last executing test programs:

7m54.524138746s ago: executing program 1 (id=1307):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x800, 0x10, 0x3}, 0x18)
mkdirat(r0, &(0x7f0000000080)='./file0\x00', 0x1a)
keyctl$clear(0x7, 0xfffffffffffffffc)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0, {0x7fff}}, './file0\x00'})
r3 = dup3(r2, r1, 0x80000)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'syz_tun\x00', 0x2000})
recvfrom(r2, &(0x7f0000000180)=""/44, 0x2c, 0x40000000, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x1, 0x1, 0x4, 0x3, {0xa, 0x4e20, 0x7fff, @local, 0x6}}}, 0x80)
setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000000240)=0xd949, 0x4)
r4 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000340)={0x0, &(0x7f00000002c0)=[@uexit={0x0, 0x18, 0x80}, @uexit={0x0, 0x18, 0x2960d2d3}, @cpuid={0x14, 0x18, {0x7}}, @cpuid={0x14, 0x18, {0x80000001}}, @uexit={0x0, 0x18, 0x6}], 0x78})
copy_file_range(r3, &(0x7f0000000280)=0x7, r4, 0x0, 0x0, 0x0)
setsockopt$packet_int(r3, 0x107, 0x9, &(0x7f0000000380)=0x2, 0x4)
close_range(r1, r2, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f0000000600)={0x3, 0x2})
write$cgroup_subtree(r2, &(0x7f0000000640)={[{0x2d, 'hugetlb'}, {0x2d, 'freezer'}, {0x2b, 'net_cls'}, {0x6, 'rdma'}, {0x2b, 'rdma'}, {0x2d, 'freezer'}]}, 0x30)
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000680)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
getdents64(r3, &(0x7f00000006c0)=""/51, 0x33)
r5 = add_key(&(0x7f0000000700)='rxrpc\x00', &(0x7f0000000740)={'syz', 0x0}, &(0x7f0000000780)="d62e03bff2e9d1c0aa459b94a9b62aaaece26c5a1f95ef04f579fbff0a4aec36bfb836cf613c18792f5eecff905e55fe66620a0930db2bf3efef51873d45197ca3462d3faf44119516e1358ac32c36d28df18a5458188f5650b09fcb3de072c1962b75e6d9e05888b34e57aa72c3a3d370545f5f793c3e824b9fd8", 0x7b, 0x0)
keyctl$clear(0x7, r5)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0)
futimesat(r0, &(0x7f0000000840)='./file0\x00', &(0x7f0000000880))
statx(r2, &(0x7f00000008c0)='./file0\x00', 0x6000, 0x800, &(0x7f0000000900))
setsockopt$netrom_NETROM_T2(r3, 0x103, 0x2, &(0x7f0000000a00)=0xfffffffb, 0x4)
syz_create_resource$binfmt(&(0x7f0000000a40)='./file0/file0\x00')
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f0000000ac0)={0x3, 0x0, &(0x7f0000000a80)=[0x0, 0x0, 0x0]})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000b00)=@overlay={0x51ee, 0x0, 0x4, 0x70000, 0x10000, {0x77359400}, {0x1, 0x8, 0x4, 0xfc, 0x7, 0x1, "17147785"}, 0x1, 0x3, {}, 0x0, 0x0, r3})
keyctl$search(0xa, r5, &(0x7f0000000b80)='id_legacy\x00', &(0x7f0000000bc0)={'syz', 0x3}, r5)
syz_emit_vhci(&(0x7f0000000c00)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x51, 0xa}, {0x3ff, 0x3, 0x8, 0x3, 0x1}}}}, 0x17)

7m54.400229149s ago: executing program 1 (id=1308):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
pipe2(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r3, &(0x7f0000000300)={&(0x7f0000000400)=@in={0x2, 0x4e21, @local}, 0xfffffffffffffe7b, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1}, 0x4000804)
r4 = dup(r3)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0x0, 0x8}, 0xc)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x84000)
tee(r1, r5, 0x8, 0x0)
tee(r1, r5, 0x60000000000, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x9})
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f00000009c0)={0x84, &(0x7f00000004c0)={0x40, 0xb, 0x14, "1b2ffa1a557bd7672b2d4a97c258f10c497c138c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_GET_SYSNAME(r5, 0x8040552c, &(0x7f0000000140))
syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r8, 0x40096100, &(0x7f0000000080))
close_range(r7, 0xffffffffffffffff, 0x0)

7m52.82030501s ago: executing program 1 (id=1323):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000000)={[{@name={'name', 0x3d, 'noprefix'}}]})
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000340)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000300080c10000000000000000000", 0x58}], 0x1)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/comedi4\x00', 0x48502, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text32={0x20, &(0x7f0000000340)="66b86e000f00d8c4e3610c73e3fbc4c1a9e05cc2008fc9b8913fc4c3114a85d0000000003e0f0667660181ac55b86b0000000f23d00f21f835200000000f23f84489c135143135000000", 0x4a}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000002000300000014000200fe8000000000000000000000000000002900070000000000656d5f753a6f626a6563745f723a69707461626c65735f636f6e665f743a7330000000001400060076657468305f746f5f6272696467650008000500ac1414aa080004"], 0x78}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x200000, 0x0)

7m51.808381671s ago: executing program 1 (id=1329):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x482041) (async)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x482041)
close(0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x108)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000440)='./file0\x00')
setreuid(0xee01, 0xee01)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) (async)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
mount(&(0x7f00000000c0)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='jfs\x00', 0x10650a4, 0x0) (async)
mount(&(0x7f00000000c0)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='jfs\x00', 0x10650a4, 0x0)

7m50.893667262s ago: executing program 1 (id=1335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
setrlimit(0x8, &(0x7f0000000000)={0x9, 0x5})
sendfile(r0, r0, 0x0, 0x7ffff000)

7m50.445385832s ago: executing program 1 (id=1338):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f0000000740)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x173}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4081, 0x564}, {&(0x7f0000000400)=""/106, 0x2f}, {&(0x7f00000006c0)=""/66, 0x11}, {&(0x7f0000000200)=""/77, 0x65f}, {&(0x7f0000000540)=""/166, 0x4a}, {&(0x7f0000000100)=""/10, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}, 0x1}], 0x4000000000003b4, 0x12022, &(0x7f0000000080)={0x77359400})
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
r1 = openat$comedi(0xffffff9c, &(0x7f0000000780)='/dev/comedi0\x00', 0x101001, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x9)
r3 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)={0x2}, 0x18)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, &(0x7f0000000340))
getsockopt$sock_timeval(r2, 0x1, 0x48, &(0x7f0000000000), &(0x7f0000000040)=0x10)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000080)={'comedi_bond\x00', [0x3, 0x80008001, 0x9, 0x2, 0x0, 0x0, 0x1, 0xf, 0xffe, 0x1, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x40000009, 0xa00000, 0x3, 0x3ff, 0x10000, 0xa, 0xe2df, 0x2, 0x8, 0x5, 0x3, 0x7, 0xc, 0x8045]})

7m50.159032504s ago: executing program 32 (id=1338):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f0000000740)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x173}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4081, 0x564}, {&(0x7f0000000400)=""/106, 0x2f}, {&(0x7f00000006c0)=""/66, 0x11}, {&(0x7f0000000200)=""/77, 0x65f}, {&(0x7f0000000540)=""/166, 0x4a}, {&(0x7f0000000100)=""/10, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}, 0x1}], 0x4000000000003b4, 0x12022, &(0x7f0000000080)={0x77359400})
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
r1 = openat$comedi(0xffffff9c, &(0x7f0000000780)='/dev/comedi0\x00', 0x101001, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x9)
r3 = openat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)={0x2}, 0x18)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, &(0x7f0000000340))
getsockopt$sock_timeval(r2, 0x1, 0x48, &(0x7f0000000000), &(0x7f0000000040)=0x10)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000080)={'comedi_bond\x00', [0x3, 0x80008001, 0x9, 0x2, 0x0, 0x0, 0x1, 0xf, 0xffe, 0x1, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x40000009, 0xa00000, 0x3, 0x3ff, 0x10000, 0xa, 0xe2df, 0x2, 0x8, 0x5, 0x3, 0x7, 0xc, 0x8045]})

3m23.441123513s ago: executing program 0 (id=3210):
creat(&(0x7f0000000080)='./file0\x00', 0xac)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="775a3e8c87d8e1d033a60cdde22add704e463e453b2d4d95db1f4927065f3d278d8489136e424aaa", 0x28) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="775a3e8c87d8e1d033a60cdde22add704e463e453b2d4d95db1f4927065f3d278d8489136e424aaa", 0x28)

3m23.336077621s ago: executing program 0 (id=3212):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x10140, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000000c14ff030000000000000000080008"], 0x18}}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4fd30a8c4623e3cf, 0x14)
sendfile(r1, r0, 0x0, 0x7fffefff)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000140)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000080)=[{&(0x7f00000004c0)='|', 0x1}], 0x1, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x40, 0x23)
ioprio_set$uid(0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000140)={{}, {0x77359400}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000006442, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001000), r7)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="0000000000000200000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x10)
io_setup(0x5, &(0x7f0000000140)=<r9=>0x0)
io_submit(r9, 0x3f, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x1, 0x0, r5, 0x0, 0xfe00}])
fadvise64(r0, 0x9, 0x9, 0x2)
sendfile(r1, r0, 0x0, 0x7ffff000)

3m23.03545552s ago: executing program 0 (id=3216):
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x781400, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@broadcast, &(0x7f0000000080)=@ctrl_frame=@rts={{}, {}, @broadcast, @device_b}, 0x10)
ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f00000000c0)=0xe)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card2/oss_mixer\x00', 0x204101, 0x0)
write$proc_mixer(r1, &(0x7f0000000140)=[{'LINE', @val={' \'', 'CD'}}, {'SYNTH', @val={' \'', 'CD Capture Switch'}}, {'IMIX', @val={' \'', 'Line'}}, {'TREBLE', @val={' \'', 'Synth'}}, {'DIGITAL3', @void}, {'RECLEV', @val={' \'', 'Master Capture'}}, {'SYNTH', @val={' \'', 'Capture Switch'}}], 0xf5)
close(0xffffffffffffffff)
r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder-control\x00', 0x2, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f0000000280))
ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f00000002c0))
ioctl$BTRFS_IOC_BALANCE_CTL(r2, 0x40049421, 0x2)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000300))
syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000380)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x6078}, @device_a, @device_a, @initial, {0x2, 0x9}, "", @void, @value=@ver_80211n={0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_a, @device_b, 0x49, "92f51116177224d1e41ec88285181cb987e08fca8eaec202c83fd8c33e719bcd822793df61b23d3cf55586a026ec07818cef609bd7b70ac2fb12a7a345b35f1b036be5f2b5372a834c"}, {@broadcast, @device_a, 0xaf, "a2736ebaccc535735cfe1b1dd096254020e5a600d108c3f69e1c0303ed1d1eb3dc5e796f81ea9fe42b6faa68e28fda5da70b6bc2b593ec38526acfcc3ff18454c3dabd5121f8808c4a70d42e34ffe89132e61687b393f75d89383e7481e77a3e6a4e0283a49b8859f407145dc67fd18810026e5d745aad8aa8815c246c120fc1a162d949204f61ce8974cba3826c7ddfd7c6bfd3b562ffb37a871b957249cb70efda24426d9914101b6947c0405f39"}, {@device_a, @device_a, 0x1e, "6871084e2ce057101e33b57c1b252d63c0c627c2d4e813540acd3ee5e577"}, {@device_b, @device_a, 0x64, "30944696209e19ce47b8323d3bedac9269a8d8620490eccb7ab462b5d12c89091e1036a050287253cdc180395b9adfd068634f0457346f4c63b42ea9289bd8f459c5e3fa2413249d4225521f9d7711983d45b542b50e9647b567d5b82821749634684406"}, {@broadcast, @broadcast, 0x50, "562e80840453fe01c2903af4c717bebd9aff11dde94b347eab3c353720ec9982d5d77756765415b704ce399dfd182798dd6f9d7f8263324d700cea37973a09202816a2fb06652e7fcd890476f44775df"}, {@device_a, @device_b, 0x5b, "05e11de174da9d204510d22aee12d04271e26048a98d6d8effa85983a49073fcd055967349dd666d0e2ac35c9287e7610367f0ef2044c5f888cbbcc899d86771716abbd748fc71fea4f86bca9b68387846ab95db2c08a7c0675141"}]}, 0x2a0)
pipe2$watch_queue(&(0x7f0000000640)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000680)=0xa, 0x4)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000006c0), 0x101000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r5=>r3, {<r6=>0xee01}}, './file0\x00'})
fstat(r2, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = getgid()
r9 = getegid()
fsetxattr$system_posix_acl(r1, &(0x7f0000000700)='system.posix_acl_access\x00', &(0x7f0000000800)={{}, {0x1, 0xa}, [{0x2, 0x7, r6}, {0x2, 0x2}], {0x4, 0x2}, [{0x8, 0x6, r7}, {0x8, 0x4, r8}, {0x8, 0x4, r9}], {0x10, 0x1}, {0x20, 0x2}}, 0x4c, 0x2)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f00000008c0), r4)
sendmsg$MPTCP_PM_CMD_REMOVE(r4, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x24, r10, 0x0, 0x70bd27, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x48008}, 0x2000c0d0)
ioctl$USBDEVFS_RELEASEINTERFACE(r5, 0x80045510, &(0x7f00000009c0)=0x1)
r11 = dup3(r3, r0, 0x0)
r12 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000a40), r0)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r11, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x48, r12, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6=r5}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x8}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast1}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x200000c1)
r13 = syz_open_dev$media(&(0x7f0000000b80), 0x2, 0x4080)
ioctl$MEDIA_IOC_DEVICE_INFO(r13, 0xc1007c00, &(0x7f0000000bc0))
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000cc0), 0x2, 0x0)

3m22.455886463s ago: executing program 0 (id=3219):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x80, @loopback, 0x9}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x14, &(0x7f0000000040), 0x50)

3m22.425560176s ago: executing program 0 (id=3220):
r0 = openat$adsp1(0xffffff9c, &(0x7f0000001280), 0x0, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r0, 0x500e, 0x0)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='btrfs\x00', 0x4400, 0x0)

3m22.332919575s ago: executing program 0 (id=3221):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x22020600)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f00000000c0)=0x4, 0x4)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
personality(0x5400004)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000140)={0x1d, r6, 0x0, {0x2, 0xff}, 0x1}, 0x18)
setsockopt$SO_J1939_ERRQUEUE(r5, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4)
sendmmsg(r5, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'vxcan1\x00', @remote})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r8 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000340)={r8})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x7dfff000)

3m7.279019562s ago: executing program 33 (id=3221):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x22020600)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f00000000c0)=0x4, 0x4)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
personality(0x5400004)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000140)={0x1d, r6, 0x0, {0x2, 0xff}, 0x1}, 0x18)
setsockopt$SO_J1939_ERRQUEUE(r5, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4)
sendmmsg(r5, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'vxcan1\x00', @remote})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r8 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000340)={r8})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x7dfff000)

2m35.242243561s ago: executing program 2 (id=3562):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0x6c3ca000)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
read(r1, 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r2, 0x40044160, 0x3)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000000000b6000040"])
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)

2m34.960587278s ago: executing program 2 (id=3564):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={@mcast1, 0x33, r4})
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x1ff, @vifc_lcl_ifindex=r4, @multicast1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x5)
sendfile(r0, r0, 0x0, 0x5)

2m34.880440017s ago: executing program 2 (id=3566):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)="b6", 0x1}], 0x1, 0x0, 0x0, 0x20040091}, 0x8000)
accept4(r2, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
accept4$unix(r3, 0x0, 0x0, 0x0)

2m33.549562845s ago: executing program 3 (id=3584):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x0)
connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x802)
r4 = socket$netlink(0x10, 0x3, 0x4)
write(r4, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001900150000000000ffffffff0a0000000202000000000000240009801c00000000000000080005"], 0x40}], 0x1}, 0x0)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_LAPIC(r8, 0x8400ae8e, &(0x7f0000000300))
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
socket$inet6(0xa, 0x1, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r9, 0x8e62b000)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet(0x2, 0x80000, 0x1)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

2m32.204265839s ago: executing program 2 (id=3590):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', @broadcast})
r2 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
write$tun(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="0300080001000000000014"], 0xfdef)
openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x8900, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="06000000bdbe1d25245865792b43160f4086801001adbf000000010902120062a5000000"], 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000540)=ANY=[@ANYBLOB="2016060a0000fb87f71118d0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
creat(&(0x7f00000000c0)='./bus\x00', 0x118)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000003000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000021c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004"], 0xd4}}, 0x0)
open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[], 0x0)
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone3(&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0xa8, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@generic="7da94a8e3014bc23e9e12f8a6746bf046efcc643e4dfaf236adb687721b82dc272eec1ea5b0346d3f7399607f194a2b96b1df1811342a231ca002a9665fe4d299d90c9d5be3dc8690f200c0f022d1e3a8dab71620367d2707697dfa6e8b81b3fe14f7f700f6d0ca62d62b560d1bde29887a28ca1b1532d8563dba793ed35a23acc35ff05fa799baa76ed26d7e69519ef1362"]}, 0xa8}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
close_range(r6, 0xffffffffffffffff, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

2m30.01373087s ago: executing program 3 (id=3611):
mount(&(0x7f0000000000)=@md0, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2, 0x0)

2m30.013233166s ago: executing program 3 (id=3612):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000000c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x9aa}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
munlockall()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r1, 0xf648d000)
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00^\x00\r'], 0x28}], 0x1}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x9cfa98b0b1b17c72)

2m29.926361593s ago: executing program 3 (id=3617):
prlimit64(0x0, 0x8, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setuid(0xee00)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000300)={0x7, 0x0, 0x0, r3})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x0, 0x4, 0x0, r3})
r4 = syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000b85000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f00000001c0)="42eb00260f73f5002e2ea100400000000000002e420f12df66baa000b000eec4e27d33002e470f01c32e0f3066baf80cb842809c82ef66bafc0cecc402d9afde", 0x40}], 0x1, 0x0, &(0x7f0000000340)=[@cstype0={0x4, 0xc}], 0x1)
open$dir(&(0x7f0000000000)='./file0\x00', 0xa0c0, 0x20)
mount$9p_unix(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x10000, &(0x7f0000000580)=ANY=[@ANYBLOB="7472616e73bd756e69782c00"])
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000100)={&(0x7f00001eb000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/145, 0x91, 0x1, &(0x7f0000000040)=""/63, 0x3f}, &(0x7f0000000180)=0x40)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

2m29.35533115s ago: executing program 3 (id=3622):
pipe2(&(0x7f0000000200)={<r0=>0x0, <r1=>0x0}, 0x0)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x1, 0x40001043, r0, 0x0)
vmsplice(r0, &(0x7f0000000700)=[{&(0x7f0000000500)='k', 0x1}], 0x1, 0x1)
write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0xceaf, 0x44008002, 0x9, 0x2, 0x4, 0x6, 0x0, 0x0, 0x80, 0x800}}, 0x50) (async)
memfd_create(&(0x7f0000000100)=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4) (async)
dup3(r0, r2, 0x80000) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x440200, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r3, 0x6c3ca000)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap$snddsp_control(&(0x7f0000b11000/0x4000)=nil, 0x1000, 0x1000008, 0x4000010, r0, 0x83000000) (async)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000007000)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x5b4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000040)="df", 0x1}], 0x1}}], 0x1, 0x0) (async)
shutdown(r4, 0x1) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000140)={0x5, 0x2, 0x6, 0xfffffff8}, 0x10) (async)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000, 0x2, &(0x7f0000c20000/0x2000)=nil) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f0000000240)={{0x80a0000, 0x3000, 0xb, 0x5, 0x9, 0xff, 0x8, 0x8, 0x9, 0x1, 0x8, 0x1}, {0x100000, 0x3000, 0x0, 0xff, 0x40, 0x9, 0x0, 0x2, 0x4, 0x1, 0x4, 0x2}, {0x8080000, 0x0, 0x3, 0xc, 0x8, 0x3, 0x7a, 0x1, 0xc3, 0x9, 0x6, 0x3}, {0x1000, 0x10000, 0xc, 0x9, 0x7, 0xb6, 0x4, 0xba, 0x7, 0x81, 0xb8, 0x9}, {0x8000000, 0x5000, 0x3, 0x1e, 0xc, 0xff, 0x5, 0x8, 0x4, 0xab, 0x61, 0xff}, {0x10000, 0xdddd0002, 0xa, 0x40, 0x8, 0x7, 0x8, 0x1, 0x3, 0xbd, 0xfa, 0xfc}, {0xf000, 0xeeef0000, 0x0, 0x80, 0x7f, 0x1, 0xfa, 0x4, 0x2, 0x15, 0xd}, {0x3000, 0xffff1000, 0xe, 0x7, 0x5, 0x70, 0xce, 0xfb, 0x5, 0x9, 0x7f, 0x7}, {0xeeee0000, 0x38f3}, {0x4000, 0x5}, 0x80000002, 0x0, 0xdddd0000, 0x220080, 0x1, 0x800, 0xddd72001, [0x800, 0x4, 0x37, 0x800]})

