last executing test programs:

47.985449355s ago: executing program 3 (id=170):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000300)={0x191, 0x140, 0xa0, 0x40, 0x8, 0x1, 0x20, 0x4000, {}, {0x0, 0xffffffff, 0x1}, {0x0, 0x0, 0xfffffffd}, {0x6, 0x4}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x6, 0x6, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x2, 0xa})

47.924899947s ago: executing program 3 (id=171):
r0 = socket(0x27, 0xa, 0x200004)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000140)=0x3, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
setresuid(0xee00, 0xee00, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000100)=@ethtool_coalesce={0xe, 0x0, 0x9, 0x6, 0xf, 0xc, 0x0, 0xc0000000, 0x3, 0x32, 0x5, 0x7, 0x7ff, 0x6, 0x5, 0xfffffffc, 0x0, 0x2, 0x80000000, 0x5, 0x1ff, 0x4, 0xa}})
r4 = socket$netlink(0x10, 0x3, 0x0)
socket$kcm(0x29, 0x7, 0x0)
sendmsg$netlink(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000001100010002000000f6dbdf2507000000130000000800ff001bd28b8d9f257c5cdcbab59acfb044fe035e160a5942a30a75d33a53fc3683e4ee15ae83312693480f81f2dc4ad99b90c8621230089e991e38d237bb4eafce996f46475b03e64f4db9b3176cf19277843d995e95b5702f9d2b6f796bd8e05c849ccce662e8ce9f18f5d5d64748ffd1525595c54f5572ed46094d8039c88a5ac7e1e6fcfc090c41b8035a1531389813da62361f188f421192", @ANYRES32, @ANYBLOB="0c001a8006000080cec60000"], 0x2c}], 0x1}, 0x0)
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000b9bbbbbbbbbbaaaaaaaaaabb86dd6d002000031011ff00000000000100070000000000000000ff02"], 0xfdef)

47.76603784s ago: executing program 3 (id=172):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setreuid(0xee01, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0xee01, 0x0, 0x0)
ioctl$PTP_SYS_OFFSET(r0, 0xc0403d08, 0xffffffffffffffff)

46.877198956s ago: executing program 3 (id=175):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount$fuse(0xf6ff, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0)

46.701259987s ago: executing program 3 (id=176):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x800000, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x8137, r1, 0x1, 0x4, 0x6, @broadcast}, 0x14)

46.465468965s ago: executing program 3 (id=180):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0xfffffffc, 0x0, 'queue1\x00', 0x200000})
r2 = syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000000))
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000000)=0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

46.195100824s ago: executing program 32 (id=180):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0xfffffffc, 0x0, 'queue1\x00', 0x200000})
r2 = syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000000))
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000000)=0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

9.958436614s ago: executing program 0 (id=339):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x200000000000000, 0x0, 0x200000c0}, 0x4)

9.809199721s ago: executing program 0 (id=340):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
shutdown(r0, 0x0)

9.783439897s ago: executing program 0 (id=341):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001100)={r1, 0x0, {0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}})
write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x0, '\x00', "b56dc276773ee2f6155af26e87ae2a707867b940566e78e12ea24a65710d07a543f76c152c9265e15740fcc20051446ef1e71a1800cd4914b31ceab561f39f48cd7370c59864da2aa6e01245e0fe1af9e09fede3d91556d6b3eb854435588f9e053812d0ab934796e9f3e2d4e028a6f7689967bd8565b619cf49ef62a21e5a318f5e7eae6ac331ead9f8081c09260832ff4852a5d568085b1568d1e6ddf3a56adc4abcb52eec8c4c1d340d8e6508e046dacada43a39a5f118cba505d2539b5d597fdc2a19f3a3dee9ec78c33a051d69a37ae85067c08aec2149afc3505ea31a5992b7329f1bf630a40f73049318ab38308397e8109743b19960ce44b7914bf79"}}, 0x110)
sendfile(r0, r0, &(0x7f0000000000)=0x4, 0x7)
syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYRESDEC=r0], 0x0)

7.654845288s ago: executing program 4 (id=354):
memfd_create(0x0, 0x1a)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000240)=@nullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000280)='minix\x00', 0x218483, 0x0)
memfd_create(0x0, 0x1a) (async)
creat(&(0x7f0000001380)='./file0\x00', 0x4) (async)
mount(&(0x7f0000000240)=@nullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000280)='minix\x00', 0x218483, 0x0) (async)

