last executing test programs:

2m32.602155792s ago: executing program 1 (id=2):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
fadvise64(r0, 0x92, 0x5, 0x2) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x68, 0x2, 0x6, 0x801, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_CIDR={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='^\x00') (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r0, 0xa471a000)

2m32.418789561s ago: executing program 1 (id=5):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10)
mmap(&(0x7f0000a23000/0x3000)=nil, 0x3000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) (async)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r1, &(0x7f0000000080), 0x12) (async, rerun: 32)
bind$tipc(r0, 0x0, 0x0) (rerun: 32)
r2 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x8, 0x0, &(0x7f0000000040)) (async)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000280), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000080)=0x8, 0x4)
close(r3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f000052e000/0x4000)=nil, 0x4000, 0x14) (async)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0) (async)
sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0}, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
pwritev(r4, &(0x7f0000001280), 0x3, 0x0, 0xfffffffe)

2m17.293272687s ago: executing program 32 (id=5):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10)
mmap(&(0x7f0000a23000/0x3000)=nil, 0x3000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) (async)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r1, &(0x7f0000000080), 0x12) (async, rerun: 32)
bind$tipc(r0, 0x0, 0x0) (rerun: 32)
r2 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x8, 0x0, &(0x7f0000000040)) (async)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000280), 0x10)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000080)=0x8, 0x4)
close(r3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f000052e000/0x4000)=nil, 0x4000, 0x14) (async)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0) (async)
sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0}, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
pwritev(r4, &(0x7f0000001280), 0x3, 0x0, 0xfffffffe)

39.157644447s ago: executing program 0 (id=617):
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x6, 0x1, 0xffff4254, 0x9, 0x99b, <r0=>0xffffffffffffffff})
syz_open_procfs(r0, &(0x7f0000000180)='coredump_filter\x00')
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000001dc0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x41)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff0802110000"], 0x6f4}}, 0x0)

38.82203192s ago: executing program 0 (id=618):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$vim2m(&(0x7f0000000280), 0x4, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0xd, 0x1, 0x0, "f819ebf45608e255b61c5deb3eb574d486d27e0600000000040000000006f100"})
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x98}}, 0x0)
close_range(r0, r0, 0x0)
r2 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="0d000000010001", 0x7)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a8c000000050afed700000000000000000a00000008000b4000000002700008800c00014000000000000000070c00024000000000000001890c000140000000f6ff0000050c00024000000000000000060c00024000000000000000af0c00014000000000000000000c00014000000000000004000c00024000000000000005d40c0001400000000000000005140000001100010000000000000000000500000a"], 0xb4}, 0x1, 0x0, 0x0, 0x2040}, 0x40)

38.592941646s ago: executing program 0 (id=619):
socket$l2tp(0x2, 0x2, 0x73)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x100)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x2f, 0x3, 0x4, 0x7fff, 0x1, @empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1a}}, 0x700, 0x700, 0xb3b, 0x8}})
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x808000, 0x0)

38.380418583s ago: executing program 0 (id=621):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000380)=""/141, 0x8d)
ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000200)=<r2=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
fstat(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setreuid(0x0, r4)
mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x400d, &(0x7f0000000240)={[{@cpuset_v2_mode}, {@xattr}, {@subsystem='rlimit'}, {@name={'name', 0x3d, '/dev/rnullb0\x00'}}, {}], [{@dont_measure}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r2}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x36, 0x66, 0x31, 0x30, 0x65, 0x66, 0x38], 0x2d, [0x32, 0x0, 0x36, 0xe45a4f0b69dfba5a], 0x2d, [0x33, 0x36, 0x35, 0x34], 0x2d, [0x62, 0x66, 0x35, 0x32], 0x2d, [0x61, 0x63, 0x35, 0x31, 0x63, 0x34, 0x34, 0x39]}}}]})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r5, 0x2000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x93774000)
r6 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
io_setup(0x1, &(0x7f00000016c0)=<r7=>0x0)
io_submit(r7, 0x2e, &(0x7f0000001640)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x4, r6, &(0x7f0000000280)='a', 0x1, 0x5}])
rmdir(&(0x7f0000000000)='./file0\x00')

37.025891075s ago: executing program 0 (id=628):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0}, 0x24044801) (async)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x2, {0x4e22, 0x2}}, 0x10, 0x0}, 0x10) (async)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) (async)
fadvise64(r0, 0x7, 0x1ff, 0x1)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000380)={0x40, 0xc}, 0x0, 0x0}) (async)
syz_usb_control_io(r2, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) (async)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) (async)
syz_usb_control_io$printer(r2, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x0, 0x5, 0xb2, {0xb2, 0x7, "2defc698f1cc6d637020c20c85e6b7a3b3d5f01bc39b11cfc13449281b1a74828b4335867e35b5b77992af36a538e8d7a5e3738f2a10bbcd1650bba2328f91e142678ef50be32ff01329941a5db508e8555f038d1a0ece03738225cf26f55c3e5a6b65cbc3a3fe8ac24761dc56109d61cd11fe697b6ba9b9efb21f1350d5464d8db139ab88143f60da933a4401bb1b9c2cb2f4f10e1a2d2a34227afec61fb26787ba90b1e2f6554211e4f22727d4427a"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000380)={0x44, &(0x7f0000000140)={0x40, 0x14, 0x49, "4bbe82955b3b6bb36b960b4043ae6661773cfdc0b531ab3a53d22380fd1b2d5c8f1d79b70824c3487beb6800a415b8c2fa49056c5146c19ee8f727e3a856af34f05781c827712351be"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000240)={0x20, 0x80, 0x1c, {0x8, 0x5ee, 0x7fff, 0x1ff, 0x5, 0x2fb, 0x5, 0x7fffffff, 0x6, 0x4, 0x0, 0x1}}, &(0x7f0000000280)={0x20, 0x85, 0x4, 0x7}, &(0x7f00000002c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000300)={0x20, 0x87, 0x2}, &(0x7f0000000340)={0x20, 0x89, 0x2}}) (async)
sendfile(r0, r0, &(0x7f0000001000)=0x7fffffff, 0x7ffff000)

36.091458178s ago: executing program 0 (id=635):
r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x70000, 0x0)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f0000000040)={0x3, 0x2})
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f00000001c0)=[<r2=>0x0]}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000300)={&(0x7f0000000240)="7d888d255a45624687d22c6adc3f6da3af8ca87427f4599d5f3eaa45d71b18bbb0a066a886f3aae4cfeae1c65c3792caf8b8ac825f607802cd9300104efcb5ab946f33e7b1ea748f959ecb14a9fde5854fe64e72932722906c06584cd38f8fbc20ab8e6cc1cbc3b6d4770ae52584bb34300b772742e0f3e64806c473e411287c06d1e79e0c92d878161931e04a6f94e54a7daa107a1b78ecdff1e254aa830928fe673d114689290b6ce6ef38f8f98159a6", 0xb1, <r3=>0x0}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000380)={0x7, 0x0, &(0x7f0000000340)=[0x0, <r4=>0x0, <r5=>0x0, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000400)={&(0x7f00000003c0)=[<r9=>0x0, 0x0], 0x2}) (async)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000800)={&(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000780)=[<r10=>0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x1, 0x5})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000900)={&(0x7f0000000880)=[<r11=>0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x0, 0xfbfbfbfb})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000009c0)={&(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0], 0x7, 0x0, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000a80)={&(0x7f0000000a00)=[<r13=>0x0, <r14=>0x0, <r15=>0x0], &(0x7f0000000a40)=[0x0], 0x3, 0x0, 0x1afafafae}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000b40)={&(0x7f0000000ac0)=[<r16=>0x0], &(0x7f0000000b00)=[0x0, 0x0], 0x1, 0x0, 0xdededede}) (rerun: 64)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000c00)={0x0, 0x5, &(0x7f0000000440)=[r1, r2, r3, r6, r9], &(0x7f0000000480)=[0x9, 0x3, 0x2096], &(0x7f0000000b80)=[r10, r11, r12, 0x0, r13, r16], &(0x7f0000000bc0)=[0x3, 0x5, 0x0], 0x0, 0x7}) (async, rerun: 32)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000d40)={0x1, 0x7, &(0x7f0000000c40)=[r5, r7, r3, r12, r8, r7, r13], &(0x7f0000000c80), &(0x7f0000000cc0)=[r15, r14], &(0x7f0000000d00)=[0x7, 0x40, 0x0, 0x8], 0x0, 0x5}) (async, rerun: 32)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000d80)={{0x1, 0x1, 0x18, <r17=>r0}, './file0\x00'})
close_range(r0, r17, 0x0) (async, rerun: 32)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000fc0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000f80)={&(0x7f0000000e00)={0x174, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x34, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xe2}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_LINK={0x74, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcde}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x40}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xa, @loopback, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e23, @empty}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xa0}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffc}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x98}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20000004) (rerun: 32)
r18 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000), 0x123000, 0x0)
close_range(r18, r17, 0x2) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r18, 0xc03864bc, &(0x7f0000001140)={0x600, 0x4, &(0x7f0000001040)=[r2, r11, r4, r16], &(0x7f0000001080)=[0x1, 0x100, 0x5], &(0x7f00000010c0)=[r2], &(0x7f0000001100)=[0x56], 0x0, 0xffffffff}) (async)
sync_file_range(r17, 0x8, 0x2, 0x7) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r17, 0xc01064c2, &(0x7f0000001180)={<r19=>0x0, 0x0, r17}) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r18, 0xc00864bf, &(0x7f00000011c0)={<r20=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, &(0x7f0000001240)={&(0x7f0000001200)=[0x0, 0x0, r19, 0x0, r20], 0x5}) (async)
r21 = signalfd(r17, &(0x7f0000001280)={[0x3]}, 0x8)
ioctl$SW_SYNC_IOC_INC(r21, 0x40045701, &(0x7f00000012c0)=0x1)
r22 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000001300), 0x2)
close(r22)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001380)={{0x1, 0x1, 0x18, r22, {0xee00, 0xee00}}, './file0\x00'})

35.593623213s ago: executing program 33 (id=635):
r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x70000, 0x0)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f0000000040)={0x3, 0x2})
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f00000001c0)=[<r2=>0x0]}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000300)={&(0x7f0000000240)="7d888d255a45624687d22c6adc3f6da3af8ca87427f4599d5f3eaa45d71b18bbb0a066a886f3aae4cfeae1c65c3792caf8b8ac825f607802cd9300104efcb5ab946f33e7b1ea748f959ecb14a9fde5854fe64e72932722906c06584cd38f8fbc20ab8e6cc1cbc3b6d4770ae52584bb34300b772742e0f3e64806c473e411287c06d1e79e0c92d878161931e04a6f94e54a7daa107a1b78ecdff1e254aa830928fe673d114689290b6ce6ef38f8f98159a6", 0xb1, <r3=>0x0}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000380)={0x7, 0x0, &(0x7f0000000340)=[0x0, <r4=>0x0, <r5=>0x0, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000400)={&(0x7f00000003c0)=[<r9=>0x0, 0x0], 0x2}) (async)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000800)={&(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000780)=[<r10=>0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x1, 0x5})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000900)={&(0x7f0000000880)=[<r11=>0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x0, 0xfbfbfbfb})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000009c0)={&(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0], 0x7, 0x0, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000a80)={&(0x7f0000000a00)=[<r13=>0x0, <r14=>0x0, <r15=>0x0], &(0x7f0000000a40)=[0x0], 0x3, 0x0, 0x1afafafae}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000b40)={&(0x7f0000000ac0)=[<r16=>0x0], &(0x7f0000000b00)=[0x0, 0x0], 0x1, 0x0, 0xdededede}) (rerun: 64)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000c00)={0x0, 0x5, &(0x7f0000000440)=[r1, r2, r3, r6, r9], &(0x7f0000000480)=[0x9, 0x3, 0x2096], &(0x7f0000000b80)=[r10, r11, r12, 0x0, r13, r16], &(0x7f0000000bc0)=[0x3, 0x5, 0x0], 0x0, 0x7}) (async, rerun: 32)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000d40)={0x1, 0x7, &(0x7f0000000c40)=[r5, r7, r3, r12, r8, r7, r13], &(0x7f0000000c80), &(0x7f0000000cc0)=[r15, r14], &(0x7f0000000d00)=[0x7, 0x40, 0x0, 0x8], 0x0, 0x5}) (async, rerun: 32)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000d80)={{0x1, 0x1, 0x18, <r17=>r0}, './file0\x00'})
close_range(r0, r17, 0x0) (async, rerun: 32)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000fc0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000f80)={&(0x7f0000000e00)={0x174, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x34, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xe2}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_LINK={0x74, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcde}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x40}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xa, @loopback, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e23, @empty}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xa0}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffc}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x98}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20000004) (rerun: 32)
r18 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000), 0x123000, 0x0)
close_range(r18, r17, 0x2) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r18, 0xc03864bc, &(0x7f0000001140)={0x600, 0x4, &(0x7f0000001040)=[r2, r11, r4, r16], &(0x7f0000001080)=[0x1, 0x100, 0x5], &(0x7f00000010c0)=[r2], &(0x7f0000001100)=[0x56], 0x0, 0xffffffff}) (async)
sync_file_range(r17, 0x8, 0x2, 0x7) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r17, 0xc01064c2, &(0x7f0000001180)={<r19=>0x0, 0x0, r17}) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r18, 0xc00864bf, &(0x7f00000011c0)={<r20=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, &(0x7f0000001240)={&(0x7f0000001200)=[0x0, 0x0, r19, 0x0, r20], 0x5}) (async)
r21 = signalfd(r17, &(0x7f0000001280)={[0x3]}, 0x8)
ioctl$SW_SYNC_IOC_INC(r21, 0x40045701, &(0x7f00000012c0)=0x1)
r22 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000001300), 0x2)
close(r22)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001380)={{0x1, 0x1, 0x18, r22, {0xee00, 0xee00}}, './file0\x00'})

26.638084292s ago: executing program 2 (id=663):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0)
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x82)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r3, &(0x7f0000000500)=""/45, 0x2d)
getdents64(r3, 0x0, 0x18)
fadvise64(r0, 0x92, 0x5, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x93771000)

25.570049062s ago: executing program 2 (id=665):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x15)
write$binfmt_aout(r0, &(0x7f0000000280)=ANY=[], 0xff2e)
mount(&(0x7f0000001400)=@sr0, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x2002, 0x0)

25.324085611s ago: executing program 2 (id=666):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = dup2(r0, r0)
r2 = pidfd_getfd(r1, r1, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={r2})
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, 0x0, 0x0)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)

25.128835863s ago: executing program 2 (id=667):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
fadvise64(r0, 0x94, 0x6e, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
socket(0x10, 0x3, 0x0)
r1 = socket(0x14, 0x2, 0x4)
accept4$unix(r1, 0x0, 0x0, 0x80000)
syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200008000000010902120001000000000904"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00')
mmap(&(0x7f0000772000/0x2000)=nil, 0x2000, 0x3000003, 0x11, r0, 0xd6b35000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x810, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

23.162020882s ago: executing program 2 (id=671):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

22.844410528s ago: executing program 2 (id=673):
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='bpf\x00', 0x200000, 0x0)

22.029331247s ago: executing program 34 (id=673):
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='bpf\x00', 0x200000, 0x0)

8.317291223s ago: executing program 6 (id=674):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000024c0), r0)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000240)={0x14, r1, 0xad0e41e9ad2f93a7, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400482b}, 0x40000)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

7.917077598s ago: executing program 6 (id=717):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r1 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
ftruncate(r1, 0x80079a0)
lseek(r1, 0x0, 0x4)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r4, 0x851, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r6, 0x80044dfd, 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001240)={<r7=>0xffffffffffffffff}, 0x111, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x400, 0x2, @loopback}, {0xa, 0x4e21, 0x101, @mcast2, 0x9}, r7, 0x6}}, 0x48)
write$RDMA_USER_CM_CMD_REJECT(r4, &(0x7f00000001c0)={0x9, 0x108, 0xfa00, {r7, 0x0, "89f61c", "d616f5579984b7439fef44cb3b19d980872cb802dd11ae8b5a8da4b35a435ea2228fa72e31e4f928203003408e820fbdd1b7ae38e1ee0354f40ae3170761e7c1a6626789b0b176924282ce05d5b57de26b4dc0d99037463e9dac1e7cbb15fb4e86643e3f8509f5777312821a2b22620ba8c0d3dd0355bdfcb5ad34dc4b1c4459601b7712f38c7f143c772018b2d191e89592c7535b1e0cc5db06ac843133bb51a347307313758211188a8df4d3b4cbc453fbb645ba94e3ff6c1329cdacdd886f388c26fd13ea1bf9d8cb93c2bc088981ae06c444499c91a1e117a9535d2b7f56e3e276affa2edcda4a9b4f1c790e13337065f032a18e05af379638ca47051bcb"}}, 0x110)
r8 = creat(&(0x7f0000000140)='./file0\x00', 0x7d)
getsockopt$bt_hci(r8, 0x0, 0x2, &(0x7f0000000040)=""/180, &(0x7f0000000100)=0xfffffffffffffffb)
mount(&(0x7f0000000180)=@nullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='hfsplus\x00', 0x205083, 0x0)

5.590519113s ago: executing program 5 (id=729):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x51}})
sched_setscheduler(0x0, 0x1, 0x0) (async, rerun: 64)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') (async, rerun: 64)
socket$packet(0x11, 0x3, 0x300) (async)
r3 = socket(0x40000000015, 0x80000, 0x0) (async)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) (async)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000001f00)) (async)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, 0x0) (async)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0x15, @remote, 'bond0\x00'}}, 0x1e)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)=ANY=[@ANYBLOB="30000000050201030000000027f20000000000001c000180c5060003400003000006000340000100000600034000026c59"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000)) (async)
ioctl$PPPIOCATTCHAN(r6, 0x40047438, &(0x7f0000000040)=0x2)
mmap(&(0x7f0000228000/0x4000)=nil, 0x4000, 0x9, 0x12, r1, 0xa78c8000) (async)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r8, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r9, 0x0, 0x9b, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r9, 0x0, &(0x7f000066f000/0x4000)=nil, 0x4000, 0x5}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000340)={0x30, 0x2, r9}) (async, rerun: 64)
ioctl$PPPIOCBRIDGECHAN(r6, 0x40047435, &(0x7f0000000200)=0x1) (rerun: 64)
sendmmsg(r4, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async)
fadvise64(r0, 0x92, 0x5, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x48900, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000001714", @ANYRES32=r8, @ANYRESDEC=r0, @ANYRES32=r1], 0x38}, 0x1, 0x0, 0x0, 0xc080}, 0x20000010)