2m29.044895579s ago: executing program 3 (id=3623):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x84)
sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="bc0200003200040c2dbd7000fddbdf251100000020b87330d326d09836ad4e1071317cede53a8092aed630c456dee722665bd627bd07866034efee187172d25b0b0c05827d6624cf6b37469bdc90c4440cd8dfb8781da902b7c3fb18f8848b1f01ea2d1742ee12d9ea22c0d4e9480094e2d87bec74511c71f8f08a2f51acf7515ac4248f4920cb8c74b3957239493a8d7527703379850ba4d0c23be2c5febdd7eddaefd69abbd2b03c0cb7a1fffd9f9c63d41249cb8b69c49163bd408495c1c3f9392c0573f3178e81a806c0482e822e1cd3302de2d5b63011289547a7708eee200e4161d51921fa3dcdf67ce024027ffacfb6360800c700d908e9bb2e52", @ANYRES32=0x0, @ANYBLOB="cdddb4bf6e450da744a24ae835c78bf1bbae0dd2fcfa7f553aa33293893f38117d7801495760e75e04ce74ed329a5fbc095aa1c70e501886f69b1b1567aeb615ab687b004c43a996e4c67fb3b5068a9f8c183d0c05c51470457520ce056cf6d905e68567548bc87bcfc52d6b077978fb2b188ca81884437efd2d4a12d5f63304d6e4413bc6b068bb227171d2e9129082036c88a78198cb9fe29c7cb5ff63e421fa8e9fec58a283b020175dafe183d5d4ef62c40fe5aa79c24b35a8b84ee9bfe50b6bee4a878d7a555ab543aad948db896ad820a74ca2b27b9028bea03f88168e140a2be44078d623fbf38373a1d199ea444e583046f77b06e10487233d0d5f218b87ae40b054a4174961bcc539188fc4f299ee16663858035dcb47d51b5fd031b828ba1e9762ad554cc8ba542b1e163c356912d08e89a4a06266321ccb949e717eac048566b7b1148d0805e531fe2f573c71628d2215adfd7112b4776adebf0817400eddbf65952301eebde02717b7b61d9d01dad9ec00411b5041f90aaa014851fef66b65e4590472cfdc7d9339c6d35aad3882c3c72f76f3504f3660ee3ab32383115d0fabba7b352e1c0ce6d9bd8ab8e5dd0c001080080001000300000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x15}, 0x4000100)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=ANY=[@ANYRES8=r0, @ANYRES16=r0], 0x114}], 0x1, 0x0, 0xffffffffffffffe0, 0x8}, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, r0)
mmap(&(0x7f00002ba000/0x3000)=nil, 0x3000, 0xb80393884d01a507, 0x10, r0, 0x2000)
madvise(&(0x7f00007c1000/0x2000)=nil, 0x2000, 0x15)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000003, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x0, 0x9}, 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001ff, 0x101381)
sysfs$1(0x1, &(0x7f0000000000)='/dev/nullb0\x00')
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0xfffffff4, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x1, 0x0, 0xf7fd}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x236842, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r5, 0x2000)

2m28.970165534s ago: executing program 2 (id=3624):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r3 = inotify_init()
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
inotify_add_watch(r3, &(0x7f0000000240)='./file0\x00', 0x8c5)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f00000004c0)='./file0\x00', 0xa0000000)
inotify_add_watch(r4, &(0x7f0000000080)='./file0\x00', 0x800)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r2, @ANYRES16=r2, @ANYBLOB="ad4300000000010000000f"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)

2m28.656913981s ago: executing program 2 (id=3626):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000001c0)={0x0, 0x3f, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c0000002b000701feffffff00000000017c00000c00018008000600ffffffff0c00028008000100", @ANYRES32=0x0, @ANYBLOB="0595cc6be3abbcb1ecd705239779a98b7d80d8e1f54dd27961a4180785dc8b2e4454f33caf2d6249a2e9e6ed754b9d00d4f3143c657add76d8d8e1ce369e2de0c3056f2d57b9e4b75e5f69b4801e7ec7fe189558f7b40d6869e2389e3350f70dd958a182d1c82ed990ca2505bb0254e77fc8469d4e21505421ea8cb3cc1cb975a1c97d9cc2dc5b40589fe36de0fb192dd1a77d653716bac42c4b8668d0f64a5e4c01c9333b99b304bbe815ec21984dddbb1b1816bc4932f7b0d1df20ee4aa1bed286dc29559a92fca43a0710bfceef37e435c580b5ea6b5bb3b2fd9033a7cd0fbdd8b1fc0e5ac4fe0af491b7872d1e52fa77484ab6376e02599ebb31ba627042410265bfe2f78f1426db999d8be3ef8232bb4fc970a143f641653f9e"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
bind$alg(r1, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r3 = accept4$alg(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="3663ff3ac7333d1d", 0x8}, {&(0x7f0000000280)="e02584eeb69ae6b342b68d8be5414b8bad9da292edc320246d439cbe99d5435fcc9f629a115737e05b", 0x29}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0x41}])
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0xc0, 0x0)
read$eventfd(r5, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000840)={{0x12, 0x1, 0x201, 0x52, 0xe7, 0xfb, 0x20, 0x1044, 0x7001, 0x84ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x20, 0x7, [{{0x9, 0x4, 0x82, 0x3, 0x0, 0xbb, 0x1f, 0x86, 0x2}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000d80)={0xa, 0x6, 0x110, 0xc, 0x5, 0x9, 0x40, 0x9}, 0x0, 0x0})
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)

2m13.931712618s ago: executing program 34 (id=3623):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x84)
sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="bc0200003200040c2dbd7000fddbdf251100000020b87330d326d09836ad4e1071317cede53a8092aed630c456dee722665bd627bd07866034efee187172d25b0b0c05827d6624cf6b37469bdc90c4440cd8dfb8781da902b7c3fb18f8848b1f01ea2d1742ee12d9ea22c0d4e9480094e2d87bec74511c71f8f08a2f51acf7515ac4248f4920cb8c74b3957239493a8d7527703379850ba4d0c23be2c5febdd7eddaefd69abbd2b03c0cb7a1fffd9f9c63d41249cb8b69c49163bd408495c1c3f9392c0573f3178e81a806c0482e822e1cd3302de2d5b63011289547a7708eee200e4161d51921fa3dcdf67ce024027ffacfb6360800c700d908e9bb2e52", @ANYRES32=0x0, @ANYBLOB="cdddb4bf6e450da744a24ae835c78bf1bbae0dd2fcfa7f553aa33293893f38117d7801495760e75e04ce74ed329a5fbc095aa1c70e501886f69b1b1567aeb615ab687b004c43a996e4c67fb3b5068a9f8c183d0c05c51470457520ce056cf6d905e68567548bc87bcfc52d6b077978fb2b188ca81884437efd2d4a12d5f63304d6e4413bc6b068bb227171d2e9129082036c88a78198cb9fe29c7cb5ff63e421fa8e9fec58a283b020175dafe183d5d4ef62c40fe5aa79c24b35a8b84ee9bfe50b6bee4a878d7a555ab543aad948db896ad820a74ca2b27b9028bea03f88168e140a2be44078d623fbf38373a1d199ea444e583046f77b06e10487233d0d5f218b87ae40b054a4174961bcc539188fc4f299ee16663858035dcb47d51b5fd031b828ba1e9762ad554cc8ba542b1e163c356912d08e89a4a06266321ccb949e717eac048566b7b1148d0805e531fe2f573c71628d2215adfd7112b4776adebf0817400eddbf65952301eebde02717b7b61d9d01dad9ec00411b5041f90aaa014851fef66b65e4590472cfdc7d9339c6d35aad3882c3c72f76f3504f3660ee3ab32383115d0fabba7b352e1c0ce6d9bd8ab8e5dd0c001080080001000300000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x15}, 0x4000100)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=ANY=[@ANYRES8=r0, @ANYRES16=r0], 0x114}], 0x1, 0x0, 0xffffffffffffffe0, 0x8}, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, r0)
mmap(&(0x7f00002ba000/0x3000)=nil, 0x3000, 0xb80393884d01a507, 0x10, r0, 0x2000)
madvise(&(0x7f00007c1000/0x2000)=nil, 0x2000, 0x15)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000003, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x0, 0x9}, 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001ff, 0x101381)
sysfs$1(0x1, &(0x7f0000000000)='/dev/nullb0\x00')
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0xfffffff4, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x1, 0x0, 0xf7fd}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x236842, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r5, 0x2000)

2m13.171698713s ago: executing program 35 (id=3626):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000001c0)={0x0, 0x3f, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c0000002b000701feffffff00000000017c00000c00018008000600ffffffff0c00028008000100", @ANYRES32=0x0, @ANYBLOB="0595cc6be3abbcb1ecd705239779a98b7d80d8e1f54dd27961a4180785dc8b2e4454f33caf2d6249a2e9e6ed754b9d00d4f3143c657add76d8d8e1ce369e2de0c3056f2d57b9e4b75e5f69b4801e7ec7fe189558f7b40d6869e2389e3350f70dd958a182d1c82ed990ca2505bb0254e77fc8469d4e21505421ea8cb3cc1cb975a1c97d9cc2dc5b40589fe36de0fb192dd1a77d653716bac42c4b8668d0f64a5e4c01c9333b99b304bbe815ec21984dddbb1b1816bc4932f7b0d1df20ee4aa1bed286dc29559a92fca43a0710bfceef37e435c580b5ea6b5bb3b2fd9033a7cd0fbdd8b1fc0e5ac4fe0af491b7872d1e52fa77484ab6376e02599ebb31ba627042410265bfe2f78f1426db999d8be3ef8232bb4fc970a143f641653f9e"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
bind$alg(r1, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r3 = accept4$alg(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="3663ff3ac7333d1d", 0x8}, {&(0x7f0000000280)="e02584eeb69ae6b342b68d8be5414b8bad9da292edc320246d439cbe99d5435fcc9f629a115737e05b", 0x29}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0x41}])
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0xc0, 0x0)
read$eventfd(r5, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000840)={{0x12, 0x1, 0x201, 0x52, 0xe7, 0xfb, 0x20, 0x1044, 0x7001, 0x84ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x20, 0x7, [{{0x9, 0x4, 0x82, 0x3, 0x0, 0xbb, 0x1f, 0x86, 0x2}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000d80)={0xa, 0x6, 0x110, 0xc, 0x5, 0x9, 0x40, 0x9}, 0x0, 0x0})
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)

1m18.938421175s ago: executing program 5 (id=4099):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)
sendmmsg$inet(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="55f3b908", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="9736", 0x2}], 0x1, &(0x7f0000000240)=[@ip_retopts={{0x10}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @broadcast}}}], 0x30}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000300)="d9dfc5689761e6131661b9dec4b538a847aa98293c2956ee9c040396fa9cb3c872f84aefd8f502b015beb739faa7583073ae8d78c72d61fe95226d1f5e9887dd1632fd10769d93837497d38338f33a60e025ebc65fd83d07ffce9ca83acd7bb73bb2bd355f143c9b4369b1a68db8", 0x6e}], 0x1}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000840)="0f3bfe9139bf7bb4c868dbaa16beaf2ce34ea5215d1d9fa84b7e8a76bb59ca6ff708a68abdd6ded040cd99db2ef709dad0121fa28f451d06281b31cdacb212a2fd63c4fec455342d9a553611089d5ca9dc22429fc74ac50fa4cc376e872927226f6871b611c7e8a0fd93a97b27", 0x6d}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x5, 0x400c0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x1ea)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r1)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r3, 0x1, 0xfffffffc, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x1, 0x1, 0x0, 0x6472333b}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x20048801)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='cifs\x00', 0x84, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2)
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0c010000", @ANYRES16=r4, @ANYBLOB="000125bd7000fcdbdf2504000000a4cd038008000300f9ffffff3400058024000280080001001f00000008000400050000000800020004000000080001000d0000000c0002800800020010000000880004803400078008000200da2c00000800030009000000080001000f0000000800040002000000080002000900000008000200070000004400078008000200000400000800020007000000080004000000f8ff0800030081000000080001000800000008000200bc6c0000080004000800000008000200070000000900010073797a3100000000300002801c00038008000200611f000008000100018000000800010000000000080001000000000004000400040004008c917b2108328bad4b3f7b66e83570bb161f5260c8472a0b3ae186f79f1d32a8af64ceea8165a51bc5"], 0x10c}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x4044004)

1m18.773134833s ago: executing program 5 (id=4101):
io_submit(0x0, 0x2000000000000153, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x30, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0xfe00}])
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000c00070200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

1m18.74373499s ago: executing program 5 (id=4102):
creat(0x0, 0x16)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque='\x00'/12}}}}}}, 0x3a)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

1m18.624664177s ago: executing program 5 (id=4103):
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000000))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000040))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000080))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f00000000c0))
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000100))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000140))
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000180), 0x6440, 0x0)
ioctl$TIOCGRS485(r1, 0x542e, &(0x7f00000001c0))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000200))
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10001018}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r2, 0x104, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x24000050)
setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f0000000380)={0x0, 0x2710}, 0x10)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f00000003c0))
r3 = syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x10, 0x70, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x7, 0x1, 0x1, 0x6, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x9, 0x5, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x6, 0x1, 0x9}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x250, 0x6, 0x3, 0x13, 0x8, 0x3}, 0xb5, &(0x7f0000000480)={0x5, 0xf, 0xb5, 0x6, [@wireless={0xb, 0x10, 0x1, 0xc, 0x9, 0x10, 0x2, 0x5, 0x4}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0x9, 0x81}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0xb, 0x1, 0x9}, @wireless={0xb, 0x10, 0x1, 0xc, 0xc0, 0x6, 0x3, 0x83, 0x2}, @ss_container_id={0x14, 0x10, 0x4, 0xcf, "c955e076c934453e8a47d64b0549816e"}, @generic={0x75, 0x10, 0xb, "ba6bdf242df5fce1551368fe8419d31d791651c9f6b74b4a4106d68e1568b0547faf1125057c63cec3e5be509ca525ba12aa4b1ad6be4ebd9413df3505140be476dc0ba3e8ec337905c2c87459b846bbe4fb6bc65cd6a796d7c228c2271661d10da35131bfa4831d92f835ec0c580cfc7303"}]}, 0x4, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x1801}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x1404}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x406}}, {0xf8, &(0x7f0000000600)=@string={0xf8, 0x3, "a6dcb8c82c865961b074d18bd2b8e2aa79c408ae477bdf35d70bdef4a292b173679f109eae5465cc95e45d4e19244a7bd9aa7b38cb5915784c1895a6787aba0eb97388422b8e321c04e577555043e57b36aae91272e8665637ecc2b1c3c452b77d097bde7f7a051afe0235484b01f3faee9eed58dafa3ad646321df4d89d1438f0188d2dba7991a07c42e5bacb9120eb126c434fd137b056bde8f8047b842e1981e1bb9491c1fe29423545b7dee5b4990d6d75804d39390ee05abc6e67375255cf839c0fd9a3a71bf0cc4b34e473cd316bd0b37a0bba03cd99339df0e97d7dcc28f0ae245bc6a2f50951e695df923d1a1f60c5e4cf62"}}]})
syz_usb_control_io$printer(r3, &(0x7f0000000840)={0x14, &(0x7f0000000780)={0x0, 0x23, 0x54, {0x54, 0x22, "1b7380b68b0ea5c0f53fe8cf576cee10f5d0943a0dd3d59ab1c9583242135e22fe982c03eae382ee0af22098a3ec14311f5e855e39b9c0e84f3d941ede5995d9e22488868df8d065414a01ac420e8556b8fb"}}, &(0x7f0000000800)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x438}}}, &(0x7f0000000b80)={0x34, &(0x7f0000000880)={0x0, 0x31, 0xe2, "866d0d7dd59ed9350b632292a77642f65d2597b50af5ef8b8e553385be394eaca422fdc2be5cf3ae4c3359617c5d0489b5c117314644a27a8c3f214446ee137a6eeb6296ca6728629bbd2b6b7d890dc193bdff4fd7c355f6176e7e4d6aa292ba6c80d3c4c8b1a02f4404a061aa372b591268ca13c1e31b798fd4d6ea1349efbadf35c81669f684b3712e524a8900f7bbe40ea0e9e34683346c07ceb02a9a281eda1ab31ee36c0c036fcda229914f8b5a73fad939fa01b043b12534ccd9cbff0169aa7d31888b80f46929bff40c3b7d34a987060b9dea5684af45212d9362a15c13a8"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x4e}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000a00)={0x20, 0x0, 0xbd, {0xbb, "132d339b7035cb8a87b4afc3010f9f50cf2ae526e822db629ff90a5ff9d5ac8d734c2d9bd7f907eff5906640d8ff413043c149a106a24b1b65b1c967b2dc704a008881e169373fd9d2ad486f30f7c21b59b78be1e3770d07f7b2d7cd26696b11a9e7a368b5bc2da1c6d40fb48dab9d3c2f9e4f31edb4b16a5e7a30cea571ec51f56b1ac1e480e2466502bd7afd7a375610b55229e692bee217c573e8f8b7aad2fe8846b19a70878f40dfdd6f7e1c0e5e6494bd6e7ae8296c99015f"}}, &(0x7f0000000b00)={0x20, 0x1, 0x1, 0x3c}, &(0x7f0000000b40)={0x20, 0x0, 0x1, 0x11}})
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000bc0))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000c40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r4, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c80)={0x50, r5, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2e1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000ec0)={0x0, &(0x7f0000000d80)=[@uexit={0x0, 0x18, 0x1}, @uexit={0x0, 0x18, 0x177}, @uexit={0x0, 0x18, 0x8}, @cpuid={0x14, 0x18, {0x0, 0xb}}, @wr_crn={0x46, 0x20, {0x8, 0x8}}, @wr_crn={0x46, 0x20, {0x8, 0x6}}, @cpuid={0x14, 0x18, {0x7fff, 0x3}}, @uexit={0x0, 0x18, 0x83}, @uexit={0x0, 0x18, 0xd92}, @uexit={0x0, 0x18, 0x39a7}, @uexit={0x0, 0x18, 0x9}], 0x118})
ioctl$KVM_TPR_ACCESS_REPORTING(r6, 0xc028ae92, &(0x7f0000000f00)={0x7fc00, 0x4})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_control_io$printer(r3, &(0x7f0000001040)={0x14, &(0x7f0000000f40)={0x20, 0x7, 0x9d, {0x9d, 0x24, "ad8aac54b626c0fc5587ac31b640177493daa3df7f92ebc651f2631763ee5bc2cb52b7da0c1bbe56783ed15fc6fe32028f3b6478767b67033df3f7859a33649359a1b222abc67e63fa8bba2eaa42f303ced6f43adb045f7f873bb427e4c30c110eee399e2ade073c03acbad57f7606eeeac9e8d06ac753f98dc9c15f8a04321b8631b257177aca0191385a344afd0a348d73f954755c3347b08fd8"}}, &(0x7f0000001000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42a}}}, &(0x7f0000001240)={0x34, &(0x7f0000001080)={0x0, 0x15, 0x1f, "e876554b1a32856c25095832d05fce5f5ac9b6a02afa9ec8d8c009a7b4e5ac"}, &(0x7f00000010c0)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000001100)={0x0, 0x8, 0x1, 0x32}, &(0x7f0000001140)={0x20, 0x0, 0x62, {0x60, "46a75376e36f342e33cda85d9b44e1290f37435b1882d1dc4be978cc6c8d69f21f3aecaa11f4e57038fcf2afcd7d3b220cee401224a0a925c220ad91267102ab4fcde98f2a1da935c6b897178b93c26cb8c8c445539a7dbfe10787dc45340470"}}, &(0x7f00000011c0)={0x20, 0x1, 0x1, 0x8}, &(0x7f0000001200)={0x20, 0x0, 0x1, 0x81}})
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000001280))
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f00000012c0))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001300), 0x400000, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x37)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000001340))
bind$packet(0xffffffffffffffff, &(0x7f0000001480)={0x11, 0xf8, 0x0, 0x1, 0x6, 0x6, @local}, 0x14)

1m17.96493372s ago: executing program 5 (id=4104):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x4, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
readv(r1, &(0x7f0000000140)=[{&(0x7f00000018c0)=""/4112, 0x1010}], 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800000024000103000000000000000005"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}, 0xfd}], 0x1, 0x12100, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000380)={[{@noswap}]})
mount$bind(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x838422, 0x0)
sendfile(r0, r0, &(0x7f0000001000)=0x7fffffff, 0x7ffff000)

1m17.096082064s ago: executing program 5 (id=4105):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) (async)
r4 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53a, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})
r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x73, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000080)={0x4b5a9da54893e123, 0x3, 0x17, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0}) (async)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7409000096000000000000000000daabd38036f0930263ebe137ed82756337b8c63580fda91d9d558e106c946af32824b2ab0da6490eeb275aaf5959dabc55457aad32aa1840cc0c38a735d898840e37e0b33491274717ba7b145a8591fff9cd54103b7b858ab95384d88adcbe38acad9b7297a291cdf44cbed9e3278ad1caa86824d62cd6e68c55dcac68a57adaf32b76a1bec955e80050e1e3fd814eef05f8cace24b0e057f83c56b78f7b67eed3d0735c372827d6f61b6df06850b7045715b1f9bacac17d7ce304d4b37ef5d5c29ffa83684c4ae29a5dcc5099aca88e166729634f", @ANYRES32=r4, @ANYRESDEC=0x0, @ANYRES32=r4, @ANYRES64]) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000040)={0x80, r5}, 0x0) (async)
mmap(&(0x7f000078a000/0x11000)=nil, 0x11000, 0x5a051feb1f984a1d, 0x202812, 0xffffffffffffffff, 0x7dfff000)

1m2.012570208s ago: executing program 36 (id=4105):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) (async)
r4 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53a, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})
r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x73, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000080)={0x4b5a9da54893e123, 0x3, 0x17, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0}) (async)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7409000096000000000000000000daabd38036f0930263ebe137ed82756337b8c63580fda91d9d558e106c946af32824b2ab0da6490eeb275aaf5959dabc55457aad32aa1840cc0c38a735d898840e37e0b33491274717ba7b145a8591fff9cd54103b7b858ab95384d88adcbe38acad9b7297a291cdf44cbed9e3278ad1caa86824d62cd6e68c55dcac68a57adaf32b76a1bec955e80050e1e3fd814eef05f8cace24b0e057f83c56b78f7b67eed3d0735c372827d6f61b6df06850b7045715b1f9bacac17d7ce304d4b37ef5d5c29ffa83684c4ae29a5dcc5099aca88e166729634f", @ANYRES32=r4, @ANYRESDEC=0x0, @ANYRES32=r4, @ANYRES64]) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000040)={0x80, r5}, 0x0) (async)
mmap(&(0x7f000078a000/0x11000)=nil, 0x11000, 0x5a051feb1f984a1d, 0x202812, 0xffffffffffffffff, 0x7dfff000)

