8379]  dump_stack_lvl+0x189/0x250
[  165.657823][ T8379]  ? __pfx____ratelimit+0x10/0x10
[  165.657844][ T8379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.657862][ T8379]  ? __pfx__printk+0x10/0x10
[  165.657881][ T8379]  ? __might_fault+0xb0/0x130
[  165.657912][ T8379]  should_fail_ex+0x414/0x560
[  165.657942][ T8379]  _copy_from_user+0x2d/0xb0
[  165.657960][ T8379]  kstrtouint_from_user+0xc4/0x170
[  165.657985][ T8379]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  165.658033][ T8379]  proc_fail_nth_write+0x88/0x240
[  165.658050][ T8379]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  165.658072][ T8379]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  165.658090][ T8379]  vfs_write+0x27e/0xa90
[  165.658120][ T8379]  ? __pfx_vfs_write+0x10/0x10
[  165.658141][ T8379]  ? __fget_files+0x2a/0x420
[  165.658168][ T8379]  ? __fget_files+0x3a0/0x420
[  165.658187][ T8379]  ? __fget_files+0x2a/0x420
[  165.658218][ T8379]  ksys_write+0x145/0x250
[  165.658241][ T8379]  ? __pfx_ksys_write+0x10/0x10
[  165.658256][ T8379]  ? rcu_is_watching+0x15/0xb0
[  165.658279][ T8379]  ? do_syscall_64+0xbe/0x3b0
[  165.658305][ T8379]  do_syscall_64+0xfa/0x3b0
[  165.658324][ T8379]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.658344][ T8379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.658360][ T8379]  ? clear_bhb_loop+0x60/0xb0
[  165.658381][ T8379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.658397][ T8379] RIP: 0033:0x7f3aa478d3df
[  165.658413][ T8379] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  165.658427][ T8379] RSP: 002b:00007f3aa5672030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  165.658446][ T8379] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3aa478d3df
[  165.658458][ T8379] RDX: 0000000000000001 RSI: 00007f3aa56720a0 RDI: 0000000000000004
[  165.658469][ T8379] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000
[  165.658479][ T8379] R10: 0000000024004851 R11: 0000000000000293 R12: 0000000000000001
[  165.658490][ T8379] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8
[  165.658519][ T8379]  </TASK>
[  165.896223][    C0] ==================================================================
[  165.904293][    C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0
[  165.911915][    C0] Write of size 8 at addr ffff8880772c8a00 by task swapper/0/0
[  165.919443][    C0] 
[  165.921771][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  165.921783][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.921790][    C0] Call Trace:
[  165.921797][    C0]  <IRQ>
[  165.921802][    C0]  dump_stack_lvl+0x189/0x250
[  165.921816][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  165.921827][    C0]  ? rcu_is_watching+0x15/0xb0
[  165.921836][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.921845][    C0]  ? rcu_is_watching+0x15/0xb0
[  165.921853][    C0]  ? lock_release+0x4b/0x3e0
[  165.921866][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  165.921876][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  165.921885][    C0]  print_report+0xd2/0x2b0
[  165.921897][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  165.921906][    C0]  kasan_report+0x118/0x150
[  165.921917][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  165.921928][    C0]  kasan_check_range+0x2b0/0x2c0
[  165.921938][    C0]  flush_tlb_func+0x23d/0x6c0
[  165.921949][    C0]  ? sched_clock+0x3f/0x60
[  165.921963][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  165.921988][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  165.922007][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[  165.922025][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  165.922046][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[  165.922068][    C0]  sysvec_call_function_single+0x4f/0xc0
[  165.922080][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  165.922090][    C0] RIP: 0010:handle_softirqs+0x1b0/0x870
[  165.922101][    C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e <b8> ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c
[  165.922109][    C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286
[  165.922118][    C0] RAX: 61924b6c72559400 RBX: 0000000000000382 RCX: 61924b6c72559400
[  165.922125][    C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100
[  165.922132][    C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  165.922138][    C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a
[  165.922144][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0
[  165.922155][    C0]  ? lapic_next_event+0x11/0x20
[  165.922163][    C0]  ? clockevents_program_event+0x24d/0x360
[  165.922175][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  165.922183][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  165.922192][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  165.922204][    C0]  __irq_exit_rcu+0xca/0x1f0
[  165.922211][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  165.922222][    C0]  irq_exit_rcu+0x9/0x30
[  165.922230][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  165.922245][    C0]  </IRQ>
[  165.922248][    C0]  <TASK>
