last executing test programs:

4.529423809s ago: executing program 2 (id=2883):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xbf)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$SIOCPNENABLEPIPE(r2, 0x89ed, 0x0)
ioctl$PIO_UNIMAPCLR(r0, 0x4b68, 0x0)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000180)=ANY=[@ANYBLOB="120100024392d5204c05c3067aeb0102030109022d0001088770070904cb0103663eafb509059302100409052e09050b02"], 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x68, r6, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x4c, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1}}, @sp_mp_confirm={0xf, 0x2, {0x2800, @default, {}, @val={0x72, 0x6}, @val={0x2d, 0x1a, {0x400, 0x0, 0x6, 0x0, {0x1755, 0x7, 0x0, 0x6, 0x0, 0x1, 0x1, 0x2, 0x1}, 0x300, 0x5, 0xdb}}}}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x20000800)
sendmsg$NL80211_CMD_START_NAN(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, r4, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x4, 0x76}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xa}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xa1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x8001)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
accept4(r8, &(0x7f00000000c0)=@sco, &(0x7f0000000080)=0x80, 0xc00)

3.7646241s ago: executing program 2 (id=2893):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='adfs\x00', 0x8000, 0x0) (fail_nth: 2)

3.395949278s ago: executing program 2 (id=2894):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x600080, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0x1000009}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'none\x00', 0x15, 0x4, 0x73}, 0x2c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x11, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)

2.591909749s ago: executing program 2 (id=2901):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f00003d0000/0x4000)=nil, 0x4000, 0xb, 0x20010, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r2, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

2.126277325s ago: executing program 0 (id=2908):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000200)={&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, 0x0})
r2 = dup3(r0, r1, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x88, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x0)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x16)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x3}, 0x4)
ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000000c0)={&(0x7f00000012c0), 0x0, 0x1c})
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x4)
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='adfs\x00', 0x8000, 0x0)

1.98101382s ago: executing program 0 (id=2910):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
gettid()
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000f40), 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0xc6}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000000)={0x2})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000040)={0x5, 0x165a})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000280)={0x5})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040))
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
close(r4)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x80000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000)

1.510367422s ago: executing program 3 (id=2914):
r0 = syz_usb_connect(0x4, 0x3d7, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100004cefc008e10593085bfd010203010902c50301000000000904"], 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448dc, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=<r2=>0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x10000}, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0x40045017, 0x0)
r6 = syz_open_procfs(r2, &(0x7f0000000740)='net/netstat\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0x31, 0x38, {0x38, 0x30, "118353b7a78f2c457d32e6b994a59d3965c4c1603e92ad6fdd3e20bc12d627360448fb012016c4e0e2b8115c01a5049d5d1db876f46c"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x408}}, &(0x7f00000001c0)={0x0, 0xf, 0x58, {0x5, 0xf, 0x58, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x58, "cd2117976ea4b888780be83fb2ed87e7"}, @ssp_cap={0x18, 0x10, 0xa, 0x0, 0x3, 0x1, 0x0, 0xfff9, [0xdf1f, 0x0, 0x3fd8]}, @ssp_cap={0x18, 0x10, 0xa, 0xb3, 0x3, 0x5, 0x0, 0x55, [0xffc000, 0x3f00, 0xffff00]}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x10, 0x0, 0x8001, 0xf00f, 0x10}]}}, &(0x7f0000000240)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x60, 0x37, 0xd5, "7122ea3f", "fc065657"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xe, 0x1, 0x7f, 0x6, 0xa7, 0x3, 0x7}}}, &(0x7f0000000800)={0x84, &(0x7f0000000300)={0x40, 0x3, 0x31, "d8e7dc04cdbd6b30fcaff6ca8aa3b79c81fc45f4675b7992a670d87df33012f868781994426ccd9eb373a472999f139253"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xf7}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x18}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x2, 0x3}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x20, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x9}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000500)={0x40, 0xb, 0x2, "e05f"}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x1ff}, &(0x7f0000000580)={0x40, 0x13, 0x6, @random="f025b8b4b80d"}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000600)={0x40, 0x19, 0x2, "809b"}, &(0x7f0000000640)={0x40, 0x1a, 0x2, 0xfff7}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x1}, &(0x7f00000006c0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x21, 0x1, 0xd}})
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
ioctl$DRM_IOCTL_MODE_GETENCODER(r6, 0xc01464a6, &(0x7f0000000780)={0x0, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000000900)={0x0, <r8=>0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f0000000280)={0x0, 0x19, r10})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000b00)={&(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[{}], &(0x7f0000000a80)=[<r11=>0x0], &(0x7f0000000ac0)=[0x0], 0x1, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000c00)={0x100, 0x4, &(0x7f0000000940)=[0x0, r7, r8, r10], &(0x7f0000000980)=[0x80, 0x2, 0x7, 0xfffffff7, 0x6, 0x2, 0x81, 0x815], &(0x7f0000000b80)=[r11], &(0x7f0000000bc0)=[0x2, 0x6, 0x2, 0x2, 0xb, 0x4, 0x9c, 0x1200000000000000]})
r12 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r13 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r13, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@remote, 0x0, 0x33}, @in=@local, {}, {0x0, 0xb63}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @tfcpad={0x8, 0x16, 0x5}]}, 0x140}}, 0x0)
read(r12, &(0x7f0000000100)=""/159, 0xfffffe5a)

1.343562636s ago: executing program 2 (id=2915):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0) (async)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0)
syz_usb_control_io(r1, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="89491657f6241abc503b116d326244ec58a0e48157ffcdd3516d6670b0ed73be3cba86f129a6ece86797b6d7036779b31f5634561e1d0206be7daf3426d92c33319c1b0dc697a6e22daf5c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, &(0x7f0000000200)={0x20, 0x3, 0x3a, {0x3a, 0x5, "d2dbfed66729937c38297222a719777c1a0720e9d254c08842682558138ed9c53c6207fe000545307372b3f70a3bbcb7d5d34a3d5e1e05ca"}}, &(0x7f00000002c0)={0x0, 0x3, 0xa3, @string={0xa3, 0x3, "c6c3cda2521dd4600ee48a36f673e9573ca68d326139404075027d9b2bf3646fd18df010f44bdb7e5564385ca2b14c76cd12387c2cd50d0cd87422775f752edb33fb38c9211ac5a81fe42ed460833d472c7f0089318786d510f534e3a5db8426a1eef272cbb685b4d2d695866cd7bb900a427eb575df530ed58928b10ba3071947c2182a1c6444fce33f77cebdf9efd09fb0fd46c6442f70832d67738f570cbc19"}}, &(0x7f0000000480)={0x0, 0xf, 0x17c, {0x5, 0xf, 0x17c, 0x5, [@generic={0xa9, 0x10, 0x4, "f2402e0269b3668c41fbc06b03c806c30d0033734f5d2bb7d7053c344fc54e9ac1ca6c08b862ad6ef57f21c28734fb2fa0ba6db78f9fd3754dfab353118ed2c3254416fa917a4a43c234fbdcbcd5cdf7e05ae79594f03358738af6db760c071afb66ed891e8c491a14f1c6569103dcf495e7f0cdafc8aca84248750ca4e3835e3e48e45993fa55c5f6e8e334aeb8b34182e65899ddb963e7b6bd55c0fa1410ab5480cc42917c"}, @generic={0xb3, 0x10, 0x0, "8eca0028c32902e7b7a45748d26a8f960d369815cea095e6334f461f72b4106cc01ca538871e8b46a7abab3c94407d3c85545635688290e5a695516c45ba8e1f4e93a19cba57b513e7c243c65c286d156d020d9c027a55f2d21e2b23c8ee17848f645ece68a89716709a246a32ff9ca176daa18a8acd4755957d421a8e1ef38ad0c4a57b4581cbd6737d9f94ad00c8de1ceda1b30e0e62cf9ca3b86ac10e3e20d053cfbcf65881480381a48e3b2a3e2d"}, @ext_cap={0x7, 0x10, 0x2, 0x16, 0x0, 0x4, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x9, 0x6, 0x3, 0x6bcd}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x34, 0x81, 0x8}]}}, &(0x7f0000000380)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x1, 0x70, 0x4, "0c10b434", "04b7c03f"}}, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xe, 0x6b85b302b952b858, 0x53, 0x4, 0x5, 0x4}}}, &(0x7f0000000b40)={0x84, &(0x7f0000000640)={0x40, 0xf, 0xff, "266237f042ddfe7b93c0119def7f74cb5765fae53b40642820b219dadf1252aa77ff0253962ed4609c58956d36f263ef6d0f3b74393e719c75237be65af13038624a541442661b1fe8746733ec4821e55514a8c1fc255aebfb690ee58afb9542f5ed7c6d362e33670d41b57d869366e40a9543bd348c3f50fae2692c9a17d550627a5420cf8cbe9937bb9c92c162b642d63327910adc5e317132b081c524dba3b908ecc9809ccb725408f2e4c3b1dc71c0e51bdad56698d81a516f5ee7c0f499bca567ea1f0e04c222d00674d21f184fb3906ef27d251a99fe0d86363ff6f23f487566d7e933d248bb77a19ae5be2a499e24a5cb4f622041e86c4a4e4fe71a"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0xac}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0xa6}, &(0x7f0000000800)={0x20, 0x0, 0x4}, &(0x7f0000000c00)=ANY=[@ANYBLOB="200008e5ffffffff3f000f0ff23e032d0000"], &(0x7f0000000880)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000008c0)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000900)={0x40, 0xb, 0x2, "6fe7"}, &(0x7f0000000940)={0x40, 0xf, 0x2, 0x81}, &(0x7f0000000980)={0x40, 0x13, 0x6}, &(0x7f00000009c0)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000a00)={0x40, 0x19, 0x2, "6994"}, &(0x7f0000000a40)={0x40, 0x1a, 0x2, 0x98}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0x10}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0xa}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x9}})
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0xca800, 0x100000, 0x9, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
syz_usb_control_io$uac1(r1, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0) (async)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000440)=[{0x1, 0x0, 0x3, 0x6}, {}, {0x0, 0x1, 0x0, 0x2000000}, {}, {0x6}]}) (async)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000440)=[{0x1, 0x0, 0x3, 0x6}, {}, {0x0, 0x1, 0x0, 0x2000000}, {}, {0x6}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r4, 0x4020aed2, &(0x7f0000000140)={0x4, 0x115000})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) (async)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070800be008300"], 0x0}, 0x0)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', &(0x7f00000001c0)='xfs\x00', 0x136a173, 0x0) (async)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', &(0x7f00000001c0)='xfs\x00', 0x136a173, 0x0)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
shutdown(r6, 0x0)
close_range(r6, r6, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r7, 0x0, 0x0) (async)
bind$unix(r7, 0x0, 0x0)
mount$nfs4(&(0x7f00000000c0)='/dev/rnullb0\x00', &(0x7f0000000100)='\x00', &(0x7f0000000140), 0x2000020, &(0x7f0000000180)=ANY=[@ANYBLOB="2c2a2c786673002c7b5b5c2a2d2f5b2124262a262c7d192c61707072616973652c646f6e745f6d6561737572862c00"])

907.651166ms ago: executing program 0 (id=2917):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="140004006e696376663000000000000000000800080005000600000024001780040006"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

807.909994ms ago: executing program 1 (id=2918):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0xfffffffe})

707.622249ms ago: executing program 1 (id=2919):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='adfs\x00', 0x8000, 0x0)

684.49798ms ago: executing program 3 (id=2920):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000c20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020800000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000038000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000004000480080007006e6174"], 0xc0}}, 0x0)

616.04241ms ago: executing program 0 (id=2921):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000780), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000007c0)={0xa})
lseek(r0, 0x2004, 0x0)
sendfile(r0, r0, 0x0, 0x80c000)

591.883413ms ago: executing program 1 (id=2922):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x800, 0x2000, 0x4b0, 0xbbba, 0x4, 0x0, 0x4, {0x0, 0x8}, {0x0, 0x192}, {0x2}, {0x0, 0xfffffffd, 0x1}, 0x0, 0x3f0, 0x0, 0xd614, 0x0, 0x3, 0x0, 0x2000, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x2000000, 0x2})

493.455558ms ago: executing program 1 (id=2923):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800002a0033"], 0x5c}, 0x1, 0x0, 0xc00000000000000, 0x4000}, 0x0)

411.8821ms ago: executing program 2 (id=2924):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000840)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read(r0, &(0x7f0000000580)=""/119, 0x77)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(0xffffffffffffffff, 0x7a9, &(0x7f0000000080)={{@hyper, 0x5}, 0x0, 0xffffffffaa8dc9aa, 0x40, 0x2, 0x5, 0x4000, 0x2, 0xffffffffffffffff})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102032109021b004100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x40, &(0x7f0000000080)=ANY=[])
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
write(r2, &(0x7f0000000000)="fb196dec69a10b2284f761", 0xb)

411.61928ms ago: executing program 3 (id=2925):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
r1 = signalfd4(r0, &(0x7f0000000040)={[0x59abbb57]}, 0x8, 0x800)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000080)={0x2, "db00"}, 0x3)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x27, @short={0x2, 0x1, 0x2}}, 0x14)

322.346856ms ago: executing program 1 (id=2926):
socket$caif_stream(0x25, 0x1, 0xfffffffc)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
pwritev(r0, &(0x7f0000001280)=[{0x0}, {0x0}, {&(0x7f0000001080)="2b97", 0x2}], 0x3, 0x0, 0xfffffffe)

313.12795ms ago: executing program 3 (id=2927):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000005c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fd={0x70742a85, 0x2000000, r2, 0x0, 0xfcff}, @fd, @fda={0x66646185, 0x5, 0x1, 0x1a}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0})

199.809955ms ago: executing program 0 (id=2928):
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000000))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000040))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000080))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000000c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000100))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000140))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000180))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000001c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000200))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000240))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000280))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000002c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000300))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000340))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000380))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000003c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000400))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000440))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000480))
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000004c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000500))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000540))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000580))
r0 = request_key(&(0x7f00000005c0)='ceph\x00', &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000640)='\'-){{-\x00', 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, 0x0)
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000680))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f00000006c0))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000700))
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000740))

199.425132ms ago: executing program 1 (id=2929):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
read$FUSE(r0, &(0x7f0000001100)={0x2020}, 0x1c)
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000010c0)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000000)={r3}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3, 0x4, 0x3, [0x4, 0x2, 0xe]}, &(0x7f0000000040)=0xe)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r5 = ioctl$TIOCGPTPEER(r4, 0x5441, 0x5)
r6 = creat(&(0x7f00000000c0)='./file1\x00', 0x67)
close(r6)
syz_io_uring_setup(0x10e, &(0x7f00000002c0)={0x0, 0x0, 0x10000, 0x3, 0xfffffffc, 0x0, r6}, 0x0, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r7, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r7, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$PIO_UNIMAPCLR(r5, 0x4b68, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