7.632796923s ago: executing program 4 (id=355):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000cc0)={0x84, &(0x7f0000000900)={0x40, 0x17, 0x4, "ab0163a0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000040)={0x14, &(0x7f00000001c0)={0x0, 0x8, 0xf8, {0xf8, 0x6, "ce429b571254f6997e45ebd1c80611933238c4b1e387f59d37d14337cf4e9015364fbe610c76aafff0b053581b2f7a0b7457a40530ce2dd78f1a77631a1efc85f7c6ab619638691b8defa1d289c17ce49eea5f1705e3a416cb55d3b3fdb83ddd4e4e770800f2d5ff930708ec04dec02106001fe4db7e1cc97917c3bf5f309c79e21c91ffdd4a070fa0434ad59f7e945057333f3a084560a1aac1fcbe914f4b6930ee6da197e63e2496024258e17aad8c66f2b28d32a2d6b2bb8695bc677b04613d32b5b9cc96abc0b6cd42ca8b04089f2995ca223de45ff956a03a7cf846587708054ecc4194450a4ca00aa097f0cc94f0f6f9e9758b"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f00000000c0)={0x20, 0xd, 0xb8, "ba54fcc90006df5a3f924fc47b4c4c3523fca405a72c8bf4f48e91b6950a3ea7cdc81fdb1f48fb6d2b1aa222d3b56c8988a613acfa0190685c44237b46060be50ac051747d133cdb07178a062dd5059b769601545b3a5ab1942fd9b87209378fdcca400bf576ff391621a4e2affcf0b9a97d6d170ce4a18abf0ac4cb8a1dcd5deb5c81e3f449a91caed699fcd29f22935019fb652ad71c965a44e8169ff2a551e17ecc8bebf68552d1699ca7604230e9b29797e46221d496"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xa3}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x8000, 0x3, 0x0, 0x8, 0x101, 0x6b, 0x0, 0x9, 0x8, 0xad, 0xfd, 0x400}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x8003}, &(0x7f0000000440)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0xd4}, &(0x7f00000004c0)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$uac1(r0, &(0x7f00000007c0)={0x14, &(0x7f0000000580)={0x40, 0xf, 0x88, {0x88, 0x2, "1864c974adba20f3e8530c3e6937d33a48e5dc51d89182d767a807021e6ddf9a2b4d819f76f0e96a7abf12290864104d839ee639bc30a5366edfea86a3c42496bd181b5e64370c50a823bd4f84c17db0310149ceeee7eb2df8e5cedccff3a05887cc7ec1f51959da56a186216436ead27b72637fea4dae36183fc209ce961570525bc20cf6c8"}}, &(0x7f0000000640)={0x0, 0x3, 0xdf, @string={0xdf, 0x3, "dc75df373a93eb5192724307bc64da6d09c1f18e4be9671cfaeac2eba696d44629cf49740c7da49f656f33a26f2496f748b08aa46e75ed3fe8311f97a899c5c538a9d5cedbdc0de30af91e8f4bf0d9b21858fbc578d4cef4215ff2637fef577a53be0a305aa48d5901af403d113f84604f2fb9f0c7e2732c17c6b96d6e520ebc9e5f462e236e196aa9ceed4d70b764a059748d347840f0126746cd20138efdb345aaeb35fe754b957d0da20a8c8c4e757eb3910b24fa7e9f76a11875c8b1b4e5f56cad85750b3a2b57396b4e9656d6f8c2eafa587f058d3ba37f8317c4"}}}, &(0x7f0000000c40)={0x44, &(0x7f0000000800)={0x0, 0x15, 0xe2, "0c3bfebc059e76da0db457ea8757040aaa587202a25d9067baf3965346a46c28a49f4bfb9b903f70c6f933a0bec36d28cd88efd203cd125ba26f5bd7d55da24dbb2b884ef717761382e00bf0e0c674fce38d820291ebab4190dd21e679d46757e612e846e2ea4d3ca52eb1e60ddf7c50b8c3d869ae3173b9364495ae90931f0ac330564a6a9a5dd518fba257334bd21e89a86c8d83d3acc1e97511711fe595e22d89a730821968d87000fe2219193198de612ddc7846931a9e94c1d81b45b82abb1be09e1527ce7f0ba64ecccd145c06ba5e97003c6a7d8ebd208a56e1c731de2d83"}, &(0x7f0000000a80)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000b00)={0x20, 0x81, 0x3, "37e963"}, &(0x7f0000000b40)={0x20, 0x82, 0x3, "35a065"}, &(0x7f0000000b80)={0x20, 0x83, 0x2, "025a"}, &(0x7f0000000bc0)={0x20, 0x84, 0x3, '\fsK'}, &(0x7f0000000c00)={0x20, 0x85, 0x3, "1cb96e"}})
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000400)={0x40, 0x14, 0x7, "d0ab80aa69314b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6.625088999s ago: executing program 0 (id=357):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000"], 0x0)
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r4=>r2}, './file0\x00'})
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)={0x0, 0x11, '\x00', [@calipso={0x7, 0x30, {0x3, 0xa, 0x7f, 0x3, [0x3, 0x115a, 0x80000001, 0x5, 0x5]}}, @pad1, @ra={0x5, 0x2, 0x8001}, @jumbo={0xc2, 0x4, 0x4}, @enc_lim={0x4, 0x1, 0x40}, @calipso={0x7, 0x30, {0x2, 0xa, 0x14, 0x0, [0x63b, 0x3, 0x1, 0xeb1fdbe, 0xbf]}}, @ra={0x5, 0x2, 0x101}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @ra={0x5, 0x2, 0x1}]}, 0x98)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)