5.443558052s ago: executing program 5 (id=730):
syz_usb_connect(0x0, 0xee1, &(0x7f0000001180)={{0x12, 0x1, 0x200, 0xda, 0x7a, 0xf2, 0x10, 0x1782, 0x4d10, 0x2877, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xecf, 0x4, 0x40, 0xb1, 0x80, 0x8d, [{{0x9, 0x4, 0x8f, 0x9, 0x6, 0x8b, 0x66, 0x4a, 0x5, [@hid_hid={0x9, 0x21, 0x1b37, 0x81, 0x1, {0x22, 0xf61}}, @generic={0xae, 0x5, "25b519f1f7de95c9b28bd35c4f2713cbc1f56340ae613b88c87faf7a289104e1691c9765b0887793f69bb501762a59e257bc05894d94bb9bd2f1cac02e54cf7302a7f27b2a88269b594ce9f5b2ebfe43fdcc67d8b907493707e468b6b2382a8e575292e5d26a16ed3a51505d982a82e85bc020d1bac07c356167ef12871de2f5260ee27dd60309a0bd0df8a178f3e2565f215bbf144f31513e32641a10cea7e0def6165b8b9f8cd3689fe5ce"}], [{{0x9, 0x5, 0xa, 0x0, 0x40, 0x7, 0x9, 0xd, [@generic={0x34, 0xb, "1477e3831c66cbade35f60697a89ac9816a755fc9a8b28b88cb67798d8b826d087cc674a3a2c4df681d0791c1f656bd30229"}]}}, {{0x9, 0x5, 0xd, 0x1, 0x400, 0xb, 0xb, 0x6}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x3, 0x3, 0x0, [@generic={0x1a, 0x23, "72e17ff8dd88d03a4c8a51ebc7dc15808aaebb586d807b27"}, @generic={0x24, 0xf, "b9a9a662e1624ffe9607d7fcf5ed30a76206f3c389f74bd49de3ee708f3cdf4f5fc1"}]}}, {{0x9, 0x5, 0x9, 0x8, 0x40, 0x4, 0x0, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0x21}, @generic={0xdf, 0xf, "13f312df0e87ca30f4b64768c39b24424466b2d15afe136d3047c251a4dc25580e04e2dc00a9e32adf90ca504fb4789564b95a0eba72112e6896c789d453a102c50541f29f0a927b9a60307a317e5da25780b861f4b9ea8e419df0c8569ba39d1aa7b297d420daccffea2eb1435a242f403a7555ab645fd2d8e9539158386f3756980c0c9aa5741cdab92d0ef7fcfca33c3e13ba792d440f09989699ead5676604ff1624471603284c4ba31e981be1b7afd88200455d1cedec22c63dc792eac6918da28cfe6c178a89b9c2f94dd78c076f6fd4b931be90afc261684462"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x400, 0xff, 0x8, 0x4f, [@generic={0x45, 0xa, "02bd91b97048685c4fd5c9888ab795755a02f295a4ad261ac429e6999f2de30273ab73d2f1f6c390681e11b82b56a94d3647f610778b0bbd86e0abdb540568cc5840dd"}, @generic={0xe4, 0x5, "f00f7c71207b26901e3f1d416f39cffb08d9940bcfea2cafe1dfeedeb9dab9806b138721370e7e44b7803b357974db495a027a2bdac69d0e381bd76ab1a27a61df05d78290c459031b75ed39f91f99e1fa26569892ba55e1fa2cdbfeccb60f5242106d616de249deda992eaa62fe4f2196f7e314c0a6dc0f10222a685a309c7b2e45ee01a5601a32da14985a1884e062fb7c602b44a79bdd8e2b0290415a45cc331e1dd8f081f8055a6ca7f7e0080d085aee29e2f46a59d6f2ead2f355863c773f82cd3dee2af8aac260d24e5b1fd9cd155d279a83e5ea3ed1e4046e78007e720d9c"}]}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0x2, 0x3, 0xf, [@generic={0xcd, 0x24, "017a86a3c229cff7ba20529b502370840089ad5b4f33d389d8fc6a204a1dfbbea1442ac34e1036a10b7e96a5c3218b04140e2728e25fcc00cac490c2f0663386e981101f66836e323a76ce03e2cadcc48264649597104d697450183e9d7dd651f3ae0fcb886e78ee950caaf6e02b141304b669b9a79819d91342aa45c5371d8a1552406fe3fb14bcec88d4ea669c870db2fbbfa6f7ee5187277cdc5e9fb89f3ffe21c9229e359b26da451b3399231dee14c90f0983b9f39bffa129e9129d0264f5b0b6f2dfd6f5ba934dce"}, @generic={0xf2, 0x11, "c24cea8b11546db0591ccc976f3c17a9ce80a766d7bc6262425b3c72444c9798fb07d953696b773d4888c862bbd6a942415fdf67eda2b9bde4001c74b9939233f6ec2b851ecc84a8dc53e598ca86f21e5209754e97b2be95094d2d1f6f6914171cb912a09ebf1d37c1fc6d6ec24b0b1f9fb3ed1c52e1769fe4c759338cc6c7c33860a946bfba9a67dd8054ea57ea1383a3b2d98086396f58f1d3a84dc07da38feeba672852a81578bd7d02622391496ee9f4dd128db45d9dacbff012e427238a5b464dacb6374e68dac1e82c4c67b616359331e87020087603b4374b5995e01bf6fd9c0151352d872ba1fb90ff37f3a4"}]}}]}}, {{0x9, 0x4, 0x2, 0x0, 0x6, 0x4c, 0x75, 0xc8, 0x1, [], [{{0x9, 0x5, 0x5, 0x0, 0x400, 0x20, 0x6, 0xc6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x7}, @generic={0x19, 0x6, "6bbccc14ac9b2d145335ee291af940b23e0b9eb23e5494"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0xc, 0x7, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0x8}]}}, {{0x9, 0x5, 0x80, 0x0, 0x3ff, 0x0, 0x3, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x857}]}}, {{0x9, 0x5, 0xa, 0x1f, 0x8, 0x5, 0x44, 0x6, [@generic={0xaf, 0xc, "eab073fb8175a4d431041dae2bf9e2b0d8156db6ba54fb68ab2e2a8ccf1507e559881060d53d430a6c37c40638bd2fa47d2241bd4d5b76bf9799b9fda15de4c973cfb27ccb9e7b03090dc93bf87cff540d1e87c61700a07e554cdb11a7f4b7d29a5da6965e9443abbc4faab17867276e57a49d09b543d9a513ed61af53374e24e64fcfb767b6802f4b341e9f487342c1a038c3c63a4456b1e74d6d8688e9899c9abb5fddffea7848251e141718"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xbc, 0x1}]}}, {{0x9, 0x5, 0xd, 0x0, 0x40, 0x3, 0xc4, 0xe}}, {{0x9, 0x5, 0x7, 0x1, 0x8, 0x0, 0xe, 0x4, [@generic={0xc0, 0x23, "a0df238ba22854debc8dd24126ee6acfd89685ddbcf180e73c6b1705bbcbdd257d23cdf0e82c511c4e3303d2ca3f30b31ef07bcb3ae00bbe6df18e645e2a357d5a3462f693a4db8984da34c12a0b271d10b83da4bcc3352f64d8b70ccd070fc81835ca915a4782653e927ad4ae00e4d969c13b336554947d6c3347fac75b9b4be1f0fcbbe6d85f6f65d4817fa9b9e1b3637b5394cad464395d3898882680cd3fea011bce0d91378c4408208eed7706197124a00241f036743439e34b933d"}]}}]}}, {{0x9, 0x4, 0xec, 0xa, 0x6, 0x84, 0xfe, 0x1d, 0xfd, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x9942}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x7, 0x6, 0x4}, {0x6, 0x24, 0x1a, 0x4, 0x10}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x2}, @mdlm_detail={0x9b, 0x24, 0x13, 0x4, "663410d975bc7171671442bd62a959788dd5496f7b36c9c6aedd877a165355c870bcc39c2030b06ba21c4d14f6ba1439cb32fce2ad38e4ab0bbf1940311915bc9b18912de278eec852de8fd199bca51c7d7fd38ac5fa0675acf20da882b90889f4393efe7f3dd28c5883a5f0779f457edc092e4c727a7e72196c063266491d8994302f1ace98d4e22e7456b497dd339e54060201bc4d62"}, @mdlm_detail={0xc1, 0x24, 0x13, 0xc, "afcfb8e4aefd40e025ada00bbaebe1bfab115cae8d97914786f7ee658a6a997113597d23d086a0d7eae8c0d658f69ed941c0cf8560ba20a8addc3140e87f7dd756d41aab4f6ca3fd360325398e692af4bf6d726a6731e6dc12a4721ebbca76c3b35cb178b23a76c583212b96479b99a3295d817d0fe2e5ace9a9258f02384e10500ab96e02fc319a7bf8b196d321a0ce525457022cbd799f4ef3ecb56074edd9ab558784d68dc26899915b662083e494329d6ee9d4f9d504bef6958d64"}, @call_mgmt={0x5, 0x24, 0x1, 0x5, 0xa7}]}, @generic={0xd9, 0x7, "91f94a11094fa2d5c2d8116b25df165507f6f3a1c75c71713a9a4c6ed3d792cd0446062c62819fedfbb78ad0945c03cfc81da619c0abd845623e6dea031e39427bad146da768675536c3b0a7cc4386ed06f61b0876971f6c1efdec67ee48f835bffe0f8371e656263589da5d8fdd17984665b0ce6a1fb8ee98effcf7d75b9c85e0d8361a4fb977b10a850e9355f50e4d088b92290af7685d26688a56fdece46b86161217b981fc5d161f2f570c54504a0939f4a1f40a5279b22340831100f3eb1b1c12d8b5eb81f6def17c9ccbea5a407e1412b5066960"}], [{{0x9, 0x5, 0xd, 0x4, 0x3ff, 0x8, 0x80}}, {{0x9, 0x5, 0x8, 0x0, 0x8, 0x3f, 0xb, 0x3}}, {{0x9, 0x5, 0x0, 0x2, 0x3ff, 0x1, 0x9a, 0xff, [@generic={0x17, 0x4, "7b8b14958e63797cbb2a4e9b7ab3613a9c7c6c6a41"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0xff, 0x0, 0x5, [@generic={0x26, 0x11, "3354c41b4f1af57b3b8cdc19dc3ff5abe551aca6cba78d9b48beb4db8559dc660685d726"}]}}, {{0x9, 0x5, 0xa, 0x4, 0x400, 0xd3, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x355}]}}, {{0x9, 0x5, 0xb, 0x10, 0x10, 0xc, 0x2, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1}, @generic={0x1c, 0x0, "4a946c0b5b7834ed78aa9d7ec9f66e5275f9fef0e0556859adcd"}]}}]}}, {{0x9, 0x4, 0xe, 0xff, 0xd, 0x2, 0x99, 0x14, 0x0, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0xda4}, {0xd, 0x24, 0xf, 0x1, 0x9863, 0x5, 0x6, 0xfe}, {0x6, 0x24, 0x1a, 0xf0e, 0x29}, [@mdlm={0x15, 0x24, 0x12, 0x9}, @obex={0x5, 0x24, 0x15, 0xbf7d}, @mdlm={0x15, 0x24, 0x12, 0x1}]}, @cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "4cbcff"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x8, 0xd, 0x7}, [@network_terminal={0x7, 0x24, 0xa, 0xd, 0x40, 0x5, 0x8}, @network_terminal={0x7, 0x24, 0xa, 0x9, 0x5, 0xb, 0x6}, @network_terminal={0x7, 0x24, 0xa, 0x3, 0x10, 0x5, 0x7}, @acm={0x4, 0x24, 0x2, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x100, 0x9, 0x81}]}], [{{0x9, 0x5, 0xd, 0x4, 0x400, 0x8, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x5}, @generic={0x7, 0x3, "4277777ef1"}]}}, {{0x9, 0x5, 0x0, 0x2, 0x400, 0x8, 0x70, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x3}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0xb9, 0x3, 0x26, [@generic={0x64, 0x5, "a09a8c0be04ca647759d03c5da63d4dc7f5874ed72911b0e1d76aa6fc1d70792fe06bacc5700cf2bc3d7366d4c6665d9160fbfd43ab3e8b0edce4b1ce9b03a28502b4ced27676b7e02dc550fa74d53f5f6937895e16615c864739872b513b3503048"}]}}, {{0x9, 0x5, 0x80, 0x3, 0x20, 0x5, 0x3, 0xd, [@generic={0xe4, 0x23, "26345088291d0a099d64a99d60f33e1cc2d0b9c551cbc8205e082f04c56ad04dcf37a1cbbe9151bd6eeb8c2b1f846734a262e58fd425d4fe5cf21a13678e2380f6593dd79a5a3e32924b8188a69d93f0416cb5382529baf101b3d33958835a091908b1efaeb461251df6e96ac9db0a72d17b30092931923e8255dd63a751905fccb15986a1288923d484734861f8f07bea6bf8ce1a678f479948e639d4e0905f30d4c726f8a64638b0d21c56a9e6ebba9a4d8c2ba29f8b8e6dd0c5915cc9fbeae7b8f4d126ecf824fc02383ba8aa5ef7f2709e40d6f11de430c8c7233620d770fd87"}, @generic={0x86, 0x59a87121f136e5c, "c44a4b48f657603eaa34b1769c2573657c83e3418b173d99dc6f86353cf4de2203541052673125ed7434203ff4045879bcd1188ee9e99e4ebc016eaa674beced0ec2f281028a2a8deee7f59b18786f3222445943f91aca6cfbce6809ae92ec7944dda28ac5634ed92454f9750c0f50bcf79930721774c64b17b64de5046b32697fa47bd6"}]}}, {{0x9, 0x5, 0xa, 0x2, 0x3bf, 0xc, 0xbe, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8a, 0x9}]}}, {{0x9, 0x5, 0xb, 0x3, 0x40, 0xc6, 0xff, 0x1}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x3, 0x33, 0x33}}, {{0x9, 0x5, 0x4, 0x0, 0x8, 0x9, 0x1, 0x5}}, {{0x9, 0x5, 0xd, 0x10, 0x10, 0x5, 0x0, 0xeb, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0xf}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xe, 0xfff}]}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0x6a, 0x40, 0x8, [@generic={0xaa, 0xa, "04dd0719ad24ca3b98836ae5a61b8e71f6cd1058facaf0f52adf57b8ee19f8bbc6c89a58a4e6f92cdf3d189e32744fcb2fde67430d98f9aa2ce7e0cf1ada221b189733494a9afeba4bd8e484b5965e5577b2b940fdbeb639b11acae10637c6a52b133dcb0a84455771c8ba3cf8280c54d5a774bd09e657a45b8205cbb82f7516950800a3d3e264c8a0471c012883c33e52329d8f1db9ac132b356b37f1cfe8a6bb9510ab7472575c"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x40, 0x2, 0x7, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x3}]}}, {{0x9, 0x5, 0x8, 0x16, 0x8, 0xf9, 0xb1, 0x8, [@generic={0xe1, 0x22, "4bec721bd78f69877e22e20d4f82f39972876e659a11d8fe8a046c70d1a97d58ec6829d169fc133a842250d2b886f3892fd248ea905f3d0981c8de02814e7320295374525d54f0435d59f844e0253ad2667c37b57d037e5fc7aeb342efeb5fa73e5bc6c2085c6971e5a1af365f18006b5ee4256744496f0881d7ae966a1a1322be75da246891b6de8d08efab6792d423b598a9a1da5b0354a0a2a84576488649dfce352860815c143031302d1bcaf2ba550d566e7605bc6f8a37b99c417ccd56af9bb3acea5c5c4b254db0b566d4bcee6bf0e8cd12edd962942a0d19d11fd5"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x10, 0xd8, 0x7f, 0x40}}]}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0x6, 0x5, 0x1, 0x8, 0xf0}, 0x15, &(0x7f0000000080)={0x5, 0xf, 0x15, 0x1, [@ssp_cap={0x10, 0x10, 0xa, 0x2, 0x1, 0x40, 0xf00f, 0xc41b, [0xff0000]}]}, 0x2, [{0x7f, &(0x7f00000000c0)=@string={0x7f, 0x3, "b7965591b2fe8749c89e8fc82e1adfc906b6880c607029ac21200a23e5354af1890183721e13be9ebf5c23cace83ab6b56fee344a095a7dc3925583fa4cbbf380320ccf4de993376de113768f4c0f606f72018dbb4cd768429c730e2a9955174cb6da599048fb7de50f005df2a7c69c4ef0fc4ca32db8e217e955290dc"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x41d}}]})
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x145342, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, 0x0)
getsockopt$inet6_tcp_buf(r1, 0x6, 0xd, 0x0, &(0x7f0000000100))
sendfile(r0, r0, 0x0, 0x7ffff000)

4.670003972s ago: executing program 6 (id=734):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000020c0)='tasks\x00', 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="13010000bd890010490d1070900c010303010902120001000000080904"], 0x0)
socketpair$tipc(0x1e, 0x5, 0x2000000, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=<r3=>0x0)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r4, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8)
timer_settime(r3, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r7=>0x0})
r8 = socket$key(0xf, 0x3, 0x2)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0xfffffff9})
ioctl(r8, 0x8b27, &(0x7f0000000040))
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000040)={0x0, 0xfcc6, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000500003e6e67cc9916360800080003009cbc6c8df5364e3185879fdcfb929b38678db34b615ae675a4b52947108fd528b5cc1fc5e42e0d55817b1dde10714c168ade53ef1c5e1e3a2fda383716b17771bf4619cb4efd04b3d838daaf59b8aae64e6a008d9b503d29ad1c37d1b1729ae644722d543f18e09fdaf1cd159ef58f", @ANYRES32=r7, @ANYBLOB="050034008b0000000800e38004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x8060000)
write$cgroup_pid(r0, &(0x7f0000000140)=0xffffffffffffffff, 0x12)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @local, 0x1}, 0x1c, 0x0}}], 0x1, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000000)="65f2", 0x2}], 0x1)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$setregs(0xd, r9, 0x0, &(0x7f0000000540))
ptrace$cont(0x20, r9, 0x0, 0x0)

3.837392528s ago: executing program 3 (id=736):
getxattr(0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
ioctl$NBD_DO_IT(r0, 0xab03)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)

3.533134129s ago: executing program 4 (id=737):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x9}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000140)={r2}, &(0x7f00000000c0)=0x8)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
creat(&(0x7f00000000c0)='./file0\x00', 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
capset(&(0x7f0000000300)={0x20071026}, &(0x7f0000000340)={0x0, 0x0, 0x100000})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, 0x0, 0x0)
bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfd}, 0xc)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r4, &(0x7f0000000b40)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r3}}, 0x18)
mount(&(0x7f0000000100)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x8000, 0x0)

3.304000116s ago: executing program 3 (id=738):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x5, 0x2, 0xd, "ed9f31e5151d02feecd019ca99dafaea5a71e1c81017a0370440939cf8b46ddc4b0a568188fc5d85dbbff1e4a2632beeadbee6c5718708ca82ceb858da82f63b", "32626718bd14d29efab97b8adcfb1cf3486512be8dfb64435ee0493cad2ad642187b7b01916a757e7bef9b8e2f1603f739d27d470c01f9c920931fc4285565f1", "baefb9ac2a996e83bb5c0444db00b19e2c4a87ef0492d68bca2887099f571ed4", [0x101, 0x7]})
lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000200), &(0x7f0000000240)={'U-', 0x1}, 0x16, 0x1)

3.212311012s ago: executing program 4 (id=739):
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405668, &(0x7f0000000100)={0x0, 0x0, 0x8}) (async)
read$FUSE(r0, &(0x7f0000007fc0)={0x2020}, 0x2020)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0)

3.029774352s ago: executing program 3 (id=740):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfff}, 0x1c)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x6, 0x0, 0x0, 0xa, 0x1c, "fee8a2ab78fc97fb0000e60080b8785d000100000000000000000000000000000500000000000000000000000000bec74a9700", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f422741b13103e52f400", [0x0, 0x2000000000001]}})
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x12, 0x12, 0x9, "8f4d0ae712e9db98522e581d38bc7144bf538c7f69bbd403c90d84d1ac2043bdc97f98fe08a0bc708006e5a2838642f4cfedac8bb9c5e434a7221790f5576253", "031438010ea45ca40e4044320f0daefce75ff1110800c67fee7e5069e11393f07a308a1cfe04000400a7ee5efa19e8055f9863d7802e0021d55e71b67800", "30d511dd8225bcd90de20e62aa8aa993618164198dae9f38b908ae00f1515b68", [0x2d01, 0x5]})
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000400), 0x10)
sendmsg$can_raw(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008015}, 0x10)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r4, 0xc02064a5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'gre0\x00', <r7=>0x0})
sendmsg$nl_route_sched_retired(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x9, 0x6}, {0x6, 0x7}, {0xfff2, 0x10}}}, 0x24}}, 0x9880)
r8 = syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x0, 0x0)
mmap(&(0x7f0000001000/0xe000)=nil, 0xe000, 0x0, 0x12, r8, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000400)=[{0x1, 0x2, {0x1, 0xff, 0x2}, {0x2, 0xf0, 0x5}, 0x1}, {0x2, 0x2, {0x0, 0xff, 0x1}, {0x2, 0xf0, 0x3}, 0xfe, 0xfe}, {0x2, 0x1, {0x2, 0xff, 0x4}, {0x1, 0x1}, 0xfd}, {0x3, 0x2, {0x1}, {0x0, 0xff}, 0xff, 0xfe}], 0x80)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000300)=[{{0x1, 0x1, 0x1}, {0x1, 0x0, 0x1}}], 0x8)
r10 = accept4$vsock_stream(r1, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10, 0x80000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCGSTAMPNS(r10, 0x8907, &(0x7f00000001c0))
r11 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r11, 0x89f8, &(0x7f0000000900)={'sit0\x00', &(0x7f00000007c0)={'syztnl1\x00', 0x0, 0x700, 0x10, 0x7, 0x5, {{0x5, 0x4, 0x1, 0x1a, 0x14, 0x64, 0x0, 0x5, 0x2f, 0x0, @private=0xa010101, @local}}}})
mount(&(0x7f0000000240)=@filename='./file0/file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='hostfs\x00', 0x200048, 0x0)