165.210788ms ago: executing program 3 (id=2930):
r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @fixed}, &(0x7f0000000040)=0xe, 0x80800)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f00000000c0)=@add_del={0x2, &(0x7f0000000080)='macsec0\x00'})
r1 = accept4$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x800)
ioctl$SIOCPNADDRESOURCE(r1, 0x89e0, &(0x7f0000000140)=0x8)
ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f00000001c0)={0xdf, 0x40, '\x00', 0x1, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000200)={0x14})
setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x1, 0x4)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000280)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000002c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, &(0x7f0000000380)={&(0x7f0000000300)=[r2, 0x0, 0x0, r3], &(0x7f0000000340)=[0x7, 0x2800000, 0x10000, 0x2], 0x4})
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000500)={&(0x7f0000000400)="55a88bb016eb87fabef83a29395d2bd86b2b78c01080b5860a6e6970f33aefaa84e4a480270be939e5344480a12208d3f2ec08de49a378a4a2c03906255187f3e8b7077a34a6019abf9a4c8bce72cd62b33f84106742d33260655f2f413f24aff7761bb481a621c34bb9559c5586921b77e1a48216f0a716967d6a19fef344722ccd5b8bc65e36032c16c8031c77f6780489802f8225300105c3183cdf3afc1c3ba719655e6f9babf0fd1ab1a74a98df235a83f00727ff04a9b995dda5f11d1e54f521c8861449544fb41b", 0xcb, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000600)={&(0x7f0000000540)="1c647f246e4664bdb3bbcb85f2af7064a56c6fd4064dad9a2a7328954765e8536122c3a085a46e8675fd4e3c9d85a83ba274681bf6ac88845c2e3dc8712c60d64bdbadaa6a1911ad30d40c4b103f604503e196f13a37371a0f4cce59f1554653b3c04021f0e63994c5c6a31b563eab66f38643374824e3a3e02946682c1d540692d8b6214a636bf41c59fa3d703d7041edc0510e7c62fec66534efe99413c36cbed7a42bfecedb773f14450d31612b9842f672ee", 0xb4, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000680)={&(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0], 0x7})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000940)={&(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[{}, {}, {}], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, <r8=>0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x6, 0x3})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000a40)={0x1, 0x3, &(0x7f00000006c0)=[r5, r6, r7], &(0x7f0000000700)=[0x0, 0x8301, 0x9], &(0x7f00000009c0)=[r8], &(0x7f0000000a00)=[0x6, 0xe, 0x7000000000000, 0x0, 0x7], 0x0, 0xde61})
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000000a80)={{}, 0x5})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000ac0)={0x79, 0x0, 0x79a})
ioctl$VIDIOC_G_AUDIO(r4, 0x80345621, &(0x7f0000000b40))
setsockopt$inet_MCAST_LEAVE_GROUP(r4, 0x0, 0x2d, &(0x7f0000000b80)={0x4, {{0x2, 0x4e24, @remote}}}, 0x88)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000c40)={'raw\x00', 0x3, [{}, {}, {}]}, 0x58)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000cc0))
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r4, 0x4008ae48, &(0x7f0000000d00)=0xeeee0000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000e40)={&(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d80)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000dc0)=[0x0, <r9=>0x0, 0x0], &(0x7f0000000e00)=[0x0, 0x0], 0x7, 0x4, 0x3, 0x2})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000e80)={0x3, 0x0, r9})
ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f0000000ec0)=0xe8)
lsm_list_modules(&(0x7f0000000f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000f80)=0x48, 0x0)
r10 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$KDSKBENT(r10, 0x4b47, &(0x7f0000000fc0)={0x1, 0xe, 0x6})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(0xffffffffffffffff, 0xc01064ac, &(0x7f0000001100)={r5, 0xd9, &(0x7f0000001000)=""/217})

86.540878ms ago: executing program 0 (id=2931):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = mq_open(&(0x7f0000000800)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18J\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\";a~\n\x15\xaf.\x82\xe4\xefa\\\xdd\x93\x81G\xb4\x1d_\xb7b\xb8\x06`\xcf\xefci#zd\x01\xb2j\x05\x13\x8f\x92\x01\x8aB\xc3\xf1\x9d\xc2\xee\xd3\xad\x84\xb5\x1e[R\xff\b\x86NC\xff\xc5\xd8 \xa8 \f`\xa4\x8a\xc1b\xc9q\xe8\xb0\tZ\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r1)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d34, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x1, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x80, 0x0, 0x2, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x2, 0x8004, 0xf292, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x78, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x31, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0xd, 0x6, 0x47, 0x8000, 0xfffffffd, 0xfdfffffd, 0xffff, 0x400, 0x4, 0x9, 0x3, 0x3, 0x20000007, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x5, 0xb, 0x3, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1002, 0xa2, 0x7, 0x953a, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x149, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x6, 0x226, 0x5, 0x5, 0x28, 0x30b1d693, 0xa1f, 0xf43, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r2 = getpgid(0x0)
capget(&(0x7f0000000000)={0x20071026, r2}, &(0x7f0000000040)={0xe, 0x8, 0x2, 0x7, 0x5, 0x8})
connect$inet(r0, &(0x7f0000000040)={0x2, 0xa000, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f00000009c0)=0x1234, 0x4)
timer_create(0x2, 0x0, &(0x7f0000000040)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0)
timer_gettime(r3, &(0x7f0000000140))
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r4, 0x891c)
ppoll(&(0x7f0000000100)=[{r0, 0x240}, {r4, 0x40}], 0x2, &(0x7f0000000180)={0x77359400}, &(0x7f0000000200)={[0x1]}, 0x8)

0s ago: executing program 3 (id=2932):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000208000c40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000018000300"], 0xc8}, 0x1, 0x0, 0x0, 0x4040054}, 0x0)

kernel console output (not intermixed with test programs):