6.252723159s ago: executing program 2 (id=358):
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x80000000000, 0xffffffffffffffff, 0x2})
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x13})
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x1})
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOGETCMAP(r4, 0x4604, &(0x7f00000001c0)={0x0, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000100), &(0x7f0000002100), 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/freeze_filesystems', 0x149882, 0x8)
write$sysctl(r5, &(0x7f0000000040)='1\x00', 0x2)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = gettid()
sendmsg$nl_generic(r5, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x2c, 0x10, 0x70bd27, 0x25dfdbfb, {0x19}, [@typed={0x8, 0xd8, 0x0, 0x0, @pid=r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0xc0145b0d, &(0x7f0000000040))

4.701138078s ago: executing program 2 (id=360):
getrandom(&(0x7f0000000380)=""/290, 0x122, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000000640)=""/233)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x4010, r0, 0x85ed9000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, r2, {0x7, 0x29, 0x100009, 0xffffffffc2c4adcc, 0x0, 0x4, 0x0, 0x2000004, 0x0, 0x0, 0x4}}, 0x50)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774f8879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4c0603ae6e962b7890058ec7c10f0618ee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be", 0x2000, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)={0xd8, 0x0, 0xfffffffffffffff9, [{{0x5, 0x2, 0x3, 0x200000001, 0x10005, 0x80000001, {0x6, 0x9, 0x0, 0xff, 0x3, 0x0, 0x7fffffff, 0x57, 0x6554b836, 0xc000, 0xc9, 0x0, r3, 0x6c, 0x4}}, {0x20000000000000, 0x537, 0x2b, 0x8, ':-(\\\xc9\x80\x00\x00\x00\xc3\x00\x00\xf39}\xd8mM\x92\x8d$\xd3\xa4a\xb6\x02E\x89\x85V\xc6\x00\x00\x00\x00\x00\x00+\x13;\x00\x00\x00'}}]}, 0x0, 0x0, 0x0})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
getdents64(r4, &(0x7f0000000100)=""/134, 0x86)
r6 = socket$inet6(0xa, 0x5, 0x0)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x33}}}, 0x1c)
sendmsg(r6, &(0x7f0000000180)={&(0x7f0000000100)=@x25, 0x80, &(0x7f0000000080)=[{&(0x7f0000000200)="f2f67bb7953387a36e3217b11b6c9e769a251df3ed33cc6c9ee4182513bde72f63944324e3a0ee718438c51d105c355834d54519a53fab8ebf6629d926490fdd1000b8285cb9d1910496753a7924c3dfc188fa4708a5129a373a31fe3cf1de23f378f80d99e565a896f39d6256f88cca011fb2f0251d476df4f990c57ea13539065d5ffa8591b0c37dac993fee2aca18f62f912da9ae5273d33f4f4335c29940c266d747b3c799e028d527286371883b7488b34e328d134a86267558832734d9dbfc2b047225f01c01874c5cd8ad31", 0xcf}, {&(0x7f00000004c0)="800572712997d5b9e2dbcd73f714be6f29c610688d3e704eda9e2de976482834df35a36b29c5d3f85f11d318c64820cf6dd961e00adf1574f8a800f4d8df21dc70471f94febe4ace37770de5c3aa6895461f12d0b341ada197f140598565410049f4ef095705d166705daebdc093cc0cd9364bedd29281a9dbdee21752e93a54777a2d43fe57e54fcc0b031d2c6b610cf746b9ee7eca3f", 0x97}, {&(0x7f0000000580)="be13f96f5a04f3afb605c65996f12397755d025ba8e545b7dcc19e98693f60cea638af490bc649f01ec3b59b6cd53512a68b206515b4b858dcace201e7f2d9c2321cb5bec199d71e2d714a1dca21bdcb370a92a925504a7569674195fd75a2193b56f0452c767b2b5237ae826dd2a9426f8d04e44be376c1ac15db53243a745c40dbed7f82800efe101c8e8f02629db4", 0x90}], 0x3}, 0x20004000)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r0, 0x4008af75, &(0x7f0000000300)={0x3, 0xff})
userfaultfd(0x801)