6.137023326s ago: executing program 8 (id=4565):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x6, 0x0, 0x0, 0xfffffffc}, 0x10) (async)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x14, r1, 0xe7d02281b1d40d47, 0x0, 0x0, {0x81}}, 0x14}}, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x152) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@userxattr}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
r2 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r2, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x143882) (async)
close(0x3) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x40, 0x8, 0x6, 0x802, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x28000045}, 0x9080) (async)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x2c, 0x4, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4c851) (async)
ioctl$DRM_IOCTL_ADD_MAP(r2, 0xc0286415, &(0x7f0000000140)={&(0x7f0000871000/0x1000)=nil, 0x80000000, 0x0, 0x4}) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000280)={0x8, r2, 0x2}) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000)

5.243600373s ago: executing program 7 (id=4574):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_netprio_ifpriomap(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='\t'], 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x28011, r0, 0x0)

5.114638101s ago: executing program 8 (id=4576):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018008000100666962001c0002800800014000000000080002400000000108000340000000160900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x1)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r4 = syz_open_procfs(0x0, &(0x7f00000022c0)='net/udplite6\x00')
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r4)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000002280)={&(0x7f0000000a40)=ANY=[@ANYBLOB="88020000", @ANYRES16=r5, @ANYBLOB="04002dbd7000ffdbdf251700000014000980080002000700000008000200000000002400038008000100810000000800010007000000080003000800000008000200080000004c0005802c00028008000200050000000800020003000000080003000400000008000400ef6253ff08000100130000000800010065746800140002800800040004000000080001000d00000014000380080001000800000008000100b80e0000440003800800010001000080080001000500000008000200f0ffffff080003000100010008000300060000000800020001000080080002000100008008000300810d00002c000980080001000200000008000200ff0f0000080001000d000000080001000600000008000200010000006c01018044000400200001000a004e2200000081fe80000000000000000000000000003b10000000200002000a004e23fbfffffdfc02000000000000000000000000000102000000140002800800020010000000080001001a0000002c000280080002000000008008000300000000000800020000080000080002005e00000008000100220000000d0001007564703a73797a3000000000380004001400010002004e23ac1414aa0000000000000000200002000a004e220000008e20010000000000000000000000000002c3bb00003c000280080001001600000008000200000000000800020002000000080001000a000000080004004b6a0000080002000101000008000200ae0000000d0001007564703a73797a32000000000c00010069623a687372300008000300040000003c00028008000200040000000800030004000000080004000000000008000200ff0f0000080002000100000008000300070000000800020000000000b1f40c593b9e8bba3c204e5553adae293d2fa040383adac819d26e55e2623d0107d4f950f31fa89551a1e56aa797d675a4ba98de64ea193e58e0423f101241"], 0x288}, 0x1, 0x0, 0x0, 0x24042000}, 0xc00)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r6, 0x0, 0x480, &(0x7f00000025c0), &(0x7f0000002600)=0x40)
r7 = socket$kcm(0x2, 0xa, 0x2)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r8, 0x1, 0x12, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)
r9 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x10802)
ioctl$int_in(r9, 0x5421, 0x0)
r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002640)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010027bd7000ffdbdf250200000014000200627269646f653000ebffffff000000000900010073797a300000000013ff9a176c33484a2454691d0bd56e65767aa904bca707412854edde309a09e1891f888e7c8479baeee8d9d875a940187514f93ab9a6bf544888cc02f122f55148ebe98fdf17d6efe2e8ba15e7715509599c3210cb956349bf2d5031ab23d2c49f1019c25c8e267e43b8234ac3a674ac8e58a56779c6b548efaf841d95fcb8df26ad43d9ab187efb4be13959574b8fea82c80797a1d83b9a09e27db75b12debe14e348921028e2e96ff4ccf15e3a3d122a9e7958fd0bf10746"], 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x8004)
syz_usb_connect(0x0, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0xe7, 0x19, 0x87, 0x40, 0xeb1, 0x7007, 0x205, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x0, 0xff}}]}}]}}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="280000002e000100001a80000000000008000c00", @ANYRES32=0x0, @ANYBLOB="09000080976b64086800000004000180"], 0x28}], 0x1, 0x0, 0x0, 0x2000000}, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421})
r13 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r13, @ANYBLOB="030f000002000000000034000000080003"], 0x1c}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x208002, 0x0)

5.029217279s ago: executing program 7 (id=4577):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x8)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
bind$l2tp(r4, &(0x7f0000000080)={0x1d, 0x0, @private=0xa010102, 0x1}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f00000006c0)={{0x12, 0x1, 0x201, 0x6f, 0xa8, 0x8e, 0x40, 0x17a1, 0x128, 0x6bf1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x3, 0x40, 0x7, [{{0x9, 0x4, 0x49, 0x1d, 0x0, 0x4b, 0xb4, 0xf4, 0x5}}]}}]}}, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x0)
r5 = semget$private(0x0, 0x6, 0x40d)
semtimedop(r5, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r5, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2)
semop(r5, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2)
semctl$SETALL(r5, 0x0, 0x11, &(0x7f0000000000))
write$P9_RVERSION(r3, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r6 = dup(r3)
r7 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = fcntl$dupfd(r8, 0x0, r8)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000dc0), r8)
sendmsg$TIPC_NL_BEARER_GET(r9, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000000280)={0x18, r10, 0x21, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4050)
read$rfkill(r7, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file1\x00', &(0x7f00000001c0), 0x408, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB="2c0c0d648ec396", @ANYRESHEX=r2, @ANYBLOB=',debug=0x0000000000000569,access=user,version=9p2000.u,fsmagic=0x4040000000000000,subj_role=9p\x00,\x00'])
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r6, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x803}}, 0x50)
read$FUSE(r9, &(0x7f00000017c0)={0x2020, 0x0, <r11=>0x0}, 0x2020)
r12 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r12, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r13=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r12, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r13, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r12, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r13, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_VFIO_IOAS$SET(r7, 0x3b88, &(0x7f0000000200)={0xc, r13})
write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0xfffffffffffffff5, r11, {0x613f}}, 0x18)

3.679231872s ago: executing program 8 (id=4593):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
timer_create(0x34864764391e9823, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101781)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB="023f"])
fadvise64(r0, 0x92, 0x5, 0x2)
mmap(&(0x7f0000432000/0x2000)=nil, 0x2000, 0x3000003, 0x22052, r0, 0xa471a000)

3.559626261s ago: executing program 8 (id=4595):
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0) (async)
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @fda={0x66646185, 0x7, 0x0, 0x2e}, @fda={0x66646185, 0x7, 0x2, 0x2b}}, &(0x7f0000000200)={0x0, 0x18, 0x38}}, 0x1000}], 0x0, 0x0, 0x0})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r4, 0xf648d000)
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2) (async)
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

3.144966651s ago: executing program 8 (id=4601):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0088a8000002"], 0x110a) (async)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x4040, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x44010}, 0x24000051)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r2, 0x11b, 0x1, &(0x7f0000000080), &(0x7f0000000100)=0x80)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x200000, 0x0)

1.914770724s ago: executing program 7 (id=4614):
creat(0x0, 0x16)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque='\x00'/12}}}}}}, 0x3a)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

1.733024565s ago: executing program 7 (id=4615):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18)
connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2, 0x0, {0x2, 0xff}, 0x1}, 0x18)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={@empty, 0x13, r2})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
sendfile(r3, r3, 0x0, 0x7ffff000)

1.384983008s ago: executing program 6 (id=4617):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000f2303d20422c02124070e702030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000480)={0x40, 0xb, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="401201000000b4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000340)={0x40, 0xe, 0x2, "6cbe"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

1.384241782s ago: executing program 4 (id=4618):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x12, r0, 0x8ee4a000)
memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x4000040)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x12, r0, 0x8ee4a000) (async)
memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x4000040) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)

1.191926654s ago: executing program 4 (id=4619):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff}) (async)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
fstat(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) (async)
setreuid(0x0, r2)
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) (async, rerun: 64)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x5) (rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, 0xffffffffffffffff, 0x5708e000)

1.092775004s ago: executing program 4 (id=4620):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000c00000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

981.02801ms ago: executing program 4 (id=4621):
mmap(&(0x7f0000253000/0x3000)=nil, 0x3000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x7000)
madvise(&(0x7f00007c1000/0x2000)=nil, 0x2000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

951.740784ms ago: executing program 8 (id=4622):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
request_key(&(0x7f0000000200)='syzkaller\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
unshare(0x22020600)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25CTLCON(r3, 0x89e8, &(0x7f0000000040)={@default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x0, 0x2, [@default, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c01020301090212e700000000000904"], 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x7, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x89, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="200000001a0001002abd702d45fdbcb8136d6880c36904d089d5785fcd7af600"], 0x20}], 0x1, 0x0, 0x0, 0x20400}, 0x0)
r5 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72918f72", {0x1, 0x1, 0x1000, 0x2, 0x5}})
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x20, &(0x7f0000000100)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15"])
personality(0x5400004)
unshare(0x20000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r6 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000340)={r6})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x7dfff000)

807.273112ms ago: executing program 6 (id=4623):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000020000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a30000000000800034000000009"], 0x64}, 0x1, 0x0, 0x0, 0x20048801}, 0x10)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xa, {"a2e39b214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838681a0890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b343b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0d9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c30900004288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef7becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda930b000000cbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe505003d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6ae4effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d71eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d471c8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949d9a92587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15aa82000000000000a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x1000}}, 0x1006)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x5708e000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x5708e000)

749.067544ms ago: executing program 7 (id=4624):
creat(0x0, 0x16)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque='\x00'/12}}}}}}, 0x3a)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

644.895004ms ago: executing program 4 (id=4625):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000100)={0xd, 0x4}) (async, rerun: 64)
r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 64)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r2 = syz_open_dev$vim2m(0x0, 0x81, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0) (async)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000080)={0x0, 0x9, [0x5, 0xb6, 0x2, 0x51, 0xfff, 0x8000000000000000]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0) (rerun: 32)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x2, 0x0, 0x0) (async)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
r4 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x8}) (async)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000005c0)={'pcl812\x00', [0x2f00, 0x1000, 0x3, 0x2, 0x0, 0x1, 0x2, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x8006, 0xffffffa7, 0x10001, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x80, 0x3, 0x3, 0x7, 0x70f]})
mount(&(0x7f0000000100)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ext2\x00', 0x2340018, 0x0)

593.313675ms ago: executing program 7 (id=4626):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x96, 0x1e, 0x82, 0x8, 0x733, 0x401, 0xac4f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x99, 0x0, 0x0, 0x7d, 0xa6, 0x37}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="88000000", @ANYRES16=r6, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="4d00330040bc01000802110000000000000000000250505050509400ac0146c0000f9db4a84f2beb2f4ecb945a20a904b02d1a00080010000000000000000300010008000000000406000000090000000600cd000000000004008e0008005700961200ca"], 0x88}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x24008080)
ioctl$TIOCSBRK(r1, 0x5427)
socket(0x840000000002, 0x3, 0xff) (async)
r7 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) (async)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000))
sendmmsg$inet(r7, &(0x7f0000000a40)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f00000002c0)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be57aff9352b356be67ca2746357d1787b35", 0x14}], 0x1}}], 0x2, 0x4004040) (async)
sendmmsg$inet(r7, &(0x7f0000000a40)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f00000002c0)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be57aff9352b356be67ca2746357d1787b35", 0x14}], 0x1}}], 0x2, 0x4004040)
socket$kcm(0x10, 0x400000002, 0x0) (async)
r8 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="1303000054009155090893b31b71a54a07"], 0xfe33) (async)
write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="1303000054009155090893b31b71a54a07"], 0xfe33)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, &(0x7f0000000500)={0x2, 0x0, '\x00', {0x0, @reserved}})
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000840)={0x28, 0x2, r10, 0x0, &(0x7f0000007000/0x3000)=nil, 0x3000, 0x7fffffffffffffff}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000840)={0x28, 0x2, r10, 0x0, &(0x7f0000007000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r10, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r9, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r10, r10, 0x3, 0xfffffffffefffffa, 0x3fff})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r10, 0x0, &(0x7f0000002000/0x4000)=nil, 0x4000, 0xf3}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r10, 0x0, &(0x7f0000002000/0x4000)=nil, 0x4000, 0xf3})
ioctl$IOMMU_IOAS_MAP(r9, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r10, 0x0, &(0x7f0000000780)="70ee", 0x2, 0xfffffffffffffff7})
socket$inet_smc(0x2b, 0x1, 0x0)
r11 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r11, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef54019297a51bb8d000", 0x8}, 0x60)
listen(r11, 0x0)

465.117141ms ago: executing program 4 (id=4627):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000380)={0x40, 0xc}, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000180)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
sendfile(r0, r2, 0x0, 0x4bc1)

156.093159ms ago: executing program 6 (id=4628):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mount$nfs(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000000)={0xa, {0xbe8, 0x8, 0xd, 0x9}, {0x8, 0x8838, 0x4, 0x8}, {0xfdfd, 0x101}})
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x0, 0x0)

97.100253ms ago: executing program 6 (id=4629):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000c00000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

9.050742ms ago: executing program 6 (id=4630):
creat(&(0x7f0000000000)='./file0\x00', 0xaa)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x8, @null, @bpq0, 0xfd, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x84, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xaa) (async)
syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x8, @null, @bpq0, 0xfd, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) (async)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x84, 0x0) (async)

0s ago: executing program 6 (id=4631):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000f2303d20422c02124070e702030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000480)={0x40, 0xb, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="401201000000b4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000340)={0x40, 0xe, 0x2, "6cbe"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