/dev/disk/by-diskseq/170.tmp-b7:1' failed: Read-only file system
[  286.653315][ T5846] udevd[5846]: symlink '../../loop3' '/dev/disk/by-diskseq/169.tmp-b7:3' failed: Read-only file system
[  286.878182][T11977] fuse: Unknown parameter '0x0000000000000003'
[  287.128403][T11986] FAULT_INJECTION: forcing a failure.
[  287.128403][T11986] name failslab, interval 1, probability 0, space 0, times 0
[  287.149419][T11986] CPU: 1 UID: 0 PID: 11986 Comm: syz.1.2207 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  287.149446][T11986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.149456][T11986] Call Trace:
[  287.149463][T11986]  <TASK>
[  287.149472][T11986]  dump_stack_lvl+0x189/0x250
[  287.149497][T11986]  ? __pfx____ratelimit+0x10/0x10
[  287.149518][T11986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.149539][T11986]  ? __pfx__printk+0x10/0x10
[  287.149565][T11986]  ? __ip_dev_find+0x444/0x4e0
[  287.149592][T11986]  should_fail_ex+0x414/0x560
[  287.149620][T11986]  should_failslab+0xa8/0x100
[  287.149641][T11986]  kmem_cache_alloc_noprof+0x73/0x3c0
[  287.149660][T11986]  ? dst_alloc+0x105/0x170
[  287.149681][T11986]  dst_alloc+0x105/0x170
[  287.149697][T11986]  ? ip_check_mc_rcu+0x4c7/0x680
[  287.149722][T11986]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[  287.149745][T11986]  ? fib_multipath_hash+0x17c5/0x2030
[  287.149766][T11986]  ? ip_route_output_key_hash+0xde/0x2e0
[  287.149786][T11986]  ip_route_output_key_hash+0x1b9/0x2e0
[  287.149802][T11986]  ? __lock_acquire+0xab9/0xd20
[  287.149827][T11986]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  287.149863][T11986]  ip_route_output_flow+0x2a/0x150
[  287.149887][T11986]  ? security_sk_classify_flow+0x70/0x180
[  287.149914][T11986]  udp_sendmsg+0x140c/0x2300
[  287.149938][T11986]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  287.149966][T11986]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  287.149985][T11986]  ? __pfx_udp_sendmsg+0x10/0x10
[  287.150002][T11986]  ? do_wp_page+0x22eb/0x5800
[  287.150051][T11986]  ? __pfx_aa_sk_perm+0x10/0x10
[  287.150067][T11986]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  287.150092][T11986]  ? sock_rps_record_flow+0x19/0x410
[  287.150115][T11986]  ? inet_sendmsg+0x29c/0x370
[  287.150133][T11986]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  287.150160][T11986]  __sock_sendmsg+0x19c/0x270
[  287.150185][T11986]  ____sys_sendmsg+0x52d/0x830
[  287.150216][T11986]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.150250][T11986]  ? import_iovec+0x74/0xa0
[  287.150285][T11986]  ___sys_sendmsg+0x21f/0x2a0
[  287.150313][T11986]  ? __pfx____sys_sendmsg+0x10/0x10
[  287.150383][T11986]  ? __might_fault+0xb0/0x130
[  287.150406][T11986]  __sys_sendmmsg+0x227/0x430
[  287.150437][T11986]  ? __pfx___sys_sendmmsg+0x10/0x10
[  287.150459][T11986]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  287.150508][T11986]  ? ksys_write+0x22a/0x250
[  287.150531][T11986]  ? __pfx_ksys_write+0x10/0x10
[  287.150550][T11986]  ? rcu_is_watching+0x15/0xb0
[  287.150574][T11986]  __x64_sys_sendmmsg+0xa0/0xc0
[  287.150601][T11986]  do_syscall_64+0xfa/0x3b0
[  287.150621][T11986]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.150641][T11986]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.150659][T11986]  ? clear_bhb_loop+0x60/0xb0
[  287.150682][T11986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.150699][T11986] RIP: 0033:0x7fadbfb8e929
[  287.150717][T11986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.150733][T11986] RSP: 002b:00007fadc0aad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  287.150754][T11986] RAX: ffffffffffffffda RBX: 00007fadbfdb5fa0 RCX: 00007fadbfb8e929
[  287.150768][T11986] RDX: 000000000000002d RSI: 0000200000007fc0 RDI: 0000000000000003
[  287.150781][T11986] RBP: 00007fadc0aad090 R08: 0000000000000000 R09: 0000000000000000
[  287.150793][T11986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  287.150805][T11986] R13: 0000000000000000 R14: 00007fadbfdb5fa0 R15: 00007ffc943297a8
[  287.150836][T11986]  </TASK>
[  287.527720][T11988] FAT-fs (rnullb0): bogus number of reserved sectors
[  287.544084][T11988] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  287.589339][T11992] FAULT_INJECTION: forcing a failure.
[  287.589339][T11992] name failslab, interval 1, probability 0, space 0, times 0
[  287.602113][T11992] CPU: 1 UID: 0 PID: 11992 Comm: syz.1.2209 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  287.602137][T11992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.602147][T11992] Call Trace:
[  287.602161][T11992]  <TASK>
[  287.602169][T11992]  dump_stack_lvl+0x189/0x250
[  287.602193][T11992]  ? __pfx____ratelimit+0x10/0x10
[  287.602214][T11992]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.602230][T11992]  ? __pfx__printk+0x10/0x10
[  287.602250][T11992]  ? __pfx___might_resched+0x10/0x10
[  287.602267][T11992]  ? fs_reclaim_acquire+0x7d/0x100
[  287.602292][T11992]  should_fail_ex+0x414/0x560
[  287.602320][T11992]  should_failslab+0xa8/0x100
[  287.602340][T11992]  __kmalloc_noprof+0xcb/0x4f0
[  287.602358][T11992]  ? tomoyo_encode+0x28b/0x550
[  287.602381][T11992]  tomoyo_encode+0x28b/0x550
[  287.602403][T11992]  tomoyo_realpath_from_path+0x58d/0x5d0
[  287.602430][T11992]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  287.602453][T11992]  tomoyo_path_number_perm+0x1e8/0x5a0
[  287.602480][T11992]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  287.602520][T11992]  ? __lock_acquire+0xab9/0xd20
[  287.602560][T11992]  ? __fget_files+0x2a/0x420
[  287.602584][T11992]  ? __fget_files+0x2a/0x420
[  287.602605][T11992]  ? __fget_files+0x3a0/0x420
[  287.602626][T11992]  ? __fget_files+0x2a/0x420
[  287.602650][T11992]  security_file_ioctl+0xcb/0x2d0
[  287.602676][T11992]  __se_sys_ioctl+0x47/0x170
[  287.602698][T11992]  do_syscall_64+0xfa/0x3b0
[  287.602718][T11992]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.602738][T11992]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.602755][T11992]  ? clear_bhb_loop+0x60/0xb0
[  287.602777][T11992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.602793][T11992] RIP: 0033:0x7fadbfb8e929
[  287.602809][T11992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.602823][T11992] RSP: 002b:00007fadc0aad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.602841][T11992] RAX: ffffffffffffffda RBX: 00007fadbfdb5fa0 RCX: 00007fadbfb8e929
[  287.602853][T11992] RDX: 0000200000000300 RSI: 00000000c0905664 RDI: 0000000000000003
[  287.602866][T11992] RBP: 00007fadc0aad090 R08: 0000000000000000 R09: 0000000000000000
[  287.602877][T11992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.602888][T11992] R13: 0000000000000000 R14: 00007fadbfdb5fa0 R15: 00007ffc943297a8
[  287.602931][T11992]  </TASK>
[  287.602952][T11992] ERROR: Out of memory at tomoyo_realpath_from_path.
[  287.633828][  T979] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  287.953607][T12001] loop3: detected capacity change from 0 to 1
[  287.974862][T12001] Dev loop3: unable to read RDB block 1
[  287.980493][T12001]  loop3: unable to read partition table
[  288.006881][T12001] loop3: partition table beyond EOD, truncated
[  288.021891][T12001] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  288.034305][  T979] usb 1-1: Using ep0 maxpacket: 8
[  288.041642][  T979] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  288.051540][  T979] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  288.073659][T12004] fuse: Unknown parameter '0x0000000000000003'
[  288.076582][  T979] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  288.145366][  T979] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  288.177999][  T979] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  288.199604][  T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.428268][  T979] usb 1-1: GET_CAPABILITIES returned 0
[  288.434887][  T979] usbtmc 1-1:16.0: can't read capabilities
[  288.493829][ T5932] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  288.635663][T11981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.654370][ T5932] usb 3-1: Using ep0 maxpacket: 32
[  288.659851][T11981] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.670796][ T5932] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  288.685862][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.696926][ T5932] usb 3-1: config 0 descriptor??
[  288.705183][ T5932] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  288.723563][ T5888] usb 1-1: USB disconnect, device number 67
[  289.105345][ T5932] gspca_vc032x: reg_w err -71
[  289.110220][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.115732][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.121682][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.127100][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.132408][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.138129][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.143420][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.148862][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.154820][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.160144][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.165533][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.170818][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.178064][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.184341][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.189636][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.194965][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.200244][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.205551][ T5932] gspca_vc032x: I2c Bus Busy Wait 00
[  289.210841][ T5932] gspca_vc032x: Unknown sensor...
[  289.216051][ T5932] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  289.226079][ T5932] usb 3-1: USB disconnect, device number 27
[  289.334395][T12026] loop1: detected capacity change from 0 to 7
[  289.357752][T12026] Dev loop1: unable to read RDB block 7
[  289.363387][T12026]  loop1: unable to read partition table
[  289.376228][T12026] loop1: partition table beyond EOD, truncated
[  289.382548][T12026] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  289.382548][T12026] 
) failed (rc=-5)
[  289.510116][T12024] syzkaller0: entered allmulticast mode
[  289.531595][T12024] syzkaller0 (unregistering): left allmulticast mode
[  289.608356][T12034] fuse: Unknown parameter '0x0000000000000003'
[  290.047358][T12045] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2230'.
[  290.074944][T12045] unsupported nlmsg_type 40
[  290.300024][T12062] loop3: detected capacity change from 0 to 1
[  290.308958][ T5840] Dev loop3: unable to read RDB block 1
[  290.316989][ T5840]  loop3: unable to read partition table
[  290.322929][ T5840] loop3: partition table beyond EOD, truncated
[  290.332066][T12062] Dev loop3: unable to read RDB block 1
[  290.339123][T12065] fuse: Unknown parameter '0x0000000000000003'
[  290.341585][T12062]  loop3: unable to read partition table
[  290.351815][T12062] loop3: partition table beyond EOD, truncated
[  290.361582][T12062] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  290.362407][T12063] vxfs: WRONG superblock magic 00000000 at 1
[  290.389140][T12063] vxfs: WRONG superblock magic 00000000 at 8
[  290.398931][T12063] vxfs: can't find superblock.
[  290.557800][T12074] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2239'.
[  290.848844][T12079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  291.021882][T12089] XFS (rnullb0): Invalid superblock magic number
[  291.053907][ T5902] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  291.108960][T12091] XFS (rnullb0): Invalid superblock magic number
[  291.221924][T12102] fuse: Unknown parameter '0x0000000000000003'
[  291.236335][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.252993][ T5902] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  291.272404][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.299528][ T5902] usb 3-1: config 0 descriptor??
[  291.420722][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/175.tmp-b7:1' failed: Read-only file system
[  291.477295][T12110] loop1: detected capacity change from 0 to 7
[  291.487013][T12110] Dev loop1: unable to read RDB block 7
[  291.492629][T12110]  loop1: unable to read partition table
[  291.500133][T12110] loop1: partition table beyond EOD, truncated
[  291.509152][T12110] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  291.509152][T12110] 
) failed (rc=-5)
[  291.526645][ T5902] usbhid 3-1:0.0: can't add hid device: -71
[  291.535188][ T5902] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  291.541799][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/178.tmp-b7:1' failed: Read-only file system
[  291.547027][ T5902] usb 3-1: USB disconnect, device number 28
[  291.596796][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/178.tmp-b7:1' failed: Read-only file system
[  291.639479][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/178.tmp-b7:1' failed: Read-only file system
[  291.688309][T12114] netlink: 'syz.0.2251': attribute type 3 has an invalid length.
[  291.688334][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/178.tmp-b7:1' failed: Read-only file system
[  291.703899][T12114] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2251'.
[  291.788457][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/177.tmp-b7:3' failed: Read-only file system
[  291.856884][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  291.877379][T12121] fuse: Unknown parameter '0x0000000000000003'
[  291.930035][T12125] FAULT_INJECTION: forcing a failure.
[  291.930035][T12125] name failslab, interval 1, probability 0, space 0, times 0
[  291.935109][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  291.955047][T12125] CPU: 1 UID: 0 PID: 12125 Comm: syz.0.2255 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  291.955082][T12125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  291.955092][T12125] Call Trace:
[  291.955100][T12125]  <TASK>
[  291.955108][T12125]  dump_stack_lvl+0x189/0x250
[  291.955132][T12125]  ? __pfx____ratelimit+0x10/0x10
[  291.955153][T12125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.955172][T12125]  ? __pfx__printk+0x10/0x10
[  291.955193][T12125]  ? __pfx___might_resched+0x10/0x10
[  291.955210][T12125]  ? fs_reclaim_acquire+0x7d/0x100
[  291.955234][T12125]  should_fail_ex+0x414/0x560
[  291.955260][T12125]  should_failslab+0xa8/0x100
[  291.955283][T12125]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  291.955300][T12125]  ? __lock_acquire+0xab9/0xd20
[  291.955321][T12125]  ? __alloc_skb+0x112/0x2d0
[  291.955347][T12125]  __alloc_skb+0x112/0x2d0
[  291.955372][T12125]  alloc_skb_with_frags+0xca/0x890
[  291.955399][T12125]  ? is_bpf_text_address+0x26/0x2b0
[  291.955427][T12125]  sock_alloc_send_pskb+0x857/0x990
[  291.955459][T12125]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  291.955476][T12125]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.955505][T12125]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  291.955523][T12125]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  291.955540][T12125]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  291.955561][T12125]  __ip_append_data+0x2d1c/0x40f0
[  291.955595][T12125]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  291.955627][T12125]  ? ipv4_mtu+0x23/0x5c0
[  291.955652][T12125]  ? __pfx___ip_append_data+0x10/0x10
[  291.955666][T12125]  ? ipv4_mtu+0x4b2/0x5c0
[  291.955691][T12125]  ? ip_setup_cork+0x577/0x9a0
[  291.955712][T12125]  ip_make_skb+0x1de/0x3f0
[  291.955735][T12125]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  291.955760][T12125]  ? __pfx_ip_make_skb+0x10/0x10
[  291.955797][T12125]  udp_sendmsg+0x1925/0x2300
[  291.955822][T12125]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  291.955850][T12125]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  291.955868][T12125]  ? __pfx_udp_sendmsg+0x10/0x10
[  291.955883][T12125]  ? do_wp_page+0x22eb/0x5800
[  291.955938][T12125]  ? sock_rps_record_flow+0x19/0x410
[  291.955959][T12125]  ? inet_sendmsg+0x29c/0x370
[  291.955979][T12125]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  291.956004][T12125]  __sock_sendmsg+0x19c/0x270
[  291.956024][T12125]  ____sys_sendmsg+0x52d/0x830
[  291.956048][T12125]  ? __pfx_____sys_sendmsg+0x10/0x10
[  291.956074][T12125]  ? import_iovec+0x74/0xa0
[  291.956097][T12125]  ___sys_sendmsg+0x21f/0x2a0
[  291.956118][T12125]  ? __pfx____sys_sendmsg+0x10/0x10
[  291.956169][T12125]  ? __might_fault+0xb0/0x130
[  291.956187][T12125]  __sys_sendmmsg+0x227/0x430
[  291.956210][T12125]  ? __pfx___sys_sendmmsg+0x10/0x10
[  291.956228][T12125]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  291.956263][T12125]  ? ksys_write+0x22a/0x250
[  291.956281][T12125]  ? __pfx_ksys_write+0x10/0x10
[  291.956294][T12125]  ? rcu_is_watching+0x15/0xb0
[  291.956313][T12125]  __x64_sys_sendmmsg+0xa0/0xc0
[  291.956334][T12125]  do_syscall_64+0xfa/0x3b0
[  291.956349][T12125]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.956365][T12125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.956378][T12125]  ? clear_bhb_loop+0x60/0xb0
[  291.956395][T12125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.956409][T12125] RIP: 0033:0x7f7f46f8e929
[  291.956422][T12125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.956434][T12125] RSP: 002b:00007f7f47e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  291.956449][T12125] RAX: ffffffffffffffda RBX: 00007f7f471b5fa0 RCX: 00007f7f46f8e929
[  291.956460][T12125] RDX: 000000000000002d RSI: 0000200000007fc0 RDI: 0000000000000003
[  291.956470][T12125] RBP: 00007f7f47e26090 R08: 0000000000000000 R09: 0000000000000000
[  291.956479][T12125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  291.956488][T12125] R13: 0000000000000000 R14: 00007f7f471b5fa0 R15: 00007ffda13c0cd8
[  291.956510][T12125]  </TASK>
[  292.379642][T12129] FAT-fs (rnullb0): bogus number of reserved sectors
[  292.387431][T12129] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  292.403870][ T5902] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  292.425939][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/177.tmp-b7:3' failed: Read-only file system
[  292.490160][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  292.576057][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  292.589788][ T5902] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  292.623207][ T5902] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  292.652793][ T5902] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  292.682810][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.732253][ T5902] usb 3-1: config 0 descriptor??
[  293.063874][ T5902] usb 1-1: new low-speed USB device number 68 using dummy_hcd
[  293.227923][ T5902] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  293.237538][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.252236][ T5902] usb 1-1: config 0 descriptor??
[  293.420965][T12157] netlink: 'syz.1.2267': attribute type 1 has an invalid length.
[  293.428997][T12157] netlink: 'syz.1.2267': attribute type 101 has an invalid length.
[  293.439377][T12157] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2267'.
[  293.881858][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  293.899015][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  293.908488][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  293.920590][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  293.930604][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  294.286212][ T5902] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  294.309538][ T5902] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  294.314890][ T6619] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.330269][ T5902] asix 1-1:0.0: probe with driver asix failed with error -71
[  294.342019][ T5902] usb 1-1: USB disconnect, device number 68
[  294.520348][ T6619] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.541660][T12179] Mount JFS Failure: -22
[  294.575114][T12163] chnl_net:caif_netlink_parms(): no params data found
[  294.727582][ T6619] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.935539][ T6619] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.042700][T12197] ptm ptm15: ldisc open failed (-12), clearing slot 15
[  295.052162][T12198] ptm ptm16: ldisc open failed (-12), clearing slot 16