[  165.922252][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  165.922261][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  165.922271][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  165.922278][    C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6
[  165.922286][    C0] RAX: 61924b6c72559400 RBX: ffffffff81971188 RCX: 61924b6c72559400
[  165.922292][    C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100
[  165.922298][    C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3
[  165.922305][    C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30
[  165.922311][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50
[  165.922317][    C0]  ? do_idle+0x1e8/0x510
[  165.922328][    C0]  default_idle+0x13/0x20
[  165.922339][    C0]  default_idle_call+0x74/0xb0
[  165.922350][    C0]  do_idle+0x1e8/0x510
[  165.922359][    C0]  ? __pfx_do_idle+0x10/0x10
[  165.922370][    C0]  cpu_startup_entry+0x44/0x60
[  165.922378][    C0]  rest_init+0x2de/0x300
[  165.922386][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  165.922397][    C0]  start_kernel+0x47d/0x500
[  165.922410][    C0]  x86_64_start_reservations+0x24/0x30
[  165.922420][    C0]  x86_64_start_kernel+0x143/0x1c0
[  165.922428][    C0]  common_startup_64+0x13e/0x147
[  165.922442][    C0]  </TASK>
[  165.922446][    C0] 
[  166.320925][    C0] Allocated by task 5845:
[  166.325231][    C0]  kasan_save_track+0x3e/0x80
[  166.329893][    C0]  __kasan_slab_alloc+0x6c/0x80
[  166.334723][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  166.340162][    C0]  copy_mm+0xdb/0x4b0
[  166.344131][    C0]  copy_process+0x1706/0x3c00
[  166.348786][    C0]  kernel_clone+0x21e/0x870
[  166.353277][    C0]  __x64_sys_clone+0x18b/0x1e0
[  166.358041][    C0]  do_syscall_64+0xfa/0x3b0
[  166.362549][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.368441][    C0] 
[  166.370755][    C0] Freed by task 8378:
[  166.374716][    C0]  kasan_save_track+0x3e/0x80
[  166.379382][    C0]  kasan_save_free_info+0x46/0x50
[  166.384395][    C0]  __kasan_slab_free+0x62/0x70
[  166.389145][    C0]  kmem_cache_free+0x18f/0x400
[  166.394239][    C0]  exit_mm+0x1da/0x2c0
[  166.398317][    C0]  do_exit+0x648/0x2300
[  166.402463][    C0]  do_group_exit+0x21c/0x2d0
[  166.407041][    C0]  get_signal+0x1286/0x1340
[  166.411534][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  166.417066][    C0]  exit_to_user_mode_loop+0x75/0x110
[  166.422340][    C0]  do_syscall_64+0x2bd/0x3b0
[  166.426916][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.432805][    C0] 
[  166.435109][    C0] The buggy address belongs to the object at ffff8880772c8000
[  166.435109][    C0]  which belongs to the cache mm_struct of size 2584
[  166.449062][    C0] The buggy address is located 2560 bytes inside of
[  166.449062][    C0]  freed 2584-byte region [ffff8880772c8000, ffff8880772c8a18)
[  166.463034][    C0] 
[  166.465351][    C0] The buggy address belongs to the physical page:
[  166.471737][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x772c8
[  166.480476][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  166.488965][    C0] memcg:ffff88805a00dc01
[  166.493180][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  166.500708][    C0] page_type: f5(slab)
[  166.504673][    C0] raw: 00fff00000000040 ffff88801a84bb40 ffffea000083d200 dead000000000002
[  166.513236][    C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805a00dc01
[  166.521800][    C0] head: 00fff00000000040 ffff88801a84bb40 ffffea000083d200 dead000000000002
[  166.530447][    C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805a00dc01
[  166.539101][    C0] head: 00fff00000000003 ffffea0001dcb201 00000000ffffffff 00000000ffffffff
[  166.547757][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  166.556405][    C0] page dumped because: kasan: bad access detected
[  166.562806][    C0] page_owner tracks the page as allocated
[  166.568498][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5567, tgid 5567 (dhcpcd-run-hook), ts 46979264357, free_ts 46964107218
[  166.590100][    C0]  post_alloc_hook+0x240/0x2a0
[  166.594854][    C0]  get_page_from_freelist+0x21e4/0x22c0
[  166.600408][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  166.606210][    C0]  alloc_pages_mpol+0x232/0x4a0
[  166.611061][    C0]  allocate_slab+0x8a/0x370
[  166.615566][    C0]  ___slab_alloc+0xbeb/0x1410
[  166.620231][    C0]  kmem_cache_alloc_noprof+0x283/0x3c0
[  166.625672][    C0]  copy_mm+0xdb/0x4b0
[  166.629638][    C0]  copy_process+0x1706/0x3c00
[  166.634295][    C0]  kernel_clone+0x21e/0x870
[  166.638788][    C0]  __x64_sys_clone+0x18b/0x1e0
[  166.643552][    C0]  do_syscall_64+0xfa/0x3b0
[  166.648041][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.653927][    C0] page last free pid 5570 tgid 5570 stack trace:
[  166.660258][    C0]  __free_frozen_pages+0xb80/0xd80
[  166.665372][    C0]  __put_partials+0x156/0x1a0
[  166.670042][    C0]  put_cpu_partial+0x17c/0x250
[  166.674793][    C0]  __slab_free+0x2d5/0x3c0
[  166.679195][    C0]  qlist_free_all+0x97/0x140
[  166.683769][    C0]  kasan_quarantine_reduce+0x148/0x160
[  166.689215][    C0]  __kasan_slab_alloc+0x22/0x80
[  166.694059][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  166.699505][    C0]  getname_flags+0xb8/0x540