mpt power cycle
[  582.444847][T26893] /dev/sg0: Can't lookup blockdev
[  582.454303][   T24] usb 6-1: reset high-speed USB device number 7 using dummy_hcd
[  582.496562][   T24] usb 6-1: device descriptor read/8, error -32
[  582.562996][ T5912] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  582.603057][   T24] raw-gadget.3 gadget.5: failed to queue suspend event
[  582.621512][T24951] usb 6-1: USB disconnect, device number 7
[  582.672069][T26910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.684567][T26910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.739326][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  582.745987][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  582.757569][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  582.769205][ T5912] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  582.778308][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.789117][ T5912] usb 5-1: config 0 descriptor??
[  582.823039][T10369] usb 3-1: new full-speed USB device number 110 using dummy_hcd
[  582.843204][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  582.851363][T10369] usb 3-1: device descriptor read/8, error -71
[  582.913045][T24951] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  582.921300][    C1] raw-gadget.3 gadget.5: ignoring, device is not running
[  582.928624][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  583.013041][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  583.083079][T24951] usb 6-1: device descriptor read/64, error -32
[  583.112972][T10369] usb 3-1: new full-speed USB device number 111 using dummy_hcd
[  583.133595][T10369] usb 3-1: device descriptor read/8, error -71
[  583.192978][T24951] raw-gadget.3 gadget.5: failed to queue suspend event
[  583.200271][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  583.243766][T10369] usb usb3-port1: unable to enumerate USB device
[  583.258433][ T5912] usbhid 5-1:0.0: can't add hid device: -71
[  583.273365][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  583.280297][ T5912] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  583.313543][ T5912] usb 5-1: USB disconnect, device number 7
[  583.379778][T24951] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  583.390284][    C1] raw-gadget.3 gadget.5: ignoring, device is not running
[  583.397718][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  583.473763][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  583.542979][T24951] usb 6-1: device descriptor read/64, error -32
[  583.653250][T24951] raw-gadget.3 gadget.5: failed to queue suspend event
[  583.667924][T24951] usb usb6-port1: attempt power cycle
[  583.683982][T24951] raw-gadget.3 gadget.5: failed to queue disconnect event
[  583.692468][T26957] /dev/rnullb0: Can't open blockdev
[  583.718897][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  583.746565][   T30] audit: type=1326 audit(1755040838.409:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26959 comm="syz.5.3535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5bf438ebe9 code=0x0
[  583.759401][T26962] /dev/rnullb0: Can't open blockdev
[  583.792999][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  583.801172][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  583.821146][T26965] /dev/rnullb0: Can't open blockdev
[  583.966008][T26973] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3539'.
[  584.013334][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  584.072966][T24951] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  584.093300][    C1] raw-gadget.3 gadget.5: ignoring, device is not running
[  584.100417][T24951] usb 6-1: device descriptor read/8, error -32
[  584.223107][T24951] raw-gadget.3 gadget.5: failed to queue suspend event
[  584.230694][T24951] raw-gadget.3 gadget.5: failed to queue reset event
[  584.302945][T24951] raw-gadget.3 gadget.5: failed to queue resume event
[  584.362939][T24951] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  584.383113][    C1] raw-gadget.3 gadget.5: ignoring, device is not running
[  584.390232][T24951] usb 6-1: device descriptor read/8, error -32
[  584.459624][T26979] /dev/rnullb0: Can't open blockdev
[  584.506749][T24951] raw-gadget.3 gadget.5: failed to queue suspend event
[  584.521700][T24951] usb usb6-port1: unable to enumerate USB device
[  584.870600][T26998] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3546'.
[  585.136580][T27013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.154606][T27013] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.763041][ T5919] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  585.915042][ T5919] usb 5-1: not running at top speed; connect to a high speed hub
[  585.923996][ T5919] usb 5-1: config 8 has an invalid interface number: 117 but max is 2
[  585.933064][ T5919] usb 5-1: config 8 has an invalid interface number: 37 but max is 2
[  585.941146][ T5919] usb 5-1: config 8 contains an unexpected descriptor of type 0x2, skipping
[  585.949949][ T5919] usb 5-1: config 8 has an invalid interface number: 152 but max is 2
[  585.958170][ T5919] usb 5-1: config 8 has no interface number 0
[  585.964353][ T5919] usb 5-1: config 8 has no interface number 1
[  585.970430][ T5919] usb 5-1: config 8 has no interface number 2
[  585.977051][ T5919] usb 5-1: config 8 interface 117 altsetting 3 endpoint 0x2 has invalid maxpacket 560, setting to 64
[  585.987985][ T5919] usb 5-1: config 8 interface 37 altsetting 4 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  585.998895][ T5919] usb 5-1: config 8 interface 37 altsetting 4 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  586.009833][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has an endpoint descriptor with address 0x1B, changing to 0xB
[  586.021362][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0x2, skipping
[  586.031992][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0x5, skipping
[  586.043889][ T5919] usb 5-1: config 8 interface 37 altsetting 4 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  586.054903][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0x1, skipping
[  586.065631][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  586.076533][ T5919] usb 5-1: config 8 interface 37 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  586.087333][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  586.101903][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0xF, skipping
[  586.112552][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0xE, skipping
[  586.123205][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  586.134016][ T5919] usb 5-1: config 8 interface 37 altsetting 4 has a duplicate endpoint with address 0x2, skipping
[  586.145403][ T5919] usb 5-1: config 8 interface 117 has no altsetting 0
[  586.152177][ T5919] usb 5-1: config 8 interface 37 has no altsetting 0
[  586.158894][ T5919] usb 5-1: config 8 interface 152 has no altsetting 0
[  586.168242][ T5919] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db54, bcdDevice=65.19
[  586.177462][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.185526][ T5919] usb 5-1: Product: 퐂⨘ᄇ贫惎ɢԇ礫ᢙ뤶䋦橶⁵ꠤ爚淗苺㖭
[  586.194267][ T5919] usb 5-1: Manufacturer: ⠊
[  586.198856][ T5919] usb 5-1: SerialNumber: ࠠ
[  586.516137][T27047] nftables ruleset with unbound set
[  586.763168][ T5912] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  586.914770][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  586.924736][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  586.935693][ T5912] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  586.944810][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.958969][ T5912] usb 3-1: config 0 descriptor??
[  587.182654][T27047] /dev/rnullb0: Can't open blockdev
[  587.235864][ T5912] ath6kl: Failed to submit usb control message: -71
[  587.247734][ T5912] ath6kl: unable to send the bmi data to the device: -71
[  587.255370][ T5912] ath6kl: Unable to send get target info: -71
[  587.266575][ T5912] ath6kl: Failed to init ath6kl core: -71
[  587.274556][ T5912] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  587.292596][ T5912] usb 3-1: USB disconnect, device number 112
[  587.801713][T27066] /dev/rnullb0: Can't open blockdev
[  587.905519][T27072] /dev/rnullb0: Can't open blockdev
[  588.515526][ T5919] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in cold state, will try to load a firmware
[  588.527819][ T5919] usb 5-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2
[  588.538864][ T5919] usb 5-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw
[  588.563053][ T5953] usb 3-1: new full-speed USB device number 113 using dummy_hcd
[  588.737343][ T5953] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  588.744350][T27108] 9pnet_fd: p9_fd_create_unix (27108): problem connecting socket: ./file0: -111
[  588.755538][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.755566][ T5953] usb 3-1: Product: syz
[  588.755584][ T5953] usb 3-1: Manufacturer: syz
[  588.755600][ T5953] usb 3-1: SerialNumber: syz
[  588.760265][ T5953] usb 3-1: config 0 descriptor??
[  588.842375][T27114] /dev/rnullb0: Can't open blockdev
[  588.908169][T27123] /dev/rnullb0: Can't open blockdev
[  588.917892][T27125] /dev/rnullb0: Can't open blockdev
[  588.991357][T27130] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  589.001118][T27130] /dev/rnullb0: Can't open blockdev
[  589.018285][ T5953] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  589.270260][T27147] netlink: 'syz.5.3579': attribute type 11 has an invalid length.
[  589.357967][T27154] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  589.367881][T27154] /dev/rnullb0: Can't open blockdev
[  589.592210][T27159] /dev/rnullb0: Can't open blockdev
[  589.761193][T27176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.771041][T27176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  590.455446][ T5953] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  590.479009][ T5953] usb 3-1: USB disconnect, device number 113
[  590.870706][T27193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.880046][T27193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  590.990883][T27198] syzkaller1: entered promiscuous mode
[  590.996733][T27198] syzkaller1: entered allmulticast mode
[  591.252926][ T5912] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  591.383015][ T5912] usb 3-1: device descriptor read/64, error -71
[  591.448049][T27205] /dev/rnullb0: Can't open blockdev
[  591.499550][T27208] /dev/rnullb0: Can't open blockdev
[  591.535274][T27211] netlink: 256 bytes leftover after parsing attributes in process `syz.5.3593'.
[  591.608150][T27218] /dev/rnullb0: Can't open blockdev
[  591.616859][T27219] /dev/rnullb0: Can't open blockdev
[  591.625054][ T5912] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  591.763101][ T5912] usb 3-1: device descriptor read/64, error -71
[  591.870974][T27229] /dev/rnullb0: Can't open blockdev
[  591.876821][ T5912] usb usb3-port1: attempt power cycle
[  591.986972][T27239] hpfs: Bad magic ... probably not HPFS
[  592.223129][ T5912] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  592.228727][T27252] fuse: Bad value for 'fd'
[  592.248360][ T5912] usb 3-1: device descriptor read/8, error -71
[  592.501830][ T5912] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  592.525266][ T5912] usb 3-1: device descriptor read/8, error -71
[  592.532561][T27272] pimreg: entered allmulticast mode
[  592.644247][ T5912] usb usb3-port1: unable to enumerate USB device
[  593.160344][T27306] netlink: 'syz.4.3614': attribute type 27 has an invalid length.
[  593.948803][T27332] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  593.948984][T27331] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  594.242587][T23657] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  594.255063][T23657] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  594.264761][T23657] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  594.274723][T23657] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  594.284837][T23657] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  594.378034][T27339] vivid-000: disconnect
[  594.422247][T27369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.432504][T27369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.565946][T27414] netlink: 'syz.2.3626': attribute type 1 has an invalid length.
[  594.603542][T27414] netlink: 'syz.2.3626': attribute type 1 has an invalid length.
[  594.696305][ T1100] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.712723][T27342] chnl_net:caif_netlink_parms(): no params data found
[  594.786518][ T1100] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.864044][ T5912] usb 3-1: new full-speed USB device number 118 using dummy_hcd
[  594.876291][ T1100] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.891123][T27342] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.898792][T27342] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.906930][T27342] bridge_slave_0: entered allmulticast mode
[  594.915146][T27342] bridge_slave_0: entered promiscuous mode
[  594.922650][T27342] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.930918][T27342] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.938951][T27342] bridge_slave_1: entered allmulticast mode
[  594.947624][T27342] bridge_slave_1: entered promiscuous mode
[  594.967341][T27338] vivid-000: reconnect
[  595.021766][ T1100] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.041731][ T5912] usb 3-1: unable to get BOS descriptor or descriptor too short
[  595.056613][ T5912] usb 3-1: not running at top speed; connect to a high speed hub
[  595.067074][ T5912] usb 3-1: config 1 has an invalid interface number: 130 but max is 0
[  595.077199][ T5912] usb 3-1: config 1 has no interface number 0
[  595.085358][ T5912] usb 3-1: config 1 interface 130 has no altsetting 0
[  595.097891][ T5912] usb 3-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice=84.ac
[  595.107158][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.115344][ T5912] usb 3-1: Product: syz
[  595.115756][T27342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.119643][ T5912] usb 3-1: Manufacturer: syz
[  595.133873][ T5912] usb 3-1: SerialNumber: syz
[  595.148814][T27342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.223280][T27342] team0: Port device team_slave_0 added
[  595.272125][T27342] team0: Port device team_slave_1 added
[  595.341036][T27342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  595.348397][T27342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.355983][T27414] /dev/rnullb0: Can't open blockdev
[  595.374340][    C0] vkms_vblank_simulate: vblank timer overrun
[  595.376981][T27342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.397932][ T1100] bridge_slave_1: left allmulticast mode
[  595.406212][ T1100] bridge_slave_1: left promiscuous mode
[  595.411988][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.421255][ T1100] bridge_slave_0: left allmulticast mode
[  595.428052][ T1100] bridge_slave_0: left promiscuous mode
[  595.434263][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.810511][ T1100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.821748][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.831986][ T1100] bond0 (unregistering): Released all slaves
[  595.851075][T27342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.860279][T27342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.900106][T27342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.002713][ T1100] tipc: Left network mode
[  596.087299][T27342] hsr_slave_0: entered promiscuous mode
[  596.099930][T27342] hsr_slave_1: entered promiscuous mode
[  596.129650][T27342] debugfs: 'hsr0' already exists in 'hsr'
[  596.137193][T27342] Cannot create hsr debugfs directory
[  596.331684][ T1100] hsr_slave_0: left promiscuous mode
[  596.342647][ T1100] hsr_slave_1: left promiscuous mode
[  596.351646][ T5876] Bluetooth: hci3: command tx timeout
[  596.399541][ T1100] veth1_macvtap: left promiscuous mode
[  596.414063][ T1100] veth0_macvtap: left promiscuous mode
[  596.424279][ T1100] veth1_vlan: left promiscuous mode
[  596.429619][ T1100] veth0_vlan: left promiscuous mode
[  596.839145][T27698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.863415][T27698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.198965][ T1100] team0 (unregistering): Port device team_slave_1 removed
[  597.250805][ T1100] team0 (unregistering): Port device team_slave_0 removed
[  598.412988][ T5876] Bluetooth: hci3: command tx timeout
[  599.725564][T27698] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  599.739778][T27342] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  599.758113][T27342] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  599.771716][T27342] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  599.799436][T27342] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  600.092444][T27342] 8021q: adding VLAN 0 to HW filter on device bond0
[  600.128036][T27342] 8021q: adding VLAN 0 to HW filter on device team0
[  600.148575][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.155786][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  600.189850][ T5912] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware
[  600.217751][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.224963][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  600.276068][ T5912] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  600.297439][ T5912] dib0700: firmware download failed at 7 with -22
[  600.304811][T27792] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  600.338212][T27792] /dev/rnullb0: Can't open blockdev
[  600.504213][ T5876] Bluetooth: hci3: command tx timeout
[  600.670095][T27342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.216963][T27342] veth0_vlan: entered promiscuous mode
[  601.241842][T27342] veth1_vlan: entered promiscuous mode
[  601.310028][T27342] veth0_macvtap: entered promiscuous mode
[  601.328357][T27342] veth1_macvtap: entered promiscuous mode
[  601.371372][T27342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  601.385112][T27342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.417470][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.437399][   T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.462461][   T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.488304][   T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  601.648684][T16969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.674025][T16969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.694077][T27839] /dev/rnullb0: Can't open blockdev
[  601.735213][ T1346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.750935][ T1346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.823868][T27846] fuse: Unknown parameter 'l���C����O�-A$p�β��c}�8�B����`�ɰ��L�'
[  602.474693][T27878] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  602.475962][T27877] netlink: 'syz.5.3642': attribute type 1 has an invalid length.
[  602.493884][T27877] netlink: 228 bytes leftover after parsing attributes in process `syz.5.3642'.
[  602.576261][ T5876] Bluetooth: hci3: command tx timeout
[  602.807400][T27894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.817119][T27894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.828545][T27894] /dev/rnullb0: Can't open blockdev
[  603.391829][T27898] CIFS: VFS: Malformed UNC in devname
[  603.572521][T27901] netlink: 420 bytes leftover after parsing attributes in process `syz.5.3647'.
[  604.409519][ T5953] hid-generic 0000:0000:0000.0041: unknown main item tag 0x0
[  604.442512][ T5953] hid-generic 0000:0000:0000.0041: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  604.606839][T27909] /dev/rnullb0: Can't open blockdev
[  605.212140][T27944] tmpfs: Bad value for 'mpol'
[  605.219602][T27944] /dev/rnullb0: Can't open blockdev
[  605.360033][T27949] kvm: pic: non byte read
[  605.364816][T27949] kvm: pic: non byte read
[  605.369203][T27949] kvm: pic: non byte read
[  605.375630][T27949] kvm: pic: non byte read
[  605.380013][T27949] kvm: pic: non byte read
[  605.384772][T27949] kvm: pic: non byte read
[  605.391045][T27949] kvm: pic: non byte read
[  605.395556][T27949] kvm: pic: non byte read
[  605.399928][T27949] kvm: pic: non byte read
[  605.404486][T27949] kvm: pic: non byte read
[  605.408668][T27946] /dev/rnullb0: Can't open blockdev
[  605.979944][ T5953] hid-generic 0000:0000:0000.0042: unknown main item tag 0x0
[  605.997528][ T5953] hid-generic 0000:0000:0000.0042: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  606.256812][T27974] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  606.264045][T27974] /dev/rnullb0: Can't open blockdev
[  606.415004][T27984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.426360][T27984] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.976581][T27988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.985949][T27988] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.994972][T27988] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3664'.
[  607.090668][T27996] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR
[  608.607277][T28009] FAULT_INJECTION: forcing a failure.
[  608.607277][T28009] name failslab, interval 1, probability 0, space 0, times 0
[  608.630647][T28009] CPU: 0 UID: 0 PID: 28009 Comm: syz.5.3673 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  608.630676][T28009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  608.630692][T28009] Call Trace:
[  608.630701][T28009]  <TASK>
[  608.630709][T28009]  dump_stack_lvl+0x189/0x250
[  608.630742][T28009]  ? __pfx____ratelimit+0x10/0x10
[  608.630763][T28009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  608.630792][T28009]  ? __pfx__printk+0x10/0x10
[  608.630824][T28009]  ? __pfx___might_resched+0x10/0x10
[  608.630850][T28009]  should_fail_ex+0x414/0x560
[  608.630880][T28009]  should_failslab+0xa8/0x100
[  608.630904][T28009]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  608.630923][T28009]  ? __alloc_skb+0x112/0x2d0
[  608.630939][T28009]  __alloc_skb+0x112/0x2d0
[  608.630952][T28009]  netlink_sendmsg+0x5c6/0xb30
[  608.630968][T28009]  ? __pfx_netlink_sendmsg+0x10/0x10
[  608.630982][T28009]  ? aa_sock_msg_perm+0xf1/0x1d0
[  608.630998][T28009]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  608.631012][T28009]  ? __pfx_netlink_sendmsg+0x10/0x10
[  608.631023][T28009]  __sock_sendmsg+0x21c/0x270
[  608.631041][T28009]  ____sys_sendmsg+0x505/0x830
[  608.631062][T28009]  ? __pfx_____sys_sendmsg+0x10/0x10
[  608.631079][T28009]  ? import_iovec+0x74/0xa0
[  608.631094][T28009]  ___sys_sendmsg+0x21f/0x2a0
[  608.631108][T28009]  ? __pfx____sys_sendmsg+0x10/0x10
[  608.631138][T28009]  ? __fget_files+0x2a/0x420
[  608.631152][T28009]  ? __fget_files+0x3a0/0x420
[  608.631170][T28009]  __x64_sys_sendmsg+0x19b/0x260
[  608.631184][T28009]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  608.631202][T28009]  ? __pfx_ksys_write+0x10/0x10
[  608.631213][T28009]  ? rcu_is_watching+0x15/0xb0
[  608.631229][T28009]  ? do_syscall_64+0xbe/0x3b0
[  608.631242][T28009]  do_syscall_64+0xfa/0x3b0
[  608.631252][T28009]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.631262][T28009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.631272][T28009]  ? clear_bhb_loop+0x60/0xb0
[  608.631285][T28009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.631299][T28009] RIP: 0033:0x7f5bf438ebe9
[  608.631311][T28009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  608.631320][T28009] RSP: 002b:00007f5bf5125038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  608.631333][T28009] RAX: ffffffffffffffda RBX: 00007f5bf45b5fa0 RCX: 00007f5bf438ebe9
[  608.631341][T28009] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[  608.631348][T28009] RBP: 00007f5bf5125090 R08: 0000000000000000 R09: 0000000000000000
[  608.631354][T28009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  608.631361][T28009] R13: 00007f5bf45b6038 R14: 00007f5bf45b5fa0 R15: 00007fff82be1cb8
[  608.631377][T28009]  </TASK>
[  609.001316][T28019] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3667'.
[  609.122262][T28023] fuse: Bad value for 'group_id'
[  609.132163][T28023] fuse: Bad value for 'group_id'
[  609.224533][T28030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.235090][T28030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.464023][T23657] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  609.470062][T28030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.476755][T23657] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  609.484851][T28030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.491168][T23657] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  609.503799][T23657] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  609.506667][T28030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.511462][T23657] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  609.525997][T28030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.739554][T28035] chnl_net:caif_netlink_parms(): no params data found
[  609.835785][T28035] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.843199][T28035] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.850400][T28035] bridge_slave_0: entered allmulticast mode
[  609.859716][T28035] bridge_slave_0: entered promiscuous mode
[  609.867596][T28035] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.874877][T28035] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.882042][T28035] bridge_slave_1: entered allmulticast mode
[  609.889353][T28035] bridge_slave_1: entered promiscuous mode
[  609.930286][T28035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.942475][T28035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  609.990955][T28035] team0: Port device team_slave_0 added
[  610.009388][T28035] team0: Port device team_slave_1 added
[  610.221053][T28035] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.238510][T28035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.275362][T28035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.291133][T28035] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.299867][T28035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.335813][T28035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  610.471041][T28035] hsr_slave_0: entered promiscuous mode