[  295.249693][T12163] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.264031][T12163] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.271330][T12163] bridge_slave_0: entered allmulticast mode
[  295.280158][T12163] bridge_slave_0: entered promiscuous mode
[  295.381541][T12163] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.391572][T12163] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.400445][T12163] bridge_slave_1: entered allmulticast mode
[  295.408498][T12163] bridge_slave_1: entered promiscuous mode
[  295.636396][ T6619] bridge_slave_1: left allmulticast mode
[  295.652761][ T6619] bridge_slave_1: left promiscuous mode
[  295.672906][ T6619] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.716342][ T6619] bridge_slave_0: left allmulticast mode
[  295.722030][ T6619] bridge_slave_0: left promiscuous mode
[  295.742597][   T10] usb 3-1: USB disconnect, device number 29
[  295.745105][T12220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2279'.
[  295.758795][ T6619] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.957528][ T5842] Bluetooth: hci0: command tx timeout
[  296.873554][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  296.874868][ T6619] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  296.919038][ T6619] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  296.956310][ T6619] bond0 (unregistering): Released all slaves
[  296.968533][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  297.003249][T12163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.026833][T12163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.189657][ T6619] tipc: Left network mode
[  297.203498][T12163] team0: Port device team_slave_0 added
[  297.232977][T12163] team0: Port device team_slave_1 added
[  297.281093][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/177.tmp-b7:3' failed: Read-only file system
[  297.445695][T12163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.452709][T12163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.479679][T12163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.493530][T12163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.519631][T12163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.575336][ T5932] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  297.588971][T12163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.661003][T12264] netlink: 'syz.0.2289': attribute type 9 has an invalid length.
[  297.735802][ T5932] usb 4-1: Using ep0 maxpacket: 32
[  297.748770][ T5932] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  297.750833][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  297.770306][ T5932] usb 4-1: config 0 has no interface number 0
[  297.780085][ T5932] usb 4-1: config 0 interface 12 has no altsetting 0
[  297.875569][ T5932] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  297.885683][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.893707][ T5932] usb 4-1: Product: syz
[  297.913802][ T5932] usb 4-1: Manufacturer: syz
[  297.918581][ T5932] usb 4-1: SerialNumber: syz
[  297.944894][ T5932] usb 4-1: config 0 descriptor??
[  298.042816][ T5842] Bluetooth: hci0: command tx timeout
[  298.065960][ T6619] hsr_slave_0: left promiscuous mode
[  298.079065][ T6619] hsr_slave_1: left promiscuous mode
[  298.094907][ T6619] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.112801][ T6619] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.128644][ T6619] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.149347][ T6619] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.215305][ T6619] veth1_macvtap: left promiscuous mode
[  298.221048][ T6619] veth0_macvtap: left promiscuous mode
[  298.231300][ T6619] veth1_vlan: left promiscuous mode
[  298.240724][ T6619] veth0_vlan: left promiscuous mode
[  298.810460][T12295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2294'.
[  298.899840][ T6619] team0 (unregistering): Port device team_slave_1 removed
[  298.962452][ T6619] team0 (unregistering): Port device team_slave_0 removed
[  299.316427][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  299.381447][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  299.572769][T12163] hsr_slave_0: entered promiscuous mode
[  299.580369][T12163] hsr_slave_1: entered promiscuous mode
[  299.600898][T12163] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  299.621064][T12163] Cannot create hsr debugfs directory
[  299.896852][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  300.023343][T12315] netlink: 'syz.2.2299': attribute type 9 has an invalid length.
[  300.114275][ T5842] Bluetooth: hci0: command tx timeout
[  300.123703][T12284] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  300.149079][ T6619] IPVS: stop unused estimator thread 0...
[  300.674006][ T5902] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  300.711248][T12163] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  300.722579][T12163] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  300.737076][T12163] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  300.750074][T12163] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  300.836810][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  300.848069][ T5902] usb 1-1: Using ep0 maxpacket: 16
[  300.872416][T12326] qnx4: no qnx4 filesystem (no root dir).
[  300.880629][T12326] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.922669][T12326] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.939533][ T5902] usb 1-1: unable to get BOS descriptor or descriptor too short
[  300.967542][ T5902] usb 1-1: unable to read config index 0 descriptor/start: -71
[  300.984811][ T5902] usb 1-1: can't read configurations, error -71
[  301.039812][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  301.083140][T12163] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.131753][T12163] 8021q: adding VLAN 0 to HW filter on device team0
[  301.201203][ T6629] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.208382][ T6629] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.249438][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  301.267019][ T6629] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.274193][ T6629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.305917][ T5932] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  301.330036][ T5932] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  301.345629][ T5932] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  301.353319][ T5932] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  301.421164][ T5932] usb 4-1: USB disconnect, device number 35
[  302.061235][T12163] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.163841][ T5888] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  302.189026][T12163] veth0_vlan: entered promiscuous mode
[  302.194952][ T5842] Bluetooth: hci0: command tx timeout
[  302.222475][T12163] veth1_vlan: entered promiscuous mode
[  302.283728][T12163] veth0_macvtap: entered promiscuous mode
[  302.315245][T12163] veth1_macvtap: entered promiscuous mode
[  302.325503][ T5888] usb 3-1: not running at top speed; connect to a high speed hub
[  302.335125][ T5888] usb 3-1: config 127 has an invalid interface number: 89 but max is 1
[  302.343411][ T5888] usb 3-1: config 127 has an invalid interface number: 144 but max is 1
[  302.393791][ T5888] usb 3-1: config 127 has an invalid interface number: 63 but max is 1
[  302.402087][ T5888] usb 3-1: config 127 has 3 interfaces, different from the descriptor's value: 2
[  302.407965][T12163] batman_adv: batadv0: Interface activated: batadv_slave_0
[  302.462713][ T5888] usb 3-1: config 127 has no interface number 0
[  302.477894][T12163] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.480757][ T5888] usb 3-1: config 127 has no interface number 1
[  302.523239][ T6619] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.529449][ T5888] usb 3-1: config 127 has no interface number 2
[  302.548818][ T6619] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.557804][ T5888] usb 3-1: config 127 interface 89 altsetting 0 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  302.557834][ T5888] usb 3-1: config 127 interface 89 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.557856][ T5888] usb 3-1: config 127 interface 89 altsetting 0 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  302.622458][ T6619] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.658332][ T5888] usb 3-1: config 127 interface 89 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.700213][ T6619] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.701019][ T5888] usb 3-1: config 127 interface 89 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  302.721630][T12388] FAULT_INJECTION: forcing a failure.
[  302.721630][T12388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.722728][ T5888] usb 3-1: config 127 interface 89 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.746322][ T5888] usb 3-1: config 127 interface 89 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64
[  302.768796][T12388] CPU: 0 UID: 0 PID: 12388 Comm: syz.0.2312 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  302.768822][T12388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.768833][T12388] Call Trace:
[  302.768841][T12388]  <TASK>
[  302.768849][T12388]  dump_stack_lvl+0x189/0x250
[  302.768875][T12388]  ? __pfx____ratelimit+0x10/0x10
[  302.768898][T12388]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.768917][T12388]  ? __pfx__printk+0x10/0x10
[  302.768949][T12388]  should_fail_ex+0x414/0x560
[  302.768980][T12388]  _copy_to_user+0x31/0xb0
[  302.768999][T12388]  simple_read_from_buffer+0xe1/0x170
[  302.769028][T12388]  proc_fail_nth_read+0x1df/0x250
[  302.769056][T12388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.769083][T12388]  ? rw_verify_area+0x258/0x650
[  302.769103][T12388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  302.769128][T12388]  vfs_read+0x1fd/0x980
[  302.769154][T12388]  ? __pfx___mutex_lock+0x10/0x10
[  302.769177][T12388]  ? __pfx_vfs_read+0x10/0x10
[  302.769199][T12388]  ? __fget_files+0x2a/0x420
[  302.769225][T12388]  ? __fget_files+0x3a0/0x420
[  302.769246][T12388]  ? __fget_files+0x2a/0x420
[  302.769277][T12388]  ksys_read+0x145/0x250
[  302.769300][T12388]  ? __pfx_ksys_read+0x10/0x10
[  302.769317][T12388]  ? rcu_is_watching+0x15/0xb0
[  302.769341][T12388]  ? do_syscall_64+0xbe/0x3b0
[  302.769366][T12388]  do_syscall_64+0xfa/0x3b0
[  302.769386][T12388]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.769406][T12388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.769425][T12388]  ? clear_bhb_loop+0x60/0xb0
[  302.769446][T12388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.769469][T12388] RIP: 0033:0x7f7f46f8d33c
[  302.769485][T12388] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  302.769500][T12388] RSP: 002b:00007f7f47e05030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  302.769519][T12388] RAX: ffffffffffffffda RBX: 00007f7f471b6080 RCX: 00007f7f46f8d33c
[  302.769533][T12388] RDX: 000000000000000f RSI: 00007f7f47e050a0 RDI: 0000000000000004
[  302.769545][T12388] RBP: 00007f7f47e05090 R08: 0000000000000000 R09: 0000000000000000
[  302.769556][T12388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.769567][T12388] R13: 0000000000000001 R14: 00007f7f471b6080 R15: 00007ffda13c0cd8
[  302.769597][T12388]  </TASK>
[  302.813800][ T5888] usb 3-1: config 127 interface 89 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  302.816632][    C0] vkms_vblank_simulate: vblank timer overrun
[  302.843076][ T5888] usb 3-1: too many endpoints for config 127 interface 144 altsetting 53: 48, using maximum allowed: 30
[  302.846091][    C0] vkms_vblank_simulate: vblank timer overrun
[  303.242644][ T6625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.272682][ T6625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.296277][ T5888] usb 3-1: config 127 interface 144 altsetting 53 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  303.317338][ T4333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.333816][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0x8, skipping
[  303.361478][ T4333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.383817][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has an invalid descriptor for endpoint zero, skipping
[  303.426112][ T5888] usb 3-1: config 127 interface 63 altsetting 145 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  303.437428][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/177.tmp-b7:3' failed: Read-only file system
[  303.540484][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0xB, skipping
[  303.565431][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0x6, skipping
[  303.607239][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0xA, skipping
[  303.626565][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  303.648560][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0x2, skipping
[  303.661626][T12412] loop3: detected capacity change from 0 to 1
[  303.682567][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0x2, skipping
[  303.697348][T12412] Dev loop3: unable to read RDB block 1
[  303.709948][T12412]  loop3: unable to read partition table
[  303.723386][ T5888] usb 3-1: config 127 interface 63 altsetting 145 has a duplicate endpoint with address 0xF, skipping
[  303.744244][T12412] loop3: partition table beyond EOD, truncated
[  303.749090][ T5888] usb 3-1: config 127 interface 144 has no altsetting 0
[  303.762570][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/180.tmp-b7:3' failed: Read-only file system
[  303.769351][ T5888] usb 3-1: config 127 interface 63 has no altsetting 0
[  303.793843][T12412] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  303.846689][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/180.tmp-b7:3' failed: Read-only file system
[  303.862579][ T5888] usb 3-1: New USB device found, idVendor=185b, idProduct=0650, bcdDevice=79.ae
[  303.876557][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.904790][ T5888] usb 3-1: Product: 
[  303.909968][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/180.tmp-b7:3' failed: Read-only file system
[  303.915585][ T5888] usb 3-1: Manufacturer: Ђ
[  303.955721][ T5888] usb 3-1: SerialNumber: я
[  303.977628][T12370] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  304.000961][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  304.004486][T12370] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  304.182375][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/181.tmp-b7:3' failed: Read-only file system
[  304.220350][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  304.341574][T12369] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  304.361519][T12369] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  304.511321][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/179.tmp-b7:1' failed: Read-only file system
[  304.545161][ T5888] usb 3-1: USB disconnect, device number 30
[  304.585397][ T7297] udevd[7297]: symlink '../../loop3' '/dev/disk/by-diskseq/181.tmp-b7:3' failed: Read-only file system
[  304.839985][T12451] netlink: 'syz.3.2326': attribute type 9 has an invalid length.
[  304.906245][T12456] netlink: 'syz.1.2327': attribute type 10 has an invalid length.
[  304.974711][T12456] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2327'.
[  305.115690][T12456] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  305.115862][T12456] team0: Failed to send options change via netlink (err -105)
[  305.115878][T12456] team0: Port device geneve0 added
[  305.341632][T12472] loop3: detected capacity change from 0 to 1
[  305.378072][T12472] Dev loop3: unable to read RDB block 1
[  305.399114][T12472]  loop3: unable to read partition table
[  305.407846][T12472] loop3: partition table beyond EOD, truncated
[  305.419584][T12472] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  305.938514][T12500] netlink: 'syz.0.2336': attribute type 9 has an invalid length.
[  306.131337][T12507] syz.2.2338: attempt to access beyond end of device
[  306.131337][T12507] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0
[  306.191881][T12507] vxfs: unable to read disk superblock at 1
[  306.216738][T12507] syz.2.2338: attempt to access beyond end of device
[  306.216738][T12507] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  306.230272][T12514] loop1: detected capacity change from 0 to 7
[  306.240582][T12514] Dev loop1: unable to read RDB block 7
[  306.249954][T12507] vxfs: unable to read disk superblock at 8
[  306.264213][T12514]  loop1: unable to read partition table
[  306.274454][T12514] loop1: partition table beyond EOD, truncated
[  306.279981][T12507] vxfs: can't find superblock.
[  306.289195][T12514] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  306.289195][T12514] 
) failed (rc=-5)
[  307.091020][T12556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2348'.
[  307.209724][T12563] qnx4: no qnx4 filesystem (no root dir).
[  307.546669][T12578] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  307.574083][T12578] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  307.608473][T12580] netlink: 'syz.2.2354': attribute type 9 has an invalid length.
[  307.731023][T12584] loop1: detected capacity change from 0 to 7
[  307.744196][T12584] Dev loop1: unable to read RDB block 7
[  307.749852][T12584]  loop1: unable to read partition table
[  307.756105][T12584] loop1: partition table beyond EOD, truncated
[  307.766054][T12584] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  307.766054][T12584] 
) failed (rc=-5)
[  308.348736][T12595] netlink: 'syz.3.2361': attribute type 8 has an invalid length.
[  308.367028][T12595] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2361'.
[  308.478103][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  308.508830][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  308.583645][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/183.tmp-b7:3' failed: Read-only file system
[  308.691834][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  308.792118][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  308.916986][T12616] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2369'.
[  308.953351][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  308.969389][ T5846] udevd[5846]: symlink '../../loop3' '/dev/disk/by-diskseq/183.tmp-b7:3' failed: Read-only file system
[  309.044163][T12618] can0: slcan on ttyS3.
[  309.096586][ T7296] udevd[7296]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  309.234338][T12617] can0 (unregistered): slcan off ttyS3.
[  309.309200][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  309.352344][ T5846] udevd[5846]: symlink '../../loop3' '/dev/disk/by-diskseq/183.tmp-b7:3' failed: Read-only file system
[  309.414213][T12626] netlink: 'syz.1.2372': attribute type 9 has an invalid length.
[  309.464395][T12630] bpf: Bad value for 'uid'
[  309.894191][   T43] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  310.067494][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.085473][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.104426][   T43] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  310.122299][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.150527][T12648] netlink: 'syz.3.2375': attribute type 21 has an invalid length.
[  310.152665][   T43] usb 2-1: config 0 descriptor??
[  310.174554][T12648] netlink: 'syz.3.2375': attribute type 1 has an invalid length.
[  310.204622][T12648] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2375'.
[  310.601819][   T43] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  310.621747][   T43] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  310.694051][   T43] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.000C/input/input18
[  310.779071][   T43] cm6533_jd 0003:0D8C:0022.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  310.796474][T12668] gfs2: not a GFS2 filesystem
[  310.853644][   T43] usb 2-1: USB disconnect, device number 36
[  311.010698][T12670] fido_id[12670]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  311.318333][T12684] loop3: detected capacity change from 0 to 1
[  311.334533][T12684] Dev loop3: unable to read RDB block 1
[  311.343870][T12684]  loop3: unable to read partition table
[  311.374021][T12684] loop3: partition table beyond EOD, truncated
[  311.394047][T12684] loop_reread_partitions: partition scan of loop3 (�被x������ U�����) failed (rc=-5)
[  311.453655][T12686] can0: slcan on ttyS3.
[  311.656491][T12685] can0 (unregistered): slcan off ttyS3.
[  311.883856][   T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  312.043942][   T10] usb 3-1: Using ep0 maxpacket: 32