4.552528729s ago: executing program 4 (id=363):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x8)
r1 = msgget(0x1, 0x240)
msgctl$IPC_RMID(r1, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181010100000000010000000000000e000a000f00000002800600121f", 0x2e}], 0x1}, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r0, &(0x7f00000000c0)='!', 0xb7f40, 0x3000000000000000}])
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="661ba8ebc8a34b7baf3be2d46c2e264e1129c92cac0a4b44c5a2c9177427e1f0b16be61c007160c32bf8e6aeb7d80874fc07eb184edf48d6ba2a39c9cbc2afe99ef98e873edcca46a0a62444ddce8ad06d3195780d4f7ee59f4360d9c3c7044ac5d567a456a5716609514f26391e18fd14cb7b08f4b0fdb9be89bb193ede060707c212af1b7802002e638ba443bf00a6e7f624b5e8144466adebd7f30940", @ANYRES16=r4, @ANYBLOB="000228bd7000fbdbdf25060000000a0018000303030303030000"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x80)
syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003020000082505a1a440000102030109023b000101fd00070904830203020600000524060000052400b80e03240f"], &(0x7f0000001900)={0x0, 0x0, 0xf, 0x0, 0x1, [{0x0, 0x0}]})

4.504877734s ago: executing program 1 (id=364):
r0 = gettid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000fedbbe250100000000000000024100000005001369"], 0x2c}, 0x1, 0x0, 0x0, 0x40008}, 0x8080)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r6=>0x0})
sched_setattr(r0, &(0x7f00000003c0)={0x38, 0x0, 0x10000000, 0x0, 0x1ff, 0xfffffffffffffff7, 0xa, 0x1, 0x7, 0x9}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="310300000000000020000800000008000300", @ANYRES32=r5, @ANYBLOB="08000600", @ANYRES32=r6], 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'})
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000440)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xfffffffffffffe85, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r7, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x100}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008800}, 0x4080)
capset(&(0x7f0000000280)={0x19980330, r0}, 0x0)
r9 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r11 = accept$alg(r10, 0x0, 0x0)
sendmmsg$alg(r11, &(0x7f0000000380)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="9ce3609d5be6614a888e59cdf99ac9162ccfadd24ab7", 0x16}], 0x1, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x404c8d4)
recvmmsg(r11, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)=""/22, 0x16}], 0x1}, 0x3}], 0x1, 0x2001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r12 = fsmount(r9, 0x1, 0x4)
fchdir(r12)
mkdirat(r12, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100)
symlinkat(&(0x7f0000003200)='./file0\x00', r12, &(0x7f0000000100)='./file0\x00')

4.407863275s ago: executing program 1 (id=365):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, 0x0, 0x20008051)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
socket(0x10, 0x803, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r3, 0x28000000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