[  610.478257][T28035] hsr_slave_1: entered promiscuous mode
[  610.505150][T28035] debugfs: 'hsr0' already exists in 'hsr'
[  610.515279][T23657] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  610.522914][T28035] Cannot create hsr debugfs directory
[  610.527131][T23657] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  610.538411][T23657] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  610.547205][T23657] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  610.555213][T23657] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  610.776660][T28361] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3676'.
[  610.798254][T28361] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3676'.
[  610.832577][T28361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.852670][T28361] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.949764][T28035] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  610.970708][T28035] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  610.989434][T28035] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  611.001096][T28035] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  611.190517][T28035] 8021q: adding VLAN 0 to HW filter on device bond0
[  611.216767][T28035] 8021q: adding VLAN 0 to HW filter on device team0
[  611.232640][T28301] chnl_net:caif_netlink_parms(): no params data found
[  611.284378][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  611.291530][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  611.319448][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  611.326628][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  611.395971][T28301] bridge0: port 1(bridge_slave_0) entered blocking state
[  611.407234][T28301] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.417748][T28301] bridge_slave_0: entered allmulticast mode
[  611.426165][T28301] bridge_slave_0: entered promiscuous mode
[  611.438118][T28301] bridge0: port 2(bridge_slave_1) entered blocking state
[  611.446206][T28301] bridge0: port 2(bridge_slave_1) entered disabled state
[  611.454089][T28301] bridge_slave_1: entered allmulticast mode
[  611.462742][T28301] bridge_slave_1: entered promiscuous mode
[  611.520104][T28301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  611.534470][T23657] Bluetooth: hci2: command tx timeout
[  611.551164][T28301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  611.622616][T28301] team0: Port device team_slave_0 added
[  611.636325][T28575] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.3677'.
[  611.638287][T28301] team0: Port device team_slave_1 added
[  611.646567][T28575] netlink: zone id is out of range
[  611.659132][T28575] netlink: zone id is out of range
[  611.665530][T28575] netlink: zone id is out of range
[  611.670661][T28575] netlink: zone id is out of range
[  611.677028][T28575] netlink: get zone limit has 8 unknown bytes
[  611.688287][T28575] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[  611.699316][T28565] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  611.766133][T28301] batman_adv: batadv0: Adding interface: batadv_slave_0
[  611.793489][T28301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  611.821774][T28301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  611.841051][T28301] batman_adv: batadv0: Adding interface: batadv_slave_1
[  611.848984][T28301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  611.877194][T28301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  611.898886][T28627] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3678'.
[  612.032635][T28301] hsr_slave_0: entered promiscuous mode
[  612.041114][T28301] hsr_slave_1: entered promiscuous mode
[  612.050650][T28301] debugfs: 'hsr0' already exists in 'hsr'
[  612.058897][T28301] Cannot create hsr debugfs directory
[  612.391175][T28732] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3680'.
[  612.435149][T28035] 8021q: adding VLAN 0 to HW filter on device batadv0
[  612.579580][T28301] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  612.599419][T28301] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  612.616094][T28301] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  612.628979][T28301] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  612.656032][T23657] Bluetooth: hci5: command tx timeout
[  612.767741][T28301] 8021q: adding VLAN 0 to HW filter on device bond0
[  612.798548][T28301] 8021q: adding VLAN 0 to HW filter on device team0
[  612.825026][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.832140][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  612.853646][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.860813][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  612.871177][T28035] veth0_vlan: entered promiscuous mode
[  612.889218][T28035] veth1_vlan: entered promiscuous mode
[  612.961399][T28035] veth0_macvtap: entered promiscuous mode
[  612.981780][T28035] veth1_macvtap: entered promiscuous mode
[  613.020717][T28035] batman_adv: batadv0: Interface activated: batadv_slave_0
[  613.051391][T28035] batman_adv: batadv0: Interface activated: batadv_slave_1
[  613.075779][   T59] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  613.088689][   T59] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  613.128334][ T1100] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  613.164503][ T1100] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  613.267699][T28301] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.322553][T28768] FAULT_INJECTION: forcing a failure.
[  613.322553][T28768] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  613.326690][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  613.349795][T28768] CPU: 0 UID: 0 PID: 28768 Comm: syz.5.3682 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  613.349821][T28768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.349834][T28768] Call Trace:
[  613.349842][T28768]  <TASK>
[  613.349851][T28768]  dump_stack_lvl+0x189/0x250
[  613.349883][T28768]  ? __pfx____ratelimit+0x10/0x10
[  613.349904][T28768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.349933][T28768]  ? __pfx__printk+0x10/0x10
[  613.349961][T28768]  ? __might_fault+0xb0/0x130
[  613.349992][T28768]  should_fail_ex+0x414/0x560
[  613.350024][T28768]  _copy_from_iter+0x1db/0x16f0
[  613.350048][T28768]  ? rcu_is_watching+0x15/0xb0
[  613.350073][T28768]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  613.350094][T28768]  ? __pfx__copy_from_iter+0x10/0x10
[  613.350117][T28768]  ? __build_skb_around+0x257/0x3e0
[  613.350141][T28768]  ? netlink_sendmsg+0x642/0xb30
[  613.350160][T28768]  ? skb_put+0x11b/0x210
[  613.350185][T28768]  netlink_sendmsg+0x6b2/0xb30
[  613.350215][T28768]  ? __pfx_netlink_sendmsg+0x10/0x10
[  613.350236][T28768]  ? aa_sock_msg_perm+0xf1/0x1d0
[  613.350264][T28768]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  613.350289][T28768]  ? __pfx_netlink_sendmsg+0x10/0x10
[  613.350311][T28768]  __sock_sendmsg+0x21c/0x270
[  613.350341][T28768]  ____sys_sendmsg+0x505/0x830
[  613.350371][T28768]  ? __pfx_____sys_sendmsg+0x10/0x10
[  613.350415][T28768]  ? import_iovec+0x74/0xa0
[  613.350441][T28768]  ___sys_sendmsg+0x21f/0x2a0
[  613.350467][T28768]  ? __pfx____sys_sendmsg+0x10/0x10
[  613.350526][T28768]  ? __fget_files+0x2a/0x420
[  613.350550][T28768]  ? __fget_files+0x3a0/0x420
[  613.350583][T28768]  __x64_sys_sendmsg+0x19b/0x260
[  613.350611][T28768]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  613.350644][T28768]  ? __pfx_ksys_write+0x10/0x10
[  613.350663][T28768]  ? rcu_is_watching+0x15/0xb0
[  613.350692][T28768]  ? do_syscall_64+0xbe/0x3b0
[  613.350716][T28768]  do_syscall_64+0xfa/0x3b0
[  613.350735][T28768]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.350754][T28768]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.350773][T28768]  ? clear_bhb_loop+0x60/0xb0
[  613.350796][T28768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.350814][T28768] RIP: 0033:0x7f5bf438ebe9
[  613.350832][T28768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.350850][T28768] RSP: 002b:00007f5bf5125038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  613.350871][T28768] RAX: ffffffffffffffda RBX: 00007f5bf45b5fa0 RCX: 00007f5bf438ebe9
[  613.350886][T28768] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[  613.350899][T28768] RBP: 00007f5bf5125090 R08: 0000000000000000 R09: 0000000000000000
[  613.350912][T28768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  613.350923][T28768] R13: 00007f5bf45b6038 R14: 00007f5bf45b5fa0 R15: 00007fff82be1cb8
[  613.350953][T28768]  </TASK>
[  613.360720][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  613.653901][T23657] Bluetooth: hci2: command tx timeout
[  613.698332][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  613.711522][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.138465][T28301] veth0_vlan: entered promiscuous mode
[  614.147811][T28799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  614.158054][T28799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  614.181830][T28301] veth1_vlan: entered promiscuous mode
[  614.272066][T28301] veth0_macvtap: entered promiscuous mode
[  614.301343][T28301] veth1_macvtap: entered promiscuous mode
[  614.347883][T28301] batman_adv: batadv0: Interface activated: batadv_slave_0
[  614.378325][T28301] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.404026][T16969] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.420303][T16969] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.440015][T16969] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.462756][T16969] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  614.569317][T16969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.587242][T16969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.645135][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.656280][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.659107][T28814] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3686'.
[  614.733839][T23657] Bluetooth: hci5: command tx timeout
[  614.787860][T28820] hpfs: Unknown parameter '-)�/'
[  614.829756][T28820] /dev/rnullb0: Can't open blockdev
[  615.062783][T28833] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3689'.
[  615.131723][T28838] FAULT_INJECTION: forcing a failure.
[  615.131723][T28838] name failslab, interval 1, probability 0, space 0, times 0
[  615.148256][T28838] CPU: 0 UID: 0 PID: 28838 Comm: syz.5.3691 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  615.148287][T28838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  615.148300][T28838] Call Trace:
[  615.148308][T28838]  <TASK>
[  615.148327][T28838]  dump_stack_lvl+0x189/0x250
[  615.148360][T28838]  ? __pfx____ratelimit+0x10/0x10
[  615.148381][T28838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.148409][T28838]  ? __pfx__printk+0x10/0x10
[  615.148438][T28838]  ? __pfx___might_resched+0x10/0x10
[  615.148461][T28838]  ? fs_reclaim_acquire+0x7d/0x100
[  615.148488][T28838]  should_fail_ex+0x414/0x560
[  615.148520][T28838]  should_failslab+0xa8/0x100
[  615.148542][T28838]  __kmalloc_noprof+0xcb/0x4f0
[  615.148561][T28838]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  615.148594][T28838]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  615.148629][T28838]  genl_family_rcv_msg_doit+0xb8/0x300
[  615.148664][T28838]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  615.148699][T28838]  ? apparmor_capable+0x137/0x1b0
[  615.148722][T28838]  ? bpf_lsm_capable+0x9/0x20
[  615.148741][T28838]  ? security_capable+0x7e/0x2e0
[  615.148773][T28838]  genl_rcv_msg+0x60e/0x790
[  615.148806][T28838]  ? __pfx_genl_rcv_msg+0x10/0x10
[  615.148830][T28838]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  615.148859][T28838]  ? __pfx_nl802154_add_llsec_key+0x10/0x10
[  615.148879][T28838]  ? __pfx_nl802154_post_doit+0x10/0x10
[  615.148923][T28838]  netlink_rcv_skb+0x208/0x470
[  615.148943][T28838]  ? __lock_acquire+0xab9/0xd20
[  615.148966][T28838]  ? __pfx_genl_rcv_msg+0x10/0x10
[  615.148999][T28838]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  615.149039][T28838]  ? down_read+0x1ad/0x2e0
[  615.149062][T28838]  genl_rcv+0x28/0x40
[  615.149084][T28838]  netlink_unicast+0x82f/0x9e0
[  615.149120][T28838]  ? __pfx_netlink_unicast+0x10/0x10
[  615.149150][T28838]  ? netlink_sendmsg+0x642/0xb30
[  615.149168][T28838]  ? skb_put+0x11b/0x210
[  615.149193][T28838]  netlink_sendmsg+0x805/0xb30
[  615.149223][T28838]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.149249][T28838]  ? aa_sock_msg_perm+0xf1/0x1d0
[  615.149276][T28838]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  615.149301][T28838]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.149330][T28838]  __sock_sendmsg+0x21c/0x270
[  615.149361][T28838]  ____sys_sendmsg+0x505/0x830
[  615.149391][T28838]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.149426][T28838]  ? import_iovec+0x74/0xa0
[  615.149453][T28838]  ___sys_sendmsg+0x21f/0x2a0
[  615.149481][T28838]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.149544][T28838]  ? __fget_files+0x2a/0x420
[  615.149568][T28838]  ? __fget_files+0x3a0/0x420
[  615.149605][T28838]  __x64_sys_sendmsg+0x19b/0x260
[  615.149633][T28838]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  615.149668][T28838]  ? __pfx_ksys_write+0x10/0x10
[  615.149698][T28838]  ? do_syscall_64+0xbe/0x3b0
[  615.149721][T28838]  do_syscall_64+0xfa/0x3b0
[  615.149737][T28838]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.149755][T28838]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.149775][T28838]  ? clear_bhb_loop+0x60/0xb0
[  615.149795][T28838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.149811][T28838] RIP: 0033:0x7f5bf438ebe9
[  615.149827][T28838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.149844][T28838] RSP: 002b:00007f5bf5125038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  615.149864][T28838] RAX: ffffffffffffffda RBX: 00007f5bf45b5fa0 RCX: 00007f5bf438ebe9
[  615.149880][T28838] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[  615.149891][T28838] RBP: 00007f5bf5125090 R08: 0000000000000000 R09: 0000000000000000
[  615.149904][T28838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  615.149916][T28838] R13: 00007f5bf45b6038 R14: 00007f5bf45b5fa0 R15: 00007fff82be1cb8
[  615.149947][T28838]  </TASK>
[  615.693041][T23657] Bluetooth: hci2: command tx timeout
[  615.890239][T28846] /dev/rnullb0: Can't open blockdev
[  616.152222][T28855] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3695'.
[  616.205673][T28858] sctp: [Deprecated]: syz.6.3696 (pid 28858) Use of int in maxseg socket option.
[  616.205673][T28858] Use struct sctp_assoc_value instead
[  616.284761][T28861] 9pnet_fd: Insufficient options for proto=fd
[  616.466375][T28870] syz.5.3700: attempt to access beyond end of device
[  616.466375][T28870] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  616.480743][T28870] FAT-fs (nbd5): unable to read boot sector
[  616.496686][T28870] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3700'.
[  616.540000][T28872] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3701'.
[  616.625182][T28878] /dev/rnullb0: Can't open blockdev
[  616.782054][T28885] /dev/rnullb0: Can't open blockdev
[  616.813402][T23657] Bluetooth: hci5: command tx timeout
[  617.191372][T28895] 9pnet_fd: Insufficient options for proto=fd
[  617.344474][T28902] netlink: 164 bytes leftover after parsing attributes in process `syz.5.3710'.
[  617.397047][T28904] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3709'.
[  617.495995][T28918] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3714'.
[  617.536366][T28920] netlink: 'syz.5.3715': attribute type 4 has an invalid length.
[  617.545313][T28920] netlink: 'syz.5.3715': attribute type 27 has an invalid length.
[  617.553216][T28920] netlink: 3609 bytes leftover after parsing attributes in process `syz.5.3715'.
[  617.649404][T28924] 9pnet_fd: Insufficient options for proto=fd
[  617.789153][T23657] Bluetooth: hci2: command tx timeout
[  617.840019][T28927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.855416][T28933] /dev/rnullb0: Can't open blockdev
[  617.901457][T28927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  618.182656][T28954] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3723'.
[  618.388894][T28971] netlink: 'syz.7.3725': attribute type 10 has an invalid length.
[  618.450201][T28970] overlay: ./file0 is not a directory
[  618.903281][T23657] Bluetooth: hci5: command tx timeout
[  620.101406][T29056] __nla_validate_parse: 3 callbacks suppressed
[  620.101419][T29056] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3738'.
[  620.125008][T29056] FAULT_INJECTION: forcing a failure.
[  620.125008][T29056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  620.141382][T29056] CPU: 0 UID: 0 PID: 29056 Comm: syz.5.3738 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  620.141407][T29056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  620.141419][T29056] Call Trace:
[  620.141427][T29056]  <TASK>
[  620.141435][T29056]  dump_stack_lvl+0x189/0x250
[  620.141467][T29056]  ? __pfx____ratelimit+0x10/0x10
[  620.141488][T29056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.141514][T29056]  ? __pfx__printk+0x10/0x10
[  620.141552][T29056]  should_fail_ex+0x414/0x560
[  620.141584][T29056]  _copy_to_user+0x31/0xb0
[  620.141611][T29056]  simple_read_from_buffer+0xe1/0x170
[  620.141640][T29056]  proc_fail_nth_read+0x1b3/0x220
[  620.141673][T29056]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  620.141705][T29056]  ? rw_verify_area+0x2a6/0x4d0
[  620.141726][T29056]  ? __lock_acquire+0xab9/0xd20
[  620.141746][T29056]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  620.141777][T29056]  vfs_read+0x1fd/0xa30
[  620.141799][T29056]  ? fdget_pos+0x247/0x320
[  620.141828][T29056]  ? __pfx___mutex_lock+0x10/0x10
[  620.141849][T29056]  ? __pfx_vfs_read+0x10/0x10
[  620.141882][T29056]  ? __fget_files+0x2a/0x420
[  620.141911][T29056]  ? __fget_files+0x3a0/0x420
[  620.141935][T29056]  ? __fget_files+0x2a/0x420
[  620.141969][T29056]  ksys_read+0x145/0x250
[  620.141994][T29056]  ? __pfx_ksys_read+0x10/0x10
[  620.142013][T29056]  ? rcu_is_watching+0x15/0xb0
[  620.142042][T29056]  ? do_syscall_64+0xbe/0x3b0
[  620.142067][T29056]  do_syscall_64+0xfa/0x3b0
[  620.142084][T29056]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.142102][T29056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.142119][T29056]  ? clear_bhb_loop+0x60/0xb0
[  620.142141][T29056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.142159][T29056] RIP: 0033:0x7f5bf438d5fc
[  620.142176][T29056] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  620.142193][T29056] RSP: 002b:00007f5bf5125030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  620.142212][T29056] RAX: ffffffffffffffda RBX: 00007f5bf45b5fa0 RCX: 00007f5bf438d5fc
[  620.142227][T29056] RDX: 000000000000000f RSI: 00007f5bf51250a0 RDI: 0000000000000003
[  620.142239][T29056] RBP: 00007f5bf5125090 R08: 0000000000000000 R09: 0000000000000000
[  620.142252][T29056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.142263][T29056] R13: 00007f5bf45b6038 R14: 00007f5bf45b5fa0 R15: 00007fff82be1cb8
[  620.142290][T29056]  </TASK>
[  620.480964][T29064] 9pnet_fd: Insufficient options for proto=fd
[  620.655905][T29081] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3743'.
[  620.707685][T29086] Invalid ELF header magic: != ELF
[  620.715190][T29086] overlay: ./bus is not a directory
[  620.722116][T29086] Invalid ELF header magic: != ELF
[  620.732401][T29086] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3744'.
[  620.740218][T29087] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3741'.
[  620.830712][T29093] /dev/rnullb0: Can't open blockdev
[  620.880106][T29095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.891147][T29095] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  621.814796][T29115] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3752'.
[  621.945831][T29125] /dev/rnullb0: Can't open blockdev
[  622.050410][T29130] /dev/rnullb0: Can't open blockdev
[  622.260543][T29146] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3757'.
[  622.646923][T29159] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3762'.
[  623.046728][T29169] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3764'.
[  623.221038][T29180] syz.5.3768: attempt to access beyond end of device
[  623.221038][T29180] loop5: rw=0, sector=6, nr_sectors = 2 limit=0
[  623.235770][T29180] ADFS-fs (loop5): error: unable to read block 3, try 0
[  623.247527][T29180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  623.256671][T29180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.911746][T29200] netlink: 168 bytes leftover after parsing attributes in process `syz.7.3771'.
[  624.256998][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  625.024108][T29216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  625.251003][ T5912] hid-generic 0101:0001:0004.0043: collection stack underflow
[  625.260666][ T5912] hid-generic 0101:0001:0004.0043: item 0 4 0 12 parsing failed
[  625.270401][ T5912] hid-generic 0101:0001:0004.0043: probe with driver hid-generic failed with error -22
[  625.708479][T29238] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3781'.
[  625.768776][T29243] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3782'.
[  625.813221][T29246] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3783'.
[  625.885473][T29248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  625.910624][T29248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.081352][T29267] /dev/rnullb0: Can't open blockdev
[  626.129667][ T5950] hid-generic 0000:0000:0000.0044: unknown main item tag 0x0
[  626.141848][ T5950] hid-generic 0000:0000:0000.0044: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  626.334482][T29269] /dev/rnullb0: Can't open blockdev
[  626.692012][T29291] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3791'.
[  626.772302][T29298] netlink: 'syz.4.3794': attribute type 12 has an invalid length.
[  626.888969][T29302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3795'.
[  626.908623][T29302] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3795'.
[  626.922295][T29302] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3795'.
[  626.931695][T29302] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3795'.
[  626.957566][T29306] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  626.980531][T29306] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3797'.
[  627.052749][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.074546][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  627.134426][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.142430][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  627.182309][T29337] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3801'.
[  627.364249][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.371477][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  627.405529][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.411673][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  627.480114][T29366] program syz.4.3803 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  627.836019][T29322] ceph: No mds server is up or the cluster is laggy
[  627.857287][T29306] ceph: No mds server is up or the cluster is laggy
[  627.884461][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.894947][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  627.924484][ T5912] libceph: connect (1)[c::]:6789 error -101
[  627.946785][ T5912] libceph: mon0 (1)[c::]:6789 connect error
[  628.045616][T29392] netlink: 'syz.7.3809': attribute type 1 has an invalid length.
[  628.151396][T29399] ufs: You didn't specify the type of your ufs filesystem
[  628.151396][T29399] 
[  628.151396][T29399] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  628.151396][T29399] 
[  628.151396][T29399] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  628.190244][T29399] ufs: ufstype=old is supported read-only
[  628.198384][T29399] syz.5.3811: attempt to access beyond end of device
[  628.198384][T29399] loop5: rw=0, sector=16, nr_sectors = 2 limit=0
[  628.225175][T29399] sg_write: process 534 (syz.5.3811) changed security contexts after opening file descriptor, this is not allowed.
[  628.289403][T29405] /dev/rnullb0: Can't open blockdev
[  628.675980][T29429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.685962][T29429] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.699270][T29430] overlayfs: failed to resolve '/��X]�����-bca6NJ�l�}6�;t���GeY޸ eE��X-3���щ��1�=�s.Ի�����'��9'�
[  628.699270][T29430] 7�c&����b��D��w�a��!|�����_�Z�I1��.H�Z}k$����#�+-kr��k��H.�?j#M@i�	���]���th����]�ܼ�2^���P��������(�L2#i0�U�zb�
��[�C-�&�(8�‡��s���噴�X�j ��?����)��`���R���&�*�'-����������Į�m5���-��1bK �ܰ���`x��|íQ��-œ��ci�����Gv���4وIK���^WҘ2<�
��Gg��}T��k�еy�VQ�
[  628.699270][T29430] ���?y��|': -36
[  628.699270][T29429] overlayfs: failed to resolve '/��X]�����-bca6NJ�l�}6�;t���GeY޸ eE��X-3���щ��1�=�s.Ի�����'��9'�
[  628.699270][T29429] 7�c&����b��D��w�a��!|�����_�Z�I1��.H�Z}k$����#�+-kr��k��H.�?j#M@i�	���]���th����]�ܼ�2^���P��������(�L2#i0�U�zb�
��[�C-�&�(8�‡��s���噴�X�j ��?����)��`���R���&�*�'-����������Į�m5���-��1bK �ܰ���`x��|íQ��-œ��ci�����Gv���4وIK���^WҘ2<�
��Gg��}T��k�еy�VQ�
[  628.699270][T29429] ���?y��|': -36
[  629.375556][T29449] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  629.381772][ T3102] usb 4-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  629.388701][T29449] netlink: 'syz.5.3825': attribute type 10 has an invalid length.
[  629.427331][ T3102] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -110
[  629.429512][T29449] team0: Cannot enslave team device to itself
[  629.452027][ T3102] usb 4-1: USB disconnect, device number 9
[  630.084272][T29492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  630.094188][T29492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  630.937121][T29504] __nla_validate_parse: 9 callbacks suppressed
[  630.937135][T29504] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3838'.
[  631.158295][T29517] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3841'.