[  312.065310][   T10] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  312.083921][   T10] usb 3-1: config 0 has no interface number 0
[  312.099841][   T10] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  312.116978][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.129821][T12701] hpfs: Bad magic ... probably not HPFS
[  312.136110][   T10] usb 3-1: Product: syz
[  312.145048][  T979] IPVS: starting estimator thread 0...
[  312.151685][   T10] usb 3-1: Manufacturer: syz
[  312.171769][   T10] usb 3-1: SerialNumber: syz
[  312.190278][   T10] usb 3-1: config 0 descriptor??
[  312.218471][   T10] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  312.234013][T12705] IPVS: using max 33 ests per chain, 79200 per kthread
[  312.437537][   T10] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  312.490656][   T10] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  312.699788][T12725] netlink: 'syz.3.2394': attribute type 12 has an invalid length.
[  312.742982][T12731] netlink: 'syz.3.2394': attribute type 12 has an invalid length.
[  312.823676][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  312.824164][ T5932] usb 3-1: USB disconnect, device number 31
[  312.863475][ T5932] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  312.904181][ T5932] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  312.942967][ T5932] quatech2 3-1:0.51: device disconnected
[  313.123187][T12750] loop3: detected capacity change from 0 to 1
[  313.138461][T12750] Dev loop3: unable to read RDB block 1
[  313.148231][T12750]  loop3: unable to read partition table
[  313.168546][T12750] loop3: partition table beyond EOD, truncated
[  313.178151][T12750] loop_reread_partitions: partition scan of loop3 (�被x������ V�����) failed (rc=-5)
[  313.586890][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  313.662724][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  313.841267][T12771] FAULT_INJECTION: forcing a failure.
[  313.841267][T12771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.859417][T12771] CPU: 0 UID: 0 PID: 12771 Comm: syz.2.2407 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  313.859442][T12771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  313.859454][T12771] Call Trace:
[  313.859462][T12771]  <TASK>
[  313.859474][T12771]  dump_stack_lvl+0x189/0x250
[  313.859499][T12771]  ? __pfx____ratelimit+0x10/0x10
[  313.859522][T12771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.859542][T12771]  ? __pfx__printk+0x10/0x10
[  313.859562][T12771]  ? __might_fault+0xb0/0x130
[  313.859589][T12771]  should_fail_ex+0x414/0x560
[  313.859617][T12771]  _copy_to_iter+0x1db/0x16f0
[  313.859648][T12771]  ? __pfx_filemap_get_pages+0x10/0x10
[  313.859670][T12771]  ? __pfx__copy_to_iter+0x10/0x10
[  313.859692][T12771]  ? folio_mark_accessed+0x3d8/0x8b0
[  313.859717][T12771]  ? __pfx_folio_mark_accessed+0x10/0x10
[  313.859740][T12771]  ? page_copy_sane+0x4e/0x280
[  313.859764][T12771]  copy_page_to_iter+0x10c/0x1c0
[  313.859790][T12771]  filemap_read+0x7c0/0x11a0
[  313.859812][T12771]  ? aa_file_perm+0x13e/0x11b0
[  313.859851][T12771]  ? __pfx_filemap_read+0x10/0x10
[  313.859900][T12771]  ? end_current_label_crit_section+0x152/0x180
[  313.859923][T12771]  ? down_read+0x1ad/0x2e0
[  313.859946][T12771]  blkdev_read_iter+0x30a/0x440
[  313.859970][T12771]  vfs_read+0x4cd/0x980
[  313.859999][T12771]  ? __pfx_vfs_read+0x10/0x10
[  313.860028][T12771]  ? __fget_files+0x2a/0x420
[  313.860060][T12771]  ksys_read+0x145/0x250
[  313.860081][T12771]  ? __pfx_ksys_read+0x10/0x10
[  313.860098][T12771]  ? rcu_is_watching+0x15/0xb0
[  313.860122][T12771]  ? do_syscall_64+0xbe/0x3b0
[  313.860146][T12771]  do_syscall_64+0xfa/0x3b0
[  313.860165][T12771]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.860187][T12771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.860204][T12771]  ? clear_bhb_loop+0x60/0xb0
[  313.860226][T12771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.860243][T12771] RIP: 0033:0x7f94b218e929
[  313.860261][T12771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.860274][T12771] RSP: 002b:00007f94b2f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  313.860293][T12771] RAX: ffffffffffffffda RBX: 00007f94b23b5fa0 RCX: 00007f94b218e929
[  313.860306][T12771] RDX: 00000000fffffe5a RSI: 0000200000000100 RDI: 0000000000000004
[  313.860318][T12771] RBP: 00007f94b2f41090 R08: 0000000000000000 R09: 0000000000000000
[  313.860330][T12771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.860340][T12771] R13: 0000000000000000 R14: 00007f94b23b5fa0 R15: 00007ffdf7703ed8
[  313.860392][T12771]  </TASK>
[  314.097874][T12782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2410'.
[  314.100437][    C0] vkms_vblank_simulate: vblank timer overrun
[  314.137707][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  314.218154][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  314.227298][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  314.252519][T12784] NILFS (rnullb0): couldn't find nilfs on the device
[  314.305821][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  314.419271][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/187.tmp-b7:1' failed: Read-only file system
[  314.500945][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  314.681255][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  314.705333][ T5932] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  314.873830][ T5932] usb 2-1: Using ep0 maxpacket: 16
[  314.890514][ T5932] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  314.892332][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  314.918506][ T5932] usb 2-1: config 0 has no interface number 0
[  314.937253][ T5932] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  314.956711][ T5932] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  314.989807][ T5932] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  315.003805][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.022465][ T5932] usb 2-1: Product: syz
[  315.031405][ T5932] usb 2-1: Manufacturer: syz
[  315.042423][ T5932] usb 2-1: SerialNumber: syz
[  315.067795][ T5932] usb 2-1: config 0 descriptor??
[  315.083874][T12796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  315.093384][T12796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  315.282777][T12829] can0: slcan on ttyS3.
[  315.319467][T12796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  315.326925][T12796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  315.436116][T12828] can0 (unregistered): slcan off ttyS3.
[  315.454574][T12834] loop1: detected capacity change from 0 to 7
[  315.474103][T12834] Dev loop1: unable to read RDB block 7
[  315.490091][T12834]  loop1: unable to read partition table
[  315.503575][T12834] loop1: partition table beyond EOD, truncated
[  315.533205][T12834] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  315.533205][T12834] 
) failed (rc=-5)
[  315.762187][T12842] FAULT_INJECTION: forcing a failure.
[  315.762187][T12842] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  315.809100][T12842] CPU: 1 UID: 0 PID: 12842 Comm: syz.0.2431 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  315.809130][T12842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.809143][T12842] Call Trace:
[  315.809151][T12842]  <TASK>
[  315.809159][T12842]  dump_stack_lvl+0x189/0x250
[  315.809185][T12842]  ? __pfx____ratelimit+0x10/0x10
[  315.809206][T12842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.809225][T12842]  ? __pfx__printk+0x10/0x10
[  315.809254][T12842]  ? fs_reclaim_acquire+0x7d/0x100
[  315.809285][T12842]  should_fail_ex+0x414/0x560
[  315.809314][T12842]  prepare_alloc_pages+0x213/0x610
[  315.809342][T12842]  __alloc_frozen_pages_noprof+0x123/0x370
[  315.809370][T12842]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  315.809392][T12842]  ? is_bpf_text_address+0x26/0x2b0
[  315.809418][T12842]  ? kernel_text_address+0xa5/0xe0
[  315.809443][T12842]  ? policy_nodemask+0x27c/0x720
[  315.809460][T12842]  ? __lock_acquire+0xab9/0xd20
[  315.809490][T12842]  alloc_pages_mpol+0x232/0x4a0
[  315.809515][T12842]  vma_alloc_folio_noprof+0xe4/0x200
[  315.809538][T12842]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  315.809573][T12842]  folio_prealloc+0x30/0x180
[  315.809595][T12842]  __handle_mm_fault+0x2ab9/0x5440
[  315.809631][T12842]  ? __pfx___handle_mm_fault+0x10/0x10
[  315.809671][T12842]  ? find_vma+0xe7/0x160
[  315.809690][T12842]  ? __pfx_find_vma+0x10/0x10
[  315.809711][T12842]  handle_mm_fault+0x40a/0x8e0
[  315.809741][T12842]  do_user_addr_fault+0x764/0x1390
[  315.809782][T12842]  exc_page_fault+0x76/0xf0
[  315.809804][T12842]  asm_exc_page_fault+0x26/0x30
[  315.809820][T12842] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  315.809839][T12842] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  315.809853][T12842] RSP: 0018:ffffc9000b82f7f8 EFLAGS: 00050206
[  315.809868][T12842] RAX: ffffffff84cb4b01 RBX: ffff88806729a000 RCX: 0000000000000100
[  315.809879][T12842] RDX: 0000000000000000 RSI: ffff88806729af00 RDI: 0000200000001000
[  315.809890][T12842] RBP: ffffc9000b82f948 R08: ffff88806729afff R09: 1ffff1100ce535ff
[  315.809902][T12842] R10: dffffc0000000000 R11: ffffed100ce53600 R12: 1ffff92001705faf
[  315.809914][T12842] R13: 0000200000000100 R14: ffffc9000b82fd88 R15: 0000000000001000
[  315.809935][T12842]  ? _copy_to_iter+0x1d1/0x16f0
[  315.809964][T12842]  _copy_to_iter+0x24c/0x16f0
[  315.809996][T12842]  ? __pfx_filemap_get_pages+0x10/0x10
[  315.810019][T12842]  ? __pfx__copy_to_iter+0x10/0x10
[  315.810039][T12842]  ? folio_mark_accessed+0x42c/0x8b0
[  315.810065][T12842]  ? __pfx_folio_mark_accessed+0x10/0x10
[  315.810087][T12842]  ? page_copy_sane+0x4e/0x280
[  315.810111][T12842]  copy_page_to_iter+0x10c/0x1c0
[  315.810138][T12842]  filemap_read+0x7c0/0x11a0
[  315.810161][T12842]  ? aa_file_perm+0x13e/0x11b0
[  315.810202][T12842]  ? __pfx_filemap_read+0x10/0x10
[  315.810260][T12842]  ? end_current_label_crit_section+0x152/0x180
[  315.810285][T12842]  ? down_read+0x1ad/0x2e0
[  315.810309][T12842]  blkdev_read_iter+0x30a/0x440
[  315.810335][T12842]  vfs_read+0x4cd/0x980
[  315.810363][T12842]  ? __pfx_vfs_read+0x10/0x10
[  315.810392][T12842]  ? __fget_files+0x2a/0x420
[  315.810421][T12842]  ksys_read+0x145/0x250
[  315.810441][T12842]  ? __pfx_ksys_read+0x10/0x10
[  315.810457][T12842]  ? rcu_is_watching+0x15/0xb0
[  315.810480][T12842]  ? do_syscall_64+0xbe/0x3b0
[  315.810503][T12842]  do_syscall_64+0xfa/0x3b0
[  315.810521][T12842]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.810541][T12842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.810557][T12842]  ? clear_bhb_loop+0x60/0xb0
[  315.810576][T12842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.810592][T12842] RIP: 0033:0x7f7f46f8e929
[  315.810609][T12842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.810621][T12842] RSP: 002b:00007f7f47e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  315.810639][T12842] RAX: ffffffffffffffda RBX: 00007f7f471b5fa0 RCX: 00007f7f46f8e929
[  315.810650][T12842] RDX: 00000000fffffe5a RSI: 0000200000000100 RDI: 0000000000000004
[  315.810661][T12842] RBP: 00007f7f47e26090 R08: 0000000000000000 R09: 0000000000000000
[  315.810672][T12842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.810683][T12842] R13: 0000000000000000 R14: 00007f7f471b5fa0 R15: 00007ffda13c0cd8
[  315.810710][T12842]  </TASK>
[  316.256422][T12854] netlink: 'syz.2.2433': attribute type 9 has an invalid length.
[  316.279616][T12857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.290925][ T5932] asix 2-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xa9
[  316.296986][T12857] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.430347][ T5888] usb 2-1: USB disconnect, device number 37
[  316.513351][T12864] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  316.625963][T12864] UDF-fs: Scanning with blocksize 4096 failed
[  317.102026][T12892] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2443'.
[  317.113861][ T5932] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  317.133611][T12895] IPVS: sync thread started: state = MASTER, mcast_ifn = wg0, syncid = 4, id = 0
[  317.194665][   T10] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  317.244536][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.251679][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.295479][ T5932] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  317.308963][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  317.329236][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  317.342984][ T5932] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  317.344127][   T10] usb 1-1: Using ep0 maxpacket: 32
[  317.373196][   T10] usb 1-1: config 0 has no interfaces?
[  317.375222][ T5932] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  317.387358][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c13a, bcdDevice= 0.00
[  317.409620][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.411574][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.434458][   T10] usb 1-1: config 0 descriptor??
[  317.435508][ T5932] usb 2-1: config 0 descriptor??
[  317.711386][T12916] exFAT-fs (rnullb0): invalid boot record signature
[  317.749498][T12916] exFAT-fs (rnullb0): failed to read boot sector
[  317.767215][T12916] exFAT-fs (rnullb0): failed to recognize exfat type
[  317.808888][   T10] usb 1-1: USB disconnect, device number 71
[  317.851420][ T5932] plantronics 0003:047F:FFFF.000D: ignoring exceeding usage max
[  317.888291][ T5932] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  318.381320][T12930] netlink: 624 bytes leftover after parsing attributes in process `syz.2.2449'.
[  318.451976][T12933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2449'.
[  318.477034][T12933] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2449'.
[  318.588502][   T30] audit: type=1800 audit(1751303972.362:15): pid=12941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2452" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  318.665726][ T5932] usb 2-1: USB disconnect, device number 38
[  318.689175][T12878] delete_channel: no stack
[  318.869091][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  319.067976][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  319.230026][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  319.286554][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  319.910249][T12977] can0: slcan on ttyS3.
[  320.038359][T12976] can0 (unregistered): slcan off ttyS3.
[  320.071398][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  320.081361][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  320.089862][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  320.097910][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  320.110087][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  320.602616][ T4333] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.747445][ T4333] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.782513][T12987] chnl_net:caif_netlink_parms(): no params data found
[  320.850141][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  320.903178][T13013] netlink: 'syz.1.2468': attribute type 9 has an invalid length.
[  320.960078][ T4333] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  321.145963][ T4333] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  321.177625][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  321.253155][T13032] loop3: detected capacity change from 0 to 1
[  321.268893][ T5840] Dev loop3: unable to read RDB block 1
[  321.282177][ T5840]  loop3: unable to read partition table
[  321.292185][ T5840] loop3: partition table beyond EOD, truncated
[  321.302584][T13032] Dev loop3: unable to read RDB block 1
[  321.312238][T13032]  loop3: unable to read partition table
[  321.318705][T13032] loop3: partition table beyond EOD, truncated
[  321.325300][T13032] loop_reread_partitions: partition scan of loop3 (�被x������ ������) failed (rc=-5)
[  321.342787][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/194.tmp-b7:3' failed: Read-only file system
[  321.379523][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/194.tmp-b7:3' failed: Read-only file system
[  321.431495][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/193.tmp-b7:1' failed: Read-only file system
[  321.433964][T12987] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.448059][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/194.tmp-b7:3' failed: Read-only file system
[  321.520361][T12987] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.555124][T12987] bridge_slave_0: entered allmulticast mode
[  321.585279][T12987] bridge_slave_0: entered promiscuous mode
[  321.606447][T12987] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.628452][T12987] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.643453][T12987] bridge_slave_1: entered allmulticast mode
[  321.676190][T13044] loop1: detected capacity change from 0 to 7
[  321.682891][T12987] bridge_slave_1: entered promiscuous mode
[  321.689708][ T5840] Dev loop1: unable to read RDB block 7
[  321.717881][ T5840]  loop1: unable to read partition table
[  321.732726][ T5840] loop1: partition table beyond EOD, truncated
[  321.764046][T13044] Dev loop1: unable to read RDB block 7
[  321.771866][T13044]  loop1: unable to read partition table
[  321.790536][T13047] fuse: Bad value for 'user_id'
[  321.799214][T13044] loop1: partition table beyond EOD, truncated
[  321.813972][T13047] fuse: Bad value for 'user_id'
[  321.821334][T12987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.823926][T13044] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  321.823926][T13044] 
) failed (rc=-5)
[  321.917602][T12987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  322.032275][ T4333] bridge_slave_1: left allmulticast mode
[  322.041558][ T4333] bridge_slave_1: left promiscuous mode
[  322.048295][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.074680][ T4333] bridge_slave_0: left allmulticast mode
[  322.078692][T13057] netlink: 'syz.3.2479': attribute type 9 has an invalid length.
[  322.080662][ T4333] bridge_slave_0: left promiscuous mode
[  322.094977][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.207233][ T5838] Bluetooth: hci4: command tx timeout
[  322.679081][ T4333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  322.692863][ T4333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  322.695436][T13080] /dev/rnullb0: Can't lookup blockdev
[  322.712113][ T4333] bond0 (unregistering): Released all slaves
[  322.759323][T12987] team0: Port device team_slave_0 added
[  322.838242][T12987] team0: Port device team_slave_1 added
[  322.914605][ T4333] IPVS: stopping master sync thread 12895 ...
[  322.968280][T12987] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.994585][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.053904][T12987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  323.140065][T12987] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.161345][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.198087][T12987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.392979][T13100] fuse: Bad value for 'fd'
[  323.612636][T12987] hsr_slave_0: entered promiscuous mode
[  323.668360][T12987] hsr_slave_1: entered promiscuous mode
[  323.695251][T12987] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  323.712933][T12987] Cannot create hsr debugfs directory
[  323.757354][ T4333] hsr_slave_0: left promiscuous mode
[  323.763583][ T4333] hsr_slave_1: left promiscuous mode
[  323.771027][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.793556][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.810770][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  323.841217][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  323.883623][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  323.893377][ T4333] veth1_macvtap: left promiscuous mode
[  323.893489][ T4333] veth0_macvtap: left promiscuous mode
[  323.893597][ T4333] veth1_vlan: left promiscuous mode
[  323.893631][ T4333] veth0_vlan: left promiscuous mode
[  324.042732][   T30] audit: type=1326 audit(1751303977.812:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13124 comm="syz.3.2498" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8761d8e929 code=0x0
[  324.102227][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  324.160953][T13133] loop3: detected capacity change from 0 to 1