4.35815837s ago: executing program 1 (id=366):
r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(r1, 0x4141, 0x0)
renameat2(r1, &(0x7f0000000340)='./bus\x00', r1, &(0x7f0000002200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

4.233261107s ago: executing program 1 (id=367):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000400)={0x40, 0x14, 0x7, "d0ab80aa69314b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x20, 0x5, 0x54, {0x54, 0x5, "29d5187cadfd545c7e5460b0c1aa1aa5c2c59bba425600307da886ca3009e5dbd863be602c74e0c19d38a052bf577527b3d7b7f26448822dfccb8a7de1f66ac72b919469a64a247847f799ba05c1f9cd0284"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x445}}}, &(0x7f00000004c0)={0x34, &(0x7f00000001c0)={0x0, 0x15, 0xb7, "c33da74bdd0c0524124f282952068f919e8edf17688fcc3da4ab8e3a0a381969e6d8af654adc25cfc49d44cb9d1c618b9a377f8402fe82f98eea4c9cd5101cc6bab8ffb7c1b7447e7cc75fca169c89bd89ef2e357591774825e15516e97c213218f8a949bd35c363295c78700303334de338e60f55b79647622caa78927b37e295aeda015deadac6de74f2cb4b1e677bd50f586d7bb7708d0c356dd8e0ecc4a74b49c4dc5e736cd3905ff7a55387c74bf38962553ee4d5"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x5}, &(0x7f00000002c0)={0x20, 0x0, 0xef, {0xed, "15ae6ecf55e17668a32e2625a7807f61a5c81f4847472a80ea1295d3a459035a6dd7390c7eb8be4308a7ec865615580d6b959e9343fb5eee300d1414873d64d3185efdc8621c055743f7686b5932ebeb8175cb1300930038024ad5d274c6f823eb4767dce48574d2763fffd352bd7d27f7ed4e45b05920ef0d4d83ac90f621e318dbbb73f4cd5829849f2ab9fdd9dbd075175b288da78ee21cd72884f00d91d63073e0fc36b4fea4efb2249ef7168a492069e3ba10703f6eb1dba0587166377ec72690afacd8bad5a9b2290178db3299b4d939d329b4af33ca759244f9d25c9685c20e90ec46cd5bd01a9690ae"}}, &(0x7f0000000440)={0x20, 0x1, 0x1, 0x9}, &(0x7f0000000480)={0x20, 0x0, 0x1, 0x4}})

3.580256248s ago: executing program 0 (id=368):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000000)={0x20, 0x6}, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x3)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000001)

3.090839962s ago: executing program 4 (id=369):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
shutdown(r0, 0x0)

2.784670095s ago: executing program 4 (id=370):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000002c0)={<r2=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x1, {0xa, 0x4e20, 0x7f, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, r2}}, 0x38)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r4, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r5, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)

2.570063754s ago: executing program 4 (id=371):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="0d01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006180)={0x2020, 0x0, <r2=>0x0, 0x0, <r3=>0x0}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x0, 0x101, 0x0, 0x100, 0x10000000, {0x40, 0xd08, 0x0, 0x100, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, r3, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r1, &(0x7f0000000440)={0x50, 0x0, r2, {0x7, 0x29, 0x0, 0xffffffff80000000, 0xfffc, 0x2, 0x6b, 0x2, 0x0, 0x0, 0x0, 0x933}}, 0x50)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r6, 0x0, 0x40, &(0x7f0000000080)="8c5d7b87b32ecae06ac8cfe890364ab911d8c33439477a7591f6914e91c6821ee7163f8ae1896184d48797997716158aad89f66dd67480ce8ff178ef748cfcdcf54127d5ff95cbcaebf10a3b7cddafa2c0fa6aa2eaef0d457680203c02d0c623", 0x60)
ioctl$TIOCGPTPEER(r4, 0x80140912, 0xffbfffffffffffff)