2.70338981s ago: executing program 4 (id=741):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf648b000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r2) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) (async)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
writev(r1, &(0x7f0000000280)=[{&(0x7f0000000100)="89e7ee2c78da", 0x6}, {&(0x7f0000000440)="9c74dfbf", 0x4}, {&(0x7f0000000040)="a2aa88fb", 0x4}, {&(0x7f0000000200)="d6fab207efb5", 0x6}], 0x4) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2.013546069s ago: executing program 5 (id=742):
r0 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r1, 0x0, 0x20000000, 0x0)
syz_pidfd_open(r1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$lock(r2, 0x5, &(0x7f0000000000)={0x1, 0x2, 0x8, 0x300000000})
ptrace(0x4207, r1)
ptrace$setregs(0xd, r0, 0x7fff, &(0x7f0000000240)="12d6cacc400cb28384641a92606ff1d67f7718dadaa571f32ee2eb179974146cb14384e0e9a430de36da9cfa0941cbdb45400dbbf771a9f0d840b73de0cb08d1d3be1afc468f2a26a39cdfba80aa009e0b6b4bab31776e6f4b3cbe471b323c3e805335edbad98b115636442e777dce7bc27e899b8bc13ebd3a9b22f3813b493bcddc5ecc46eada68531ae03f1bb0b359b18b6d79166b19d986d6a6a09da8e03277")
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fadvise64(r3, 0x92, 0x5, 0x2)

1.806111727s ago: executing program 4 (id=743):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xc3a51000)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0xc0105303, &(0x7f00000001c0)={0xffff, 0x0, 0x0, 'queue0\x00'})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = syz_pidfd_open(0xffffffffffffffff, 0x0)
splice(r0, &(0x7f0000000000)=0x4, r2, &(0x7f0000000040)=0x3ff, 0x6, 0x8)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xc3a51000) (async)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0xc0105303, &(0x7f00000001c0)={0xffff, 0x0, 0x0, 'queue0\x00'}) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
syz_pidfd_open(0xffffffffffffffff, 0x0) (async)
splice(r0, &(0x7f0000000000)=0x4, r2, &(0x7f0000000040)=0x3ff, 0x6, 0x8) (async)

1.8049903s ago: executing program 3 (id=744):
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x6, 0x1, 0xffff4254, 0x9, 0x99b, <r0=>0xffffffffffffffff})
syz_open_procfs(r0, &(0x7f0000000180)='coredump_filter\x00')
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000001dc0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x41)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000006c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.390940554s ago: executing program 3 (id=745):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0)
ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xf648b000)
mkdir(&(0x7f00000000c0)='./file1\x00', 0x154)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_CLEAR_SOCK(r2, 0xab04)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$UHID_INPUT2(r3, &(0x7f0000000100)={0xc, {0x5, "0de7fec2ff"}}, 0xb)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)

1.377874375s ago: executing program 5 (id=746):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000002060108000000000000000001000000050005000a000000050001000700000005000400010020000900020073797a310000000016000300686173683a6e65742c706f72742c6e65740000000c00078008000840"], 0x5c}}, 0x8000)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x14, 0x1c, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x9080)
accept$netrom(0xffffffffffffffff, &(0x7f0000000540)={{}, [@rose, @bcast, @netrom, @default, @rose, @rose, @default, @bcast]}, &(0x7f0000000480)=0x48)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x28, r3, 0x1, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_60GHZ={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000801}, 0x10)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3c8, 0x0, 0x0, 0x1d0, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c8}}, {{@uncond, 0xc0, 0xe8, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, 0xff, 0x0, 0xf, 0xa, {@mac=@broadcast, {[0x0, 0xff, 0x0, 0xff, 0xff]}}, {@empty, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, 0x1, 0x6, 0xb, 0xc41, 0x6, 0x7, 'team0\x00', 'pimreg\x00', {0xff}, {0xff}, 0x0, 0x34d}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @empty, @dev={0xac, 0x14, 0x14, 0x20}, @multicast2, 0x3, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r6, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

1.142051545s ago: executing program 4 (id=747):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4501, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x100010, r0, 0x93771000)
r1 = syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x1701) (async)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) (async)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) (async)
sendto$inet6(r3, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0)
shutdown(r3, 0x1) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, 0x0, 0x4) (async)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x17, 0x1}, 0xfffffe7a, 0x20, 0x3, 0x0, 0x4bf, 0x404, 0x0}) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x7c}}, 0x0)
socket$netlink(0x10, 0x3, 0xe) (async)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="180000006a"], 0x1c}], 0x1}, 0x4000080)
memfd_create(&(0x7f0000000000)='\x00', 0x1) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$l2tp6(0xa, 0x2, 0x73) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @multicast1}, 0x67, r7}) (async)
setsockopt$inet6_IPV6_PKTINFO(r3, 0x29, 0x32, &(0x7f00000000c0)={@private2, r7}, 0x14)

982.223893ms ago: executing program 5 (id=748):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x408100, 0x0)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7ffff000)

565.724547ms ago: executing program 4 (id=749):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = socket(0x22, 0x2, 0x4)
bind$can_j1939(r1, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x20008005}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0xa, 0x4, 0x6, 0xfffa}, 0x20, [0x0, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x8, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x2, 0x0, 0x8, 0x3, 0x20000000, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x1, 0x80092a3, 0x4, 0xcbee, 0x0, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x5, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x6, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x40009, 0x2, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x400003, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x81000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x7fffffff, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800203, 0x1fe, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53ce697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1e, 0x11ffff, 0x3, 0x6, 0xaaed, 0x4, 0x103], [0x10, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xfffffffd, 0x6, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x80, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x2, 0x30b1d693, 0x5a2d, 0xc, 0x7, 0x1, 0x10, 0x0, 0x4, 0x4, 0xb19, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = openat$cgroup_int(r0, &(0x7f0000000080)='notify_on_release\x00', 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x4)
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
pidfd_send_signal(r7, 0xc, &(0x7f0000000200)={0x7, 0x8, 0x3}, 0x0)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
write$cgroup_int(r5, &(0x7f00000003c0)=0x1000, 0x12)
r8 = getpid()
rt_tgsigqueueinfo(r8, r8, 0xa, &(0x7f00000001c0)={0x12, 0x28800, 0x7})
r9 = syz_pidfd_open(r8, 0x0)
process_mrelease(r9, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)

564.998754ms ago: executing program 6 (id=750):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007208", 0x39}], 0x1)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000240)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f00030001332564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000cc0)={0x34, r3, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xcf}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009005}, 0x4000080)
ioprio_set$pid(0x2, 0x0, 0x0)

226.07982ms ago: executing program 5 (id=751):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fadvise64(r0, 0x92, 0x5, 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0], 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r0, 0xa4717000)

0s ago: executing program 3 (id=752):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000020c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='gfs2\x00', 0x208002, 0x0)

kernel console output (not intermixed with test programs):

 misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.972864][    T9] usb 3-1: USB disconnect, device number 13
[  137.993331][ T6677] fido_id[6677]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0003/report_descriptor': No such device
[  138.064000][ T5915] hub 4-1:0.0: 1 port detected
[  138.173355][ T5898] usb 5-1: unable to get BOS descriptor or descriptor too short
[  138.191320][ T5898] usb 5-1: too many configurations: 226, using maximum allowed: 8
[  138.221023][ T5898] usb 5-1: unable to read config index 0 descriptor/start: -71
[  138.245857][ T5898] usb 5-1: can't read configurations, error -71
[  138.664186][ T6689] /dev/rnullb0: Can't open blockdev
[  139.563553][    T9] hub 4-1:0.0: hub_ext_port_status failed (err = -32)
[  139.762179][ T6712] /dev/rnullb0: Can't open blockdev
[  139.921088][ T6714] /dev/rnullb0: Can't open blockdev
[  140.117982][ T6718] 9pnet_fd: Insufficient options for proto=fd
[  140.229822][  T981] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  140.313077][ T5898] usb 4-1: USB disconnect, device number 12
[  140.424698][  T981] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  140.443610][  T981] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  140.482754][  T981] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  140.513918][  T981] usb 3-1: config 0 interface 0 has no altsetting 0
[  140.520723][  T981] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[  140.572131][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.628482][  T981] usb 3-1: config 0 descriptor??
[  140.648885][ T6716] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  140.912696][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  141.076644][   T24] usb 5-1: Using ep0 maxpacket: 8
[  141.104779][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.142369][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  141.170747][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.216341][   T24] usb 5-1: config 0 descriptor??
[  141.250772][   T24] gspca_main: vc032x-2.14.0 probing 046d:0892
[  141.409543][  T981] usbhid 3-1:0.0: can't add hid device: -71
[  141.435016][  T981] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  141.477293][  T981] usb 3-1: USB disconnect, device number 14
[  141.605468][ T6732] loop4: detected capacity change from 0 to 1
[  141.652243][ T6732] Dev loop4: unable to read RDB block 1
[  141.675958][ T6732]  loop4: unable to read partition table
[  141.702521][ T6732] loop4: partition table beyond EOD, truncated
[  141.732262][ T6732] loop_reread_partitions: partition scan of loop4 (�被x�^>��� ) failed (rc=-5)
[  141.783577][ T6747] input: syz0 as /devices/virtual/input/input11
[  141.987386][ T6754] /dev/rnullb0: Can't open blockdev
[  142.306650][ T6761] netlink: 24 bytes leftover after parsing attributes in process `syz.3.267'.
[  142.352232][ T5915] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  142.419866][ T6765] netlink: 'syz.0.268': attribute type 10 has an invalid length.
[  142.525978][ T5915] usb 3-1: Using ep0 maxpacket: 16
[  142.539656][ T5915] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.575220][ T5915] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  142.601948][ T6765] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  142.609511][ T5915] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  142.629978][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  142.652926][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.681791][ T5915] usb 3-1: Product: syz
[  142.701511][ T5915] usb 3-1: Manufacturer: syz
[  142.719839][ T5915] usb 3-1: SerialNumber: syz
[  143.312549][ T6757] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[  143.382476][ T5915] usb 3-1: cannot find UAC_HEADER
[  143.388251][ T5891] usb 5-1: USB disconnect, device number 8
[  143.529161][ T5915] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  143.607758][ T5915] usb 3-1: USB disconnect, device number 15
[  143.707385][ T6079] udevd[6079]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  143.982291][ T6788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.040888][ T6788] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.084291][ T6788] /dev/rnullb0: Can't open blockdev
[  144.122354][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  144.133455][ T5898] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  144.155315][ T5898] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  144.479065][ T6801] /dev/rnullb0: Can't open blockdev
[  144.511044][ T6805] /dev/rnullb0: Can't open blockdev
[  144.749940][ T6810] netlink: 'syz.3.277': attribute type 5 has an invalid length.
[  145.083451][ T5891] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  145.091321][  T981] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  145.272111][ T5891] usb 3-1: Using ep0 maxpacket: 32
[  145.287558][  T981] usb 5-1: Using ep0 maxpacket: 16
[  145.295623][ T5891] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.327938][ T5891] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  145.338252][  T981] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.380146][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  145.413498][ T5891] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  145.432365][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  145.452267][ T5891] usb 3-1: New USB device strings: Mfr=14, Product=2, SerialNumber=3
[  145.460515][ T5891] usb 3-1: Product: syz
[  145.469746][  T981] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  145.493507][ T5891] usb 3-1: Manufacturer: syz
[  145.498173][ T5891] usb 3-1: SerialNumber: syz
[  145.503321][  T981] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  145.589220][  T981] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  145.613202][  T981] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  145.621334][  T981] usb 5-1: Manufacturer: syz
[  145.673842][  T981] usb 5-1: config 0 descriptor??
[  145.734635][ T6814] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  146.282380][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  146.283034][ T5898] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  146.356937][ T6814] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  146.357311][ T5898] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  146.364534][  T981] rc_core: IR keymap rc-hauppauge not found
[  146.364555][  T981] Registered IR keymap rc-empty
[  146.364973][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.437646][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.448275][ T6844] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.478073][ T6844] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.494299][  T981] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  146.524305][ T6844] trusted_key: syz.4.279 sent an empty control message without MSG_MORE.
[  146.562614][  T981] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input13
[  146.595168][ T5891] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  146.602504][ T5891] cdc_ncm 3-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048
[  146.618542][ T5891] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  146.645752][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.692332][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.712259][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.740534][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.773962][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.795001][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.852093][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.867224][ T5891] cdc_ncm 3-1:1.0: setting tx_max = 88
[  146.882379][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.912310][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.928150][ T5891] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  146.962912][  T981] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  146.982436][ T5891] usb 3-1: USB disconnect, device number 16
[  146.999801][  T981] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 0
[  147.019024][ T5891] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  147.052321][ T6315] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  147.080606][  T981] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  147.155531][  T981] usb 5-1: USB disconnect, device number 9
[  147.259561][ T6315] usb 4-1: Using ep0 maxpacket: 16
[  147.284702][ T6315] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  147.327321][ T6315] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  147.356920][ T6315] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  147.385199][ T6315] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  147.427951][ T6315] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  147.479989][ T6315] usb 4-1: config 0 has no interface number 0
[  147.517980][ T6315] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  147.572113][ T6315] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  147.615039][ T6857] /dev/rnullb0: Can't open blockdev
[  147.632068][ T6315] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid maxpacket 65517, setting to 64
[  147.657311][ T6315] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  147.669868][ T6861] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  147.703456][ T6861] overlayfs: conflicting options: userxattr,redirect_dir=on
[  147.712551][ T6315] usb 4-1: config 0 interface 125 has no altsetting 0
[  147.719379][ T6315] usb 4-1: config 0 interface 125 has no altsetting 2
[  147.780079][ T6315] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  147.822085][ T6315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.830865][ T6315] usb 4-1: Product: syz
[  147.858548][ T6315] usb 4-1: Manufacturer: syz
[  147.870995][ T6315] usb 4-1: SerialNumber: syz
[  147.895286][ T6315] usb 4-1: config 0 descriptor??
[  147.937687][ T6315] usb 4-1: selecting invalid altsetting 2
[  148.156161][ T6849] /dev/rnullb0: Can't open blockdev
[  148.164818][    C1] usb 4-1: async_complete: urb error -71
[  148.170668][    C1] usb 4-1: async_complete: urb error -71
[  148.176432][    C1] usb 4-1: async_complete: urb error -71
[  148.182200][    C1] usb 4-1: async_complete: urb error -71
[  148.189057][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.230996][ T6315] get_1284_register: usb error -71
[  148.252192][ T6315] uss720 4-1:0.125: probe with driver uss720 failed with error -71
[  148.321083][ T6315] usb 4-1: USB disconnect, device number 13
[  148.443876][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  148.444915][ T5898] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  148.540852][ T5898] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  148.701528][ T6882] loop7: detected capacity change from 0 to 7
[  148.745409][ T6884] /dev/rnullb0: Can't open blockdev
[  148.799124][    C0] blk_print_req_error: 24 callbacks suppressed
[  148.799146][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  148.817385][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.826737][    C1] buffer_io_error: 23 callbacks suppressed
[  148.826756][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  148.848057][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.857325][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  148.882066][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.891333][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  148.909189][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.918423][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  148.928921][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.938658][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  148.988970][ T6894] /dev/rnullb0: Can't open blockdev
[  149.527647][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  149.562574][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  149.571788][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  149.579766][    C0] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  149.588942][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  149.596898][    C0] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  149.606066][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  149.614014][    C0] Buffer I/O error on dev loop7, logical block 3, async page read
[  149.621932][    C0] Buffer I/O error on dev loop7, logical block 4, async page read
[  149.758467][ T6905] ptm ptm5: ldisc open failed (-12), clearing slot 5
[  150.033528][ T6921] /dev/rnullb0: Can't open blockdev
[  150.321225][ T6924] /dev/rnullb0: Can't open blockdev
[  150.635006][ T6940] /dev/rnullb0: Can't open blockdev
[  150.682449][ T5898] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  150.685299][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  150.688966][ T5898] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  151.975230][ T6964] can0: slcan on ttynull.
[  152.009832][ T6964] /dev/rnullb0: Can't open blockdev
[  152.217476][ T6962] can0 (unregistered): slcan off ttynull.
[  152.263082][ T6973] /dev/rnullb0: Can't open blockdev
[  152.503893][ T6984] /dev/rnullb0: Can't open blockdev
[  152.550866][ T6985] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  153.189944][ T7001] FAULT_INJECTION: forcing a failure.
[  153.189944][ T7001] name failslab, interval 1, probability 0, space 0, times 0
[  153.260578][ T7001] CPU: 0 UID: 0 PID: 7001 Comm: syz.4.325 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  153.260607][ T7001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  153.260618][ T7001] Call Trace:
[  153.260626][ T7001]  <TASK>
[  153.260634][ T7001]  dump_stack_lvl+0x189/0x250
[  153.260667][ T7001]  ? __pfx____ratelimit+0x10/0x10
[  153.260696][ T7001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.260723][ T7001]  ? __pfx__printk+0x10/0x10
[  153.260758][ T7001]  ? __pfx___might_resched+0x10/0x10
[  153.260782][ T7001]  ? fs_reclaim_acquire+0x7d/0x100
[  153.260812][ T7001]  should_fail_ex+0x414/0x560
[  153.260843][ T7001]  should_failslab+0xa8/0x100
[  153.260867][ T7001]  __kmalloc_noprof+0xcb/0x4f0
[  153.260886][ T7001]  ? kfree+0x4d/0x440
[  153.260902][ T7001]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  153.260927][ T7001]  tomoyo_realpath_from_path+0xe3/0x5d0
[  153.260945][ T7001]  ? tomoyo_domain+0xd9/0x130
[  153.260970][ T7001]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  153.260994][ T7001]  tomoyo_path_number_perm+0x1e8/0x5a0
[  153.261022][ T7001]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  153.261065][ T7001]  ? __lock_acquire+0xab9/0xd20
[  153.261108][ T7001]  ? __fget_files+0x2a/0x420
[  153.261138][ T7001]  ? __fget_files+0x2a/0x420
[  153.261161][ T7001]  ? __fget_files+0x3a0/0x420
[  153.261183][ T7001]  ? __fget_files+0x2a/0x420
[  153.261224][ T7001]  security_file_ioctl+0xcb/0x2d0
[  153.261249][ T7001]  __se_sys_ioctl+0x47/0x170
[  153.261273][ T7001]  do_syscall_64+0xfa/0x3b0
[  153.261298][ T7001]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.261322][ T7001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.261340][ T7001]  ? clear_bhb_loop+0x60/0xb0
[  153.261362][ T7001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.261379][ T7001] RIP: 0033:0x7fd8d0b8e9a9
[  153.261397][ T7001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.261411][ T7001] RSP: 002b:00007fd8d1a32038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  153.261431][ T7001] RAX: ffffffffffffffda RBX: 00007fd8d0db5fa0 RCX: 00007fd8d0b8e9a9
[  153.261444][ T7001] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  153.261456][ T7001] RBP: 00007fd8d1a32090 R08: 0000000000000000 R09: 0000000000000000
[  153.261466][ T7001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.261476][ T7001] R13: 0000000000000000 R14: 00007fd8d0db5fa0 R15: 00007ffce2004188
[  153.261508][ T7001]  </TASK>
[  153.261517][ T7001] ERROR: Out of memory at tomoyo_realpath_from_path.
[  153.412151][ T6315] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  153.651306][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  153.675620][ T5898] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  153.681763][ T5898] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  153.757369][ T6315] usb 4-1: unable to get BOS descriptor or descriptor too short
[  153.777727][ T6315] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  153.821573][ T6315] usb 4-1: config 1 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  153.849071][ T6315] usb 4-1: config 1 interface 0 has no altsetting 0
[  153.871664][ T6315] usb 4-1: string descriptor 0 read error: -22
[  153.879562][ T6315] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  153.900124][ T6315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.954631][ T6315] usb 4-1: bad CDC descriptors
[  154.011528][ T7012] /dev/rnullb0: Can't open blockdev
[  154.096893][ T7015] /dev/rnullb0: Can't open blockdev
[  154.184437][ T7003] ALSA: mixer_oss: invalid OSS volume ''
[  154.191270][ T7003] /dev/rnullb0: Can't open blockdev
[  154.199518][ T6315] usb 4-1: USB disconnect, device number 14
[  154.288898][ T7020] /dev/rnullb0: Can't open blockdev
[  154.819228][ T7039] /dev/rnullb0: Can't open blockdev
[  154.906193][ T7036] /dev/sg0: Can't lookup blockdev
[  154.959503][ T7041] FAULT_INJECTION: forcing a failure.
[  154.959503][ T7041] name failslab, interval 1, probability 0, space 0, times 0
[  155.002687][ T7041] CPU: 0 UID: 0 PID: 7041 Comm: syz.3.337 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  155.002715][ T7041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  155.002727][ T7041] Call Trace:
[  155.002735][ T7041]  <TASK>
[  155.002743][ T7041]  dump_stack_lvl+0x189/0x250
[  155.002775][ T7041]  ? __pfx____ratelimit+0x10/0x10
[  155.002802][ T7041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.002828][ T7041]  ? __pfx__printk+0x10/0x10
[  155.002869][ T7041]  ? __pfx___might_resched+0x10/0x10
[  155.002892][ T7041]  ? fs_reclaim_acquire+0x7d/0x100
[  155.002920][ T7041]  should_fail_ex+0x414/0x560
[  155.002949][ T7041]  should_failslab+0xa8/0x100
[  155.002972][ T7041]  __kmalloc_noprof+0xcb/0x4f0
[  155.002992][ T7041]  ? tomoyo_encode+0x28b/0x550
[  155.003015][ T7041]  tomoyo_encode+0x28b/0x550
[  155.003038][ T7041]  tomoyo_realpath_from_path+0x58d/0x5d0
[  155.003059][ T7041]  ? tomoyo_domain+0xd9/0x130
[  155.003084][ T7041]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  155.003106][ T7041]  tomoyo_path_number_perm+0x1e8/0x5a0
[  155.003133][ T7041]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  155.003176][ T7041]  ? __lock_acquire+0xab9/0xd20
[  155.003221][ T7041]  ? __fget_files+0x2a/0x420
[  155.003251][ T7041]  ? __fget_files+0x2a/0x420
[  155.003275][ T7041]  ? __fget_files+0x3a0/0x420
[  155.003299][ T7041]  ? __fget_files+0x2a/0x420
[  155.003330][ T7041]  security_file_ioctl+0xcb/0x2d0
[  155.003356][ T7041]  __se_sys_ioctl+0x47/0x170
[  155.003380][ T7041]  do_syscall_64+0xfa/0x3b0
[  155.003404][ T7041]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.003428][ T7041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.003447][ T7041]  ? clear_bhb_loop+0x60/0xb0
[  155.003469][ T7041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.003487][ T7041] RIP: 0033:0x7efcbab8e9a9
[  155.003503][ T7041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.003518][ T7041] RSP: 002b:00007efcb89f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.003538][ T7041] RAX: ffffffffffffffda RBX: 00007efcbadb5fa0 RCX: 00007efcbab8e9a9
[  155.003551][ T7041] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  155.003561][ T7041] RBP: 00007efcb89f6090 R08: 0000000000000000 R09: 0000000000000000
[  155.003573][ T7041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.003583][ T7041] R13: 0000000000000000 R14: 00007efcbadb5fa0 R15: 00007ffc29e01e78
[  155.003614][ T7041]  </TASK>
[  155.003637][ T7041] ERROR: Out of memory at tomoyo_realpath_from_path.
[  155.466070][ T7050] /dev/rnullb0: Can't open blockdev
[  155.562537][   T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  155.732133][   T10] usb 3-1: device descriptor read/64, error -71
[  155.920160][ T7058] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  155.998698][ T7064] loop6: detected capacity change from 0 to 524287999
[  156.012159][   T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  156.154676][   T10] usb 3-1: device descriptor read/64, error -71
[  156.284082][   T10] usb usb3-port1: attempt power cycle
[  156.346080][ T7068] /dev/nullb0: Can't open blockdev
[  156.642258][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  156.689951][   T10] usb 3-1: device descriptor read/8, error -71
[  156.932530][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  156.997839][   T10] usb 3-1: device descriptor read/8, error -71
[  157.132811][   T10] usb usb3-port1: unable to enumerate USB device
[  157.171617][ T7078] FAULT_INJECTION: forcing a failure.
[  157.171617][ T7078] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  157.189479][ T7078] CPU: 0 UID: 0 PID: 7078 Comm: syz.3.348 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  157.189508][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  157.189519][ T7078] Call Trace:
[  157.189527][ T7078]  <TASK>
[  157.189536][ T7078]  dump_stack_lvl+0x189/0x250
[  157.189568][ T7078]  ? __pfx____ratelimit+0x10/0x10
[  157.189595][ T7078]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.189622][ T7078]  ? __pfx__printk+0x10/0x10
[  157.189649][ T7078]  ? __might_fault+0xb0/0x130
[  157.189684][ T7078]  should_fail_ex+0x414/0x560
[  157.189716][ T7078]  _copy_from_user+0x2d/0xb0
[  157.189738][ T7078]  kvm_arch_vcpu_ioctl+0x638/0x2a80
[  157.189770][ T7078]  ? __lock_acquire+0xab9/0xd20
[  157.189790][ T7078]  ? kvm_arch_vcpu_ioctl+0x5f8/0x2a80
[  157.189815][ T7078]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  157.189841][ T7078]  ? __lock_acquire+0xab9/0xd20
[  157.189886][ T7078]  ? is_bpf_text_address+0x26/0x2b0
[  157.189915][ T7078]  ? is_bpf_text_address+0x292/0x2b0
[  157.189937][ T7078]  ? is_bpf_text_address+0x26/0x2b0
[  157.189962][ T7078]  ? kernel_text_address+0xa5/0xe0
[  157.189983][ T7078]  ? __kernel_text_address+0xd/0x40
[  157.190000][ T7078]  ? unwind_get_return_address+0x4d/0x90
[  157.190024][ T7078]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  157.190052][ T7078]  ? arch_stack_walk+0xfc/0x150
[  157.190100][ T7078]  ? stack_depot_save_flags+0x40/0x900
[  157.190146][ T7078]  ? __lock_acquire+0xab9/0xd20
[  157.190177][ T7078]  ? __mutex_trylock_common+0x153/0x260
[  157.190206][ T7078]  ? __pfx___mutex_trylock_common+0x10/0x10
[  157.190238][ T7078]  ? rcu_is_watching+0x15/0xb0
[  157.190263][ T7078]  ? trace_contention_end+0x39/0x120
[  157.190289][ T7078]  ? __mutex_lock+0x335/0x1360
[  157.190324][ T7078]  ? kasan_quarantine_put+0xdd/0x220
[  157.190348][ T7078]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  157.190380][ T7078]  ? __pfx___mutex_lock+0x10/0x10
[  157.190408][ T7078]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  157.190439][ T7078]  ? do_vfs_ioctl+0xbe8/0x1430
[  157.190466][ T7078]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  157.190493][ T7078]  kvm_vcpu_ioctl+0x74d/0xe90
[  157.190525][ T7078]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  157.190548][ T7078]  ? __lock_acquire+0xab9/0xd20
[  157.190593][ T7078]  ? __fget_files+0x2a/0x420
[  157.190624][ T7078]  ? __fget_files+0x2a/0x420
[  157.190649][ T7078]  ? __fget_files+0x3a0/0x420
[  157.190674][ T7078]  ? __fget_files+0x2a/0x420
[  157.190706][ T7078]  ? bpf_lsm_file_ioctl+0x9/0x20
[  157.190727][ T7078]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  157.190781][ T7078]  __se_sys_ioctl+0xf9/0x170
[  157.190808][ T7078]  do_syscall_64+0xfa/0x3b0
[  157.190834][ T7078]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.190859][ T7078]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.190877][ T7078]  ? clear_bhb_loop+0x60/0xb0
[  157.190900][ T7078]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.190917][ T7078] RIP: 0033:0x7efcbab8e9a9
[  157.190935][ T7078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.190950][ T7078] RSP: 002b:00007efcb89f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  157.190971][ T7078] RAX: ffffffffffffffda RBX: 00007efcbadb5fa0 RCX: 00007efcbab8e9a9
[  157.190985][ T7078] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  157.190997][ T7078] RBP: 00007efcb89f6090 R08: 0000000000000000 R09: 0000000000000000
[  157.191008][ T7078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.191019][ T7078] R13: 0000000000000000 R14: 00007efcbadb5fa0 R15: 00007ffc29e01e78
[  157.191052][ T7078]  </TASK>
[  157.585032][ T7080] Malformed UNC in devname
[  157.585032][ T7080] 
[  157.636612][ T7080] CIFS: VFS: Malformed UNC in devname
[  158.039268][ T7086] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  158.041637][ T7085] /dev/rnullb0: Can't open blockdev
[  158.114293][ T7088] netlink: 12 bytes leftover after parsing attributes in process `syz.3.352'.
[  158.150111][ T7087] /dev/rnullb0: Can't open blockdev
[  158.360687][ T7098] /dev/rnullb0: Can't open blockdev
[  158.383503][ T7100] ./cgroup: Can't lookup blockdev
[  158.619321][ T7105] /dev/rnullb0: Can't open blockdev
[  159.075577][ T7117] NILFS (loop2): device size too small
[  159.293703][ T7119] netlink: 40 bytes leftover after parsing attributes in process `syz.4.363'.
[  159.347094][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.4.363'.
[  159.347140][ T7119] openvswitch: netlink: Flow key attr not present in new flow.
[  159.617851][ T7128] syzkaller1: entered promiscuous mode
[  159.630938][ T7128] syzkaller1: entered allmulticast mode
[  159.643265][ T6315] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  159.658967][ T7128] /dev/rnullb0: Can't open blockdev
[  159.711730][ T7130] /dev/rnullb0: Can't open blockdev
[  159.809259][ T7137] Bluetooth: MGMT ver 1.23
[  159.822216][ T6315] usb 3-1: Using ep0 maxpacket: 32
[  159.836762][ T6315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11