[  324.200413][T13133] Dev loop3: unable to read RDB block 1
[  324.211343][T13133]  loop3: unable to read partition table
[  324.218941][T13133] loop3: partition table beyond EOD, truncated
[  324.225556][T13133] loop_reread_partitions: partition scan of loop3 (�被x������ ������) failed (rc=-5)
[  324.261258][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/198.tmp-b7:3' failed: Read-only file system
[  324.276467][ T5838] Bluetooth: hci4: command tx timeout
[  324.309060][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  324.347183][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/198.tmp-b7:3' failed: Read-only file system
[  324.411114][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/198.tmp-b7:3' failed: Read-only file system
[  324.585610][T13138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2501'.
[  324.943344][ T4333] team0 (unregistering): Port device team_slave_1 removed
[  324.991420][ T4333] team0 (unregistering): Port device team_slave_0 removed
[  325.056784][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  325.565906][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  325.659813][T13155] can0: slcan on ttyS3.
[  325.725783][T13152] can0 (unregistered): slcan off ttyS3.
[  325.878992][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  326.058156][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/197.tmp-b7:1' failed: Read-only file system
[  326.132906][ T4333] IPVS: stop unused estimator thread 0...
[  326.133449][T13171] loop1: detected capacity change from 0 to 7
[  326.164721][ T5840] Dev loop1: unable to read RDB block 7
[  326.170727][ T5840]  loop1: unable to read partition table
[  326.198875][ T5840] loop1: partition table beyond EOD, truncated
[  326.222262][T13171] Dev loop1: unable to read RDB block 7
[  326.247634][T13171]  loop1: unable to read partition table
[  326.253696][T13171] loop1: partition table beyond EOD, truncated
[  326.264234][T13171] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  326.264234][T13171] 
) failed (rc=-5)
[  326.353915][ T5838] Bluetooth: hci4: command tx timeout
[  326.475248][T13182] FAULT_INJECTION: forcing a failure.
[  326.475248][T13182] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.491181][T13182] CPU: 1 UID: 0 PID: 13182 Comm: syz.1.2513 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  326.491211][T13182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.491223][T13182] Call Trace:
[  326.491232][T13182]  <TASK>
[  326.491241][T13182]  dump_stack_lvl+0x189/0x250
[  326.491269][T13182]  ? __pfx____ratelimit+0x10/0x10
[  326.491291][T13182]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.491309][T13182]  ? __pfx__printk+0x10/0x10
[  326.491326][T13182]  ? __might_fault+0xb0/0x130
[  326.491352][T13182]  should_fail_ex+0x414/0x560
[  326.491379][T13182]  _copy_to_iter+0x1db/0x16f0
[  326.491413][T13182]  ? __pfx_filemap_get_pages+0x10/0x10
[  326.491434][T13182]  ? __pfx__copy_to_iter+0x10/0x10
[  326.491453][T13182]  ? folio_mark_accessed+0x3d8/0x8b0
[  326.491476][T13182]  ? __pfx_folio_mark_accessed+0x10/0x10
[  326.491497][T13182]  ? page_copy_sane+0x4e/0x280
[  326.491519][T13182]  copy_page_to_iter+0x10c/0x1c0
[  326.491542][T13182]  filemap_read+0xa18/0x11a0
[  326.491561][T13182]  ? aa_file_perm+0x13e/0x11b0
[  326.491595][T13182]  ? __pfx_filemap_read+0x10/0x10
[  326.491635][T13182]  ? end_current_label_crit_section+0x152/0x180
[  326.491656][T13182]  ? down_read+0x1ad/0x2e0
[  326.491679][T13182]  blkdev_read_iter+0x30a/0x440
[  326.491701][T13182]  vfs_read+0x4cd/0x980
[  326.491726][T13182]  ? __pfx_vfs_read+0x10/0x10
[  326.491752][T13182]  ? __fget_files+0x2a/0x420
[  326.491779][T13182]  ksys_read+0x145/0x250
[  326.491799][T13182]  ? __pfx_ksys_read+0x10/0x10
[  326.491814][T13182]  ? rcu_is_watching+0x15/0xb0
[  326.491834][T13182]  ? do_syscall_64+0xbe/0x3b0
[  326.491855][T13182]  do_syscall_64+0xfa/0x3b0
[  326.491873][T13182]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.491890][T13182]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.491906][T13182]  ? clear_bhb_loop+0x60/0xb0
[  326.491924][T13182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.491939][T13182] RIP: 0033:0x7f8a6178e929
[  326.491955][T13182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.491969][T13182] RSP: 002b:00007f8a625a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  326.491988][T13182] RAX: ffffffffffffffda RBX: 00007f8a619b5fa0 RCX: 00007f8a6178e929
[  326.492003][T13182] RDX: 00000000fffffe5a RSI: 0000200000000100 RDI: 0000000000000004
[  326.492014][T13182] RBP: 00007f8a625a9090 R08: 0000000000000000 R09: 0000000000000000
[  326.492025][T13182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.492036][T13182] R13: 0000000000000000 R14: 00007f8a619b5fa0 R15: 00007ffc9c2f6fb8
[  326.492062][T13182]  </TASK>
[  326.748603][    C1] vkms_vblank_simulate: vblank timer overrun
[  327.095989][T12987] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  327.129626][T12987] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  327.162128][T12987] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  327.205651][T12987] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  327.357558][T13207] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2520'.
[  327.380188][T13203] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2520'.
[  327.518274][T13223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2521'.
[  327.534645][T12987] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.582073][T12987] 8021q: adding VLAN 0 to HW filter on device team0
[  327.632194][ T6623] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.639425][ T6623] bridge0: port 1(bridge_slave_0) entered forwarding state
[  327.724285][ T6623] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.731451][ T6623] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.250164][T13251] XFS (rnullb0): Invalid superblock magic number
[  328.434187][ T5838] Bluetooth: hci4: command tx timeout
[  328.550011][T12987] 8021q: adding VLAN 0 to HW filter on device batadv0
[  328.592556][T13265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2532'.
[  328.715016][T12987] veth0_vlan: entered promiscuous mode
[  328.763704][T12987] veth1_vlan: entered promiscuous mode
[  328.900828][T12987] veth0_macvtap: entered promiscuous mode
[  328.964763][T12987] veth1_macvtap: entered promiscuous mode
[  328.989558][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  329.009879][T12987] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.056447][T12987] batman_adv: batadv0: Interface activated: batadv_slave_1
[  329.084919][ T6619] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.108790][ T6619] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.130688][ T6619] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.166350][ T6619] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.360840][ T6619] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.407647][ T6619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.491246][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  329.514134][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.532445][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.534828][T13298] loop3: detected capacity change from 0 to 1
[  329.556194][ T5840] Dev loop3: unable to read RDB block 1
[  329.562978][ T5840]  loop3: unable to read partition table
[  329.591963][ T5840] loop3: partition table beyond EOD, truncated
[  329.629300][T13298] Dev loop3: unable to read RDB block 1
[  329.637058][T13298]  loop3: unable to read partition table
[  329.661327][T13298] loop3: partition table beyond EOD, truncated
[  329.693984][T13298] loop_reread_partitions: partition scan of loop3 (�被x������ ������) failed (rc=-5)
[  329.722316][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  329.736926][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/203.tmp-b7:3' failed: Read-only file system
[  329.790766][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/203.tmp-b7:3' failed: Read-only file system
[  329.841620][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/203.tmp-b7:3' failed: Read-only file system
[  329.876869][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  329.963950][   T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  330.080698][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  330.137590][   T10] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  330.156878][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.178174][   T10] usb 3-1: Product: syz
[  330.201806][   T10] usb 3-1: Manufacturer: syz
[  330.214830][   T10] usb 3-1: SerialNumber: syz
[  330.221269][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  330.256101][   T10] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  330.392236][ T5902] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  330.422130][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/201.tmp-b7:1' failed: Read-only file system
[  330.777927][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  330.800601][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  330.820043][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  330.837317][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  330.848157][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  330.901481][T13328] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2546'.
[  331.126599][T13337] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  331.135614][T13337] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  331.249475][ T4333] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.370074][ T4333] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.495657][ T5902] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  331.503097][ T5902] ath9k_htc: Failed to initialize the device
[  331.523293][ T4333] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.567686][ T5902] usb 3-1: ath9k_htc: USB layer deinitialized
[  331.709319][ T4333] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.812071][T13324] chnl_net:caif_netlink_parms(): no params data found
[  331.942573][T13366] loop3: detected capacity change from 0 to 1
[  331.973464][T13366] Dev loop3: unable to read RDB block 1
[  331.983896][T13366]  loop3: unable to read partition table
[  331.993247][T13366] loop3: partition table beyond EOD, truncated
[  332.004884][T13366] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  332.123472][T13324] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.133223][T13324] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.141907][T13324] bridge_slave_0: entered allmulticast mode
[  332.159925][T13324] bridge_slave_0: entered promiscuous mode
[  332.183910][T13324] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.191151][T13324] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.208479][T13324] bridge_slave_1: entered allmulticast mode
[  332.235663][T13324] bridge_slave_1: entered promiscuous mode
[  332.268830][ T4333] bridge_slave_1: left allmulticast mode
[  332.279469][ T4333] bridge_slave_1: left promiscuous mode
[  332.285928][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.299174][ T4333] bridge_slave_0: left allmulticast mode
[  332.305438][ T4333] bridge_slave_0: left promiscuous mode
[  332.311417][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.746349][T13385] loop1: detected capacity change from 0 to 7
[  332.762111][ T5840] Dev loop1: unable to read RDB block 7
[  332.763578][ T5902] usb 3-1: USB disconnect, device number 32
[  332.775869][ T5840]  loop1: unable to read partition table
[  332.794073][ T5840] loop1: partition table beyond EOD, truncated
[  332.813688][T13385] Dev loop1: unable to read RDB block 7
[  332.823456][T13385]  loop1: unable to read partition table
[  332.835083][T13385] loop1: partition table beyond EOD, truncated
[  332.841942][T13385] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  332.841942][T13385] 
) failed (rc=-5)
[  332.914218][ T5842] Bluetooth: hci1: command tx timeout
[  333.167633][ T4333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  333.181341][ T4333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  333.199177][ T4333] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  333.218052][ T4333] bond0 (unregistering): Released all slaves
[  333.309101][T13387] can0: slcan on ttyS3.
[  333.318140][T13324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  333.376393][T13324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  333.535049][T13386] can0 (unregistered): slcan off ttyS3.
[  333.747941][T13324] team0: Port device team_slave_0 added
[  333.813305][T13324] team0: Port device team_slave_1 added
[  334.147603][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/208.tmp-b7:1' failed: Read-only file system
[  334.173295][ T4333] hsr_slave_0: left promiscuous mode
[  334.190289][ T4333] hsr_slave_1: left promiscuous mode
[  334.218561][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.234461][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  334.258165][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.277712][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  334.316689][ T4333] veth1_macvtap: left promiscuous mode
[  334.325450][ T4333] veth0_macvtap: left promiscuous mode
[  334.331429][ T4333] veth1_vlan: left promiscuous mode
[  334.339264][ T4333] veth0_vlan: left promiscuous mode
[  334.640161][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  334.804769][T13438] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2569'.
[  335.000019][ T5842] Bluetooth: hci1: command 0x041b tx timeout
[  335.064087][ T4333] team0 (unregistering): Port device team_slave_1 removed
[  335.114210][ T4333] team0 (unregistering): Port device team_slave_0 removed
[  335.179486][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  335.282581][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  335.381965][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  335.506694][ T4333] batadv0 (unregistering): left allmulticast mode
[  335.725467][T13324] batman_adv: batadv0: Adding interface: batadv_slave_0
[  335.732527][T13324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.759903][T13324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  335.831562][T13324] batman_adv: batadv0: Adding interface: batadv_slave_1
[  335.853224][T13324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.885964][T13324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  335.949960][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  335.970379][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/208.tmp-b7:1' failed: Read-only file system
[  336.100829][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/208.tmp-b7:1' failed: Read-only file system
[  336.110222][T13463] NILFS (rnullb0): couldn't find nilfs on the device
[  336.138466][T13324] hsr_slave_0: entered promiscuous mode
[  336.148839][T13324] hsr_slave_1: entered promiscuous mode
[  336.160288][T13324] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  336.174531][T13324] Cannot create hsr debugfs directory
[  336.337477][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  336.527270][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/208.tmp-b7:1' failed: Read-only file system
[  336.821250][ T4333] IPVS: stop unused estimator thread 0...
[  337.063433][T13499] loop1: detected capacity change from 0 to 7
[  337.081308][T13499] Dev loop1: unable to read RDB block 7
[  337.087256][ T5842] Bluetooth: hci1: command 0x041b tx timeout
[  337.107352][T13499]  loop1: unable to read partition table
[  337.118482][T13499] loop1: partition table beyond EOD, truncated
[  337.125406][T13499] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  337.125406][T13499] 
) failed (rc=-5)
[  337.307622][T13508] syz.1.2590: attempt to access beyond end of device
[  337.307622][T13508] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  337.552388][T13324] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  337.573152][T13324] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  337.590559][T13324] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  337.602028][T13324] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  337.733921][ T5888] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  337.779714][T13324] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.847813][T13324] 8021q: adding VLAN 0 to HW filter on device team0
[  337.897160][ T6629] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.897372][ T5888] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  337.904354][ T6629] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.958572][ T4333] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.965781][ T4333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  338.003889][ T5888] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  338.033961][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  338.050832][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  338.064686][ T5888] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  338.086971][ T5888] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  338.087000][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  338.087020][ T5888] usb 2-1: Product: syz
[  338.087033][ T5888] usb 2-1: Manufacturer: syz
[  338.087047][ T5888] usb 2-1: SerialNumber: syz
[  338.134519][ T5888] usb 2-1: config 0 descriptor??
[  338.358635][ T5888] radio-si470x 2-1:0.0: DeviceID=0x5225 ChipID=0x50ba
[  338.558950][T13550] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2598'.
[  338.559779][ T5888] radio-si470x 2-1:0.0: software version 82, hardware version 37
[  338.627181][T13324] 8021q: adding VLAN 0 to HW filter on device batadv0
[  338.739691][T13324] veth0_vlan: entered promiscuous mode
[  338.765942][T13324] veth1_vlan: entered promiscuous mode
[  338.783061][ T5888] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  338.813462][ T5888] radio-si470x 2-1:0.0: submitting int urb failed (-90)
[  338.841814][ T5888] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  338.863308][ T5888] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[  338.879111][T13324] veth0_macvtap: entered promiscuous mode
[  338.920145][ T5888] usb 2-1: USB disconnect, device number 39
[  338.946045][T13324] veth1_macvtap: entered promiscuous mode
[  339.029481][T13324] batman_adv: batadv0: Interface activated: batadv_slave_0
[  339.069937][T13324] batman_adv: batadv0: Interface activated: batadv_slave_1
[  339.096110][ T6623] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  339.116735][ T6623] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  339.142229][ T6623] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  339.155525][ T5838] Bluetooth: hci1: command 0x041b tx timeout
[  339.176120][ T6623] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  339.352339][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.378267][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.425831][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  339.480220][ T6625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.503526][ T6625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.598981][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  339.641486][T13584] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2606'.
[  339.725449][T13586] ./file0: Can't lookup blockdev
[  340.019908][T13597] /dev/rnullb0: Can't lookup blockdev
[  340.085957][T13600] netlink: 'syz.3.2609': attribute type 4 has an invalid length.
[  340.305658][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  340.469955][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  340.509489][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  340.523457][T13614] overlay: ./file0 is not a directory
[  340.541091][T13616] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2614'.
[  340.659275][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  340.724894][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  340.764486][T13627] ALSA: mixer_oss: invalid OSS volume ''
[  340.932496][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  341.029593][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  341.151273][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  341.236135][ T5838] Bluetooth: hci1: command 0x041b tx timeout
[  341.327023][   T30] audit: type=1326 audit(1751303995.102:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13647 comm="syz.2.2624" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbeac98e929 code=0x0
[  341.348685][    C1] vkms_vblank_simulate: vblank timer overrun