[  166.704081][    C0]  vfs_fstatat+0x43/0x170
[  166.708392][    C0]  __x64_sys_newfstatat+0x116/0x190
[  166.713571][    C0]  do_syscall_64+0xfa/0x3b0
[  166.718059][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.723934][    C0] 
[  166.726238][    C0] Memory state around the buggy address:
[  166.731851][    C0]  ffff8880772c8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.739902][    C0]  ffff8880772c8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.747980][    C0] >ffff8880772c8a00: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  166.756021][    C0]                    ^
[  166.760072][    C0]  ffff8880772c8a80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  166.768114][    C0]  ffff8880772c8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.776156][    C0] ==================================================================
[  166.784220][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  166.791407][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  166.802496][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.812544][    C0] Call Trace:
[  166.815809][    C0]  <IRQ>
[  166.818642][    C0]  dump_stack_lvl+0x99/0x250
[  166.823220][    C0]  ? __asan_memcpy+0x40/0x70
[  166.827834][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.833019][    C0]  ? __pfx__printk+0x10/0x10
[  166.837606][    C0]  panic+0x2db/0x790
[  166.841486][    C0]  ? __pfx_panic+0x10/0x10
[  166.845932][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  166.851935][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  166.858272][    C0]  ? print_memory_metadata+0x314/0x400
[  166.863837][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  166.868694][    C0]  check_panic_on_warn+0x89/0xb0
[  166.873641][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  166.878499][    C0]  end_report+0x78/0x160
[  166.882741][    C0]  kasan_report+0x129/0x150
[  166.887324][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  166.892179][    C0]  kasan_check_range+0x2b0/0x2c0
[  166.897119][    C0]  flush_tlb_func+0x23d/0x6c0
[  166.901820][    C0]  ? sched_clock+0x3f/0x60
[  166.906298][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  166.911522][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  166.916707][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[  166.922852][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  166.928051][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[  166.933962][    C0]  sysvec_call_function_single+0x4f/0xc0
[  166.939601][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  166.945575][    C0] RIP: 0010:handle_softirqs+0x1b0/0x870
[  166.951105][    C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e <b8> ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c
[  166.970695][    C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286
[  166.976746][    C0] RAX: 61924b6c72559400 RBX: 0000000000000382 RCX: 61924b6c72559400
[  166.984701][    C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100
[  166.992655][    C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  167.000607][    C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a
[  167.008567][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0
[  167.016534][    C0]  ? lapic_next_event+0x11/0x20
[  167.021371][    C0]  ? clockevents_program_event+0x24d/0x360
[  167.027169][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  167.031937][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  167.037220][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  167.042403][    C0]  __irq_exit_rcu+0xca/0x1f0
[  167.046973][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  167.052153][    C0]  irq_exit_rcu+0x9/0x30
[  167.056376][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  167.061997][    C0]  </IRQ>
[  167.064911][    C0]  <TASK>
[  167.067828][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  167.073791][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  167.079494][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  167.099081][    C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6
[  167.105131][    C0] RAX: 61924b6c72559400 RBX: ffffffff81971188 RCX: 61924b6c72559400
[  167.113084][    C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100
[  167.121042][    C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3
[  167.129001][    C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30
[  167.136958][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50
[  167.144923][    C0]  ? do_idle+0x1e8/0x510
[  167.149158][    C0]  default_idle+0x13/0x20
[  167.153560][    C0]  default_idle_call+0x74/0xb0
[  167.158771][    C0]  do_idle+0x1e8/0x510
[  167.162842][    C0]  ? __pfx_do_idle+0x10/0x10
[  167.167438][    C0]  cpu_startup_entry+0x44/0x60
[  167.172202][    C0]  rest_init+0x2de/0x300
[  167.176432][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  167.182086][    C0]  start_kernel+0x47d/0x500
[  167.186601][    C0]  x86_64_start_reservations+0x24/0x30
[  167.192061][    C0]  x86_64_start_kernel+0x143/0x1c0
[  167.197164][    C0]  common_startup_64+0x13e/0x147
[  167.202284][    C0]  </TASK>
[  167.205531][    C0] Kernel Offset: disabled
[  167.209847][    C0] Rebooting in 86400 seconds..