[  159.867108][ T6315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50609, setting to 1024
[  159.906306][ T6315] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  159.915936][ T6315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.953691][ T6315] usb 3-1: config 0 descriptor??
[  159.969956][ T7124] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  159.999512][ T6315] hub 3-1:0.0: USB hub found
[  160.082144][   T10] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  160.222243][ T6315] hub 3-1:0.0: 8 ports detected
[  160.241758][ T6315] hub 3-1:0.0: insufficient power available to use all downstream ports
[  160.303905][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  160.328669][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  160.353939][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  160.378725][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  160.402478][   T10] usb 4-1: SerialNumber: syz
[  160.414430][   T10] usb 4-1: bad CDC descriptors
[  160.422770][ T7148] FAULT_INJECTION: forcing a failure.
[  160.422770][ T7148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.430377][   T10] usb-storage 4-1:1.0: USB Mass Storage device detected
[  160.460897][ T7148] CPU: 1 UID: 0 PID: 7148 Comm: syz.0.373 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  160.460930][ T7148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  160.460948][ T7148] Call Trace:
[  160.460956][ T7148]  <TASK>
[  160.460964][ T7148]  dump_stack_lvl+0x189/0x250
[  160.460995][ T7148]  ? __pfx____ratelimit+0x10/0x10
[  160.461023][ T7148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.461049][ T7148]  ? __pfx__printk+0x10/0x10
[  160.461074][ T7148]  ? __might_fault+0xb0/0x130
[  160.461108][ T7148]  should_fail_ex+0x414/0x560
[  160.461138][ T7148]  _copy_from_user+0x2d/0xb0
[  160.461159][ T7148]  memdup_user+0x5e/0xd0
[  160.461186][ T7148]  kvm_arch_vcpu_ioctl+0x1a78/0x2a80
[  160.461211][ T7148]  ? __lock_acquire+0xab9/0xd20
[  160.461231][ T7148]  ? kvm_arch_vcpu_ioctl+0x5f8/0x2a80
[  160.461254][ T7148]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  160.461281][ T7148]  ? __lock_acquire+0xab9/0xd20
[  160.461325][ T7148]  ? is_bpf_text_address+0x26/0x2b0
[  160.461354][ T7148]  ? is_bpf_text_address+0x292/0x2b0
[  160.461374][ T7148]  ? is_bpf_text_address+0x26/0x2b0
[  160.461401][ T7148]  ? kernel_text_address+0xa5/0xe0
[  160.461419][ T7148]  ? __kernel_text_address+0xd/0x40
[  160.461436][ T7148]  ? unwind_get_return_address+0x4d/0x90
[  160.461459][ T7148]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  160.461485][ T7148]  ? arch_stack_walk+0xfc/0x150
[  160.461531][ T7148]  ? stack_depot_save_flags+0x40/0x900
[  160.461577][ T7148]  ? __lock_acquire+0xab9/0xd20
[  160.461607][ T7148]  ? __mutex_trylock_common+0x153/0x260
[  160.461635][ T7148]  ? __pfx___mutex_trylock_common+0x10/0x10
[  160.461665][ T7148]  ? rcu_is_watching+0x15/0xb0
[  160.461689][ T7148]  ? trace_contention_end+0x39/0x120
[  160.461713][ T7148]  ? __mutex_lock+0x335/0x1360
[  160.461746][ T7148]  ? kasan_quarantine_put+0xdd/0x220
[  160.461769][ T7148]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  160.461799][ T7148]  ? __pfx___mutex_lock+0x10/0x10
[  160.461828][ T7148]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  160.461857][ T7148]  ? do_vfs_ioctl+0xbe8/0x1430
[  160.461883][ T7148]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  160.461909][ T7148]  kvm_vcpu_ioctl+0x74d/0xe90
[  160.461950][ T7148]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  160.461973][ T7148]  ? __lock_acquire+0xab9/0xd20
[  160.462014][ T7148]  ? __fget_files+0x2a/0x420
[  160.462043][ T7148]  ? __fget_files+0x2a/0x420
[  160.462068][ T7148]  ? __fget_files+0x3a0/0x420
[  160.462093][ T7148]  ? __fget_files+0x2a/0x420
[  160.462123][ T7148]  ? bpf_lsm_file_ioctl+0x9/0x20
[  160.462143][ T7148]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  160.462170][ T7148]  __se_sys_ioctl+0xf9/0x170
[  160.462197][ T7148]  do_syscall_64+0xfa/0x3b0
[  160.462222][ T7148]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.462247][ T7148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.462263][ T7148]  ? clear_bhb_loop+0x60/0xb0
[  160.462285][ T7148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.462302][ T7148] RIP: 0033:0x7f4de038e9a9
[  160.462319][ T7148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.462334][ T7148] RSP: 002b:00007f4de11cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  160.462355][ T7148] RAX: ffffffffffffffda RBX: 00007f4de05b6080 RCX: 00007f4de038e9a9
[  160.462368][ T7148] RDX: 00002000000000c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  160.462380][ T7148] RBP: 00007f4de11cc090 R08: 0000000000000000 R09: 0000000000000000
[  160.462391][ T7148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.462401][ T7148] R13: 0000000000000000 R14: 00007f4de05b6080 R15: 00007fffc76c8398
[  160.462431][ T7148]  </TASK>
[  160.827842][   T10] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  160.878618][   T10] scsi host1: usb-storage 4-1:1.0
[  161.088361][ T7123] netlink: 12702 bytes leftover after parsing attributes in process `syz.2.364'.
[  161.105372][ T7154] warning: `syz.0.374' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  161.131555][ T7154] /dev/rnullb0: Can't open blockdev
[  161.266552][ T6315] usb 3-1: USB disconnect, device number 21
[  161.382466][ T5891] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  161.556429][ T5891] usb 5-1: not running at top speed; connect to a high speed hub
[  161.578256][ T5891] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  161.617547][ T7164] vivid-000: disconnect
[  161.619506][ T5891] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  161.642297][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.650350][ T5891] usb 5-1: Product: syz
[  161.655046][ T5891] usb 5-1: Manufacturer: syz
[  161.659665][ T5891] usb 5-1: SerialNumber: syz
[  161.674287][ T7143] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22
[  161.690099][ T7165] netlink: 168 bytes leftover after parsing attributes in process `syz.0.377'.
[  161.869653][ T7167] /dev/rnullb0: Can't open blockdev
[  162.048055][ T7169] /dev/rnullb0: Can't open blockdev
[  162.175565][  T984] usb 4-1: USB disconnect, device number 15
[  162.279527][ T7174] /dev/rnullb0: Can't open blockdev
[  162.437420][ T7163] vivid-000: reconnect
[  162.570012][ T7179] /dev/rnullb0: Can't open blockdev
[  162.748444][ T7181] FAULT_INJECTION: forcing a failure.
[  162.748444][ T7181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.764675][  T984] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  162.778880][ T7181] CPU: 1 UID: 0 PID: 7181 Comm: syz.0.383 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  162.778912][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  162.778923][ T7181] Call Trace:
[  162.778931][ T7181]  <TASK>
[  162.778939][ T7181]  dump_stack_lvl+0x189/0x250
[  162.778971][ T7181]  ? __pfx____ratelimit+0x10/0x10
[  162.779065][ T7181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.779094][ T7181]  ? __pfx__printk+0x10/0x10
[  162.779133][ T7181]  should_fail_ex+0x414/0x560
[  162.779161][ T7181]  _copy_to_user+0x31/0xb0
[  162.779184][ T7181]  simple_read_from_buffer+0xe1/0x170
[  162.779217][ T7181]  proc_fail_nth_read+0x1b3/0x220
[  162.779240][ T7181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  162.779265][ T7181]  ? rw_verify_area+0x2a6/0x4d0
[  162.779287][ T7181]  ? __lock_acquire+0xab9/0xd20
[  162.779305][ T7181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  162.779326][ T7181]  vfs_read+0x1fd/0x980
[  162.779350][ T7181]  ? fdget_pos+0x247/0x320
[  162.779369][ T7181]  ? __pfx___mutex_lock+0x10/0x10
[  162.779396][ T7181]  ? __pfx_vfs_read+0x10/0x10
[  162.779422][ T7181]  ? __fget_files+0x2a/0x420
[  162.779453][ T7181]  ? __fget_files+0x3a0/0x420
[  162.779478][ T7181]  ? __fget_files+0x2a/0x420
[  162.779513][ T7181]  ksys_read+0x145/0x250
[  162.779540][ T7181]  ? __pfx_ksys_read+0x10/0x10
[  162.779561][ T7181]  ? rcu_is_watching+0x15/0xb0
[  162.779592][ T7181]  ? do_syscall_64+0xbe/0x3b0
[  162.779625][ T7181]  do_syscall_64+0xfa/0x3b0
[  162.779653][ T7181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.779670][ T7181]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  162.779689][ T7181]  ? clear_bhb_loop+0x60/0xb0
[  162.779714][ T7181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.779732][ T7181] RIP: 0033:0x7f4de038d3bc
[  162.779751][ T7181] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  162.779786][ T7181] RSP: 002b:00007f4de11ed030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  162.779808][ T7181] RAX: ffffffffffffffda RBX: 00007f4de05b5fa0 RCX: 00007f4de038d3bc
[  162.779821][ T7181] RDX: 000000000000000f RSI: 00007f4de11ed0a0 RDI: 0000000000000006
[  162.779832][ T7181] RBP: 00007f4de11ed090 R08: 0000000000000000 R09: 0000000000000000
[  162.779842][ T7181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.779852][ T7181] R13: 0000000000000000 R14: 00007f4de05b5fa0 R15: 00007fffc76c8398
[  162.779882][ T7181]  </TASK>
[  163.048696][ T7183] /dev/rnullb0: Can't open blockdev
[  163.222265][  T984] usb 3-1: device descriptor read/64, error -71
[  163.472381][  T984] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  163.503931][ T5891] cdc_ncm 5-1:1.0: bind() failure
[  163.529144][ T5891] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  163.562298][ T5891] cdc_ncm 5-1:1.1: bind() failure
[  163.592465][ T5891] usb 5-1: USB disconnect, device number 10
[  163.662253][  T984] usb 3-1: device descriptor read/64, error -71
[  163.678856][ T7193] netlink: 'syz.3.387': attribute type 29 has an invalid length.
[  163.707391][ T7193] netlink: 'syz.3.387': attribute type 29 has an invalid length.
[  163.732783][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.387'.
[  163.792577][  T984] usb usb3-port1: attempt power cycle
[  163.795228][ T7198] input: syz0 as /devices/virtual/input/input14
[  163.867162][ T7198] sp0: Synchronizing with TNC
[  163.946076][ T7198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.960697][ T7198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.013271][  T981] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  164.132318][  T984] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  164.162160][  T981] usb 4-1: Using ep0 maxpacket: 32
[  164.164389][  T984] usb 3-1: device descriptor read/8, error -71
[  164.180097][  T981] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  164.188857][  T981] usb 4-1: config 0 has no interface number 0
[  164.198150][  T981] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  164.208050][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.219711][  T981] usb 4-1: Product: syz
[  164.224288][  T981] usb 4-1: Manufacturer: syz
[  164.229097][  T981] usb 4-1: SerialNumber: syz
[  164.249003][  T981] usb 4-1: config 0 descriptor??
[  164.261429][   T30] audit: type=1326 audit(1753697220.543:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.285183][  T981] smsc95xx v2.0.0
[  164.289838][   T30] audit: type=1326 audit(1753697220.543:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.312440][   T30] audit: type=1326 audit(1753697220.543:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.337418][   T30] audit: type=1326 audit(1753697220.543:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.379004][   T30] audit: type=1326 audit(1753697220.543:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.405578][   T30] audit: type=1326 audit(1753697220.543:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.428434][   T30] audit: type=1326 audit(1753697220.543:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.432323][  T984] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  164.473191][  T981] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  164.508117][  T981] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  164.517731][   T30] audit: type=1326 audit(1753697220.543:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.585882][  T984] usb 3-1: device descriptor read/8, error -71
[  164.592637][   T30] audit: type=1326 audit(1753697220.543:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.620669][   T30] audit: type=1326 audit(1753697220.543:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7189 comm="syz.4.386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  164.705987][  T984] usb usb3-port1: unable to enumerate USB device
[  164.753975][ T7203] kAFS: No cell specified
[  164.872874][  T981] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[  164.922587][  T981] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  165.012344][  T981] usb 4-1: USB disconnect, device number 16
[  165.147047][ T7217] /dev/rnullb0: Can't open blockdev
[  165.485477][ T7229] /dev/rnullb0: Can't open blockdev
[  165.698812][ T7233] /dev/rnullb0: Can't open blockdev
[  165.732953][ T7238] /dev/rnullb0: Can't open blockdev
[  166.017622][ T7254] /dev/rnullb0: Can't open blockdev
[  166.346526][ T7259] fuse: Bad value for 'fd'
[  166.351376][ T7259] fuse: Bad value for 'fd'
[  166.463236][ T7264] ./cgroup: Can't lookup blockdev
[  166.947109][ T7280] pim6reg: entered allmulticast mode
[  167.092690][  T981] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  167.272680][  T981] usb 3-1: Using ep0 maxpacket: 8
[  167.287384][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.318949][  T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  167.352199][  T981] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[  167.385270][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.411065][  T981] usb 3-1: config 0 descriptor??
[  167.453363][ T7293] /dev/rnullb0: Can't open blockdev
[  167.722823][ T5891] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  167.779415][ T7279] pim6reg: left allmulticast mode
[  167.831592][ T7276] netlink: 32 bytes leftover after parsing attributes in process `syz.2.411'.
[  167.848090][  T981] usbhid 3-1:0.0: can't add hid device: -71
[  167.872575][  T981] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  167.897076][  T981] usb 3-1: USB disconnect, device number 26
[  167.938743][ T5891] usb 4-1: Using ep0 maxpacket: 16
[  167.963553][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  168.002826][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  168.054774][ T5891] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  168.080152][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.122599][ T5891] usb 4-1: Product: syz
[  168.126831][ T5891] usb 4-1: Manufacturer: syz
[  168.131453][ T5891] usb 4-1: SerialNumber: syz
[  168.233233][ T5891] usb 4-1: config 0 descriptor??
[  168.276273][ T5891] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  168.312107][ T5891] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  168.658905][ T7313] netlink: 16 bytes leftover after parsing attributes in process `syz.2.421'.
[  168.713824][ T7292] tmpfs: Unknown parameter 'usrquota]'
[  169.087573][ T7320] netlink: 'syz.4.422': attribute type 6 has an invalid length.
[  169.130247][ T7320] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.422'.
[  169.352192][ T5898] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  169.543721][ T5891] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  169.572146][ T5891] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  169.603774][ T5891] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  169.630004][ T5891] em28xx 4-1:0.0: No AC97 audio processor
[  169.753697][ T7337] /dev/rnullb0: Can't open blockdev
[  170.259553][ T5891] usb 4-1: USB disconnect, device number 17
[  170.261313][ T5891] em28xx 4-1:0.0: Disconnecting em28xx
[  170.278060][ T5891] em28xx 4-1:0.0: Freeing device
[  170.308565][ T7347] netlink: 204 bytes leftover after parsing attributes in process `syz.2.430'.
[  170.347596][ T7348] /dev/rnullb0: Can't open blockdev
[  170.666301][ T7354] netlink: 'syz.2.434': attribute type 6 has an invalid length.
[  170.792298][   T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  170.972332][   T10] usb 4-1: Using ep0 maxpacket: 8
[  170.980885][   T10] usb 4-1: config 51 has an invalid interface number: 123 but max is 0
[  170.999670][   T10] usb 4-1: config 51 has an invalid descriptor of length 0, skipping remainder of the config
[  171.033382][   T10] usb 4-1: config 51 has no interface number 0
[  171.043368][   T10] usb 4-1: config 51 interface 123 has no altsetting 0
[  171.068386][   T10] usb 4-1: New USB device found, idVendor=04dd, idProduct=8006, bcdDevice=64.81
[  171.079005][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.121814][   T10] usb 4-1: Product: syz
[  171.131598][   T10] usb 4-1: Manufacturer: syz
[  171.149888][   T10] usb 4-1: SerialNumber: syz
[  171.461902][   T10] usb 4-1: unsupported MDLM descriptors
[  171.517518][   T10] usb 4-1: USB disconnect, device number 18
[  171.572123][  T981] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  171.650537][ T7379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  171.749916][ T7379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  171.762110][  T981] usb 5-1: Using ep0 maxpacket: 16
[  171.787705][  T981] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  171.792667][ T7379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  171.819978][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  171.834732][ T7382] /dev/rnullb0: Can't open blockdev
[  171.890069][  T981] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  171.909603][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.932052][  T981] usb 5-1: Product: syz
[  171.936294][  T981] usb 5-1: Manufacturer: syz
[  171.951391][  T981] usb 5-1: SerialNumber: syz
[  171.966974][  T981] usb 5-1: config 0 descriptor??
[  171.994239][  T981] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  172.022336][  T981] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  172.139578][ T7387] /dev/rnullb0: Can't open blockdev
[  172.414212][   T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  172.605363][   T10] usb 4-1: Using ep0 maxpacket: 32
[  172.619164][  T981] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  172.628124][   T10] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  172.640397][  T981] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  172.664399][   T10] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  172.704007][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  172.713525][   T10] usb 4-1: config 1 has no interface number 0
[  172.719674][   T10] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  172.777355][   T10] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  172.844509][   T10] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  172.873122][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.893466][ T7391] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  172.954523][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  173.138311][ T7395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.172864][ T7395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.299461][  T981] em28xx 5-1:0.0: Unknown AC97 audio processor detected!
[  173.335446][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  173.550783][   T10] usb 4-1: USB disconnect, device number 19
[  173.564247][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  174.473590][ T7406] /dev/rnullb0: Can't open blockdev
[  174.500401][ T7406] /dev/rnullb0: Can't open blockdev
[  174.553414][ T7406] /dev/rnullb0: Can't open blockdev
[  174.559835][ T7406] /dev/rnullb0: Can't open blockdev
[  174.596346][ T7406] /dev/rnullb0: Can't open blockdev
[  174.642433][ T7406] /dev/rnullb0: Can't open blockdev
[  174.650861][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  174.650880][   T30] audit: type=1326 audit(1753697230.933:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7410 comm="syz.2.452" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f988c38e9a9 code=0x0
[  174.679188][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.680367][ T7406] /dev/rnullb0: Can't open blockdev
[  174.703879][ T7406] /dev/rnullb0: Can't open blockdev
[  174.734736][ T7406] /dev/rnullb0: Can't open blockdev
[  174.774436][  T981] em28xx 5-1:0.0: couldn't setup AC97 register 4
[  174.782431][ T7406] /dev/rnullb0: Can't open blockdev
[  174.788613][ T7406] /dev/rnullb0: Can't open blockdev
[  174.803611][ T7406] /dev/rnullb0: Can't open blockdev
[  174.804383][  T981] em28xx 5-1:0.0: couldn't setup AC97 register 6
[  174.810170][ T7406] /dev/rnullb0: Can't open blockdev
[  174.853777][  T981] em28xx 5-1:0.0: couldn't setup AC97 register 54
[  174.866883][  T981] em28xx 5-1:0.0: couldn't setup AC97 register 56
[  174.873501][ T7406] /dev/rnullb0: Can't open blockdev
[  174.874325][ T7406] /dev/rnullb0: Can't open blockdev
[  174.923523][ T7406] /dev/rnullb0: Can't open blockdev
[  174.942440][ T7406] /dev/rnullb0: Can't open blockdev
[  174.957320][ T7406] /dev/rnullb0: Can't open blockdev
[  174.996469][ T7406] /dev/rnullb0: Can't open blockdev
[  175.013921][ T7406] /dev/rnullb0: Can't open blockdev
[  175.030334][ T7406] /dev/rnullb0: Can't open blockdev
[  175.032407][ T7418] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.454'.
[  175.040955][ T7406] /dev/rnullb0: Can't open blockdev
[  175.118621][ T6315] usb 5-1: USB disconnect, device number 11
[  175.133843][ T7406] /dev/rnullb0: Can't open blockdev
[  175.164566][ T7406] /dev/rnullb0: Can't open blockdev
[  175.171452][ T7406] /dev/rnullb0: Can't open blockdev
[  175.221796][ T7406] /dev/rnullb0: Can't open blockdev
[  175.612154][ T6315] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  175.762140][ T6315] usb 5-1: device descriptor read/64, error -71
[  175.943474][ T7436] netlink: 256 bytes leftover after parsing attributes in process `syz.2.459'.
[  175.975627][ T7439] /dev/rnullb0: Can't open blockdev
[  176.013893][ T7438] /dev/rnullb0: Can't open blockdev
[  176.032127][ T6315] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  176.182205][ T6315] usb 5-1: device descriptor read/64, error -71
[  176.337044][ T6315] usb usb5-port1: attempt power cycle
[  176.419382][   T36] Bluetooth: hci5: Frame reassembly failed (-84)
[  176.692225][  T981] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  176.712188][ T6315] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  176.754337][ T6315] usb 5-1: device descriptor read/8, error -71
[  176.836275][  T981] usb 4-1: device descriptor read/64, error -71
[  176.965661][ T7454] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.465'.
[  176.992296][ T6315] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  177.023446][ T6315] usb 5-1: device descriptor read/8, error -71
[  177.092105][  T981] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  177.132571][ T6315] usb usb5-port1: unable to enumerate USB device
[  177.232111][  T981] usb 4-1: device descriptor read/64, error -71
[  177.352321][  T981] usb usb4-port1: attempt power cycle
[  177.619940][ T7462] /dev/rnullb0: Can't open blockdev
[  177.692902][  T981] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  177.732866][  T981] usb 4-1: device descriptor read/8, error -71
[  177.982186][  T981] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  178.017136][  T981] usb 4-1: device descriptor read/8, error -71
[  178.138214][ T7472] /dev/rnullb0: Can't open blockdev
[  178.142657][  T981] usb usb4-port1: unable to enumerate USB device
[  178.151945][ T7472] fuse: blksize only supported for fuseblk
[  178.211640][ T7474] QAT: Device 253 not found
[  178.407506][ T7480] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.474'.
[  178.447087][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  178.453649][ T5851] Bluetooth: hci5: command 0x1003 tx timeout
[  178.825470][ T7496] /dev/rnullb0: Can't open blockdev
[  178.855930][ T7496] netlink: 'syz.4.479': attribute type 16 has an invalid length.
[  179.148873][ T7491] binder: 7490:7491 ioctl c0306201 0 returned -14
[  179.335082][ T7520] program syz.0.481 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  179.525220][ T7524] netlink: 48 bytes leftover after parsing attributes in process `syz.0.483'.
[  179.564084][ T7524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.589155][ T7524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.608244][ T7525] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.484'.
[  179.696872][ T7528] /dev/rnullb0: Can't open blockdev
[  179.703889][ T7524] overlayfs: conflicting options: userxattr,redirect_dir=on
[  179.759887][ T7524] /dev/rnullb0: Can't open blockdev
[  180.084053][ T7536] /dev/rnullb0: Can't open blockdev
[  180.318120][ T7538] /dev/rnullb0: Can't open blockdev
[  180.664600][ T7552] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  181.087962][ T7558] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.496'.
[  181.185308][ T7554] netlink: 20 bytes leftover after parsing attributes in process `syz.0.494'.
[  181.452279][ T5891] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  181.542351][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  181.638500][ T5891] usb 5-1: device descriptor read/64, error -71
[  181.644744][ T7574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.664272][ T7574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.795078][ T7577] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  181.812139][   T10] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  181.820238][ T7577] /dev/rnullb0: Can't open blockdev
[  181.859957][ T7579] blk_print_req_error: 32 callbacks suppressed
[  181.859980][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.892249][ T5891] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  181.904870][ T7579] buffer_io_error: 30 callbacks suppressed