[  631.214737][T29514] netlink: 168 bytes leftover after parsing attributes in process `syz.7.3840'.
[  631.417731][T29533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  631.431759][T29533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  631.979272][T29545] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  631.995269][T29545] XFS (rnullb0): Invalid superblock magic number
[  632.279152][T29561] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3848'.
[  632.392717][T29569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  632.401920][T29569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  632.424234][T29569] overlayfs: invalid redirect ((null))
[  632.910878][T29577] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3851'.
[  633.098714][T29593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.123432][T29593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  633.147445][T29600] binder: Unknown parameter '00000000000000000000004'
[  633.200183][T29603] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3856'.
[  633.740324][T29616] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3859'.
[  633.962522][T29626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.973454][T29626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.189156][T29626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.198958][T29626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.215472][T29626] Sensor A: =================  START STATUS  =================
[  634.223096][T29626] Sensor A: Test Pattern: 75% Colorbar
[  634.229344][T29626] Sensor A: Show Information: None
[  634.236441][T29626] Sensor A: Vertical Flip: false
[  634.241407][T29626] Sensor A: Horizontal Flip: false
[  634.247504][T29626] Sensor A: Brightness: 0
[  634.251861][T29626] Sensor A: Contrast: 128
[  634.260635][T29626] Sensor A: Hue: 0
[  634.266120][T29626] Sensor A: Saturation: 128
[  634.270749][T29626] Sensor A: ==================  END STATUS  ==================
[  634.995318][T29659] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3867'.
[  635.074190][T29664] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3869'.
[  635.279801][T29672] unknown channel width for channel at 909000KHz?
[  636.350171][T29687] /dev/rnullb0: Can't open blockdev
[  636.444591][T29691] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3876'.
[  636.647675][T29707] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3879'.
[  636.700789][T29711] /dev/rnullb0: Can't open blockdev
[  636.770153][   T36] Bluetooth: hci6: Frame reassembly failed (-90)
[  638.350600][T29737] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3885'.
[  638.587888][T29749] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3887'.
[  638.728316][T29756] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3889'.
[  638.814073][T23657] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  639.042759][T29776] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3893'.
[  639.051813][T29776] openvswitch: netlink: nsh attr 0 has unexpected len 21 expected 0
[  639.063415][T29776] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  639.144612][T29780] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3894'.
[  639.470173][T29783] syzkaller1: entered promiscuous mode
[  639.480573][T29783] syzkaller1: entered allmulticast mode
[  639.701564][T29797] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  639.916146][T29801] netlink: 168 bytes leftover after parsing attributes in process `syz.7.3898'.
[  640.490395][T29827] netlink: 168 bytes leftover after parsing attributes in process `syz.7.3904'.
[  641.350343][T29868] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3915'.
[  641.452782][T29873] binder: 29872:29873 ioctl c0306201 2000000001c0 returned -22
[  641.464253][T29873] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3917'.
[  642.039223][T29911] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3925'.
[  642.104346][T29918] /dev/rnullb0: Can't open blockdev
[  642.110102][T29918] /dev/rnullb0: Can't open blockdev
[  642.115973][T29918] /dev/rnullb0: Can't open blockdev
[  642.121671][T29918] /dev/rnullb0: Can't open blockdev
[  642.127478][T29918] /dev/rnullb0: Can't open blockdev
[  642.135273][T29918] /dev/rnullb0: Can't open blockdev
[  642.140870][T29918] /dev/rnullb0: Can't open blockdev
[  642.146870][T29918] /dev/rnullb0: Can't open blockdev
[  642.154319][T29918] /dev/rnullb0: Can't open blockdev
[  642.160259][T29918] /dev/rnullb0: Can't open blockdev
[  642.166062][T29918] /dev/rnullb0: Can't open blockdev
[  642.171767][T29918] /dev/rnullb0: Can't open blockdev
[  642.182301][T29918] /dev/rnullb0: Can't open blockdev
[  642.188628][T29918] /dev/rnullb0: Can't open blockdev
[  642.194893][T29918] /dev/rnullb0: Can't open blockdev
[  642.200492][T29918] /dev/rnullb0: Can't open blockdev
[  642.206868][T29918] /dev/rnullb0: Can't open blockdev
[  642.212662][T29918] /dev/rnullb0: Can't open blockdev
[  642.218404][T29918] /dev/rnullb0: Can't open blockdev
[  642.224940][T29918] /dev/rnullb0: Can't open blockdev
[  642.231131][T29918] /dev/rnullb0: Can't open blockdev
[  642.237020][T29918] /dev/rnullb0: Can't open blockdev
[  642.242773][T29918] /dev/rnullb0: Can't open blockdev
[  642.249215][T29918] /dev/rnullb0: Can't open blockdev
[  642.256974][T29918] /dev/rnullb0: Can't open blockdev
[  642.262626][T29918] /dev/rnullb0: Can't open blockdev
[  642.268695][T29918] /dev/rnullb0: Can't open blockdev
[  642.275373][T29918] /dev/rnullb0: Can't open blockdev
[  642.281037][T29918] /dev/rnullb0: Can't open blockdev
[  642.287048][T29918] /dev/rnullb0: Can't open blockdev
[  642.300542][T29918] /dev/rnullb0: Can't open blockdev
[  642.306701][T29918] /dev/rnullb0: Can't open blockdev
[  642.312708][T29918] /dev/rnullb0: Can't open blockdev
[  642.322208][T29918] /dev/rnullb0: Can't open blockdev
[  642.329720][T29918] /dev/rnullb0: Can't open blockdev
[  642.339912][T29918] /dev/rnullb0: Can't open blockdev
[  642.348194][T29918] /dev/rnullb0: Can't open blockdev
[  642.360191][T29918] /dev/rnullb0: Can't open blockdev
[  642.368453][T29918] /dev/rnullb0: Can't open blockdev
[  642.380003][T29918] /dev/rnullb0: Can't open blockdev
[  642.389659][T29918] /dev/rnullb0: Can't open blockdev
[  642.400213][T29918] /dev/rnullb0: Can't open blockdev
[  642.408586][T29918] /dev/rnullb0: Can't open blockdev
[  642.410383][T29922] /dev/rnullb0: Can't open blockdev
[  642.414715][T29918] /dev/rnullb0: Can't open blockdev
[  642.428135][T29918] /dev/rnullb0: Can't open blockdev
[  642.434121][T29918] /dev/rnullb0: Can't open blockdev
[  642.440077][T29918] /dev/rnullb0: Can't open blockdev
[  642.446220][T29918] /dev/rnullb0: Can't open blockdev
[  642.452113][T29918] /dev/rnullb0: Can't open blockdev
[  642.460413][T29918] /dev/rnullb0: Can't open blockdev
[  642.471400][T29918] /dev/rnullb0: Can't open blockdev
[  642.477368][T29918] /dev/rnullb0: Can't open blockdev
[  642.484648][T29918] /dev/rnullb0: Can't open blockdev
[  642.490581][T29918] /dev/rnullb0: Can't open blockdev
[  642.499410][   T30] audit: type=1800 audit(1755040897.159:26): pid=29924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3930" name="bus" dev="overlay" ino=1286 res=0 errno=0
[  642.503896][T29918] /dev/rnullb0: Can't open blockdev
[  642.527203][T29918] /dev/rnullb0: Can't open blockdev
[  642.532930][T29918] /dev/rnullb0: Can't open blockdev
[  642.538596][T29918] /dev/rnullb0: Can't open blockdev
[  642.544795][T29918] /dev/rnullb0: Can't open blockdev
[  642.550446][T29918] /dev/rnullb0: Can't open blockdev
[  642.556231][T29918] /dev/rnullb0: Can't open blockdev
[  642.564866][T29918] /dev/rnullb0: Can't open blockdev
[  642.570538][T29918] /dev/rnullb0: Can't open blockdev
[  642.576873][T29918] /dev/rnullb0: Can't open blockdev
[  642.582534][T29918] /dev/rnullb0: Can't open blockdev
[  642.630811][T29927] /dev/rnullb0: Can't open blockdev
[  642.950825][T29931] /dev/rnullb0: Can't open blockdev
[  643.104038][T29943] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3935'.
[  643.696495][T29967] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  643.719724][T29967] /dev/rnullb0: Can't open blockdev
[  643.774003][T29970] /dev/rnullb0: Can't open blockdev
[  643.846183][T29970] sd 0:0:1:0: PR command failed: 1026
[  643.851668][T29970] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  643.852205][T29976] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3945'.
[  643.859919][T29970] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  644.210891][T30003] /dev/rnullb0: Can't open blockdev
[  644.372468][T30015] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  644.638751][T30029] i2c i2c-0: Invalid block write size 34
[  644.829419][T30039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.848400][T30039] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.879814][T30047] IPv6: NLM_F_CREATE should be specified when creating new route
[  644.947876][T30051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.969571][T30051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.003743][T30039] 9pnet_virtio: no channels available for device ./file0
[  645.477498][T30096] /dev/rnullb0: Can't open blockdev
[  645.660464][T30107] /dev/rnullb0: Can't open blockdev
[  646.027629][T30115] /dev/rnullb0: Can't open blockdev
[  647.051500][T23657] Bluetooth: Frame is too long (len 28, expected len 4)
[  647.054377][T30125] /dev/rnullb0: Can't open blockdev
[  647.197457][   T30] audit: type=1326 audit(1755040901.859:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30132 comm="syz.5.3976" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bf438ebe9 code=0x0
[  647.309502][T30140] /dev/rnullb0: Can't open blockdev
[  647.359586][T30142] /dev/rnullb0: Can't open blockdev
[  647.402361][T30144] /dev/rnullb0: Can't open blockdev
[  647.999236][T30159] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  648.076040][T30167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.090751][T30167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.133839][T30167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.146223][T30167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.208108][T30175] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3984'.
[  648.449992][T30192] /dev/rnullb0: Can't open blockdev
[  648.779030][T30213] /dev/rnullb0: Can't open blockdev
[  648.819504][T30216] /dev/rnullb0: Can't open blockdev
[  648.868083][T30218] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3991'.
[  649.036264][T30226] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 108
[  649.132332][T30237] netlink: 'syz.5.3996': attribute type 1 has an invalid length.
[  649.152673][T30237] netlink: 'syz.5.3996': attribute type 2 has an invalid length.
[  649.161449][T30237] netlink: 'syz.5.3996': attribute type 4 has an invalid length.
[  649.169683][T30237] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3996'.
[  649.361687][T30251] /dev/rnullb0: Can't open blockdev
[  649.392339][ T3102] hid-generic 0000:0000:0000.0045: unknown main item tag 0x0
[  649.412244][ T3102] hid-generic 0000:0000:0000.0045: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  649.581949][T30270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.598794][T30270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.868045][ T5919] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  649.889841][ T5919] dvb_usb_cxusb 5-1:8.117: probe with driver dvb_usb_cxusb failed with error -22
[  649.903035][ T5919] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in cold state, will try to load a firmware
[  649.914638][ T5919] usb 5-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2
[  649.924126][ T5919] usb 5-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw
[  652.175343][T30318] /dev/rnullb0: Can't open blockdev
[  652.421824][T30341] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  652.451649][T30341] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  652.458129][T30341] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  652.902753][T30370] /dev/rnullb0: Can't open blockdev
[  652.909638][T30371] /dev/rnullb0: Can't open blockdev
[  652.974362][T30374] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  653.914690][T30382] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  654.168088][T30386] /dev/rnullb0: Can't open blockdev
[  654.290631][T30396] netlink: 168 bytes leftover after parsing attributes in process `syz.5.4026'.
[  654.396678][T30399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.406659][T30399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.947169][T30403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.957080][T30403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.514981][T30427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.529855][T30427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.541540][T30424] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  655.570840][T30424] /dev/rnullb0: Can't open blockdev
[  655.634055][T30438] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4035'.
[  657.288291][T30489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.298039][T30489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.718875][T30511] netlink: 168 bytes leftover after parsing attributes in process `syz.7.4051'.
[  658.919943][T30529] /dev/rnullb0: Can't open blockdev
[  658.962715][T30531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.978578][T30531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.115638][T30539] fuse: Bad value for 'user_id'
[  659.121091][T30539] fuse: Bad value for 'user_id'
[  659.460973][T30564] netlink: 168 bytes leftover after parsing attributes in process `syz.7.4061'.
[  659.894072][T30603] netlink: 636 bytes leftover after parsing attributes in process `syz.5.4070'.
[  659.906093][T30603] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  660.138452][T30619] /dev/rnullb0: Can't open blockdev
[  660.210071][T30624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.219349][T30624] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.768332][T30630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.780390][T30630] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.881661][T30654] CIFS mount error: No usable UNC path provided in device string!
[  661.881661][T30654] 
[  661.892155][T30654] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  661.967215][T30659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.977080][T30659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.987987][T23657] Bluetooth: hci1: Malformed LE Event: 0x0d
[  662.641233][T30676] /dev/rnullb0: Can't open blockdev
[  662.826318][T30682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.859391][T30682] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.880469][T30682] /dev/rnullb0: Can't open blockdev
[  663.043323][T30694] tmpfs: Invalid uid '0x00000000ffffffff'
[  663.539691][T30709] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  663.573219][T30709] /dev/rnullb0: Can't open blockdev
[  663.581040][T30709] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  663.593346][T30709] /dev/rnullb0: Can't open blockdev
[  663.744100][T30716] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4096'.
[  663.790713][T30716] /dev/rnullb0: Can't open blockdev
[  663.932395][T30718] /dev/rnullb0: Can't open blockdev
[  664.070330][T30721] overlayfs: failed to resolve './file0': -2
[  664.286542][T30724] Malformed UNC in devname
[  664.286542][T30724] 
[  664.303001][T30724] CIFS: VFS: Malformed UNC in devname
[  664.393824][T30731] netlink: 168 bytes leftover after parsing attributes in process `syz.5.4101'.
[  664.589678][T30739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.607353][T30739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.289565][T30744] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4104'.
[  665.311047][T30744] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  666.901259][T30760] /dev/rnullb0: Can't open blockdev
[  667.524058][T30773] /dev/rnullb0: Can't open blockdev
[  668.559543][T30783] /dev/rnullb0: Can't open blockdev
[  670.009995][T30814] /dev/rnullb0: Can't open blockdev
[  670.019457][T30815] /dev/rnullb0: Can't open blockdev
[  670.427592][T30829] netlink: 168 bytes leftover after parsing attributes in process `syz.6.4121'.
[  670.482667][T30832] /dev/rnullb0: Can't open blockdev
[  670.833597][T30842] netlink: 'syz.6.4125': attribute type 10 has an invalid length.
[  670.845221][T30842] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  670.855703][T30842] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  670.868230][T30842] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  670.878711][T30842] /dev/rnullb0: Can't open blockdev
[  671.973056][T30865] sp0: Synchronizing with TNC
[  672.114618][T30864] syzkaller1: entered promiscuous mode
[  672.120225][T30864] syzkaller1: entered allmulticast mode
[  672.275921][T30886] netlink: 168 bytes leftover after parsing attributes in process `syz.6.4130'.
[  672.370886][T30890] /dev/rnullb0: Can't open blockdev
[  675.678802][T30922] /dev/rnullb0: Can't open blockdev
[  675.719409][T30924] /dev/rnullb0: Can't open blockdev
[  676.882131][T30968] fuse: Bad value for 'group_id'
[  676.887250][T30968] fuse: Bad value for 'group_id'
[  677.032050][T30975] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  677.691148][T31008] Invalid logical block size (3)
[  677.756004][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  677.833091][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  677.893023][ T5950] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  677.900832][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  677.908077][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  677.983005][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  678.042954][ T5950] usb 6-1: device descriptor read/64, error -32
[  678.153350][ T5950] raw-gadget.3 gadget.5: failed to queue suspend event
[  678.160657][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  678.233008][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  678.292901][ T5950] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  678.302487][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  678.309834][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  678.383348][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  678.442922][ T5950] usb 6-1: device descriptor read/64, error -32
[  678.557129][ T5950] raw-gadget.3 gadget.5: failed to queue suspend event
[  678.565500][ T5950] usb usb6-port1: attempt power cycle
[  678.570920][ T5950] raw-gadget.3 gadget.5: failed to queue disconnect event
[  678.578543][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  678.657354][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  678.665156][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  678.883513][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  678.945280][ T5950] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  678.973251][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  678.980402][ T5950] usb 6-1: device descriptor read/8, error -32
[  679.094051][ T5950] raw-gadget.3 gadget.5: failed to queue suspend event
[  679.101207][ T5950] raw-gadget.3 gadget.5: failed to queue reset event
[  679.173103][ T5950] raw-gadget.3 gadget.5: failed to queue resume event
[  679.232993][ T5950] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  679.253135][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  679.260253][ T5950] usb 6-1: device descriptor read/8, error -32
[  679.375414][ T5950] raw-gadget.3 gadget.5: failed to queue suspend event
[  679.382493][ T5950] usb usb6-port1: unable to enumerate USB device
[  679.436073][T31029] netlink: 'syz.7.4158': attribute type 4 has an invalid length.
[  679.450365][T31029] netlink: 'syz.7.4158': attribute type 4 has an invalid length.
[  679.468215][T31029] netlink: 'syz.7.4158': attribute type 6 has an invalid length.
[  679.770525][T31038] 9pnet_fd: Insufficient options for proto=fd
[  680.296341][T31048] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  680.313157][T31046] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  680.741792][T31064] /dev/rnullb0: Can't open blockdev
[  680.998870][T31076] 9pnet_fd: Insufficient options for proto=fd
[  681.211347][T29935] [U] �`�
[  681.298179][T26780] raw-gadget.3 gadget.5: failed to queue disconnect event
[  681.319815][T31084] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  681.369973][T31084] sp0: Synchronizing with TNC
[  681.761326][   T51] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  681.774123][   T51] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  681.793499][   T51] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  681.814873][   T51] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  681.825524][   T51] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  682.397122][T31098] chnl_net:caif_netlink_parms(): no params data found
[  682.657635][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  682.765405][T31098] bridge0: port 1(bridge_slave_0) entered blocking state
[  682.779361][T31098] bridge0: port 1(bridge_slave_0) entered disabled state
[  682.796893][T31098] bridge_slave_0: entered allmulticast mode
[  682.815686][T31098] bridge_slave_0: entered promiscuous mode
[  682.833610][T31098] bridge0: port 2(bridge_slave_1) entered blocking state
[  682.840815][T31098] bridge0: port 2(bridge_slave_1) entered disabled state
[  682.858561][T31098] bridge_slave_1: entered allmulticast mode
[  682.878426][T31098] bridge_slave_1: entered promiscuous mode
[  682.998056][T31098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  683.027695][T31098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  683.204975][T31098] team0: Port device team_slave_0 added
[  683.215759][T31098] team0: Port device team_slave_1 added
[  683.282547][T31098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  683.290213][T31098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  683.320590][T31098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  683.367119][T31098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  683.378863][T31098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  683.406120][T31098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  683.429934][T31336] /dev/sg0: Can't lookup blockdev
[  683.581971][T31098] hsr_slave_0: entered promiscuous mode
[  683.594693][T31098] hsr_slave_1: entered promiscuous mode
[  683.606106][T31098] debugfs: 'hsr0' already exists in 'hsr'
[  683.611852][T31098] Cannot create hsr debugfs directory
[  683.630184][T31371] exFAT-fs (rnullb0): invalid boot record signature
[  683.641023][T31371] exFAT-fs (rnullb0): failed to read boot sector
[  683.669394][T31371] exFAT-fs (rnullb0): failed to recognize exfat type
[  683.853323][T23657] Bluetooth: hci6: command tx timeout
[  683.860951][T31410] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  683.918768][T31410] VFS: Can't find a romfs filesystem on dev rnullb0.
[  683.918768][T31410] 
[  683.940221][T31424] 9pnet_fd: Insufficient options for proto=fd
[  684.277139][T31098] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  684.303143][T31098] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  684.372496][T31098] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  684.469049][T31098] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  684.556989][T31465] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4182'.
[  684.737857][T31411] syz.7.4179 (31411): drop_caches: 2
[  684.854096][T31098] 8021q: adding VLAN 0 to HW filter on device bond0
[  684.878294][T31477] fuse: Unknown parameter '!zя�L�_W�XqFAfd'
[  684.895864][T31098] 8021q: adding VLAN 0 to HW filter on device team0
[  684.919840][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state
[  684.927026][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  684.978389][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  684.985561][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  685.371801][T31098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  685.696701][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  685.761056][T31098] veth0_vlan: entered promiscuous mode
[  685.801647][T31098] veth1_vlan: entered promiscuous mode
[  685.842263][T31098] veth0_macvtap: entered promiscuous mode
[  685.859538][T31098] veth1_macvtap: entered promiscuous mode
[  685.895867][T31098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  685.913843][T31098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  685.928171][   T36] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  685.938555][T23657] Bluetooth: hci6: command tx timeout
[  685.956415][   T36] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  685.970268][   T36] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  685.982453][   T36] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  686.145868][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.166078][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.220952][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.239710][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  687.344964][T31531] 9pnet_fd: Insufficient options for proto=fd
[  687.639882][T31539] mkiss: ax0: crc mode is auto.
[  687.790571][T31555] tmpfs: Bad value for 'mpol'
[  688.004134][T31498] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  688.022210][T23657] Bluetooth: hci6: command tx timeout
[  688.117637][T31579] sctp: [Deprecated]: syz.6.4199 (pid 31579) Use of struct sctp_assoc_value in delayed_ack socket option.
[  688.117637][T31579] Use struct sctp_sack_info instead
[  688.183453][T31498] usb 9-1: Using ep0 maxpacket: 8
[  688.210368][T31498] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  688.251722][T31498] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  688.277814][T31498] usb 9-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  688.293188][T31498] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.309662][T31498] usb 9-1: Product: syz
[  688.314942][T31498] usb 9-1: Manufacturer: syz
[  688.327924][T31498] usb 9-1: SerialNumber: syz
[  688.353548][T31498] usb 9-1: config 0 descriptor??
[  688.521786][T31605] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4205'.