[  342.216417][T13697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2638'.
[  342.267762][T13703] qnx4: no qnx4 filesystem (no root dir).
[  342.395569][T13708] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  342.413300][T13708] UDF-fs: Scanning with blocksize 4096 failed
[  342.708161][T13724] loop3: detected capacity change from 0 to 1
[  342.734925][T13724] Dev loop3: unable to read RDB block 1
[  342.749307][T13724]  loop3: unable to read partition table
[  342.772007][T13724] loop3: partition table beyond EOD, truncated
[  342.789829][T13724] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  343.254353][   T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  343.307592][T13751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2659'.
[  343.318343][ T5838] Bluetooth: hci1: command 0x041b tx timeout
[  343.423828][   T10] usb 2-1: Using ep0 maxpacket: 16
[  343.500447][T13755] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  343.510984][T13755] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  343.584667][T13737] qnx4: no qnx4 filesystem (no root dir).
[  343.714618][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  343.726806][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[  343.741372][   T10] usb 2-1: can't read configurations, error -71
[  343.823425][T13768] 9pnet_fd: Insufficient options for proto=fd
[  343.920988][T13769] sp0: Synchronizing with TNC
[  343.966294][T13745] orangefs_mount: mount request failed with -4
[  344.626916][T13801] /dev/rnullb0: Can't lookup blockdev
[  344.728279][   T30] audit: type=1804 audit(1751303998.502:18): pid=13805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2682" name="/newroot/22/cgroup.controllers" dev="tmpfs" ino=134 res=1 errno=0
[  344.750544][    C1] vkms_vblank_simulate: vblank timer overrun
[  344.758845][   T30] audit: type=1800 audit(1751303998.502:19): pid=13805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2682" name="cgroup.controllers" dev="tmpfs" ino=134 res=0 errno=0
[  344.774996][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  344.944346][   T10] usb 2-1: Using ep0 maxpacket: 32
[  344.951456][   T10] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  344.962939][   T10] usb 2-1: config 0 has no interface number 0
[  344.972763][   T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  344.986130][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.996160][   T10] usb 2-1: Product: syz
[  345.000349][   T10] usb 2-1: Manufacturer: syz
[  345.005590][   T10] usb 2-1: SerialNumber: syz
[  345.016207][   T10] usb 2-1: config 0 descriptor??
[  345.028582][   T10] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  345.168857][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  345.238072][   T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  345.258576][   T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  345.393948][T13828] netlink: 'syz.3.2692': attribute type 3 has an invalid length.
[  345.434383][ T5902] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  345.603873][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  345.617134][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.627764][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  345.639608][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  345.646324][ T5888] usb 2-1: USB disconnect, device number 41
[  345.649404][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  345.683464][ T5902] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  345.689656][ T5888] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  345.701837][ T5902] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  345.721742][ T5888] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  345.746060][ T5902] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  345.757506][ T5888] quatech2 2-1:0.51: device disconnected
[  345.766246][ T5902] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  345.782973][ T5902] usb 3-1: Manufacturer: syz
[  345.797890][ T5902] usb 3-1: config 0 descriptor??
[  346.007034][T13848] could not allocate digest TFM handle cbcmac-aes-ce
[  346.130325][ T5902] rc_core: IR keymap rc-hauppauge not found
[  346.134894][T13860] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2699'.
[  346.136422][ T5902] Registered IR keymap rc-empty
[  346.156719][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.184643][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.207437][ T5902] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  346.224699][T13862] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2700'.
[  346.238279][ T5902] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input19
[  346.243226][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  346.280916][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.314554][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.333942][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.354039][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.374067][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.393923][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.414744][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.438969][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.463943][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.473888][  T979] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  346.493914][ T5902] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  346.546031][ T5902] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  346.560998][ T5902] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  346.635979][  T979] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  346.645819][  T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.664878][  T979] usb 1-1: config 0 descriptor??
[  346.689507][  T979] gspca_main: cpia1-2.14.0 probing 0813:0001
[  346.999565][  T979] gspca_cpia1: usb_control_msg 05, error -71
[  347.009478][  T979] gspca_cpia1: usb_control_msg 01, error -71
[  347.019144][  T979] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  347.030168][  T979] usb 1-1: USB disconnect, device number 72
[  347.210116][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  347.231749][T13872] hpfs: Bad magic ... probably not HPFS
[  347.292395][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  347.362514][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  347.470858][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  347.503336][   T30] audit: type=1326 audit(1751304001.272:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13881 comm="syz.3.2708" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8761d8e929 code=0x0
[  347.724774][  T979] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  347.903924][   T43] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  347.914951][  T979] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  347.927593][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.936205][  T979] usb 2-1: Product: syz
[  347.940512][  T979] usb 2-1: Manufacturer: syz
[  347.950669][  T979] usb 2-1: SerialNumber: syz
[  347.975442][  T979] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  347.994910][ T5902] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  348.058361][   T43] usb 1-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  348.070927][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.082438][   T43] usb 1-1: config 0 descriptor??
[  348.096016][   T43] gspca_main: mars-2.14.0 probing 093a:050f
[  348.216000][   T43] usb 3-1: USB disconnect, device number 33
[  348.273418][ T7296] udevd[7296]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  348.309589][T13906] loop3: detected capacity change from 0 to 1
[  348.320930][T13906] Dev loop3: unable to read RDB block 1
[  348.334210][T13906]  loop3: unable to read partition table
[  348.340138][T13906] loop3: partition table beyond EOD, truncated
[  348.354102][T13906] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  348.369977][ T5846] udevd[5846]: symlink '../../loop3' '/dev/disk/by-diskseq/213.tmp-b7:3' failed: Read-only file system
[  348.403140][T13880] Mount JFS Failure: -22
[  348.420311][ T5888] usb 2-1: USB disconnect, device number 42
[  348.433627][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/213.tmp-b7:3' failed: Read-only file system
[  348.469607][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  348.539153][T13908] XFS (rnullb0): Invalid superblock magic number
[  348.720079][T13889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2710'.
[  348.769378][T13921] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2719'.
[  348.782964][T13921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2719'.
[  348.798429][T13917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.816004][T13917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  348.837754][   T43] usb 1-1: USB disconnect, device number 73
[  349.075501][ T5902] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  349.088088][ T5902] ath9k_htc: Failed to initialize the device
[  349.096299][ T5888] usb 2-1: ath9k_htc: USB layer deinitialized
[  349.394419][ T5888] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  349.566134][ T5888] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  349.586267][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.622671][ T5888] usb 2-1: config 0 descriptor??
[  349.640158][ T5888] cp210x 2-1:0.0: cp210x converter detected
[  349.647220][T13946] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2731'.
[  349.669584][T13948] vxfs: WRONG superblock magic 00000000 at 1
[  349.678721][T13948] vxfs: WRONG superblock magic 00000000 at 8
[  349.687960][T13948] vxfs: can't find superblock.
[  349.742542][T13952] FAULT_INJECTION: forcing a failure.
[  349.742542][T13952] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.761723][T13952] CPU: 0 UID: 0 PID: 13952 Comm: syz.2.2734 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  349.761753][T13952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  349.761766][T13952] Call Trace:
[  349.761774][T13952]  <TASK>
[  349.761783][T13952]  dump_stack_lvl+0x189/0x250
[  349.761812][T13952]  ? __pfx____ratelimit+0x10/0x10
[  349.761834][T13952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.761854][T13952]  ? __pfx__printk+0x10/0x10
[  349.761888][T13952]  should_fail_ex+0x414/0x560
[  349.761918][T13952]  _copy_to_user+0x31/0xb0
[  349.761938][T13952]  simple_read_from_buffer+0xe1/0x170
[  349.761965][T13952]  proc_fail_nth_read+0x1df/0x250
[  349.761994][T13952]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.762021][T13952]  ? rw_verify_area+0x258/0x650
[  349.762040][T13952]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  349.762066][T13952]  vfs_read+0x1fd/0x980
[  349.762091][T13952]  ? __pfx___mutex_lock+0x10/0x10
[  349.762113][T13952]  ? __pfx_vfs_read+0x10/0x10
[  349.762134][T13952]  ? __fget_files+0x2a/0x420
[  349.762169][T13952]  ? __fget_files+0x3a0/0x420
[  349.762190][T13952]  ? __fget_files+0x2a/0x420
[  349.762221][T13952]  ksys_read+0x145/0x250
[  349.762239][T13952]  ? __fget_files+0x2a/0x420
[  349.762262][T13952]  ? __pfx_ksys_read+0x10/0x10
[  349.762288][T13952]  ? do_syscall_64+0xbe/0x3b0
[  349.762313][T13952]  do_syscall_64+0xfa/0x3b0
[  349.762333][T13952]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.762354][T13952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.762372][T13952]  ? clear_bhb_loop+0x60/0xb0
[  349.762393][T13952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.762411][T13952] RIP: 0033:0x7fbeac98d33c
[  349.762429][T13952] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  349.762444][T13952] RSP: 002b:00007fbead774030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  349.762464][T13952] RAX: ffffffffffffffda RBX: 00007fbeacbb5fa0 RCX: 00007fbeac98d33c
[  349.762478][T13952] RDX: 000000000000000f RSI: 00007fbead7740a0 RDI: 0000000000000005
[  349.762488][T13952] RBP: 00007fbead774090 R08: 0000000000000000 R09: 0000000000000000
[  349.762499][T13952] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  349.762510][T13952] R13: 0000000000000000 R14: 00007fbeacbb5fa0 R15: 00007ffe91f95148
[  349.762539][T13952]  </TASK>
[  350.024054][ T5888] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -121
[  350.031688][ T5888] cp210x 2-1:0.0: querying part number failed
[  350.069115][ T5888] usb 2-1: cp210x converter now attached to ttyUSB0
[  350.198055][T13958] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  350.216539][T13958] loop4: detected capacity change from 0 to 524255232
[  350.225256][ T5902] usb 2-1: USB disconnect, device number 43
[  350.241638][ T5902] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  350.250149][ T5902] cp210x 2-1:0.0: device disconnected
[  350.458950][T13967] kvm: MONITOR instruction emulated as NOP!
[  350.488893][ T5839] udevd[5839]: symlink '../../loop4' '/dev/disk/by-diskseq/215.tmp-b7:4' failed: Read-only file system
[  350.548128][ T5840] udevd[5840]: symlink '../../loop4' '/dev/disk/by-diskseq/215.tmp-b7:4' failed: Read-only file system
[  350.562167][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  350.570609][ T5840] udevd[5840]: symlink '../../loop4' '/dev/disk/by-diskseq/215.tmp-b7:4' failed: Read-only file system
[  350.672396][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  350.738684][T13976] XFS (rnullb0): Invalid superblock magic number
[  350.789815][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  350.803384][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  351.124227][T13996] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2750'.
[  351.279880][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/210.tmp-b7:1' failed: Read-only file system
[  351.347571][T14001] loop1: detected capacity change from 0 to 7
[  351.358976][ T5840] Dev loop1: unable to read RDB block 7
[  351.367725][ T5840]  loop1: unable to read partition table
[  351.373649][ T5840] loop1: partition table beyond EOD, truncated
[  351.381450][T14001] Dev loop1: unable to read RDB block 7
[  351.397256][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  351.408675][T14001]  loop1: unable to read partition table
[  351.420620][T14001] loop1: partition table beyond EOD, truncated
[  351.430320][T14001] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  351.430320][T14001] 
) failed (rc=-5)
[  351.474366][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/217.tmp-b7:1' failed: Read-only file system
[  351.524962][T14007] hfs: can't find a HFS filesystem on dev rnullb0
[  351.609023][   T30] audit: type=1326 audit(1751304005.372:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14008 comm="syz.2.2757" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbeac98e929 code=0x0
[  351.675918][   T30] audit: type=1326 audit(1751304005.422:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14008 comm="syz.2.2757" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbeac98e929 code=0x0
[  352.542712][T14047] netlink: 588 bytes leftover after parsing attributes in process `syz.1.2768'.
[  352.598687][T14050] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2768'.
[  352.622510][T14055] netlink: 'syz.2.2770': attribute type 1 has an invalid length.
[  352.630498][T14055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2770'.
[  352.784281][T14062] vxfs: WRONG superblock magic 00000000 at 1
[  352.790369][T14062] vxfs: WRONG superblock magic 00000000 at 8
[  352.818154][T14062] vxfs: can't find superblock.
[  352.844321][T14067] vxfs: WRONG superblock magic 00000000 at 1
[  352.858232][T14067] vxfs: WRONG superblock magic 00000000 at 8
[  352.868234][T14067] vxfs: can't find superblock.
[  352.884239][ T5881] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  352.978401][T14074] loop3: detected capacity change from 0 to 1
[  352.986642][T14074] Dev loop3: unable to read RDB block 1
[  352.992259][T14074]  loop3: unable to read partition table
[  353.005357][T14074] loop3: partition table beyond EOD, truncated
[  353.011650][T14074] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  353.043052][ T5881] usb 3-1: config 0 has an invalid interface number: 74 but max is 0
[  353.064254][ T5881] usb 3-1: config 0 has no interface number 0
[  353.086015][ T5881] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice= 9.99
[  353.099279][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.122224][ T5881] usb 3-1: Product: syz
[  353.131699][ T5881] usb 3-1: Manufacturer: syz
[  353.147062][ T5881] usb 3-1: SerialNumber: syz
[  353.167043][ T5881] usb 3-1: config 0 descriptor??
[  354.073959][   T43] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  354.254737][   T43] usb 1-1: Using ep0 maxpacket: 16
[  354.277192][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.301093][T14116] binder: 14114:14116 ioctl 40046210 0 returned -14
[  354.305110][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.336644][   T43] usb 1-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  354.356949][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.377524][   T43] usb 1-1: config 0 descriptor??
[  354.809554][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2797'.
[  354.856012][T14134] /dev/rnullb0: Can't open blockdev
[  354.881388][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  354.888543][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  354.902000][   T43] usb 1-1: USB disconnect, device number 74
[  355.041018][T14140] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2799'.
[  355.041018][T14141] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2799'.
[  355.064679][T14141] /dev/rnullb0: Can't open blockdev
[  355.070113][T14140] /dev/rnullb0: Can't open blockdev
[  355.104285][   T30] audit: type=1804 audit(1751304008.872:23): pid=14143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2800" name="rnullb0" dev="tmpfs" ino=1298 res=1 errno=0
[  355.227305][T14145] netlink: 892 bytes leftover after parsing attributes in process `syz.3.2800'.
[  355.547898][T14153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2803'.
[  355.623515][T14161] sctp: [Deprecated]: syz.3.2807 (pid 14161) Use of int in maxseg socket option.
[  355.623515][T14161] Use struct sctp_assoc_value instead
[  355.669480][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  355.725740][T14163] loop1: detected capacity change from 0 to 7
[  355.736412][T14163] Dev loop1: unable to read RDB block 7
[  355.742665][T14163]  loop1: unable to read partition table
[  355.752736][T14163] loop1: partition table beyond EOD, truncated
[  355.759857][T14163] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[  355.759857][T14163] 
) failed (rc=-5)
[  355.790767][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/218.tmp-b7:1' failed: Read-only file system
[  355.842808][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/221.tmp-b7:1' failed: Read-only file system
[  355.916526][ T7296] udevd[7296]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  355.918922][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/221.tmp-b7:1' failed: Read-only file system
[  355.985763][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/221.tmp-b7:1' failed: Read-only file system
[  356.064333][ T7296] udevd[7296]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  356.180118][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  356.230860][ T7296] udevd[7296]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  356.383551][ T5846] udevd[5846]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  357.304076][T14209] loop3: detected capacity change from 0 to 1
[  357.321456][T14209] Dev loop3: unable to read RDB block 1
[  357.333912][T14209]  loop3: unable to read partition table
[  357.352791][T14209] loop3: partition table beyond EOD, truncated
[  357.374046][T14209] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  358.207869][ T5881] f81534a_ctrl 3-1:0.74: failed to set register 0x116: -5
[  358.217281][ T5881] f81534a_ctrl 3-1:0.74: failed to enable ports: -5
[  358.236200][ T5881] f81534a_ctrl 3-1:0.74: probe with driver f81534a_ctrl failed with error -5
[  358.404744][T14232] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  358.434936][T14232] /dev/rnullb0: Can't open blockdev