[  181.904893][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  181.942811][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.982101][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  181.984019][   T10] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  181.999112][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.001311][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.024737][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.040883][   T10] usb 4-1: config 0 has no interface number 0
[  182.048055][ T5891] usb 5-1: device descriptor read/64, error -71
[  182.059201][   T10] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  182.071349][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.090682][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.100257][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.105542][   T10] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x2 has invalid maxpacket 524, setting to 64
[  182.115939][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.130560][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.146254][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.157477][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.167599][   T10] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  182.171144][ T5891] usb usb5-port1: attempt power cycle
[  182.193167][   T10] usb 4-1: config 0 interface 52 has no altsetting 0
[  182.204351][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.210723][   T10] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  182.216240][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.231920][   T10] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  182.250451][   T10] usb 4-1: Manufacturer: syz
[  182.260700][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.271024][ T7579] ldm_validate_partition_table(): Disk read failed.
[  182.272813][   T10] usb 4-1: config 0 descriptor??
[  182.301517][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.332907][   T10] hub 4-1:0.52: bad descriptor, ignoring hub
[  182.339106][   T10] hub 4-1:0.52: probe with driver hub failed with error -5
[  182.350484][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.361949][ T7579] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.379534][ T7579] Buffer I/O error on dev nbd0, logical block 0, async page read
[  182.392845][ T7579] Dev nbd0: unable to read RDB block 0
[  182.399702][ T7579]  nbd0: unable to read partition table
[  182.411441][ T7589] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.425036][ T7579] gfs2: error -5 reading superblock
[  182.552195][ T5891] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  182.595434][ T5891] usb 5-1: device descriptor read/8, error -71
[  182.659268][ T7591] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.506'.
[  182.682536][   T51] Bluetooth: hci0: command tx timeout
[  182.773418][ T7570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.803048][ T7570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.829283][ T7570] IPVS: set_ctl: invalid protocol: 58 255.255.255.255:20003
[  182.852549][ T5891] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  182.871041][ T7570] syz.3.499: attempt to access beyond end of device
[  182.871041][ T7570] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  182.912767][ T5891] usb 5-1: device descriptor read/8, error -71
[  183.026767][ T5891] usb usb5-port1: unable to enumerate USB device
[  183.112642][   T24] usb 4-1: USB disconnect, device number 24
[  183.300957][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'.
[  183.313984][ T7606] /dev/rnullb0: Can't open blockdev
[  183.332801][ T7604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  183.352908][ T7604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  183.373964][ T7604] /dev/rnullb0: Can't open blockdev
[  183.662317][ T5891] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  183.738327][ T7616] tipc: Started in network mode
[  183.744519][ T7616] tipc: Node identity 32391519621c, cluster identity 4711
[  183.756877][ T7616] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  183.837260][ T7616] syzkaller0: entered promiscuous mode
[  183.842141][ T5891] usb 3-1: Using ep0 maxpacket: 8
[  183.843786][ T7616] syzkaller0: entered allmulticast mode
[  183.849706][ T5891] usb 3-1: config index 0 descriptor too short (expected 19730, got 18)
[  183.857629][ T7616] tipc: Resetting bearer <eth:syzkaller0>
[  183.867924][ T5891] usb 3-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  183.882660][ T5891] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 54
[  183.905637][ T5891] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  183.914950][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.962188][ T5891] usb 3-1: Product: syz
[  183.976634][ T5891] usb 3-1: Manufacturer: syz
[  183.981291][ T5891] usb 3-1: SerialNumber: syz
[  184.004229][ T5891] usb 3-1: config 0 descriptor??
[  184.371022][   T24] usb 3-1: USB disconnect, device number 28
[  184.551380][ T7625] /dev/rnullb0: Can't open blockdev
[  184.594291][ T7615] tipc: Resetting bearer <eth:syzkaller0>
[  184.906617][ T5891] tipc: Node number set to 1344607513
[  185.087631][ T7633] /dev/rnullb0: Can't open blockdev
[  185.184561][ T7639] /dev/rnullb0: Can't open blockdev
[  185.364915][   T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  185.547202][   T10] usb 3-1: Using ep0 maxpacket: 16
[  185.566925][   T10] usb 3-1: config 0 has too many interfaces: 249, using maximum allowed: 32
[  185.583595][   T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 249
[  185.597042][   T10] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  185.607063][   T10] usb 3-1: config 0 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  185.628356][   T10] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  185.641673][   T10] usb 3-1: config 0 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  185.665193][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  185.671933][   T10] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  185.685413][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.716927][   T10] usb 3-1: config 0 descriptor??
[  185.732254][   T10] ums-sddr09 3-1:0.0: USB Mass Storage device detected
[  185.802996][   T10] ums-sddr09 3-1:0.0: probe with driver ums-sddr09 failed with error -22
[  186.015160][ T7637] RDS: rds_bind could not find a transport for fe80::3e, load rds_tcp or rds_rdma?
[  186.039912][ T7637] ./file0: Can't lookup blockdev
[  186.072770][   T10] usb 3-1: USB disconnect, device number 29
[  188.758115][ T7615] tipc: Disabling bearer <eth:syzkaller0>
[  189.085207][ T7658] /dev/rnullb0: Can't open blockdev
[  189.159101][ T7666] /dev/rnullb0: Can't open blockdev
[  189.187660][ T7666] /dev/rnullb0: Can't open blockdev
[  189.612126][ T5891] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  189.681944][ T7682] /dev/rnullb0: Can't open blockdev
[  189.772146][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  189.783876][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.812146][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.832076][ T5891] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  189.841795][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.874179][ T5891] usb 5-1: config 0 descriptor??
[  189.902542][ T5891] hub 5-1:0.0: USB hub found
[  190.084370][ T5891] hub 5-1:0.0: 1 port detected
[  190.107351][ T7687] /dev/rnullb0: Can't open blockdev
[  190.498388][ T5891] usb 5-1: USB disconnect, device number 20
[  190.618546][ T7692] /dev/rnullb0: Can't open blockdev
[  190.646329][ T7694] /dev/rnullb0: Can't open blockdev
[  190.678241][ T7694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.698503][ T7694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.147777][ T7707] netlink: 76 bytes leftover after parsing attributes in process `syz.4.542'.
[  191.762386][ T7725] netlink: 8 bytes leftover after parsing attributes in process `syz.3.545'.
[  191.784332][ T7725] /dev/rnullb0: Can't open blockdev
[  192.057747][ T7735] netlink: 57 bytes leftover after parsing attributes in process `syz.3.549'.
[  192.650955][ T7753] /dev/rnullb0: Can't open blockdev
[  192.765617][ T7755] /dev/rnullb0: Can't open blockdev
[  192.834155][ T7760] /dev/rnullb0: Can't open blockdev
[  192.972095][ T7762] netlink: 'syz.4.557': attribute type 1 has an invalid length.
[  193.082734][   T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  193.223809][   T24] usb 4-1: device descriptor read/64, error -71
[  193.487151][   T24] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  193.652265][   T24] usb 4-1: device descriptor read/64, error -71
[  193.793061][   T24] usb usb4-port1: attempt power cycle
[  194.172115][   T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  194.226227][   T24] usb 4-1: device descriptor read/8, error -71
[  194.238119][ T7778] sctp: [Deprecated]: syz.0.563 (pid 7778) Use of int in max_burst socket option.
[  194.238119][ T7778] Use struct sctp_assoc_value instead
[  194.308607][ T7778] /dev/rnullb0: Can't open blockdev
[  194.502139][   T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  194.532892][   T24] usb 4-1: device descriptor read/8, error -71
[  194.541583][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  194.548118][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  194.654454][   T24] usb usb4-port1: unable to enumerate USB device
[  194.699249][ T7793] syzkaller1: entered promiscuous mode
[  194.712166][ T7793] syzkaller1: entered allmulticast mode
[  194.734778][ T7793] /dev/rnullb0: Can't open blockdev
[  196.326765][ T7819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.349618][ T7819] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.435806][ T5898] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  196.483339][ T7825] sctp: [Deprecated]: syz.4.578 (pid 7825) Use of struct sctp_assoc_value in delayed_ack socket option.
[  196.483339][ T7825] Use struct sctp_sack_info instead
[  196.522508][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  196.541304][ T7825] sctp: [Deprecated]: syz.4.578 (pid 7825) Use of int in max_burst socket option deprecated.
[  196.541304][ T7825] Use struct sctp_assoc_value instead
[  196.613145][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  196.622649][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  196.631313][ T5898] usb 4-1: config 0 has no interfaces?
[  196.651158][ T5898] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  196.689292][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.713999][ T5898] usb 4-1: Product: syz
[  196.721532][ T5898] usb 4-1: Manufacturer: syz
[  196.738785][ T5898] usb 4-1: SerialNumber: syz
[  196.758404][ T5898] usb 4-1: config 0 descriptor??
[  196.989148][ T7817] netlink: 'syz.3.575': attribute type 21 has an invalid length.
[  197.130552][  T981] usb 4-1: USB disconnect, device number 29
[  197.431147][ T7844] netlink: 5 bytes leftover after parsing attributes in process `syz.0.584'.
[  197.502895][ T7844] netlink: 8 bytes leftover after parsing attributes in process `syz.0.584'.
[  197.581483][ T7849] /dev/rnullb0: Can't open blockdev
[  197.692156][ T5898] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  197.779743][ T7854] ALSA: mixer_oss: invalid OSS volume ''
[  197.805650][ T7854] /dev/rnullb0: Can't open blockdev
[  197.892218][ T5898] usb 5-1: Using ep0 maxpacket: 16
[  197.918016][ T5898] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  197.949556][ T5898] usb 5-1: config 0 has no interface number 0
[  197.978873][ T5898] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  198.012293][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.020430][ T5898] usb 5-1: Product: syz
[  198.032515][ T5898] usb 5-1: Manufacturer: syz
[  198.037191][ T5898] usb 5-1: SerialNumber: syz
[  198.056785][ T5898] usb 5-1: config 0 descriptor??
[  198.084171][ T5898] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  198.192149][   T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  198.333148][ T7868] /dev/rnullb0: Can't open blockdev
[  198.371550][ T7869] /dev/rnullb0: Can't open blockdev
[  198.382111][   T24] usb 4-1: Using ep0 maxpacket: 16
[  198.396663][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  198.425275][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  198.504551][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  198.532139][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.540197][   T24] usb 4-1: Product: syz
[  198.573402][   T24] usb 4-1: Manufacturer: syz
[  198.578164][   T24] usb 4-1: SerialNumber: syz
[  198.604890][   T24] usb 4-1: config 0 descriptor??
[  198.625919][   T24] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  198.652107][   T24] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  198.726924][ T7874] /dev/rnullb0: Can't open blockdev
[  198.735883][ T7875] /dev/rnullb0: Can't open blockdev
[  199.220902][   T24] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  199.240375][   T24] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  199.344498][ T7880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.353653][ T7880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  199.471906][ T7881] overlayfs: failed to resolve './file1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[  200.282710][ T5898] gspca_spca1528: reg_w err -110
[  200.287795][ T5898] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  200.922744][   T24] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  200.933629][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  200.960598][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  200.999518][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  201.031145][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  201.059821][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  202.522218][ T7859] /dev/rnullb0: Can't open blockdev
[  202.532819][ T7879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  202.625580][  T984] usb 4-1: USB disconnect, device number 30
[  202.723608][ T5898] usb 5-1: USB disconnect, device number 21
[  202.811126][ T7894] /dev/rnullb0: Can't open blockdev
[  203.142216][  T984] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  203.314650][  T984] usb 4-1: New USB device found, idVendor=041e, idProduct=400c, bcdDevice=af.98
[  203.328549][  T984] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.369821][  T984] usb 4-1: config 0 descriptor??
[  203.406505][  T984] pwc: Creative Labs Webcam 5 detected.
[  203.611307][  T984] pwc: Failed to set LED on/off time (-71)
[  203.627274][  T984] pwc: send_video_command error -71
[  203.638164][  T984] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  203.664382][  T984] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  203.704830][  T984] usb 4-1: USB disconnect, device number 31
[  204.357817][ T7905] /dev/rnullb0: Can't open blockdev
[  204.772128][ T5898] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  204.792139][   T24] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  204.851609][ T7925] /dev/rnullb0: Can't open blockdev
[  204.973591][ T5898] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  204.986071][   T24] usb 3-1: Using ep0 maxpacket: 32
[  204.994094][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  204.999966][ T5898] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  205.032676][ T5898] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  205.053015][ T5898] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  205.054314][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  205.100284][ T5898] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  205.134389][ T5898] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  205.142222][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  205.163342][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  205.181946][ T5898] usb 4-1: Product: syz
[  205.186468][ T5898] usb 4-1: Manufacturer: syz
[  205.197082][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  205.224202][ T5898] cdc_wdm 4-1:1.0: skipping garbage
[  205.228642][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  205.239696][ T5898] cdc_wdm 4-1:1.0: skipping garbage
[  205.261551][ T5898] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  205.273024][   T24] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  205.279205][ T5898] cdc_wdm 4-1:1.0: Unknown control protocol
[  205.289956][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.319080][   T24] usb 3-1: Product: syz
[  205.339369][   T24] usb 3-1: Manufacturer: syz
[  205.368135][   T24] usb 3-1: SerialNumber: syz
[  205.393960][   T24] usb 3-1: config 0 descriptor??
[  205.841197][ T7946] /dev/rnullb0: Can't open blockdev
[  206.149116][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.169723][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.190487][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.213727][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.234544][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.247207][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.265494][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.280762][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.297726][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.312370][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.317323][ T7953] Bluetooth: MGMT ver 1.23
[  206.326966][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.339572][ T7953] /dev/rnullb0: Can't open blockdev
[  206.340356][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.357588][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.372477][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.387082][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.402709][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.415929][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.430892][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.450056][   T24] iforce 3-1:0.0: usb_submit_urb failed: -71
[  206.467738][   T24] input input16: Timeout waiting for response from device.
[  206.507326][   T24] usb 3-1: USB disconnect, device number 30
[  206.525626][   T30] audit: type=1326 audit(1753697518.807:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7936 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8d0b8e9a9 code=0x7fc00000
[  206.552283][ T7955] /dev/rnullb0: Can't open blockdev
[  207.127114][ T7962] /dev/rnullb0: Can't open blockdev
[  207.362715][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  207.500325][ T7968] /dev/rnullb0: Can't open blockdev
[  207.518816][   T24] usb 4-1: USB disconnect, device number 32
[  207.532261][   T10] usb 5-1: device descriptor read/64, error -71
[  207.717116][    C1] blk_print_req_error: 7 callbacks suppressed
[  207.717139][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  207.748662][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.757896][    C0] buffer_io_error: 6 callbacks suppressed
[  207.757913][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  207.772492][    C0] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.781742][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  207.789721][    C0] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.798937][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  207.806947][    C0] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.816321][    C0] Buffer I/O error on dev loop7, logical block 3, async page read
[  207.824363][    C0] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.833543][    C0] Buffer I/O error on dev loop7, logical block 4, async page read
[  207.841451][    C0] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.850659][    C0] Buffer I/O error on dev loop7, logical block 5, async page read
[  207.858592][    C0] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.867859][    C0] Buffer I/O error on dev loop7, logical block 6, async page read
[  207.876998][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  207.902057][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.911300][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  207.940842][    C0] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  207.950112][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  207.958131][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  208.082977][   T10] usb 5-1: device descriptor read/64, error -71
[  208.192535][   T10] usb usb5-port1: attempt power cycle
[  208.259830][ T7981] /dev/rnullb0: Can't open blockdev
[  208.752114][ T5891] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  208.886492][ T6308] raw-gadget.2 gadget.0: failed to queue disconnect event
[  208.910958][ T5891] usb 4-1: device descriptor read/64, error -71
[  209.147475][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.172207][ T5891] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  209.333501][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.344088][ T5891] usb 4-1: device descriptor read/64, error -71
[  209.453168][ T5891] usb usb4-port1: attempt power cycle
[  209.507950][ T8006] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  209.534849][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.534997][ T8006] UDF-fs: Scanning with blocksize 512 failed
[  209.573148][ T8006] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  209.599830][ T8006] UDF-fs: Scanning with blocksize 1024 failed
[  209.632687][ T8006] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  209.649607][ T8006] UDF-fs: Scanning with blocksize 2048 failed
[  209.682831][ T8006] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  209.734050][ T8006] UDF-fs: Scanning with blocksize 4096 failed
[  209.761447][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.842133][ T5891] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  209.862996][ T5891] usb 4-1: device descriptor read/8, error -71
[  210.122187][ T5891] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  210.164543][ T5891] usb 4-1: device descriptor read/8, error -71
[  210.234012][   T36] bridge_slave_1: left allmulticast mode
[  210.239934][   T36] bridge_slave_1: left promiscuous mode
[  210.277807][ T5891] usb usb4-port1: unable to enumerate USB device
[  210.286177][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.966864][   T36] bridge_slave_0: left allmulticast mode
[  211.009509][   T36] bridge_slave_0: left promiscuous mode
[  211.016494][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  211.029424][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  211.043258][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  211.059632][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.070876][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  211.086143][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  211.141654][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  211.155719][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  211.165531][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  211.182619][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  211.191833][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  212.012159][ T6315] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  212.243274][ T6315] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 213
[  212.262031][ T6315] usb 5-1: config 0 has an invalid descriptor of length 163, skipping remainder of the config
[  212.309015][ T6315] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  212.372163][ T6315] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  212.387164][ T6315] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.405465][ T6315] usb 5-1: Product: syz
[  212.409688][ T6315] usb 5-1: Manufacturer: syz
[  212.428582][ T6315] usb 5-1: SerialNumber: syz
[  212.452208][ T6315] usb 5-1: config 0 descriptor??
[  212.464580][ T6315] usb-storage 5-1:0.0: USB Mass Storage device detected
[  212.510700][ T6315] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  212.669579][ T8022] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  212.688929][ T8022] UDF-fs: Scanning with blocksize 4096 failed
[  212.711836][  T981] usb 5-1: USB disconnect, device number 25
[  212.802673][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.832435][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.887423][   T36] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  212.913698][   T36] bond0 (unregistering): Released all slaves
[  212.966325][ T8038] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  212.980642][ T8038] UDF-fs: Scanning with blocksize 4096 failed
[  213.242580][ T5851] Bluetooth: hci0: command tx timeout
[  213.660918][ T8052] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  213.687041][ T8052] UDF-fs: Scanning with blocksize 4096 failed
[  213.732275][ T5898] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  214.064491][ T5898] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  214.073326][ T5898] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.105609][ T5898] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  214.115103][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.123494][ T5898] usb 3-1: Product: syz
[  214.127689][ T5898] usb 3-1: Manufacturer: syz
[  214.132375][ T5898] usb 3-1: SerialNumber: syz
[  214.154146][ T5898] usb 3-1: config 0 descriptor??
[  214.164024][ T5898] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  214.170406][ T5898] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  214.237990][   T36] hsr_slave_0: left promiscuous mode
[  214.265919][   T36] hsr_slave_1: left promiscuous mode
[  214.292873][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  214.332236][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  214.364030][ T8050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.381151][ T8050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  214.390716][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  214.398942][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  214.428915][  T984] usb 3-1: USB disconnect, device number 31
[  214.569658][   T36] veth1_macvtap: left promiscuous mode
[  214.613614][   T36] veth0_macvtap: left promiscuous mode
[  214.619441][   T36] veth1_vlan: left promiscuous mode