[  689.046569][T31608] 9pnet: Could not find request transport: f�n
[  689.046569][T31608] z��`ZJ��2����A_��N&Z��D�~r�F�>�
[  690.093937][T23657] Bluetooth: hci6: command tx timeout
[  690.798896][T10369] usb 9-1: USB disconnect, device number 2
[  690.846458][T31665] netlink: 212 bytes leftover after parsing attributes in process `syz.8.4224'.
[  691.162363][T31672] fuse: Bad value for 'fd'
[  691.714976][T31707] netlink: 212 bytes leftover after parsing attributes in process `syz.8.4234'.
[  691.862035][T31714] fuse: Bad value for 'rootmode'
[  692.088689][T31723] binder: BINDER_SET_CONTEXT_MGR already set
[  692.099782][T31722] binder_alloc: binder_alloc_mmap_handler: 31721 200000ffd000-200001000000 already mapped failed -16
[  692.113981][T31723] binder: 31721:31723 ioctl 4018620d 200000004a80 returned -16
[  692.123870][T31722] binder_alloc: binder_alloc_mmap_handler: 31721 200000ffd000-200001000000 already mapped failed -16
[  692.139413][T31722] binder_alloc: binder_alloc_mmap_handler: 31721 200000ffd000-200001000000 already mapped failed -16
[  692.143155][T31723] binder: BINDER_SET_CONTEXT_MGR already set
[  692.150939][T31722] binder_alloc: binder_alloc_mmap_handler: 31721 200000ffd000-200001000000 already mapped failed -16
[  692.172929][T31723] binder: 31721:31723 ioctl 4018620d 200000004a80 returned -16
[  692.214295][T31723] binder: BINDER_SET_CONTEXT_MGR already set
[  692.220310][T31723] binder: 31721:31723 ioctl 4018620d 200000004a80 returned -16
[  692.752940][T31762] tipc: Can't bind to reserved service type 2
[  693.073374][T31769] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4251'.
[  693.423110][T31782] 9pnet: Could not find request transport: fd0x0000000000000005
[  694.254707][ T5950] hid-generic 0000:0000:0000.0046: unknown main item tag 0x0
[  694.291097][ T5950] hid-generic 0000:0000:0000.0046: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  694.541663][T31821] netlink: 212 bytes leftover after parsing attributes in process `syz.7.4264'.
[  694.603265][T31812] hfs: can't find a HFS filesystem on dev rnullb0
[  694.893172][T31832] 9pnet: Could not find request transport: fd0x0000000000000005
[  695.018230][T31855] netlink: 'syz.8.4269': attribute type 13 has an invalid length.
[  695.029806][T31855] netlink: 14581 bytes leftover after parsing attributes in process `syz.8.4269'.
[  695.552970][ T5950] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  695.683040][ T5950] usb 9-1: device descriptor read/64, error -71
[  695.722268][T31867] (syz.4.4271,31867,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  695.731748][T31867] (syz.4.4271,31867,1):ocfs2_fill_super:1177 ERROR: status = -22
[  695.922972][ T5950] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  696.052898][ T5950] usb 9-1: device descriptor read/64, error -71
[  696.163219][ T5950] usb usb9-port1: attempt power cycle
[  696.662916][ T5950] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  696.683659][ T5950] usb 9-1: device descriptor read/8, error -71
[  696.716393][T31879] 9pnet: Could not find request transport: fd0x0000000000000005
[  696.933930][ T5950] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  696.954019][ T5950] usb 9-1: device descriptor read/8, error -71
[  697.064440][ T5950] usb usb9-port1: unable to enumerate USB device
[  698.101309][T31908] netlink: 204 bytes leftover after parsing attributes in process `syz.7.4283'.
[  698.746526][T31938] Mount JFS Failure: -22
[  699.084292][T31498] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  699.243026][T31498] usb 9-1: Using ep0 maxpacket: 8
[  699.254082][T31498] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  699.263406][T31498] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.271397][T31498] usb 9-1: Product: syz
[  699.276302][T31498] usb 9-1: Manufacturer: syz
[  699.280910][T31498] usb 9-1: SerialNumber: syz
[  699.514132][T31498] cdc_ncm 9-1:1.0: bind() failure
[  699.527471][T31498] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  699.540269][T31498] cdc_ncm 9-1:1.1: bind() failure
[  699.572326][T31498] usb 9-1: USB disconnect, device number 7
[  699.586907][T31960] netlink: 204 bytes leftover after parsing attributes in process `syz.8.4292'.
[  699.725294][T31968] ieee802154 phy1 wpan1: encryption failed: -22
[  699.817660][T31973] NILFS (rnullb0): couldn't find nilfs on the device
[  699.947777][T31979] XFS (rnullb0): Invalid superblock magic number
[  700.123615][T31989] fuse: Bad value for 'fd'
[  700.612436][T31998] syz.4.4301: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  700.634694][T31998] CPU: 1 UID: 0 PID: 31998 Comm: syz.4.4301 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  700.634722][T31998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.634736][T31998] Call Trace:
[  700.634744][T31998]  <TASK>
[  700.634752][T31998]  dump_stack_lvl+0x189/0x250
[  700.634786][T31998]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  700.634809][T31998]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.634838][T31998]  ? __pfx__printk+0x10/0x10
[  700.634867][T31998]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  700.634896][T31998]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  700.634932][T31998]  warn_alloc+0x214/0x310
[  700.634958][T31998]  ? __pfx_warn_alloc+0x10/0x10
[  700.634985][T31998]  ? __get_vm_area_node+0x28f/0x300
[  700.635004][T31998]  ? vb2_vmalloc_alloc+0xef/0x340
[  700.635029][T31998]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  700.635079][T31998]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  700.635106][T31998]  ? __kasan_kmalloc+0x93/0xb0
[  700.635128][T31998]  vmalloc_user_noprof+0xad/0xf0
[  700.635148][T31998]  ? vb2_vmalloc_alloc+0xef/0x340
[  700.635171][T31998]  vb2_vmalloc_alloc+0xef/0x340
[  700.635192][T31998]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  700.635215][T31998]  __vb2_queue_alloc+0x9c2/0x15a0
[  700.635258][T31998]  vb2_core_reqbufs+0xc31/0x1420
[  700.635277][T31998]  ? kfree+0x18e/0x440
[  700.635309][T31998]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  700.635339][T31998]  ? vb2_verify_memory_type+0x1fc/0x570
[  700.635361][T31998]  vb2_ioctl_reqbufs+0x4c0/0x830
[  700.635394][T31998]  __video_do_ioctl+0xc9b/0xdb0
[  700.635427][T31998]  ? __pfx___video_do_ioctl+0x10/0x10
[  700.635464][T31998]  video_usercopy+0x86e/0x14f0
[  700.635496][T31998]  ? __pfx___video_do_ioctl+0x10/0x10
[  700.635527][T31998]  ? __pfx_video_usercopy+0x10/0x10
[  700.635561][T31998]  ? __fget_files+0x2a/0x420
[  700.635589][T31998]  ? __fget_files+0x2a/0x420
[  700.635613][T31998]  ? __fget_files+0x3a0/0x420
[  700.635641][T31998]  v4l2_ioctl+0x18d/0x1e0
[  700.635664][T31998]  ? __pfx_v4l2_ioctl+0x10/0x10
[  700.635686][T31998]  __se_sys_ioctl+0xf9/0x170
[  700.635709][T31998]  do_syscall_64+0xfa/0x3b0
[  700.635730][T31998]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.635749][T31998]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.635768][T31998]  ? clear_bhb_loop+0x60/0xb0
[  700.635792][T31998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.635811][T31998] RIP: 0033:0x7f064ab8ebe9
[  700.635829][T31998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.635848][T31998] RSP: 002b:00007f064b9d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  700.635869][T31998] RAX: ffffffffffffffda RBX: 00007f064adb5fa0 RCX: 00007f064ab8ebe9
[  700.635884][T31998] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[  700.635897][T31998] RBP: 00007f064ac11e19 R08: 0000000000000000 R09: 0000000000000000
[  700.635910][T31998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  700.635922][T31998] R13: 00007f064adb6038 R14: 00007f064adb5fa0 R15: 00007ffd104fa6f8
[  700.635954][T31998]  </TASK>
[  700.635971][T31998] Mem-Info:
[  700.953202][T31998] active_anon:12250 inactive_anon:15 isolated_anon:0
[  700.953202][T31998]  active_file:17762 inactive_file:40148 isolated_file:0
[  700.953202][T31998]  unevictable:768 dirty:28 writeback:0
[  700.953202][T31998]  slab_reclaimable:12522 slab_unreclaimable:107889
[  700.953202][T31998]  mapped:44579 shmem:4217 pagetables:1503
[  700.953202][T31998]  sec_pagetables:0 bounce:0
[  700.953202][T31998]  kernel_misc_reclaimable:0
[  700.953202][T31998]  free:1244665 free_pcp:25169 free_cma:0
[  700.998661][    C1] vkms_vblank_simulate: vblank timer overrun
[  701.004932][T31998] Node 0 active_anon:47200kB inactive_anon:60kB active_file:71048kB inactive_file:160388kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:176616kB dirty:112kB writeback:0kB shmem:15332kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13392kB pagetables:5880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  701.066823][T31998] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  701.097061][T32007] sctp: [Deprecated]: syz.6.4303 (pid 32007) Use of int in maxseg socket option.
[  701.097061][T32007] Use struct sctp_assoc_value instead
[  701.112782][T31998] Node 0 DMA free:15328kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  701.144959][T31998] lowmem_reserve[]: 0 2495 2497 2497 2497
[  701.150750][T31998] Node 0 DMA32 free:1111232kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48924kB inactive_anon:60kB active_file:71048kB inactive_file:159324kB unevictable:1536kB writepending:112kB present:3129332kB managed:2555800kB mlocked:0kB bounce:0kB free_pcp:48084kB local_pcp:16836kB free_cma:0kB
[  701.202382][T31998] lowmem_reserve[]: 0 0 1 1 1
[  701.212354][T31998] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1064kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  701.259582][T31998] lowmem_reserve[]: 0 0 0 0 0
[  701.264911][T31998] Node 1 Normal free:3852096kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:52904kB local_pcp:25244kB free_cma:0kB
[  701.315452][T31998] lowmem_reserve[]: 0 0 0 0 0
[  701.320389][T31998] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[  701.366952][T31998] Node 0 DMA32: 83*4kB (ME) 55*8kB (UE) 534*16kB (UME) 363*32kB (ME) 214*64kB (UME) 137*128kB (UME) 84*256kB (UME) 21*512kB (UM) 20*1024kB (UME) 13*2048kB (UM) 239*4096kB (UM) = 1110468kB
[  701.410153][T31998] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  701.483181][T31998] Node 1 Normal: 66*4kB (UE) 32*8kB (UE) 18*16kB (UE) 96*32kB (UME) 28*64kB (UME) 17*128kB (UME) 21*256kB (UM) 12*512kB (M) 9*1024kB (UME) 5*2048kB (UME) 931*4096kB (M) = 3852200kB
[  701.531388][T31998] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  701.585408][T31998] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  701.595060][T31998] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  701.604833][T31998] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  701.616674][T31998] 60303 total pagecache pages
[  701.629575][T31998] 17 pages in swap cache
[  701.634458][T31998] Free swap  = 124928kB
[  701.636761][T32025] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  701.638719][T31998] Total swap = 124996kB
[  701.653411][T31998] 2097051 pages RAM
[  701.657256][T31998] 0 pages HighMem/MovableOnly
[  701.661932][T31998] 426203 pages reserved
[  701.666932][T31998] 0 pages cma reserved
[  701.862677][T32033] ./cgroup: Can't lookup blockdev
[  701.969665][T32037] NILFS (rnullb0): couldn't find nilfs on the device
[  702.216087][T24951] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  702.373578][T24951] usb 9-1: Using ep0 maxpacket: 32
[  702.380933][T24951] usb 9-1: config 0 has an invalid interface number: 12 but max is 0
[  702.389372][T24951] usb 9-1: config 0 has no interface number 0
[  702.395788][T24951] usb 9-1: config 0 interface 12 has no altsetting 0
[  702.405700][T24951] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40
[  702.443143][T24951] usb 9-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3
[  702.451354][T24951] usb 9-1: Product: syz
[  702.474608][T24951] usb 9-1: Manufacturer: syz
[  702.480672][T24951] usb 9-1: SerialNumber: syz
[  702.488551][T24951] usb 9-1: config 0 descriptor??
[  702.831073][T32079] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  703.532211][T32096] /dev/rnullb0: Can't lookup blockdev
[  703.656002][T32105] 9pnet_fd: Insufficient options for proto=fd
[  704.340882][T24951] f81534 9-1:0.12: f81534_set_register: reg: 1003 data: 40 failed: -71
[  704.357403][T24951] f81534 9-1:0.12: f81534_find_config_idx: read failed: -71
[  704.378644][T24951] f81534 9-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  704.395569][T24951] f81534 9-1:0.12: probe with driver f81534 failed with error -71
[  704.427765][T24951] usb 9-1: USB disconnect, device number 8
[  705.030286][T32150] 9pnet_fd: Insufficient options for proto=fd
[  705.367578][T32160] tmpfs: Unknown parameter 'usrquotadebugfs /sys/kernel/debug debugfs rw'
[  705.837319][T32170] netlink: 52 bytes leftover after parsing attributes in process `syz.8.4345'.
[  707.624103][T32203] MTD: Couldn't look up './file0': -15
[  708.770647][T32218] vxfs: WRONG superblock magic 00000000 at 1
[  708.777286][T32218] vxfs: WRONG superblock magic 00000000 at 8
[  708.783927][T32218] vxfs: can't find superblock.
[  708.790161][T32219] vxfs: WRONG superblock magic 00000000 at 1
[  708.799956][T32219] vxfs: WRONG superblock magic 00000000 at 8
[  708.806381][T32219] vxfs: can't find superblock.
[  709.742056][T32248] /dev/rnullb0: Can't open blockdev
[  710.731349][T32265] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  711.604331][ T5919] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  711.635530][ T5919] dvb_usb_cxusb 5-1:8.37: probe with driver dvb_usb_cxusb failed with error -22
[  711.657151][ T5919] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in cold state, will try to load a firmware
[  711.672349][ T5919] usb 5-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2
[  711.707092][ T5919] usb 5-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw
[  714.366531][T32383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  715.628758][T32404] overlay: ./file0 is not a directory
[  715.912984][ T3102] usb 9-1: new low-speed USB device number 9 using dummy_hcd
[  715.940024][T32426] MTD: Couldn't look up '/dev/rnullb0': -15
[  715.982510][T32428] overlay: ./file0 is not a directory
[  716.064319][ T3102] usb 9-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a
[  716.073691][ T3102] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.086585][ T3102] usb 9-1: config 0 descriptor??
[  716.096779][ T3102] pwc: Logitech QuickCam Notebook Pro USB webcam detected.
[  716.500255][T32404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.512214][T32404] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.730111][ T3102] pwc: send_video_command error -71
[  716.738101][ T3102] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  716.751384][ T3102] Philips webcam 9-1:0.0: probe with driver Philips webcam failed with error -71
[  716.769935][ T3102] usb 9-1: USB disconnect, device number 9
[  717.137839][T32466] vivid-000: disconnect
[  717.322531][T32469] /dev/rnullb0: Can't open blockdev
[  717.465502][T32475] netlink: 104 bytes leftover after parsing attributes in process `syz.8.4409'.
[  717.485508][T32478] fuse: Bad value for 'user_id'
[  717.490498][T32478] fuse: Bad value for 'user_id'
[  717.865805][T32489] /dev/sg0: Can't lookup blockdev
[  717.937501][T32464] vivid-000: reconnect
[  718.032457][T32493] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4413'.
[  718.041510][T32492] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4413'.
[  718.141947][T32492] XFS (rnullb0): Invalid superblock magic number
[  718.493387][T23657] Bluetooth: hci3: command 0x0406 tx timeout
[  718.719099][T32537] erofs (device rnullb0): cannot find valid erofs superblock
[  718.813297][ T3102] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  718.912077][T32545] 9pnet_fd: Insufficient options for proto=fd
[  718.974054][ T3102] usb 9-1: Using ep0 maxpacket: 16
[  718.980673][ T3102] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  718.990971][ T3102] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  719.001941][ T3102] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  719.011739][ T3102] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  719.021447][ T3102] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  719.036766][ T3102] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  719.046017][ T3102] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  719.055560][ T3102] usb 9-1: Manufacturer: syz
[  719.062413][ T3102] usb 9-1: config 0 descriptor??
[  719.323924][ T3102] rc_core: IR keymap rc-hauppauge not found
[  719.329865][ T3102] Registered IR keymap rc-empty
[  719.337795][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.363030][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.383726][ T3102] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  719.398331][ T3102] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input97
[  719.412962][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.433285][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.453128][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.483033][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.502952][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.522959][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.543033][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.563865][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.582949][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.602993][ T3102] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  719.626622][ T3102] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  719.635894][ T3102] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  720.067592][T32561] omfs: Invalid superblock (0)
[  721.667870][ T3102] usb 9-1: USB disconnect, device number 10
[  721.999910][T32616] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  722.012273][T32616] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  722.033267][T32616] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  722.563607][T32642] /dev/rnullb0: Can't open blockdev
[  722.721774][T32648] /dev/rnullb0: Can't lookup blockdev
[  722.915166][T32656] tmpfs: Bad value for 'mpol'
[  723.514083][T32680] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  723.527294][T32680] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  723.619601][T32690] netlink: 'syz.6.4456': attribute type 4 has an invalid length.
[  723.667483][T32691] netlink: 'syz.6.4456': attribute type 4 has an invalid length.
[  723.697697][T32695] cgroup: Name too long
[  723.858483][T32707] overlayfs: failed to clone upperpath
[  723.870104][T32708] /dev/rnullb0: Can't open blockdev
[  723.878657][T32707] /dev/rnullb0: Can't lookup blockdev
[  723.978346][T32713] /dev/rnullb0: Can't lookup blockdev
[  723.982173][T32711] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  723.994345][T32711] netlink: 24 bytes leftover after parsing attributes in process `syz.8.4461'.
[  724.361624][T32725] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  724.383636][T32725] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.4464'.
[  724.400478][T32725] netlink: zone id is out of range
[  724.405984][T32725] netlink: zone id is out of range
[  724.411282][T32725] netlink: zone id is out of range
[  724.422610][T32725] netlink: zone id is out of range
[  724.428992][T32725] netlink: zone id is out of range
[  724.440244][T32725] netlink: get zone limit has 8 unknown bytes
[  725.448783][T32750] /dev/rnullb0: Can't open blockdev
[  725.970856][  T313] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4480'.
[  726.162974][ T5912] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  726.201250][  T329] netlink: 'syz.6.4483': attribute type 13 has an invalid length.
[  726.341504][ T5912] usb 9-1: Using ep0 maxpacket: 32
[  726.358949][ T5912] usb 9-1: config 0 has an invalid interface number: 12 but max is 0
[  726.373175][ T5912] usb 9-1: config 0 has no interface number 0
[  726.391751][ T5912] usb 9-1: config 0 interface 12 has no altsetting 0
[  726.406374][ T5912] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40
[  726.424785][ T5912] usb 9-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3
[  726.434611][ T5912] usb 9-1: Product: syz
[  726.438877][ T5912] usb 9-1: Manufacturer: syz
[  726.447081][ T5912] usb 9-1: SerialNumber: syz
[  726.462529][ T5912] usb 9-1: config 0 descriptor??
[  726.749565][  T348] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  726.756095][  T348] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  726.765949][  T348] vhci_hcd vhci_hcd.0: Device attached
[  726.944785][ T5953] vhci_hcd: vhci_device speed not set
[  727.003607][ T5953] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  727.105100][  T370] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4491'.
[  727.681657][  T375] /dev/rnullb0: Can't lookup blockdev
[  728.706831][ T5912] f81534 9-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  728.715640][ T5912] f81534 9-1:0.12: f81534_find_config_idx: read failed: -71
[  728.723856][ T5912] f81534 9-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  728.731556][ T5912] f81534 9-1:0.12: probe with driver f81534 failed with error -71
[  728.744027][ T5912] usb 9-1: USB disconnect, device number 11
[  729.089677][  T405] afs: Unknown parameter 'f'
[  729.269514][  T412] /dev/rnullb0: Can't lookup blockdev
[  729.562921][T10369] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  729.718685][  T349] vhci_hcd: connection reset by peer
[  729.726441][T10369] usb 9-1: unable to get BOS descriptor or descriptor too short
[  729.737583][T10369] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  729.759223][T10369] usb 9-1: config 1 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  729.767182][   T59] vhci_hcd: stop threads
[  729.787451][T10369] usb 9-1: config 1 interface 0 has no altsetting 0
[  729.794277][   T59] vhci_hcd: release socket
[  729.799247][   T59] vhci_hcd: disconnect device
[  729.815597][T10369] usb 9-1: string descriptor 0 read error: -22
[  729.821902][T10369] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  729.862975][T10369] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.902788][T10369] usb 9-1: bad CDC descriptors
[  730.113787][T10369] usb 9-1: USB disconnect, device number 12
[  730.865196][  T485] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4521'.
[  731.002015][  T496] FAULT_INJECTION: forcing a failure.
[  731.002015][  T496] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  731.016880][  T496] CPU: 0 UID: 0 PID: 496 Comm: syz.8.4523 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  731.016908][  T496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  731.016921][  T496] Call Trace:
[  731.016929][  T496]  <TASK>
[  731.016938][  T496]  dump_stack_lvl+0x189/0x250
[  731.016971][  T496]  ? __pfx____ratelimit+0x10/0x10
[  731.016999][  T496]  ? __pfx_dump_stack_lvl+0x10/0x10
[  731.017028][  T496]  ? __pfx__printk+0x10/0x10
[  731.017056][  T496]  ? __might_fault+0xb0/0x130
[  731.017086][  T496]  should_fail_ex+0x414/0x560
[  731.017119][  T496]  _copy_from_user+0x2d/0xb0
[  731.017144][  T496]  ___sys_sendmsg+0x158/0x2a0
[  731.017172][  T496]  ? __pfx____sys_sendmsg+0x10/0x10
[  731.017230][  T496]  ? __fget_files+0x2a/0x420
[  731.017254][  T496]  ? __fget_files+0x3a0/0x420
[  731.017288][  T496]  __x64_sys_sendmsg+0x19b/0x260
[  731.017316][  T496]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  731.017350][  T496]  ? __pfx_ksys_write+0x10/0x10
[  731.017370][  T496]  ? rcu_is_watching+0x15/0xb0
[  731.017401][  T496]  ? do_syscall_64+0xbe/0x3b0
[  731.017425][  T496]  do_syscall_64+0xfa/0x3b0
[  731.017447][  T496]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.017466][  T496]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  731.017486][  T496]  ? clear_bhb_loop+0x60/0xb0
[  731.017509][  T496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.017529][  T496] RIP: 0033:0x7f7f47b8ebe9
[  731.017547][  T496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  731.017565][  T496] RSP: 002b:00007f7f48a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  731.017587][  T496] RAX: ffffffffffffffda RBX: 00007f7f47db5fa0 RCX: 00007f7f47b8ebe9
[  731.017602][  T496] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[  731.017615][  T496] RBP: 00007f7f48a03090 R08: 0000000000000000 R09: 0000000000000000
[  731.017628][  T496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  731.017639][  T496] R13: 00007f7f47db6038 R14: 00007f7f47db5fa0 R15: 00007ffc1f59eec8
[  731.017669][  T496]  </TASK>
[  731.078722][  T498] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4524'.
[  731.686147][  T517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4528'.
[  731.874218][  T541] exFAT-fs (nullb0): invalid boot record signature
[  731.881395][  T541] exFAT-fs (nullb0): failed to read boot sector
[  731.888686][  T541] exFAT-fs (nullb0): failed to recognize exfat type
[  731.899724][  T541] exFAT-fs (nullb0): invalid boot record signature
[  731.906554][  T541] exFAT-fs (nullb0): failed to read boot sector
[  731.914028][  T541] exFAT-fs (nullb0): failed to recognize exfat type
[  732.035807][  T547] netlink: 168 bytes leftover after parsing attributes in process `syz.8.4531'.
[  732.089994][  T551] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  732.101795][  T550] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.4532'.
[  732.112777][  T550] netlink: zone id is out of range
[  732.124198][  T550] netlink: zone id is out of range
[  732.129458][  T550] netlink: zone id is out of range
[  732.139263][  T550] netlink: zone id is out of range
[  732.150134][  T554] FAULT_INJECTION: forcing a failure.
[  732.150134][  T554] name failslab, interval 1, probability 0, space 0, times 0
[  732.156721][  T550] netlink: zone id is out of range
[  732.165681][ T5953] vhci_hcd: vhci_device speed not set
[  732.170480][  T550] netlink: get zone limit has 8 unknown bytes
[  732.182123][  T554] CPU: 0 UID: 0 PID: 554 Comm: syz.8.4533 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  732.182147][  T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  732.182159][  T554] Call Trace:
[  732.182167][  T554]  <TASK>
[  732.182175][  T554]  dump_stack_lvl+0x189/0x250
[  732.182205][  T554]  ? __pfx____ratelimit+0x10/0x10