[  358.478334][T14232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.509067][T14232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.733955][   T30] audit: type=1326 audit(1751304012.492:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  358.781593][   T30] audit: type=1326 audit(1751304012.492:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  358.853903][   T30] audit: type=1326 audit(1751304012.502:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  358.886552][   T30] audit: type=1326 audit(1751304012.502:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  358.969188][   T30] audit: type=1326 audit(1751304012.502:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  359.043041][   T30] audit: type=1326 audit(1751304012.502:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  359.132201][   T30] audit: type=1326 audit(1751304012.502:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  359.213277][   T30] audit: type=1326 audit(1751304012.502:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  359.290730][   T30] audit: type=1326 audit(1751304012.502:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14247 comm="syz.3.2840" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8761d8e929 code=0x7ffc0000
[  359.648738][T14266] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2849'.
[  360.258354][T14290] sctp: [Deprecated]: syz.0.2857 (pid 14290) Use of int in max_burst socket option.
[  360.258354][T14290] Use struct sctp_assoc_value instead
[  360.357758][T14293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  360.388964][T14293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  360.706204][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  360.817033][T14315] /dev/rnullb0: Can't open blockdev
[  360.841186][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  360.993861][T14324] loop3: detected capacity change from 0 to 1
[  361.025986][T14324] Dev loop3: unable to read RDB block 1
[  361.031607][T14324]  loop3: unable to read partition table
[  361.044141][T14324] loop3: partition table beyond EOD, truncated
[  361.045091][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  361.050368][T14324] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  361.087643][ T5846] udevd[5846]: symlink '../../loop3' '/dev/disk/by-diskseq/225.tmp-b7:3' failed: Read-only file system
[  361.126555][ T7296] udevd[7296]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  361.171627][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/225.tmp-b7:3' failed: Read-only file system
[  361.228482][ T5840] udevd[5840]: symlink '../../loop3' '/dev/disk/by-diskseq/225.tmp-b7:3' failed: Read-only file system
[  361.303200][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  361.429145][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  361.564866][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  361.622490][T14347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  361.653322][T14347] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  362.058259][   T43] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  362.119170][T14368] sctp: [Deprecated]: syz.1.2891 (pid 14368) Use of struct sctp_assoc_value in delayed_ack socket option.
[  362.119170][T14368] Use struct sctp_sack_info instead
[  362.214075][   T43] usb 1-1: Using ep0 maxpacket: 32
[  362.222189][   T43] usb 1-1: config 4 has an invalid interface number: 128 but max is 0
[  362.231134][   T43] usb 1-1: config 4 has no interface number 0
[  362.237666][   T43] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  362.249208][   T43] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  362.259984][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  362.270362][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.288131][   T43] hub 1-1:4.128: USB hub found
[  362.367090][T14375] FAULT_INJECTION: forcing a failure.
[  362.367090][T14375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.393907][T14375] CPU: 0 UID: 0 PID: 14375 Comm: syz.2.2893 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  362.393962][T14375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  362.393975][T14375] Call Trace:
[  362.393985][T14375]  <TASK>
[  362.393996][T14375]  dump_stack_lvl+0x189/0x250
[  362.394029][T14375]  ? __pfx____ratelimit+0x10/0x10
[  362.394053][T14375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.394068][T14375]  ? __pfx__printk+0x10/0x10
[  362.394088][T14375]  ? __might_fault+0xb0/0x130
[  362.394114][T14375]  should_fail_ex+0x414/0x560
[  362.394149][T14375]  _copy_from_user+0x2d/0xb0
[  362.394177][T14375]  memdup_user+0x5e/0xd0
[  362.394204][T14375]  strndup_user+0x68/0xd0
[  362.394228][T14375]  __se_sys_mount+0x9c/0x410
[  362.394255][T14375]  ? ksys_write+0x22a/0x250
[  362.394280][T14375]  ? __pfx___se_sys_mount+0x10/0x10
[  362.394299][T14375]  ? rcu_is_watching+0x15/0xb0
[  362.394318][T14375]  ? do_syscall_64+0xbe/0x3b0
[  362.394337][T14375]  ? __x64_sys_mount+0x20/0xc0
[  362.394362][T14375]  do_syscall_64+0xfa/0x3b0
[  362.394383][T14375]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.394408][T14375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.394424][T14375]  ? clear_bhb_loop+0x60/0xb0
[  362.394437][T14375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.394448][T14375] RIP: 0033:0x7fbeac98e929
[  362.394459][T14375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.394469][T14375] RSP: 002b:00007fbead774038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  362.394485][T14375] RAX: ffffffffffffffda RBX: 00007fbeacbb5fa0 RCX: 00007fbeac98e929
[  362.394499][T14375] RDX: 0000200000000100 RSI: 0000200000000080 RDI: 0000200000000000
[  362.394511][T14375] RBP: 00007fbead774090 R08: 0000000000000000 R09: 0000000000000000
[  362.394523][T14375] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[  362.394535][T14375] R13: 0000000000000000 R14: 00007fbeacbb5fa0 R15: 00007ffe91f95148
[  362.394564][T14375]  </TASK>
[  362.776723][ T5888] IPVS: starting estimator thread 0...
[  362.883887][T14382] IPVS: using max 27 ests per chain, 64800 per kthread
[  363.064262][T14387] loop3: detected capacity change from 0 to 1
[  363.074372][T14387] Dev loop3: unable to read RDB block 1
[  363.080643][T14387]  loop3: unable to read partition table
[  363.087088][T14387] loop3: partition table beyond EOD, truncated
[  363.094563][T14387] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  363.661349][T14401] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2905'.
[  363.813211][T14408] netlink: 'syz.3.2906': attribute type 6 has an invalid length.
[  364.174070][ T5902] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  364.201901][ T5838] Bluetooth: hci0: command tx timeout
[  364.357342][ T5902] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.370841][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.397461][ T5902] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  364.412267][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.423380][ T5902] usb 2-1: Product: syz
[  364.437079][ T5902] usb 2-1: Manufacturer: syz
[  364.451449][ T5902] usb 2-1: SerialNumber: syz
[  364.807938][T14437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.844478][T14437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.853420][T14438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.873694][ T5902] cdc_mbim 2-1:1.0: failed GET_NTB_PARAMETERS
[  364.880073][ T5902] cdc_mbim 2-1:1.0: bind() failure
[  364.906822][ T5902] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  364.921706][ T5902] cdc_ncm 2-1:1.1: bind() failure
[  364.946187][ T5902] usb 2-1: USB disconnect, device number 44
[  364.990854][T14438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.090770][T14441] loop3: detected capacity change from 0 to 1
[  365.101539][T14441] Dev loop3: unable to read RDB block 1
[  365.118321][T14441]  loop3: unable to read partition table
[  365.137624][T14441] loop3: partition table beyond EOD, truncated
[  365.147599][T14441] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  365.333355][T14447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2917'.
[  365.701305][T14460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.737068][T14460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.790305][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  365.919534][ T5840] udevd[5840]: symlink '../../loop1' '/dev/disk/by-diskseq/222.tmp-b7:1' failed: Read-only file system
[  366.053220][   T43] hub 1-1:4.128: config failed, can't read hub descriptor (err -22)
[  366.071271][   T43] ------------[ cut here ]------------
[  366.076891][   T43] WARNING: kernel/workqueue.c:4208 at __flush_work+0xabc/0xbc0, CPU#1: kworker/1:1/43
[  366.087225][   T43] Modules linked in:
[  366.091487][   T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  366.101489][T14480] /dev/rnullb0: Can't open blockdev
[  366.103520][   T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  366.118963][   T43] Workqueue: usb_hub_wq hub_event
[  366.125265][   T43] RIP: 0010:__flush_work+0xabc/0xbc0
[  366.131292][   T43] Code: 01 00 00 75 53 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 60 3d 35 00 90 0f 0b 90 eb a5 e8 55 3d 35 00 90 <0f> 0b 90 31 c0 48 8b 5c 24 18 eb 95 e8 43 3d 35 00 e9 92 fc ff ff
[  366.151743][   T43] RSP: 0018:ffffc90000b36940 EFLAGS: 00010287
[  366.158505][   T43] RAX: ffffffff818ade3b RBX: 1ffff110022ec254 RCX: 0000000000100000
[  366.166567][   T43] RDX: ffffc90017913000 RSI: 0000000000022c6e RDI: 0000000000022c6f
[  366.174696][   T43] RBP: ffffc90000b36b10 R08: ffffffff8fc29737 R09: 1ffffffff1f852e6
[  366.182688][   T43] R10: dffffc0000000000 R11: fffffbfff1f852e7 R12: 0000000000000000
[  366.191187][   T43] R13: ffff8880117612a0 R14: dffffc0000000000 R15: ffff888011761288
[  366.199640][   T43] FS:  0000000000000000(0000) GS:ffff888125ae4000(0000) knlGS:0000000000000000
[  366.208698][   T43] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  366.215393][   T43] CR2: 0000559ae2083168 CR3: 00000000338f8000 CR4: 00000000003526f0
[  366.223395][   T43] Call Trace:
[  366.226765][   T43]  <TASK>
[  366.229724][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.236150][   T43]  ? __pfx___flush_work+0x10/0x10
[  366.241213][   T43]  ? __timer_delete_sync+0x218/0x2d0
[  366.246620][   T43]  ? __pfx___might_resched+0x10/0x10
[  366.251948][   T43]  ? __pfx___timer_delete_sync+0x10/0x10
[  366.257682][   T43]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  366.263367][   T43]  ? flush_delayed_work+0x11d/0x190
[  366.268689][   T43]  flush_delayed_work+0x13e/0x190
[  366.273974][   T43]  ? __pfx_flush_delayed_work+0x10/0x10
[  366.279554][   T43]  ? _dev_err+0x10a/0x160
[  366.283998][   T43]  hub_quiesce+0x1f0/0x330
[  366.288450][   T43]  hub_disconnect+0xc8/0x470
[  366.293634][   T43]  hub_probe+0x132f/0x36e0
[  366.298676][   T43]  ? __pfx_hub_probe+0x10/0x10
[  366.303486][   T43]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  366.309478][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.315866][   T43]  ? ktime_get_mono_fast_ns+0x2af/0x2d0
[  366.321452][   T43]  ? pm_runtime_enable+0x1f3/0x340
[  366.326691][   T43]  usb_probe_interface+0x634/0xbf0
[  366.331855][   T43]  ? __pfx_usb_probe_interface+0x10/0x10
[  366.337573][   T43]  really_probe+0x26d/0x9a0
[  366.342107][   T43]  __driver_probe_device+0x18c/0x2f0
[  366.347509][   T43]  driver_probe_device+0x4f/0x430
[  366.352576][   T43]  __device_attach_driver+0x2ce/0x530
[  366.358161][   T43]  bus_for_each_drv+0x24e/0x2e0
[  366.363052][   T43]  ? __pfx___device_attach_driver+0x10/0x10
[  366.369049][   T43]  ? __pfx_bus_for_each_drv+0x10/0x10
[  366.374514][   T43]  __device_attach+0x2b8/0x400
[  366.379306][   T43]  ? __pfx___device_attach+0x10/0x10
[  366.384677][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  366.389896][   T43]  bus_probe_device+0x185/0x260
[  366.395345][   T43]  device_add+0x7b6/0xb50
[  366.399726][   T43]  usb_set_configuration+0x1a87/0x20e0
[  366.404999][ T5840] udevd[5840]: symlink '../../loop2' '/dev/disk/by-diskseq/163.tmp-b7:2' failed: Read-only file system
[  366.405702][   T43]  usb_generic_driver_probe+0x8d/0x150
[  366.421732][   T43]  usb_probe_device+0x1c4/0x390
[  366.426676][   T43]  ? __pfx_usb_probe_device+0x10/0x10
[  366.432074][   T43]  really_probe+0x26d/0x9a0
[  366.436891][   T43]  __driver_probe_device+0x18c/0x2f0
[  366.442208][   T43]  driver_probe_device+0x4f/0x430
[  366.447323][   T43]  __device_attach_driver+0x2ce/0x530
[  366.452733][   T43]  bus_for_each_drv+0x24e/0x2e0
[  366.457653][   T43]  ? __pfx___device_attach_driver+0x10/0x10
[  366.463571][   T43]  ? __pfx_bus_for_each_drv+0x10/0x10
[  366.469021][   T43]  __device_attach+0x2b8/0x400
[  366.473848][   T43]  ? __pfx___device_attach+0x10/0x10
[  366.479153][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  366.484483][   T43]  bus_probe_device+0x185/0x260
[  366.489366][   T43]  device_add+0x7b6/0xb50
[  366.494321][   T43]  usb_new_device+0xa39/0x16f0
[  366.499546][   T43]  ? __pfx_usb_new_device+0x10/0x10
[  366.504844][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  366.510063][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  366.516554][   T43]  hub_event+0x2941/0x4a00
[  366.521081][   T43]  ? __pfx_hub_event+0x10/0x10
[  366.526093][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  366.531858][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  366.537149][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  366.542901][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  366.548728][   T43]  process_scheduled_works+0xae1/0x17b0
[  366.554404][   T43]  ? __pfx_process_scheduled_works+0x10/0x10
[  366.560631][   T43]  worker_thread+0x8a0/0xda0
[  366.565333][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.571707][   T43]  ? __kthread_parkme+0x7b/0x200
[  366.576741][   T43]  kthread+0x70e/0x8a0
[  366.580835][   T43]  ? __pfx_worker_thread+0x10/0x10
[  366.586008][   T43]  ? __pfx_kthread+0x10/0x10
[  366.590624][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  366.595903][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  366.601657][   T43]  ? __pfx_kthread+0x10/0x10
[  366.606788][   T43]  ret_from_fork+0x3fc/0x770
[  366.611425][   T43]  ? __pfx_ret_from_fork+0x10/0x10
[  366.616638][   T43]  ? __switch_to_asm+0x39/0x70
[  366.621424][   T43]  ? __switch_to_asm+0x33/0x70
[  366.626281][   T43]  ? __pfx_kthread+0x10/0x10
[  366.630906][   T43]  ret_from_fork_asm+0x1a/0x30
[  366.635809][   T43]  </TASK>
[  366.638852][   T43] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  366.646147][   T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  366.657517][   T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  366.667571][   T43] Workqueue: usb_hub_wq hub_event
[  366.672603][   T43] Call Trace:
[  366.675899][   T43]  <TASK>
[  366.678828][   T43]  dump_stack_lvl+0x99/0x250
[  366.683421][   T43]  ? __asan_memcpy+0x40/0x70
[  366.688037][   T43]  ? __pfx_dump_stack_lvl+0x10/0x10
[  366.693254][   T43]  ? __pfx__printk+0x10/0x10
[  366.697863][   T43]  panic+0x2db/0x790
[  366.701756][   T43]  ? __pfx_panic+0x10/0x10
[  366.706177][   T43]  ? ret_from_fork_asm+0x1a/0x30
[  366.711116][   T43]  __warn+0x334/0x4c0
[  366.715084][   T43]  ? __flush_work+0xabc/0xbc0
[  366.719755][   T43]  ? __flush_work+0xabc/0xbc0
[  366.724425][   T43]  report_bug+0x2be/0x4f0
[  366.728746][   T43]  ? __flush_work+0xabc/0xbc0
[  366.733408][   T43]  ? __flush_work+0xabc/0xbc0
[  366.738070][   T43]  ? __flush_work+0xabe/0xbc0
[  366.742737][   T43]  handle_bug+0x84/0x160
[  366.746976][   T43]  exc_invalid_op+0x1a/0x50
[  366.751504][   T43]  asm_exc_invalid_op+0x1a/0x20
[  366.756358][   T43] RIP: 0010:__flush_work+0xabc/0xbc0
[  366.761660][   T43] Code: 01 00 00 75 53 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 60 3d 35 00 90 0f 0b 90 eb a5 e8 55 3d 35 00 90 <0f> 0b 90 31 c0 48 8b 5c 24 18 eb 95 e8 43 3d 35 00 e9 92 fc ff ff
[  366.781262][   T43] RSP: 0018:ffffc90000b36940 EFLAGS: 00010287
[  366.787331][   T43] RAX: ffffffff818ade3b RBX: 1ffff110022ec254 RCX: 0000000000100000
[  366.795294][   T43] RDX: ffffc90017913000 RSI: 0000000000022c6e RDI: 0000000000022c6f
[  366.803265][   T43] RBP: ffffc90000b36b10 R08: ffffffff8fc29737 R09: 1ffffffff1f852e6
[  366.811249][   T43] R10: dffffc0000000000 R11: fffffbfff1f852e7 R12: 0000000000000000
[  366.819222][   T43] R13: ffff8880117612a0 R14: dffffc0000000000 R15: ffff888011761288
[  366.827209][   T43]  ? __flush_work+0xabb/0xbc0
[  366.831909][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.838240][   T43]  ? __pfx___flush_work+0x10/0x10
[  366.843270][   T43]  ? __timer_delete_sync+0x218/0x2d0
[  366.848548][   T43]  ? __pfx___might_resched+0x10/0x10
[  366.853826][   T43]  ? __pfx___timer_delete_sync+0x10/0x10
[  366.859458][   T43]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  366.865106][   T43]  ? flush_delayed_work+0x11d/0x190
[  366.870310][   T43]  flush_delayed_work+0x13e/0x190
[  366.875327][   T43]  ? __pfx_flush_delayed_work+0x10/0x10
[  366.880865][   T43]  ? _dev_err+0x10a/0x160
[  366.885198][   T43]  hub_quiesce+0x1f0/0x330
[  366.889626][   T43]  hub_disconnect+0xc8/0x470
[  366.894215][   T43]  hub_probe+0x132f/0x36e0
[  366.898650][   T43]  ? __pfx_hub_probe+0x10/0x10
[  366.903412][   T43]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  366.909314][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  366.915661][   T43]  ? ktime_get_mono_fast_ns+0x2af/0x2d0
[  366.921219][   T43]  ? pm_runtime_enable+0x1f3/0x340
[  366.926337][   T43]  usb_probe_interface+0x634/0xbf0
[  366.931449][   T43]  ? __pfx_usb_probe_interface+0x10/0x10
[  366.937071][   T43]  really_probe+0x26d/0x9a0
[  366.941572][   T43]  __driver_probe_device+0x18c/0x2f0
[  366.946878][   T43]  driver_probe_device+0x4f/0x430
[  366.951896][   T43]  __device_attach_driver+0x2ce/0x530
[  366.957263][   T43]  bus_for_each_drv+0x24e/0x2e0
[  366.962106][   T43]  ? __pfx___device_attach_driver+0x10/0x10
[  366.967983][   T43]  ? __pfx_bus_for_each_drv+0x10/0x10
[  366.973354][   T43]  __device_attach+0x2b8/0x400
[  366.978113][   T43]  ? __pfx___device_attach+0x10/0x10
[  366.983394][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  366.988583][   T43]  bus_probe_device+0x185/0x260
[  366.993429][   T43]  device_add+0x7b6/0xb50
[  366.997751][   T43]  usb_set_configuration+0x1a87/0x20e0
[  367.003236][   T43]  usb_generic_driver_probe+0x8d/0x150
[  367.008707][   T43]  usb_probe_device+0x1c4/0x390
[  367.013553][   T43]  ? __pfx_usb_probe_device+0x10/0x10
[  367.018929][   T43]  really_probe+0x26d/0x9a0
[  367.023437][   T43]  __driver_probe_device+0x18c/0x2f0
[  367.028716][   T43]  driver_probe_device+0x4f/0x430
[  367.033738][   T43]  __device_attach_driver+0x2ce/0x530
[  367.039114][   T43]  bus_for_each_drv+0x24e/0x2e0
[  367.043965][   T43]  ? __pfx___device_attach_driver+0x10/0x10
[  367.049869][   T43]  ? __pfx_bus_for_each_drv+0x10/0x10
[  367.055244][   T43]  __device_attach+0x2b8/0x400
[  367.059998][   T43]  ? __pfx___device_attach+0x10/0x10
[  367.065277][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  367.070473][   T43]  bus_probe_device+0x185/0x260
[  367.075351][   T43]  device_add+0x7b6/0xb50
[  367.079669][   T43]  usb_new_device+0xa39/0x16f0
[  367.084441][   T43]  ? __pfx_usb_new_device+0x10/0x10
[  367.089650][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.094857][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.100055][   T43]  hub_event+0x2941/0x4a00
[  367.104510][   T43]  ? __pfx_hub_event+0x10/0x10
[  367.109269][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  367.114995][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.120184][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  367.125903][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  367.131614][   T43]  process_scheduled_works+0xae1/0x17b0
[  367.137176][   T43]  ? __pfx_process_scheduled_works+0x10/0x10
[  367.143167][   T43]  worker_thread+0x8a0/0xda0
[  367.147747][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  367.154071][   T43]  ? __kthread_parkme+0x7b/0x200
[  367.159005][   T43]  kthread+0x70e/0x8a0
[  367.163071][   T43]  ? __pfx_worker_thread+0x10/0x10
[  367.168221][   T43]  ? __pfx_kthread+0x10/0x10
[  367.172808][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.177996][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.183181][   T43]  ? __pfx_kthread+0x10/0x10
[  367.187763][   T43]  ret_from_fork+0x3fc/0x770
[  367.192348][   T43]  ? __pfx_ret_from_fork+0x10/0x10
[  367.197475][   T43]  ? __switch_to_asm+0x39/0x70
[  367.202243][   T43]  ? __switch_to_asm+0x33/0x70
[  367.206997][   T43]  ? __pfx_kthread+0x10/0x10
[  367.211587][   T43]  ret_from_fork_asm+0x1a/0x30
[  367.216360][   T43]  </TASK>
[  367.219667][   T43] Kernel Offset: disabled
[  367.223985][   T43] Rebooting in 86400 seconds..