[  214.650270][   T36] veth0_vlan: left promiscuous mode
[  215.324153][ T5851] Bluetooth: hci0: command tx timeout
[  215.486765][ T8084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.655'.
[  215.883423][  T984] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  216.094371][  T984] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.112274][  T984] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  216.133856][  T984] usb 5-1: config 0 interface 0 has no altsetting 0
[  216.154572][  T984] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  216.172185][  T984] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.207333][  T984] usb 5-1: config 0 descriptor??
[  216.406355][   T36] team0 (unregistering): Port device team_slave_1 removed
[  216.484528][   T36] team0 (unregistering): Port device team_slave_0 removed
[  217.036427][ T8085] fuse: Unknown parameter '��0x0000000000000008'
[  217.323051][  T984] usbhid 5-1:0.0: can't add hid device: -71
[  217.329127][  T984] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  217.381710][  T984] usb 5-1: USB disconnect, device number 26
[  217.403066][ T5851] Bluetooth: hci0: command tx timeout
[  217.552570][ T8017] chnl_net:caif_netlink_parms(): no params data found
[  217.922156][  T981] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  218.044561][ T8017] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.051755][ T8017] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.102906][ T8017] bridge_slave_0: entered allmulticast mode
[  218.104688][  T981] usb 4-1: Using ep0 maxpacket: 32
[  218.110825][ T8017] bridge_slave_0: entered promiscuous mode
[  218.126906][  T981] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  218.139931][  T981] usb 4-1: config 0 has no interface number 0
[  218.183055][ T8017] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.196028][ T8017] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.205139][  T981] usb 4-1: config 0 interface 184 has no altsetting 0
[  218.211184][  T981] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  218.236967][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.247548][  T981] usb 4-1: Product: syz
[  218.251810][  T981] usb 4-1: Manufacturer: syz
[  218.261663][  T981] usb 4-1: SerialNumber: syz
[  218.271195][  T981] usb 4-1: config 0 descriptor??
[  218.281056][  T981] smsc75xx v1.0.0
[  218.286533][ T8017] bridge_slave_1: entered allmulticast mode
[  218.295860][ T8017] bridge_slave_1: entered promiscuous mode
[  218.585988][ T8017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.641631][ T8017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.693515][  T981] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  218.724618][  T981] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  218.752526][  T981] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  218.786774][  T981] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  218.820478][ T8017] team0: Port device team_slave_0 added
[  218.856698][ T8017] team0: Port device team_slave_1 added
[  219.024582][ T8017] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.048696][ T8017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.179267][ T8136] hpfs: Bad magic ... probably not HPFS
[  219.181233][ T8017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.251209][ T8017] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.268590][ T8017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.323716][ T8017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.482152][ T5851] Bluetooth: hci0: command tx timeout
[  219.539967][ T8017] hsr_slave_0: entered promiscuous mode
[  219.549005][ T8017] hsr_slave_1: entered promiscuous mode
[  219.555729][ T8017] debugfs: 'hsr0' already exists in 'hsr'
[  219.563293][ T8017] Cannot create hsr debugfs directory
[  220.017637][ T8150] NILFS (rnullb0): couldn't find nilfs on the device
[  220.386087][ T8017] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  220.403007][  T984] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  220.429710][ T8017] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  220.432110][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  220.463861][ T8017] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  220.498933][ T8017] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  220.577958][  T984] usb 3-1: Using ep0 maxpacket: 16
[  220.589112][  T984] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00
[  220.605767][  T984] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.614309][   T10] usb 5-1: Using ep0 maxpacket: 8
[  220.635195][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  220.659780][   T10] usb 5-1: config 7 has an invalid interface number: 6 but max is 0
[  220.672767][  T984] usb 3-1: config 0 descriptor??
[  220.685643][   T10] usb 5-1: config 7 has no interface number 0
[  220.698608][  T984] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  220.717789][   T10] usb 5-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[  220.736710][  T984] usb 3-1: Detected FT4232H
[  220.751923][   T10] usb 5-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  220.779882][   T10] usb 5-1: config 7 interface 6 has no altsetting 0
[  220.796433][   T10] usb 5-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[  220.811304][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.838248][   T10] usb 5-1: Product: syz
[  220.853827][ T8017] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.860814][   T10] usb 5-1: Manufacturer: syz
[  220.867567][   T10] usb 5-1: SerialNumber: syz
[  220.954945][ T8017] 8021q: adding VLAN 0 to HW filter on device team0
[  221.003343][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.010568][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.048929][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.056209][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.129671][ T8157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.156029][  T984] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  221.164697][ T8157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.190133][  T984] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  221.212956][   T10] option 5-1:7.6: GSM modem (1-port) converter detected
[  221.241579][  T984] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  221.260438][   T10] usb 5-1: USB disconnect, device number 27
[  221.278345][  T984] usb 3-1: USB disconnect, device number 32
[  221.314924][ T5915] usb 4-1: USB disconnect, device number 37
[  221.340010][   T10] option 5-1:7.6: device disconnected
[  221.354724][  T984] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  221.401690][  T984] ftdi_sio 3-1:0.0: device disconnected
[  221.816305][ T8181] fuse: root generation should be zero
[  221.834016][ T8179] Bluetooth: MGMT ver 1.23
[  222.149405][ T8017] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.590107][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.824158][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.995069][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.206102][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.218682][ T8211] autofs: Bad value for 'fd'
[  223.356145][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  223.519057][ T8017] veth0_vlan: entered promiscuous mode
[  223.552500][   T10] usb 5-1: Using ep0 maxpacket: 32
[  223.581279][   T10] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  223.613057][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.621119][   T10] usb 5-1: Product: syz
[  223.672456][   T10] usb 5-1: Manufacturer: syz
[  223.679507][ T8017] veth1_vlan: entered promiscuous mode
[  223.691912][   T10] usb 5-1: SerialNumber: syz
[  223.715682][   T10] usb 5-1: config 0 descriptor??
[  223.740564][   T49] bridge_slave_1: left allmulticast mode
[  223.753133][   T49] bridge_slave_1: left promiscuous mode
[  223.764439][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.764801][   T10] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  223.817070][   T49] bridge_slave_0: left allmulticast mode
[  223.837447][   T49] bridge_slave_0: left promiscuous mode
[  223.849020][ T8215] Mount JFS Failure: -22
[  223.852646][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.936854][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  223.950377][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  223.959840][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  223.994441][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  224.007053][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  224.094244][ T8221] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  224.101859][ T8221] VFS: Can't find a romfs filesystem on dev rnullb0.
[  224.101859][ T8221] 
[  224.535106][ T8208] ptrace attach of "./syz-executor exec"[6190] was attempted by "��ԓ�7�E\x09Ż    ������P�                                      �          �\x0c      �\x0c       \x0d      @\x0d      �\x0d      �\x0d             @      �      �             @      �      �                                                                          �   �dn��K���V��A��1i���4qĿ��5VaD�[���x�ii�q.\x22+T�\x07�
@Ȱ�g�I�J�B�`#֠�׎���@�������OYl������d�� G�$&+[�]}��ۮט�,�/70��0� ��H:�B�lm�k�C�cQυ{�]F��sե\x1b�-/%=c8#��U��;�qq �\x07y��B�`ɏ:;�Dj��<s� � 3�q�/Jhڝ�yjg*��\x22��\x0c
Z�(��IBGI��2�;��+P�#���N��2rC���i��b����Pq1��R�eX:R\x09R�Rv�����`���wE��,>��D��?M�kg��#^؝�mP\x1bu�
E�7B��A$
��o��K�rW!4�sX'��d������\x07WA�A��I�@��X��\x0b�r��QH��/sF�-�\x0b�\x0b<���\x07���w�H?)�\x0d���Z~&��`Ȥ���'��.�hf�1)l�z���{k� �'�"[8208]
[  224.886635][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  224.887365][ T8208] netlink: 24 bytes leftover after parsing attributes in process `syz.4.675'.
[  224.929257][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  224.940337][   T49] bond0 (unregistering): Released all slaves
[  225.117645][ T8017] veth0_macvtap: entered promiscuous mode
[  225.220295][ T8017] veth1_macvtap: entered promiscuous mode
[  225.401118][ T8231] hfs: can't find a HFS filesystem on dev rnullb0
[  225.533941][ T8017] batman_adv: batadv0: Interface activated: batadv_slave_0
[  225.632766][   T49] hsr_slave_0: left promiscuous mode
[  225.645020][   T49] hsr_slave_1: left promiscuous mode
[  225.662338][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  225.669840][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  225.698380][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  225.710179][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  225.783527][ T8225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.795608][   T49] veth1_macvtap: left promiscuous mode
[  225.801351][   T49] veth0_macvtap: left promiscuous mode
[  225.850151][ T8240] 9pnet_fd: Insufficient options for proto=fd
[  225.857410][   T49] veth1_vlan: left promiscuous mode
[  225.861639][ T8225] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.897783][   T49] veth0_vlan: left promiscuous mode
[  226.038771][   T10] gspca_stk1135: reg_w 0x200 err -110
[  226.051260][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.081726][   T10] gspca_stk1135: Sensor write failed
[  226.102061][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.108474][   T10] gspca_stk1135: Sensor write failed
[  226.140215][   T51] Bluetooth: hci2: command tx timeout
[  226.152771][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.169487][   T10] gspca_stk1135: Sensor read failed
[  226.175177][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.192320][   T10] gspca_stk1135: Sensor read failed
[  226.197589][   T10] gspca_stk1135: Detected sensor type unknown (0x0)
[  226.214258][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.232946][   T10] gspca_stk1135: Sensor read failed
[  226.238230][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.265571][   T10] gspca_stk1135: Sensor read failed
[  226.270951][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.304755][   T10] gspca_stk1135: Sensor write failed
[  226.320418][   T10] gspca_stk1135: serial bus timeout: status=0x00
[  226.331292][   T10] gspca_stk1135: Sensor write failed
[  226.339592][   T10] stk1135 5-1:0.0: probe with driver stk1135 failed with error -110
[  226.371827][   T10] usb 5-1: USB disconnect, device number 28
[  227.303020][ T8259] NILFS (rnullb0): couldn't find nilfs on the device
[  227.329592][ T8259] loop9: detected capacity change from 0 to 7
[  227.348410][ T8259] Dev loop9: unable to read RDB block 7
[  227.358560][ T8259]  loop9: AHDI p1 p2
[  227.364746][ T8259] loop9: partition table partially beyond EOD, truncated
[  227.376598][ T8259] loop9: p1 start 1835360114 is beyond EOD, truncated
[  227.795175][   T49] team0 (unregistering): Port device team_slave_1 removed
[  227.815024][ T5915] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  227.852934][   T49] team0 (unregistering): Port device team_slave_0 removed
[  227.973948][ T5915] usb 4-1: not running at top speed; connect to a high speed hub
[  227.996735][ T5915] usb 4-1: unable to read config index 0 descriptor/start: -61
[  228.016693][ T5915] usb 4-1: can't read configurations, error -61
[  228.172214][ T5915] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  228.212194][   T51] Bluetooth: hci2: command tx timeout
[  228.348056][ T5915] usb 4-1: not running at top speed; connect to a high speed hub
[  228.357971][ T5915] usb 4-1: unable to read config index 0 descriptor/start: -61
[  228.366579][ T5915] usb 4-1: can't read configurations, error -61
[  228.373862][ T5915] usb usb4-port1: attempt power cycle
[  228.584946][ T8017] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.639169][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.732265][ T5915] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[  228.749784][   T59] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.782868][ T5915] usb 4-1: not running at top speed; connect to a high speed hub
[  228.801422][   T59] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.814703][   T59] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.824668][ T5915] usb 4-1: unable to read config index 0 descriptor/start: -61
[  228.840532][ T5915] usb 4-1: can't read configurations, error -61
[  229.003350][ T5915] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  229.074616][ T5915] usb 4-1: not running at top speed; connect to a high speed hub
[  229.138472][ T5915] usb 4-1: unable to read config index 0 descriptor/start: -61
[  229.169716][ T5915] usb 4-1: can't read configurations, error -61
[  229.189206][   T49] IPVS: stop unused estimator thread 0...
[  229.198033][ T5915] usb usb4-port1: unable to enumerate USB device
[  229.265161][ T2977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.267176][ T8216] chnl_net:caif_netlink_parms(): no params data found
[  229.296992][ T2977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.479004][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.502988][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.606139][ T8216] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.643763][ T8216] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.670710][ T8216] bridge_slave_0: entered allmulticast mode
[  229.704348][ T8216] bridge_slave_0: entered promiscuous mode
[  229.724725][ T8216] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.742155][ T8216] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.750395][ T8216] bridge_slave_1: entered allmulticast mode
[  229.761654][ T8216] bridge_slave_1: entered promiscuous mode
[  229.899590][ T8216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.933889][ T8216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  230.033275][ T8288] vxfs: WRONG superblock magic 00000000 at 1
[  230.080488][ T8288] vxfs: WRONG superblock magic 00000000 at 8
[  230.103909][ T8288] vxfs: can't find superblock.
[  230.116814][ T8292] netlink: 1624 bytes leftover after parsing attributes in process `syz.5.637'.
[  230.156351][ T8216] team0: Port device team_slave_0 added
[  230.207476][ T8216] team0: Port device team_slave_1 added
[  230.282294][   T51] Bluetooth: hci2: command tx timeout
[  230.492980][ T8216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  230.499996][ T8216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.600259][ T8216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.650847][ T8216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.763218][ T8216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.877835][ T8216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.012794][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.696'.
[  231.235968][ T8322] netlink: 60 bytes leftover after parsing attributes in process `syz.4.696'.
[  231.285075][ T8216] hsr_slave_0: entered promiscuous mode
[  231.303536][ T8216] hsr_slave_1: entered promiscuous mode
[  231.328921][ T8321] Can't find a SQUASHFS superblock on rnullb0
[  231.335653][ T8216] debugfs: 'hsr0' already exists in 'hsr'
[  231.341444][ T8216] Cannot create hsr debugfs directory
[  231.429403][ T8331] gfs2: not a GFS2 filesystem
[  231.460978][ T8330] netlink: 1624 bytes leftover after parsing attributes in process `syz.5.699'.
[  231.748719][ T8336] /dev/sg0: Can't lookup blockdev
[  232.029822][ T8342] /dev/rnullb0: Can't open blockdev
[  232.272080][   T43] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[  232.372081][   T51] Bluetooth: hci2: command tx timeout
[  232.432111][   T43] usb 4-1: device descriptor read/64, error -71
[  232.612197][    T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  232.682277][   T43] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  232.762437][    T9] usb 5-1: device descriptor read/64, error -71
[  232.832349][   T43] usb 4-1: device descriptor read/64, error -71
[  232.858302][ T8216] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  232.894202][ T8216] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  232.926816][ T8216] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  232.962869][   T43] usb usb4-port1: attempt power cycle
[  232.995392][ T8216] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  233.022189][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  233.171540][    T9] usb 5-1: device descriptor read/64, error -71
[  233.300539][ T8369] netlink: 1624 bytes leftover after parsing attributes in process `syz.5.707'.
[  233.321827][    T9] usb usb5-port1: attempt power cycle
[  233.334467][   T43] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  233.386839][ T8216] 8021q: adding VLAN 0 to HW filter on device bond0
[  233.386869][   T43] usb 4-1: device descriptor read/8, error -71
[  233.467617][ T8216] 8021q: adding VLAN 0 to HW filter on device team0
[  233.528287][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.535822][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.549930][ T8374] program syz.5.708 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  233.580304][ T8375] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  233.594429][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.601721][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.692477][    T9] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  233.698034][   T43] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  233.733816][    T9] usb 5-1: device descriptor read/8, error -71
[  233.770444][   T43] usb 4-1: device descriptor read/8, error -71
[  233.906506][   T43] usb usb4-port1: unable to enumerate USB device
[  233.996549][    T9] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  234.044142][    T9] usb 5-1: device descriptor read/8, error -71
[  234.152506][ T5915] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  234.162809][    T9] usb usb5-port1: unable to enumerate USB device
[  234.279809][ T8216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.329854][ T5915] usb 6-1: config 18 has an invalid interface number: 250 but max is 3
[  234.350315][ T5915] usb 6-1: config 18 has an invalid interface number: 37 but max is 3
[  234.370822][ T5915] usb 6-1: config 18 has an invalid interface number: 223 but max is 3
[  234.390895][ T5915] usb 6-1: config 18 has an invalid interface number: 4 but max is 3
[  234.411653][ T5915] usb 6-1: config 18 has no interface number 0
[  234.429029][ T5915] usb 6-1: config 18 has no interface number 1
[  234.448596][ T5915] usb 6-1: config 18 has no interface number 2
[  234.464246][ T5915] usb 6-1: config 18 has no interface number 3
[  234.482652][ T5915] usb 6-1: config 18 interface 250 altsetting 255 endpoint 0xF has invalid maxpacket 16, setting to 8
[  234.514993][ T5915] usb 6-1: config 18 interface 250 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  234.549203][ T5915] usb 6-1: config 18 interface 250 altsetting 255 endpoint 0xD has invalid maxpacket 1023, setting to 8
[  234.581935][ T5915] usb 6-1: config 18 interface 250 altsetting 255 endpoint 0x3 has invalid maxpacket 16, setting to 8
[  234.603871][ T5915] usb 6-1: config 18 interface 250 altsetting 255 endpoint 0x4 has invalid maxpacket 32, setting to 8
[  234.638668][ T5915] usb 6-1: config 18 interface 250 altsetting 255 endpoint 0x7 has invalid maxpacket 1023, setting to 8
[  234.682160][ T5915] usb 6-1: config 18 interface 250 altsetting 255 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[  234.709192][ T5915] usb 6-1: config 18 interface 37 altsetting 2 endpoint 0xC has invalid maxpacket 16, setting to 8
[  234.741673][ T5915] usb 6-1: config 18 interface 37 altsetting 2 has a duplicate endpoint with address 0xF, skipping
[  234.772048][ T5915] usb 6-1: config 18 interface 37 altsetting 2 has a duplicate endpoint with address 0x4, skipping
[  234.906068][ T5915] usb 6-1: config 18 interface 223 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[  234.927619][ T5915] usb 6-1: config 18 interface 223 altsetting 0 endpoint 0x9 is Bulk; changing to Interrupt
[  234.955876][ T5915] usb 6-1: config 18 interface 223 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  235.010999][ T5915] usb 6-1: config 18 interface 223 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  235.036559][ T5915] usb 6-1: config 18 interface 223 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  235.077780][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has a duplicate endpoint with address 0xF, skipping
[  235.126509][ T5915] usb 6-1: config 18 interface 4 altsetting 5 endpoint 0x2 has invalid maxpacket 32, setting to 8
[  235.160556][ T5915] usb 6-1: config 18 interface 4 altsetting 5 endpoint 0xB has invalid maxpacket 1023, setting to 8
[  235.205417][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has a duplicate endpoint with address 0x9, skipping
[  235.211361][ T8216] veth0_vlan: entered promiscuous mode
[  235.240552][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has a duplicate endpoint with address 0xB, skipping
[  235.272869][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has a duplicate endpoint with address 0x9, skipping
[  235.278864][ T8216] veth1_vlan: entered promiscuous mode
[  235.301489][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has an endpoint descriptor with address 0x26, changing to 0x6
[  235.330370][ T5915] usb 6-1: config 18 interface 4 altsetting 5 endpoint 0x6 has invalid maxpacket 9195, setting to 8
[  235.398768][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has a duplicate endpoint with address 0x7, skipping
[  235.448825][ T5915] usb 6-1: config 18 interface 4 altsetting 5 has 9 endpoint descriptors, different from the interface descriptor's value: 8
[  235.490810][ T8216] veth0_macvtap: entered promiscuous mode
[  235.503374][ T5915] usb 6-1: config 18 interface 250 has no altsetting 0
[  235.510362][ T5915] usb 6-1: config 18 interface 37 has no altsetting 0
[  235.519013][ T5915] usb 6-1: config 18 interface 4 has no altsetting 0
[  235.537044][ T8216] veth1_macvtap: entered promiscuous mode
[  235.580773][ T8216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.629419][ T8216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.714463][   T59] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.754260][   T59] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.795373][   T59] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.824443][   T59] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.102105][ T6315] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  236.113173][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.151866][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.283723][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.300552][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.312749][ T6315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.334710][ T6315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2031, setting to 1024
[  236.369985][ T6315] usb 5-1: New USB device found, idVendor=0c70, idProduct=f012, bcdDevice= 0.00
[  236.396223][ T6315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.594301][ T6315] usb 5-1: config 0 descriptor??
[  236.600115][ T8421] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  236.831117][ T8428] exFAT-fs (rnullb0): invalid boot record signature
[  236.891230][ T8428] exFAT-fs (rnullb0): failed to read boot sector
[  236.903448][ T5915] usb 6-1: New USB device found, idVendor=12d1, idProduct=aea7, bcdDevice= 2.9e
[  236.928699][ T8428] exFAT-fs (rnullb0): failed to recognize exfat type
[  236.942859][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.982139][ T5915] usb 6-1: can't set config #18, error -71
[  237.025039][ T5915] usb 6-1: USB disconnect, device number 2
[  237.068158][ T6315] aquacomputer_d5next 0003:0C70:F012.0004: unknown main item tag 0x0
[  237.157750][ T6315] aquacomputer_d5next 0003:0C70:F012.0004: hidraw0: USB HID v0.00 Device [HID 0c70:f012] on usb-dummy_hcd.4-1/input0
[  237.214786][ T8435] syz.5.716 (8435): /proc/8433/oom_adj is deprecated, please use /proc/8433/oom_score_adj instead.
[  237.267413][ T8421] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.714'.