1.90491969s ago: executing program 0 (id=372):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000cc0)={0x84, &(0x7f0000000900)={0x40, 0x17, 0x4, "ab0163a0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="60100400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000040)={0x14, &(0x7f00000001c0)={0x0, 0x8, 0xf8, {0xf8, 0x6, "ce429b571254f6997e45ebd1c80611933238c4b1e387f59d37d14337cf4e9015364fbe610c76aafff0b053581b2f7a0b7457a40530ce2dd78f1a77631a1efc85f7c6ab619638691b8defa1d289c17ce49eea5f1705e3a416cb55d3b3fdb83ddd4e4e770800f2d5ff930708ec04dec02106001fe4db7e1cc97917c3bf5f309c79e21c91ffdd4a070fa0434ad59f7e945057333f3a084560a1aac1fcbe914f4b6930ee6da197e63e2496024258e17aad8c66f2b28d32a2d6b2bb8695bc677b04613d32b5b9cc96abc0b6cd42ca8b04089f2995ca223de45ff956a03a7cf846587708054ecc4194450a4ca00aa097f0cc94f0f6f9e9758b"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f00000000c0)={0x20, 0xd, 0xb8, "ba54fcc90006df5a3f924fc47b4c4c3523fca405a72c8bf4f48e91b6950a3ea7cdc81fdb1f48fb6d2b1aa222d3b56c8988a613acfa0190685c44237b46060be50ac051747d133cdb07178a062dd5059b769601545b3a5ab1942fd9b87209378fdcca400bf576ff391621a4e2affcf0b9a97d6d170ce4a18abf0ac4cb8a1dcd5deb5c81e3f449a91caed699fcd29f22935019fb652ad71c965a44e8169ff2a551e17ecc8bebf68552d1699ca7604230e9b29797e46221d496"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xa3}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x8000, 0x3, 0x0, 0x8, 0x101, 0x6b, 0x0, 0x9, 0x8, 0xad, 0xfd, 0x400}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x8003}, &(0x7f0000000440)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0xd4}, &(0x7f00000004c0)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$uac1(r0, &(0x7f00000007c0)={0x14, &(0x7f0000000580)={0x40, 0xf, 0x88, {0x88, 0x2, "1864c974adba20f3e8530c3e6937d33a48e5dc51d89182d767a807021e6ddf9a2b4d819f76f0e96a7abf12290864104d839ee639bc30a5366edfea86a3c42496bd181b5e64370c50a823bd4f84c17db0310149ceeee7eb2df8e5cedccff3a05887cc7ec1f51959da56a186216436ead27b72637fea4dae36183fc209ce961570525bc20cf6c8"}}, &(0x7f0000000640)={0x0, 0x3, 0xdf, @string={0xdf, 0x3, "dc75df373a93eb5192724307bc64da6d09c1f18e4be9671cfaeac2eba696d44629cf49740c7da49f656f33a26f2496f748b08aa46e75ed3fe8311f97a899c5c538a9d5cedbdc0de30af91e8f4bf0d9b21858fbc578d4cef4215ff2637fef577a53be0a305aa48d5901af403d113f84604f2fb9f0c7e2732c17c6b96d6e520ebc9e5f462e236e196aa9ceed4d70b764a059748d347840f0126746cd20138efdb345aaeb35fe754b957d0da20a8c8c4e757eb3910b24fa7e9f76a11875c8b1b4e5f56cad85750b3a2b57396b4e9656d6f8c2eafa587f058d3ba37f8317c4"}}}, &(0x7f0000000c40)={0x44, &(0x7f0000000800)={0x0, 0x15, 0xe2, "0c3bfebc059e76da0db457ea8757040aaa587202a25d9067baf3965346a46c28a49f4bfb9b903f70c6f933a0bec36d28cd88efd203cd125ba26f5bd7d55da24dbb2b884ef717761382e00bf0e0c674fce38d820291ebab4190dd21e679d46757e612e846e2ea4d3ca52eb1e60ddf7c50b8c3d869ae3173b9364495ae90931f0ac330564a6a9a5dd518fba257334bd21e89a86c8d83d3acc1e97511711fe595e22d89a730821968d87000fe2219193198de612ddc7846931a9e94c1d81b45b82abb1be09e1527ce7f0ba64ecccd145c06ba5e97003c6a7d8ebd208a56e1c731de2d83"}, &(0x7f0000000a80)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000b00)={0x20, 0x81, 0x3, "37e963"}, &(0x7f0000000b40)={0x20, 0x82, 0x3, "35a065"}, &(0x7f0000000b80)={0x20, 0x83, 0x2, "025a"}, &(0x7f0000000bc0)={0x20, 0x84, 0x3, '\fsK'}, &(0x7f0000000c00)={0x20, 0x85, 0x3, "1cb96e"}})
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000400)={0x40, 0x14, 0x7, "d0ab80aa69314b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.328933226s ago: executing program 2 (id=373):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
r1 = fanotify_init(0x200, 0x0)
r2 = dup(r0)
fanotify_mark(r1, 0x1, 0x48001059, r2, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r3, r4, 0x0, 0xc19)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x4, 0x1, 0x201}, 0x14}}, 0x64000814)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
write$binfmt_elf32(r6, 0x0, 0x4cd)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xc1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) (async)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) (async)
fanotify_init(0x200, 0x0) (async)
dup(r0) (async)
fanotify_mark(r1, 0x1, 0x48001059, r2, 0x0) (async)
pipe2(&(0x7f0000000000), 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendfile(r3, r4, 0x0, 0xc19) (async)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x4, 0x1, 0x201}, 0x14}}, 0x64000814) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) (async)
write$binfmt_elf32(r6, 0x0, 0x4cd) (async)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xc1) (async)