[  732.182223][  T554]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.182249][  T554]  ? __pfx__printk+0x10/0x10
[  732.182280][  T554]  ? __pfx___might_resched+0x10/0x10
[  732.182309][  T554]  should_fail_ex+0x414/0x560
[  732.182339][  T554]  should_failslab+0xa8/0x100
[  732.182361][  T554]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  732.182382][  T554]  ? __alloc_skb+0x112/0x2d0
[  732.182407][  T554]  __alloc_skb+0x112/0x2d0
[  732.182431][  T554]  netlink_sendmsg+0x5c6/0xb30
[  732.182460][  T554]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.182484][  T554]  ? aa_sock_msg_perm+0xf1/0x1d0
[  732.182512][  T554]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  732.182537][  T554]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.182559][  T554]  __sock_sendmsg+0x21c/0x270
[  732.182591][  T554]  ____sys_sendmsg+0x505/0x830
[  732.182620][  T554]  ? __pfx_____sys_sendmsg+0x10/0x10
[  732.182652][  T554]  ? import_iovec+0x74/0xa0
[  732.182678][  T554]  ___sys_sendmsg+0x21f/0x2a0
[  732.182711][  T554]  ? __pfx____sys_sendmsg+0x10/0x10
[  732.182769][  T554]  ? __fget_files+0x2a/0x420
[  732.182794][  T554]  ? __fget_files+0x3a0/0x420
[  732.182830][  T554]  __x64_sys_sendmsg+0x19b/0x260
[  732.182855][  T554]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  732.182887][  T554]  ? __pfx_ksys_write+0x10/0x10
[  732.182914][  T554]  ? rcu_is_watching+0x15/0xb0
[  732.182943][  T554]  ? do_syscall_64+0xbe/0x3b0
[  732.182968][  T554]  do_syscall_64+0xfa/0x3b0
[  732.182987][  T554]  ? lockdep_hardirqs_on+0x9c/0x150
[  732.183006][  T554]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.183024][  T554]  ? clear_bhb_loop+0x60/0xb0
[  732.183047][  T554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.183066][  T554] RIP: 0033:0x7f7f47b8ebe9
[  732.183084][  T554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.183101][  T554] RSP: 002b:00007f7f48a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  732.183121][  T554] RAX: ffffffffffffffda RBX: 00007f7f47db5fa0 RCX: 00007f7f47b8ebe9
[  732.183136][  T554] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[  732.183149][  T554] RBP: 00007f7f48a03090 R08: 0000000000000000 R09: 0000000000000000
[  732.183160][  T554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.183171][  T554] R13: 00007f7f47db6038 R14: 00007f7f47db5fa0 R15: 00007ffc1f59eec8
[  732.183198][  T554]  </TASK>
[  732.549821][  T562] vxfs: WRONG superblock magic 00000000 at 1
[  732.556150][  T562] vxfs: WRONG superblock magic 00000000 at 8
[  732.562230][  T562] vxfs: can't find superblock.
[  732.726031][  T566] netlink: 'syz.4.4537': attribute type 58 has an invalid length.
[  733.188946][  T591] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4541'.
[  733.363476][  T601] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  733.600782][  T615] /dev/rnullb0: Can't open blockdev
[  733.856449][ T5877] Bluetooth: hci5: command 0x0405 tx timeout
[  733.862526][  T535] Bluetooth: hci2: command 0x0406 tx timeout
[  735.255550][  T637] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  736.854771][  T656] binder: BINDER_SET_CONTEXT_MGR already set
[  736.874957][  T656] binder: 655:656 ioctl 4018620d 2000000000c0 returned -16
[  737.468966][  T682] netlink: 168 bytes leftover after parsing attributes in process `syz.7.4569'.
[  737.740573][   T30] audit: type=1804 audit(1755041248.399:28): pid=695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4573" name="rnullb0" dev="tmpfs" ino=819 res=1 errno=0
[  738.323007][  T718] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4578'.
[  738.443048][T10369] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  738.457032][  T731] netlink: 164 bytes leftover after parsing attributes in process `syz.6.4582'.
[  738.468268][  T731] netlink: 164 bytes leftover after parsing attributes in process `syz.6.4582'.
[  738.545180][  T734] netlink: 'syz.6.4583': attribute type 13 has an invalid length.
[  738.558354][  T734] bridge0: port 2(bridge_slave_1) entered disabled state
[  738.611328][T10369] usb 9-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  738.626983][T10369] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.637868][T10369] usb 9-1: Product: syz
[  738.642111][T10369] usb 9-1: Manufacturer: syz
[  738.647224][T10369] usb 9-1: SerialNumber: syz
[  738.663965][T10369] usb 9-1: config 0 descriptor??
[  738.682699][T10369] go7007 9-1:0.0: probe with driver go7007 failed with error -12
[  738.779060][  T748] netlink: 'syz.4.4587': attribute type 6 has an invalid length.
[  738.789160][  T748] netlink: 'syz.4.4587': attribute type 4 has an invalid length.
[  738.794140][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.800438][  T748] netlink: 'syz.4.4587': attribute type 6 has an invalid length.
[  738.811773][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.812495][  T748] netlink: 'syz.4.4587': attribute type 13 has an invalid length.
[  738.822424][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.833005][  T748] netlink: 'syz.4.4587': attribute type 15 has an invalid length.
[  738.833024][  T748] netlink: 'syz.4.4587': attribute type 19 has an invalid length.
[  738.833038][  T748] netlink: 3684 bytes leftover after parsing attributes in process `syz.4.4587'.
[  738.861158][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.868526][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.875421][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.883951][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.887531][ T5953] usb 9-1: USB disconnect, device number 13
[  738.890738][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.906394][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.914513][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.925981][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.934631][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.940960][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.950331][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.957725][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.965823][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.973888][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.980406][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.987390][  T750] qnx4: no qnx4 filesystem (no root dir).
[  738.994574][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.000957][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.007569][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.014602][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.022582][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.029138][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.035501][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.041917][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.049401][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.056637][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.063634][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.072687][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.079792][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.087005][  T750] qnx4: no qnx4 filesystem (no root dir).
[  739.360837][  T766] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  739.360837][  T766]    program syz.4.4589 not setting count and/or reply_len properly
[  739.613920][  T781] netlink: 'syz.6.4594': attribute type 6 has an invalid length.
[  739.665282][  T787] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4589'.
[  739.680582][  T790] binder: BINDER_SET_CONTEXT_MGR already set
[  739.687174][  T790] binder: 786:790 ioctl 4018620d 200000000100 returned -16
[  739.845536][  T796] /dev/rnullb0: Can't lookup blockdev
[  740.264855][ T3102] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  740.316775][  T831] netlink: 'syz.6.4607': attribute type 1 has an invalid length.
[  740.423154][ T3102] usb 9-1: Using ep0 maxpacket: 32
[  740.431474][ T3102] usb 9-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  740.440797][ T3102] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.448933][ T3102] usb 9-1: Product: syz
[  740.454734][ T3102] usb 9-1: Manufacturer: syz
[  740.459409][ T3102] usb 9-1: SerialNumber: syz
[  740.466372][ T3102] usb 9-1: config 0 descriptor??
[  740.475363][ T3102] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  741.412293][  T861] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4613'.
[  741.478307][  T808] /dev/rnullb0: Can't open blockdev
[  741.493130][ T3102] gspca_stk1135: reg_w 0xd err -71
[  741.502489][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.525551][ T3102] gspca_stk1135: Sensor write failed
[  741.547700][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.554514][ T3102] gspca_stk1135: Sensor write failed
[  741.560855][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.567371][ T3102] gspca_stk1135: Sensor read failed
[  741.572759][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.584535][ T3102] gspca_stk1135: Sensor read failed
[  741.589830][ T3102] gspca_stk1135: Detected sensor type unknown (0x0)
[  741.607070][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.620020][ T3102] gspca_stk1135: Sensor read failed
[  741.632273][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.638860][ T3102] gspca_stk1135: Sensor read failed
[  741.647273][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.660087][ T3102] gspca_stk1135: Sensor write failed
[  741.673043][ T3102] gspca_stk1135: serial bus timeout: status=0x00
[  741.689670][ T3102] gspca_stk1135: Sensor write failed
[  741.699895][ T3102] stk1135 9-1:0.0: probe with driver stk1135 failed with error -71
[  741.739075][ T3102] usb 9-1: USB disconnect, device number 14
[  742.107085][  T895] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4620'.
[  742.265379][  T899] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  742.427948][  T914] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4623'.
[  742.522953][ T5953] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  742.673033][ T5953] usb 9-1: Using ep0 maxpacket: 16
[  742.686997][ T5953] usb 9-1: config index 0 descriptor too short (expected 59154, got 18)
[  742.696019][ T5953] usb 9-1: config 0 has an invalid interface number: 0 but max is -1
[  742.707066][ T5953] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 0
[  742.717951][ T5953] usb 9-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  742.728050][ T5953] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.736268][ T5953] usb 9-1: Product: syz
[  742.740736][ T5953] usb 9-1: Manufacturer: syz
[  742.745530][ T5953] usb 9-1: SerialNumber: syz
[  742.752155][ T5953] usb 9-1: config 0 descriptor??
[  742.762262][ T5953] ssu100 9-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  742.961584][  T899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  742.970508][  T899] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.038205][  T952] /dev/rnullb0: Can't lookup blockdev
[  743.073384][ T5953] ssu100 9-1:0.0: probe with driver ssu100 failed with error -110
[  743.131590][  T957] /dev/rnullb0: Can't lookup blockdev
[  743.140871][  T958] /dev/rnullb0: Can't lookup blockdev
[  743.293516][   T31] INFO: task syz.3.3623:27348 blocked for more than 143 seconds.
[  743.301370][   T31]       Not tainted 6.17.0-rc1-next-20250812-syzkaller #0
[  743.308589][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  743.317502][   T31] task:syz.3.3623      state:D stack:24568 pid:27348 tgid:27338 ppid:17383  task_flags:0x400040 flags:0x00004004
[  743.330746][   T31] Call Trace:
[  743.334139][   T31]  <TASK>
[  743.337074][   T31]  __schedule+0x1798/0x4cc0
[  743.341580][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.346495][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.351370][   T31]  ? __pfx___schedule+0x10/0x10
[  743.356330][   T31]  ? schedule+0x91/0x360
[  743.360595][   T31]  schedule+0x165/0x360
[  743.364887][   T31]  schedule_preempt_disabled+0x13/0x30
[  743.370368][   T31]  __mutex_lock+0x7e6/0x1360
[  743.375701][   T31]  ? __mutex_lock+0x5b6/0x1360
[  743.380584][   T31]  ? usbdev_open+0x16e/0x760
[  743.385536][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  743.390622][   T31]  ? bus_find_device+0x273/0x2b0
[  743.395694][   T31]  ? __pfx_bus_find_device+0x10/0x10
[  743.401063][   T31]  ? __kasan_kmalloc+0x93/0xb0
[  743.405922][   T31]  ? usbdev_open+0xa7/0x760
[  743.410432][   T31]  usbdev_open+0x16e/0x760
[  743.414895][   T31]  ? __pfx_usbdev_open+0x10/0x10
[  743.419838][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  743.426653][   T31]  chrdev_open+0x4cc/0x5e0
[  743.431095][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  743.436063][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  743.442400][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  743.447402][   T31]  do_dentry_open+0x953/0x13f0
[  743.452198][   T31]  vfs_open+0x3b/0x340
[  743.456361][   T31]  ? path_openat+0x2ecd/0x3830
[  743.461124][   T31]  path_openat+0x2ee5/0x3830
[  743.465751][   T31]  ? arch_stack_walk+0xfc/0x150
[  743.470631][   T31]  ? stack_depot_save_flags+0x40/0x860
[  743.477141][   T31]  ? __pfx_path_openat+0x10/0x10
[  743.482480][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.489178][   T31]  do_filp_open+0x1fa/0x410
[  743.494051][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.499038][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  743.504388][   T31]  ? _raw_spin_unlock+0x28/0x50
[  743.509327][   T31]  ? alloc_fd+0x64c/0x6c0
[  743.514003][   T31]  do_sys_openat2+0x121/0x1c0
[  743.518801][   T31]  ? __se_sys_futex+0x36f/0x400
[  743.525347][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  743.530781][   T31]  ? rcu_is_watching+0x15/0xb0
[  743.535807][   T31]  __x64_sys_openat+0x138/0x170
[  743.540890][   T31]  do_syscall_64+0xfa/0x3b0
[  743.545562][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  743.551013][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.557251][   T31]  ? clear_bhb_loop+0x60/0xb0
[  743.562091][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.568329][   T31] RIP: 0033:0x7f5a91d8d550
[  743.572879][   T31] RSP: 002b:00007f5a92bf2b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  743.581382][   T31] RAX: ffffffffffffffda RBX: 0000000000101381 RCX: 00007f5a91d8d550
[  743.591540][   T31] RDX: 0000000000101381 RSI: 00007f5a92bf2c10 RDI: 00000000ffffff9c
[  743.599758][   T31] RBP: 00007f5a92bf2c10 R08: 0000000000000000 R09: 0000000000000000
[  743.609106][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  743.617646][   T31] R13: 00007f5a91fb6128 R14: 00007f5a91fb6090 R15: 00007ffebcda06d8
[  743.625977][   T31]  </TASK>
[  743.630419][   T31] INFO: task syz.2.3626:27381 blocked for more than 143 seconds.
[  743.632748][ T5953] usb 9-1: USB disconnect, device number 15
[  743.638298][   T31]       Not tainted 6.17.0-rc1-next-20250812-syzkaller #0
[  743.638316][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  743.638327][   T31] task:syz.2.3626      state:D stack:27648 pid:27381 tgid:27379 ppid:18094  task_flags:0x400040 flags:0x00004004
[  743.638391][   T31] Call Trace:
[  743.638401][   T31]  <TASK>
[  743.638415][   T31]  __schedule+0x1798/0x4cc0
[  743.638460][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.688525][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.701343][   T31]  ? __pfx___schedule+0x10/0x10
[  743.707048][   T31]  ? schedule+0x91/0x360
[  743.711443][   T31]  schedule+0x165/0x360
[  743.716036][   T31]  schedule_preempt_disabled+0x13/0x30
[  743.721757][   T31]  __mutex_lock+0x7e6/0x1360
[  743.726869][   T31]  ? __mutex_lock+0x5b6/0x1360
[  743.733340][   T31]  ? usbdev_open+0x16e/0x760
[  743.738031][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  743.743458][   T31]  ? bus_find_device+0x273/0x2b0
[  743.748437][   T31]  ? __pfx_bus_find_device+0x10/0x10
[  743.753792][   T31]  ? __kasan_kmalloc+0x93/0xb0
[  743.758565][   T31]  ? usbdev_open+0xa7/0x760
[  743.763235][   T31]  usbdev_open+0x16e/0x760
[  743.767670][   T31]  ? __pfx_usbdev_open+0x10/0x10
[  743.772598][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  743.778174][   T31]  chrdev_open+0x4cc/0x5e0
[  743.782657][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  743.788012][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  743.795989][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  743.800962][   T31]  do_dentry_open+0x953/0x13f0
[  743.805862][   T31]  vfs_open+0x3b/0x340
[  743.809944][   T31]  ? path_openat+0x2ecd/0x3830
[  743.814797][   T31]  path_openat+0x2ee5/0x3830
[  743.819422][   T31]  ? arch_stack_walk+0xfc/0x150
[  743.824456][   T31]  ? stack_depot_save_flags+0x40/0x860
[  743.829944][   T31]  ? __pfx_path_openat+0x10/0x10
[  743.837126][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.843329][   T31]  do_filp_open+0x1fa/0x410
[  743.847841][   T31]  ? __lock_acquire+0xab9/0xd20
[  743.852680][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  743.858062][   T31]  ? _raw_spin_unlock+0x28/0x50
[  743.863136][   T31]  ? alloc_fd+0x64c/0x6c0
[  743.867487][   T31]  do_sys_openat2+0x121/0x1c0
[  743.872253][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  743.878072][   T31]  ? exc_page_fault+0x76/0xf0
[  743.883062][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  743.888403][   T31]  __x64_sys_openat+0x138/0x170
[  743.893464][   T31]  do_syscall_64+0xfa/0x3b0
[  743.897985][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  743.904193][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.910274][   T31]  ? clear_bhb_loop+0x60/0xb0
[  743.915140][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.921073][   T31] RIP: 0033:0x7f32d758d550
[  743.925631][   T31] RSP: 002b:00007f32d848ab70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  743.942768][   T31] RAX: ffffffffffffffda RBX: 0000000000008041 RCX: 00007f32d758d550
[  743.950969][   T31] RDX: 0000000000008041 RSI: 00007f32d848ac10 RDI: 00000000ffffff9c
[  743.959075][   T31] RBP: 00007f32d848ac10 R08: 0000000000000000 R09: 0000000000000000
[  743.967648][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  743.975708][   T31] R13: 00007f32d77b6038 R14: 00007f32d77b5fa0 R15: 00007ffd50761698
[  743.983840][   T31]  </TASK>
[  743.986930][   T31] 
[  743.986930][   T31] Showing all locks held in the system:
[  743.997458][   T31] 1 lock held by ksoftirqd/0/15:
[  744.002520][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  744.012627][   T31] 1 lock held by khungtaskd/31:
[  744.017618][   T31]  #0: ffffffff8e539ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  744.027605][   T31] 2 locks held by getty/5633:
[  744.032303][   T31]  #0: ffff88814dd0c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  744.044374][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  744.054645][   T31] 6 locks held by kworker/0:4/5919:
[  744.059924][   T31]  #0: ffff88801e292548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  744.071574][   T31]  #1: ffffc900044a7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  744.083541][   T31]  #2: ffff8881453b4198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  744.092798][   T31]  #3: ffff88806627a198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  744.102507][   T31]  #4: ffff88807a9ec160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  744.111848][   T31]  #5: ffffffff8e3e0310 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xf0/0x2b0
[  744.122399][   T31] 5 locks held by kworker/u8:12/16969:
[  744.128062][   T31] 4 locks held by udevd/20275:
[  744.133927][   T31]  #0: ffff88807c1f7e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  744.145804][   T31]  #1: ffff88805b055488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[  744.155400][   T31]  #2: ffff8880446d5c38 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[  744.166748][   T31]  #3: ffff88806627a198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  744.176546][   T31] 2 locks held by syz.0.3221/24652:
[  744.181783][   T31]  #0: ffff88804a888808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  744.192094][   T31]  #1: ffff888024693258 (sk_lock-AF_CAN){+.+.}-{0:0}, at: j1939_sk_release+0xb3/0x790
[  744.201747][   T31] 1 lock held by syz.3.3623/27348:
[  744.207278][   T31]  #0: ffff8881453b4198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760
[  744.216991][   T31] 1 lock held by syz.2.3626/27381:
[  744.222114][   T31]  #0: ffff8881453b4198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760
[  744.231358][   T31] 1 lock held by syz.5.4105/30748:
[  744.236809][   T31]  #0: ffff8881453b4198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760
[  744.248043][   T31] 1 lock held by syz.8.4622/899:
[  744.253599][   T31]  #0: ffffffff8e53f840 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  744.264051][   T31] 
[  744.266381][   T31] =============================================
[  744.266381][   T31] 
[  744.279278][   T31] NMI backtrace for cpu 1
[  744.279295][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  744.279318][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  744.279330][   T31] Call Trace:
[  744.279338][   T31]  <TASK>
[  744.279346][   T31]  dump_stack_lvl+0x189/0x250
[  744.279381][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.279408][   T31]  ? __pfx__printk+0x10/0x10
[  744.279446][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  744.279476][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  744.279505][   T31]  ? __pfx__printk+0x10/0x10
[  744.279536][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  744.279563][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  744.279593][   T31]  watchdog+0xf60/0xfa0
[  744.279622][   T31]  ? watchdog+0x1e2/0xfa0
[  744.279646][   T31]  kthread+0x70e/0x8a0
[  744.279667][   T31]  ? __pfx_watchdog+0x10/0x10
[  744.279686][   T31]  ? __pfx_kthread+0x10/0x10
[  744.279716][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  744.279744][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.279761][   T31]  ? __pfx_kthread+0x10/0x10
[  744.279790][   T31]  ret_from_fork+0x3f9/0x770
[  744.279815][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  744.279846][   T31]  ? __switch_to_asm+0x39/0x70
[  744.279863][   T31]  ? __switch_to_asm+0x33/0x70
[  744.279880][   T31]  ? __pfx_kthread+0x10/0x10
[  744.279909][   T31]  ret_from_fork_asm+0x1a/0x30
[  744.279942][   T31]  </TASK>
[  744.279974][   T31] Sending NMI from CPU 1 to CPUs 0:
[  744.430037][    C0] NMI backtrace for cpu 0
[  744.430053][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  744.430074][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  744.430085][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  744.430116][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 b9 25 00 f3 0f 1e fa fb f4 <e9> 48 e8 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  744.430131][    C0] RSP: 0018:ffffffff8e207d80 EFLAGS: 000002c2
[  744.430147][    C0] RAX: c9196f32cd0cb500 RBX: ffffffff8196d308 RCX: c9196f32cd0cb500
[  744.430161][    C0] RDX: 0000000000000001 RSI: ffffffff8dc92d69 RDI: ffffffff8c04d900
[  744.430173][    C0] RBP: ffffffff8e207eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3
[  744.430186][    C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fe4cb30
[  744.430200][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c52a20
[  744.430211][    C0] FS:  0000000000000000(0000) GS:ffff8881257da000(0000) knlGS:0000000000000000
[  744.430226][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  744.430238][    C0] CR2: 00007ffc1f59dff8 CR3: 000000007d6da000 CR4: 00000000003526f0
[  744.430253][    C0] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000
[  744.430266][    C0] DR3: 0000000000000005 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  744.430277][    C0] Call Trace:
[  744.430285][    C0]  <TASK>
[  744.430291][    C0]  default_idle+0x13/0x20
[  744.430310][    C0]  default_idle_call+0x74/0xb0
[  744.430330][    C0]  do_idle+0x1e8/0x510
[  744.430354][    C0]  ? __pfx_do_idle+0x10/0x10
[  744.430381][    C0]  cpu_startup_entry+0x44/0x60
[  744.430401][    C0]  rest_init+0x2de/0x300
[  744.430421][    C0]  start_kernel+0x3a9/0x410
[  744.430441][    C0]  x86_64_start_reservations+0x24/0x30
[  744.430464][    C0]  x86_64_start_kernel+0x143/0x1c0
[  744.430486][    C0]  common_startup_64+0x13e/0x147
[  744.430512][    C0]  </TASK>
[  744.431097][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  744.629691][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250812-syzkaller #0 PREEMPT(full) 
[  744.641039][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  744.651084][   T31] Call Trace:
[  744.654356][   T31]  <TASK>
[  744.657280][   T31]  dump_stack_lvl+0x99/0x250
[  744.661872][   T31]  ? __asan_memcpy+0x40/0x70
[  744.666460][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.671666][   T31]  ? __pfx__printk+0x10/0x10
[  744.676260][   T31]  vpanic+0x281/0x750
[  744.680239][   T31]  ? __pfx_vpanic+0x10/0x10
[  744.684735][   T31]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  744.690270][   T31]  ? preempt_schedule+0xae/0xc0
[  744.695123][   T31]  ? preempt_schedule_common+0x83/0xd0
[  744.700583][   T31]  panic+0xb9/0xc0
[  744.704383][   T31]  ? __pfx_panic+0x10/0x10
[  744.708792][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  744.714161][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  744.720316][   T31]  watchdog+0xf9f/0xfa0
[  744.724464][   T31]  ? watchdog+0x1e2/0xfa0
[  744.728785][   T31]  kthread+0x70e/0x8a0
[  744.732844][   T31]  ? __pfx_watchdog+0x10/0x10
[  744.737513][   T31]  ? __pfx_kthread+0x10/0x10
[  744.742104][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  744.747324][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.752510][   T31]  ? __pfx_kthread+0x10/0x10
[  744.757103][   T31]  ret_from_fork+0x3f9/0x770
[  744.761687][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  744.766797][   T31]  ? __switch_to_asm+0x39/0x70
[  744.771561][   T31]  ? __switch_to_asm+0x33/0x70
[  744.776311][   T31]  ? __pfx_kthread+0x10/0x10
[  744.780899][   T31]  ret_from_fork_asm+0x1a/0x30
[  744.785663][   T31]  </TASK>
[  744.788906][   T31] Kernel Offset: disabled
[  744.793214][   T31] Rebooting in 86400 seconds..