[  237.452115][ T5915] usb 5-1: USB disconnect, device number 33
[  237.861554][ T8452] XFS (rnullb0): Invalid superblock magic number
[  238.230444][ T8466] /dev/rnullb0: Can't open blockdev
[  238.432073][ T5915] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  238.582594][ T5898] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  238.592120][ T5915] usb 5-1: device descriptor read/64, error -71
[  238.754268][ T5898] usb 4-1: config 2 has an invalid interface number: 145 but max is 3
[  238.772100][ T5898] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  238.802264][ T5898] usb 4-1: config 2 has 2 interfaces, different from the descriptor's value: 4
[  238.811299][ T5898] usb 4-1: config 2 has no interface number 1
[  238.842319][ T5915] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  238.850414][ T5898] usb 4-1: config 2 interface 0 has no altsetting 0
[  238.875307][ T5898] usb 4-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=e7.9e
[  238.887346][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.904116][ T5898] usb 4-1: Product: syz
[  238.906665][ T8480] syz.5.727: attempt to access beyond end of device
[  238.906665][ T8480] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0
[  238.921404][ T5898] usb 4-1: Manufacturer: syz
[  238.921429][ T5898] usb 4-1: SerialNumber: syz
[  238.952303][ T8480] gfs2: error -5 reading superblock
[  238.992239][ T5915] usb 5-1: device descriptor read/64, error -71
[  239.108134][ T5915] usb usb5-port1: attempt power cycle
[  239.174423][ T8468] /dev/rnullb0: Can't open blockdev
[  239.277713][ T5898] gspca_main: sunplus-2.14.0 probing 055f:c630
[  239.315162][ T5898] gspca_sunplus: reg_r err -71
[  239.320090][ T5898] sunplus 4-1:2.0: probe with driver sunplus failed with error -71
[  239.362551][ T5898] usb 4-1: USB disconnect, device number 46
[  239.462085][ T5915] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  239.514165][ T5915] usb 5-1: device descriptor read/8, error -71
[  239.772144][ T5915] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  239.812731][ T5915] usb 5-1: device descriptor read/8, error -71
[  239.893118][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  239.922869][ T5915] usb usb5-port1: unable to enumerate USB device
[  240.064554][   T24] usb 6-1: Using ep0 maxpacket: 16
[  240.091722][   T24] usb 6-1: config 64 has an invalid interface number: 143 but max is 3
[  240.118527][   T24] usb 6-1: config 64 has an invalid interface number: 236 but max is 3
[  240.145682][   T24] usb 6-1: config 64 has an invalid interface number: 123 but max is 3
[  240.167184][   T24] usb 6-1: config 64 has an invalid interface number: 14 but max is 3
[  240.197142][   T24] usb 6-1: config 64 has 5 interfaces, different from the descriptor's value: 4
[  240.223933][   T24] usb 6-1: config 64 has no interface number 0
[  240.230228][   T24] usb 6-1: config 64 has no interface number 1
[  240.251771][   T24] usb 6-1: config 64 has no interface number 3
[  240.275132][   T24] usb 6-1: config 64 has no interface number 4
[  240.301920][   T24] usb 6-1: config 64 interface 143 altsetting 9 has an endpoint descriptor with address 0x25, changing to 0x5
[  240.330898][   T24] usb 6-1: config 64 interface 143 altsetting 9 endpoint 0x5 has an invalid bInterval 247, changing to 7
[  240.362586][   T24] usb 6-1: config 64 interface 143 altsetting 9 endpoint 0x5 has invalid maxpacket 57625, setting to 1024
[  240.407065][ T8510] /dev/rnullb0: Can't open blockdev
[  240.418222][   T24] usb 6-1: config 64 interface 143 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  240.452393][   T24] usb 6-1: config 64 interface 143 altsetting 9 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  240.488838][   T24] usb 6-1: config 64 interface 143 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  240.549275][   T24] usb 6-1: config 64 interface 143 altsetting 9 has 8 endpoint descriptors, different from the interface descriptor's value: 6
[  240.583363][   T24] usb 6-1: config 64 interface 2 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  240.606307][   T24] usb 6-1: config 64 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  240.636400][   T24] usb 6-1: config 64 interface 2 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  240.672067][   T24] usb 6-1: config 64 interface 2 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  240.717849][   T24] usb 6-1: config 64 interface 2 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7
[  240.769943][   T24] usb 6-1: config 64 interface 236 altsetting 10 has a duplicate endpoint with address 0xD, skipping
[  240.807195][   T24] usb 6-1: config 64 interface 236 altsetting 10 has an invalid descriptor for endpoint zero, skipping
[  240.852932][   T24] usb 6-1: config 64 interface 236 altsetting 10 has 3 endpoint descriptors, different from the interface descriptor's value: 6
[  240.887146][   T24] usb 6-1: config 64 interface 123 altsetting 139 has an invalid descriptor for endpoint zero, skipping
[  240.942126][ T5898] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  240.950107][   T24] usb 6-1: config 64 interface 123 altsetting 139 has a duplicate endpoint with address 0xA, skipping
[  240.977836][   T24] usb 6-1: config 64 interface 123 altsetting 139 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  241.030080][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0xD, skipping
[  241.055143][   T24] usb 6-1: config 64 interface 14 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  241.083176][   T24] usb 6-1: config 64 interface 14 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  241.102240][ T5898] usb 7-1: Using ep0 maxpacket: 16
[  241.104653][   T24] usb 6-1: config 64 interface 14 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  241.137142][ T5898] usb 7-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  241.148185][   T24] usb 6-1: config 64 interface 14 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  241.156692][ T5898] usb 7-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3
[  241.172048][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0xA, skipping
[  241.204842][ T5898] usb 7-1: Product: syz
[  241.212126][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0xB, skipping
[  241.232301][ T5898] usb 7-1: Manufacturer: syz
[  241.233427][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0x2, skipping
[  241.260122][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0x4, skipping
[  241.271874][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0xD, skipping
[  241.274767][ T5898] usb 7-1: SerialNumber: syz
[  241.286399][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0x7, skipping
[  241.302559][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0x2, skipping
[  241.334681][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0x8, skipping
[  241.359714][   T24] usb 6-1: config 64 interface 14 altsetting 255 has a duplicate endpoint with address 0xD, skipping
[  241.363517][ T5898] usb 7-1: config 0 descriptor??
[  241.402762][ T5898] ums-onetouch 7-1:0.0: USB Mass Storage device detected
[  241.403188][   T24] usb 6-1: config 64 interface 14 altsetting 255 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  241.442078][   T24] usb 6-1: config 64 interface 143 has no altsetting 0
[  241.462227][   T24] usb 6-1: config 64 interface 236 has no altsetting 0
[  241.469250][   T24] usb 6-1: config 64 interface 123 has no altsetting 0
[  241.473611][ T8527] block nbd3: shutting down sockets
[  241.489644][   T24] usb 6-1: config 64 interface 14 has no altsetting 0
[  241.504770][   T24] usb 6-1: New USB device found, idVendor=1782, idProduct=4d10, bcdDevice=28.77
[  241.543223][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.555376][   T24] usb 6-1: Product: syz
[  241.559610][   T24] usb 6-1: Manufacturer: Н
[  241.582070][   T24] usb 6-1: SerialNumber: syz
[  241.690943][ T8533] ucma_write: process 447 (syz.4.737) changed security contexts after opening file descriptor, this is not allowed.
[  242.124784][ T8540] /dev/rnullb0: Can't open blockdev
[  242.857592][ T8541] support for cryptoloop has been removed.  Use dm-crypt instead.
[  243.043834][   T24] option 6-1:64.143: GSM modem (1-port) converter detected
[  243.128526][   T24] option 6-1:64.2: GSM modem (1-port) converter detected
[  243.205086][   T24] option 6-1:64.236: GSM modem (1-port) converter detected
[  243.278021][   T24] option 6-1:64.123: GSM modem (1-port) converter detected
[  243.334688][   T24] option 6-1:64.14: GSM modem (1-port) converter detected
[  243.422405][   T24] usb 6-1: USB disconnect, device number 3
[  243.496597][   T24] option 6-1:64.143: device disconnected
[  243.558723][   T24] option 6-1:64.2: device disconnected
[  243.609733][   T24] option 6-1:64.236: device disconnected
[  243.676413][   T24] option 6-1:64.123: device disconnected
[  243.724401][   T24] option 6-1:64.14: device disconnected
[  244.340457][   T24] usb 7-1: USB disconnect, device number 2
[  244.720296][ T8590] netlink: 9 bytes leftover after parsing attributes in process `syz.6.750'.
[  244.770409][ T8590] gretap0: entered promiscuous mode
[  244.812304][ T8593] netlink: 5 bytes leftover after parsing attributes in process `syz.6.750'.
[  244.843340][   T24] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  244.892443][ T8593] 0��{X��: renamed from gretap0
[  244.933564][ T8593] 0��{X��: left promiscuous mode
[  244.960397][ T8593] 0��{X��: entered allmulticast mode
[  244.996597][ T8593] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  245.017888][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.050435][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.079341][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  245.093058][   T31] INFO: task syz.1.5:5940 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  245.100475][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  245.153316][   T31]       Blocked by coredump.
[  245.165267][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  245.178335][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  245.228039][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.242452][   T31] task:syz.1.5         state:D stack:25096 pid:5940  tgid:5940  ppid:5850   task_flags:0x40044c flags:0x00004004
[  245.313322][   T24] usb 5-1: config 0 descriptor??
[  245.362123][   T31] Call Trace:
[  245.365521][   T31]  <TASK>
[  245.368508][   T31]  __schedule+0x1737/0x4d30
[  245.402479][ T5898] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  245.418080][   T31]  ? __lock_acquire+0xab9/0xd20
[  245.434292][   T31]  ? schedule+0x165/0x360
[  245.438744][   T31]  ? __lock_acquire+0xab9/0xd20
[  245.476645][   T31]  ? __pfx___schedule+0x10/0x10
[  245.481627][   T31]  ? schedule+0x91/0x360
[  245.526384][   T31]  schedule+0x165/0x360
[  245.530689][   T31]  schedule_preempt_disabled+0x13/0x30
[  245.552047][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  245.557695][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  245.592139][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  245.598315][   T31]  ? exit_mm+0xcc/0x2c0
[  245.614702][   T31]  ? __pfx_mm_release+0x10/0x10
[  245.629233][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.635063][   T31]  down_read+0x98/0x2e0
[  245.639291][   T31]  exit_mm+0xcc/0x2c0
[  245.643983][   T31]  ? __pfx_exit_mm+0x10/0x10
[  245.649015][   T31]  ? rcu_is_watching+0x15/0xb0
[  245.653976][   T31]  do_exit+0x648/0x2300
[  245.658215][   T31]  ? do_raw_spin_lock+0x121/0x290
[  245.663833][   T31]  ? __pfx_do_exit+0x10/0x10
[  245.668572][   T31]  do_group_exit+0x21c/0x2d0
[  245.673744][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.679199][   T31]  get_signal+0x1286/0x1340
[  245.688924][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  245.697595][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  245.711185][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  245.721139][   T31]  exit_to_user_mode_loop+0x75/0x110
[  245.741652][   T31]  do_syscall_64+0x2bd/0x3b0
[  245.746769][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.757326][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.764433][   T31]  ? clear_bhb_loop+0x60/0xb0
[  245.769914][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.782903][   T31] RIP: 0033:0x7fb5a4d8e9e3
[  245.787431][   T31] RSP: 002b:00007ffd567fd6c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  245.806717][   T31] RAX: fffffffffffffffc RBX: 00007fb5a33f76c0 RCX: 00007fb5a4d8e9e3
[  245.833646][   T31] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[  245.841759][   T31] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[  245.855327][   T31] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffd567fd820
[  245.864777][   T31] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  245.877077][   T31]  </TASK>
[  245.880215][   T31] INFO: task syz.1.5:5941 blocked for more than 144 seconds.
[  245.898240][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  245.920520][   T31]       Blocked by coredump.
[  245.941556][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  245.977832][   T31] task:syz.1.5         state:D stack:26024 pid:5941  tgid:5940  ppid:5850   task_flags:0x40054c flags:0x00004004
[  245.999369][   T31] Call Trace:
[  246.002829][   T31]  <TASK>
[  246.005825][   T31]  __schedule+0x1737/0x4d30
[  246.012057][   T31]  ? __lock_acquire+0xab9/0xd20
[  246.016998][   T31]  ? schedule+0x165/0x360
[  246.021469][   T31]  ? __lock_acquire+0xab9/0xd20
[  246.062572][   T31]  ? __pfx___schedule+0x10/0x10
[  246.067790][   T31]  ? schedule+0x91/0x360
[  246.092255][   T31]  schedule+0x165/0x360
[  246.096544][   T31]  schedule_preempt_disabled+0x13/0x30
[  246.116800][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  246.122608][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  246.128393][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  246.163719][   T31]  ? exit_mm+0xcc/0x2c0
[  246.168005][   T31]  ? __pfx_mm_release+0x10/0x10
[  246.182087][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.192046][   T31]  down_read+0x98/0x2e0
[  246.196301][   T31]  exit_mm+0xcc/0x2c0
[  246.200382][   T31]  ? __pfx_exit_mm+0x10/0x10
[  246.239937][   T31]  ? rcu_is_watching+0x15/0xb0
[  246.260017][   T31]  do_exit+0x648/0x2300
[  246.282361][   T31]  ? do_raw_spin_lock+0x21f/0x290
[  246.287526][   T31]  ? __pfx_do_exit+0x10/0x10
[  246.322257][   T31]  do_group_exit+0x21c/0x2d0
[  246.326974][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.342364][   T31]  get_signal+0x1286/0x1340
[  246.347019][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  246.392038][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  246.398337][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  246.442156][   T31]  exit_to_user_mode_loop+0x75/0x110
[  246.447571][   T31]  do_syscall_64+0x2bd/0x3b0
[  246.472013][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.477354][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.512060][   T31]  ? clear_bhb_loop+0x60/0xb0
[  246.516859][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.572041][   T31] RIP: 0033:0x7fb5a4d8e9a9
[  246.576656][   T31] RSP: 002b:00007fb5a5c92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  246.602194][   T31] RAX: fffffffffffffffc RBX: 00007fb5a4fb5fa0 RCX: 00007fb5a4d8e9a9
[  246.610289][   T31] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[  246.642025][   T31] RBP: 00007fb5a4e10d69 R08: 0000000000000000 R09: 0000000000000000
[  246.650873][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  246.682899][   T31] R13: 0000000000000000 R14: 00007fb5a4fb5fa0 R15: 00007ffd567fd728
[  246.691014][   T31]  </TASK>
[  246.733851][   T31] 
[  246.733851][   T31] Showing all locks held in the system:
[  246.788021][   T31] 2 locks held by kworker/u8:0/12:
[  246.818685][   T31] 5 locks held by kworker/1:0/24:
[  246.842044][   T31]  #0: ffff888143ec5d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  246.912087][   T31]  #1: ffffc900001e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  246.962067][   T31]  #2: ffff888028468198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  246.971135][   T31]  #3: ffff88807916c198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  247.062038][   T31]  #4: ffff888027100868 (hcd->bandwidth_mutex){+.+.}-{4:4}, at: usb_set_configuration+0x53e/0x20e0
[  247.112117][   T31] 1 lock held by khungtaskd/31:
[  247.117071][   T31]  #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  247.202059][   T31] 2 locks held by kworker/1:1/43:
[  247.207208][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  247.282044][   T31]  #1: ffffc90000b37bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  247.332038][   T31] 3 locks held by kworker/0:2/984:
[  247.337300][   T31] 3 locks held by kworker/u8:8/2977:
[  247.372077][   T31] 2 locks held by getty/5609:
[  247.376869][   T31]  #0: ffff8880339650a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  247.452033][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  247.492044][   T31] 5 locks held by kworker/0:3/5898:
[  247.497358][   T31]  #0: ffff888143ec5d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  247.577653][   T31]  #1: ffffc90004427bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  247.638895][   T31]  #2: ffff888028420198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  247.666879][   T31]  #3: ffff888028403518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  247.679663][   T31]  #4: ffff888027b01468 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  247.690116][   T31] 1 lock held by syz.1.5/5940:
[  247.700170][   T31]  #0: ffff88802536d7e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  247.709531][   T31] 1 lock held by syz.1.5/5941:
[  247.716556][   T31]  #0: ffff88802536d7e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  247.726524][   T31] 1 lock held by syz.1.5/5942:
[  247.731380][   T31] 3 locks held by syz-executor/8017:
[  247.737346][   T31]  #0: ffff8880301f8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  247.762278][   T31]  #1: ffff8880301f80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  247.782277][   T31]  #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  247.805254][   T31] 4 locks held by syz-executor/8216:
[  247.815851][   T31]  #0: ffff88807e92cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  247.827353][   T31]  #1: ffff88807e92c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  247.838616][   T31]  #2: ffffffff8faa0e68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  247.849192][   T31]  #3: ffff888011a43b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  247.859317][   T31] 1 lock held by syz.4.749/8587:
[  247.864703][   T31]  #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  247.875605][   T31] 1 lock held by syz.3.752/8601:
[  247.880622][   T31]  #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  247.890230][   T31] 
[  247.903933][   T31] =============================================
[  247.903933][   T31] 
[  247.914146][   T31] NMI backtrace for cpu 0
[  247.914165][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  247.914192][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  247.914204][   T31] Call Trace:
[  247.914211][   T31]  <TASK>
[  247.914220][   T31]  dump_stack_lvl+0x189/0x250
[  247.914254][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.914279][   T31]  ? __pfx__printk+0x10/0x10
[  247.914328][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  247.914356][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  247.914383][   T31]  ? __pfx__printk+0x10/0x10
[  247.914414][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  247.914440][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  247.914466][   T31]  watchdog+0xf93/0xfe0
[  247.914494][   T31]  ? watchdog+0x1de/0xfe0
[  247.914520][   T31]  kthread+0x70e/0x8a0
[  247.914552][   T31]  ? __pfx_watchdog+0x10/0x10
[  247.914571][   T31]  ? __pfx_kthread+0x10/0x10
[  247.914600][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  247.914624][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.914649][   T31]  ? __pfx_kthread+0x10/0x10
[  247.914678][   T31]  ret_from_fork+0x3f9/0x770
[  247.914704][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  247.914733][   T31]  ? __switch_to_asm+0x39/0x70
[  247.914748][   T31]  ? __switch_to_asm+0x33/0x70
[  247.914763][   T31]  ? __pfx_kthread+0x10/0x10
[  247.914791][   T31]  ret_from_fork_asm+0x1a/0x30
[  247.914825][   T31]  </TASK>
[  247.914856][   T31] Sending NMI from CPU 0 to CPUs 1:
[  248.070218][    C1] NMI backtrace for cpu 1
[  248.070236][    C1] CPU: 1 UID: 0 PID: 5942 Comm: syz.1.5 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  248.070255][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  248.070265][    C1] RIP: 0010:its_return_thunk+0x0/0x10
[  248.070292][    C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e9 ab 54 b1 f5 cc
[  248.070305][    C1] RSP: 0018:ffffc9000459f2b0 EFLAGS: 00000086
[  248.070321][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 12a5b4c80c6aae00
[  248.070333][    C1] RDX: 0000000000000000 RSI: ffffffff8de5b067 RDI: ffffffff8c04d400
[  248.070345][    C1] RBP: 00000000ffffffff R08: ffff888030281e00 R09: 0000000000000004
[  248.070356][    C1] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000246
[  248.070366][    C1] R13: ffff888030281e00 R14: ffffffff8e53d960 R15: 0000000000000001
[  248.070377][    C1] FS:  00007fb5a5c716c0(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000
[  248.070390][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  248.070400][    C1] CR2: 00005633f4993078 CR3: 00000000762aa000 CR4: 00000000003526f0
[  248.070416][    C1] Call Trace:
[  248.070423][    C1]  <TASK>
[  248.070429][    C1]  lock_is_held_type+0xfe/0x190
[  248.070454][    C1]  __might_resched+0xf5/0x610
[  248.070476][    C1]  ? mas_next_slot+0xc20/0xcf0
[  248.070495][    C1]  ? __pfx___might_resched+0x10/0x10
[  248.070519][    C1]  down_read+0x22/0x2e0
[  248.070534][    C1]  validate_mm+0x1d4/0x4b0
[  248.070555][    C1]  ? __pfx_validate_mm+0x10/0x10
[  248.070581][    C1]  vma_link+0x366/0x450
[  248.070602][    C1]  ? __pfx_vma_link+0x10/0x10
[  248.070626][    C1]  ? anon_vma_clone+0x494/0x4f0
[  248.070646][    C1]  copy_vma+0x70c/0x940
[  248.070668][    C1]  ? __pfx_copy_vma+0x10/0x10
[  248.070690][    C1]  ? __pfx_move_page_tables+0x10/0x10
[  248.070709][    C1]  ? irqentry_exit+0x74/0x90
[  248.070736][    C1]  move_vma+0x81f/0x1840
[  248.070757][    C1]  ? __lock_acquire+0xab9/0xd20
[  248.070779][    C1]  ? arch_get_unmapped_area_topdown+0x251/0xbc0
[  248.070798][    C1]  ? __pfx_move_vma+0x10/0x10
[  248.070819][    C1]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  248.070842][    C1]  ? cap_mmap_addr+0xb0/0x100
[  248.070861][    C1]  ? bpf_lsm_mmap_addr+0x9/0x20
[  248.070875][    C1]  ? security_mmap_addr+0x71/0x270
[  248.070898][    C1]  mremap_to+0x6d6/0x7a0
[  248.070921][    C1]  ? __pfx_mremap_to+0x10/0x10
[  248.070942][    C1]  ? check_prep_vma+0x740/0xae0
[  248.070965][    C1]  __se_sys_mremap+0xa0b/0xef0
[  248.070992][    C1]  ? __pfx___se_sys_mremap+0x10/0x10
[  248.071019][    C1]  ? do_syscall_64+0xbe/0x3b0
[  248.071040][    C1]  ? __x64_sys_mremap+0x20/0xc0
[  248.071061][    C1]  do_syscall_64+0xfa/0x3b0
[  248.071080][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.071108][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.071122][    C1]  ? clear_bhb_loop+0x60/0xb0
[  248.071139][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.071153][    C1] RIP: 0033:0x7fb5a4d8e9a9
[  248.071167][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.071181][    C1] RSP: 002b:00007fb5a5c71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  248.071197][    C1] RAX: ffffffffffffffda RBX: 00007fb5a4fb6080 RCX: 00007fb5a4d8e9a9
[  248.071208][    C1] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 00002000005ab000
[  248.071218][    C1] RBP: 00007fb5a4e10d69 R08: 0000200000ffe000 R09: 0000000000000000
[  248.071228][    C1] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[  248.071238][    C1] R13: 0000000000000000 R14: 00007fb5a4fb6080 R15: 00007ffd567fd728
[  248.071254][    C1]  </TASK>
[  248.081468][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  248.081494][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  248.081516][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  248.081527][   T31] Call Trace:
[  248.081535][   T31]  <TASK>
[  248.081543][   T31]  dump_stack_lvl+0x99/0x250
[  248.081572][   T31]  ? __asan_memcpy+0x40/0x70
[  248.081599][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.081622][   T31]  ? __pfx__printk+0x10/0x10
[  248.081657][   T31]  vpanic+0x281/0x750
[  248.081679][   T31]  ? __pfx_vpanic+0x10/0x10
[  248.081699][   T31]  ? preempt_schedule+0xae/0xc0
[  248.081723][   T31]  ? preempt_schedule_common+0x83/0xd0
[  248.081752][   T31]  panic+0xb9/0xc0
[  248.081771][   T31]  ? __pfx_panic+0x10/0x10
[  248.081792][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  248.081817][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  248.081841][   T31]  watchdog+0xfd2/0xfe0
[  248.081865][   T31]  ? watchdog+0x1de/0xfe0
[  248.081889][   T31]  kthread+0x70e/0x8a0
[  248.081918][   T31]  ? __pfx_watchdog+0x10/0x10
[  248.081935][   T31]  ? __pfx_kthread+0x10/0x10
[  248.081960][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  248.081982][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.082003][   T31]  ? __pfx_kthread+0x10/0x10
[  248.082027][   T31]  ret_from_fork+0x3f9/0x770
[  248.082051][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  248.082077][   T31]  ? __switch_to_asm+0x39/0x70
[  248.082093][   T31]  ? __switch_to_asm+0x33/0x70
[  248.082107][   T31]  ? __pfx_kthread+0x10/0x10
[  248.082132][   T31]  ret_from_fork_asm+0x1a/0x30
[  248.082162][   T31]  </TASK>
[  248.602579][   T31] Kernel Offset: disabled
[  248.606917][   T31] Rebooting in 86400 seconds..