1.096322496s ago: executing program 1 (id=374):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)=""/224, 0xe0}, {&(0x7f0000001c80)=""/4089, 0xff9}], 0x2}, 0x40004000)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)

656.847646ms ago: executing program 1 (id=375):
mknod(&(0x7f0000000040)='./file1\x00', 0x40, 0x6)
mount(&(0x7f0000000580)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f0000000380)='gfs2\x00', 0x81001f, &(0x7f0000000340)='norecovery')
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCCBRK(r1, 0x5428)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x98, 0x37, 0x57, 0x20, 0x6e1, 0xa155, 0xb615, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x10, 0x20, 0x8, [{{0x9, 0x4, 0xa, 0x7, 0x1, 0x3, 0x0, 0x0, 0x4, [], [{{0x9, 0x5, 0xa, 0x3, 0x200, 0xd, 0x6, 0x5}}]}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0})
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r2 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000240)={0x8000000000000001, 0x3, 0x0, 0xfffffffb})
setns(r0, 0xe000080)

656.561226ms ago: executing program 2 (id=376):
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xa0000000})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014, 0x4000000000000000})
close_range(r1, r2, 0x0)

217.3374ms ago: executing program 2 (id=377):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000400)={0x0, 0x78, &(0x7f0000000000)=[{&(0x7f0000000040)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703340000001f03000000000000040014000d000a000d0000009ee517d3334abc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0xff00, 0x1f00c00e}, 0x20004002)

0s ago: executing program 2 (id=378):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
shutdown(r0, 0x0)

kernel console output (not intermixed with test programs):

 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.162566][ T6356] RSP: 002b:00007f299bfac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  120.162581][ T6356] RAX: ffffffffffffffda RBX: 00007f299b3e5fa0 RCX: 00007f299b18f749
[  120.162591][ T6356] RDX: 000000000000fdef RSI: 0000200000000500 RDI: 0000000000000003
[  120.162600][ T6356] RBP: 00007f299bfac090 R08: 0000000000000000 R09: 0000000000000000
[  120.162608][ T6356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  120.162616][ T6356] R13: 00007f299b3e6038 R14: 00007f299b3e5fa0 R15: 00007ffe378bd588
[  120.162638][ T6356]  </TASK>
[  120.693928][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  120.866578][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.888002][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  120.907402][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  120.924598][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.932653][ T5900] usb 2-1: Product: syz
[  120.937949][ T5900] usb 2-1: Manufacturer: syz
[  120.942570][ T5900] usb 2-1: SerialNumber: syz
[  120.956593][ T5900] cdc_mbim 2-1:1.0: skipping garbage
[  121.153752][ T6359] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  121.320048][ T5828] usb 1-1: USB disconnect, device number 11
[  121.529900][ T6369] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size.
[  121.705047][ T5828] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  121.763694][ T6359] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  121.773691][ T5900] cdc_mbim 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  121.781656][ T5900] cdc_mbim 2-1:1.0: setting rx_max = 2048
[  121.883995][ T5828] usb 1-1: Using ep0 maxpacket: 16
[  121.884032][ T5875] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  121.890200][ T5828] usb 1-1: too many configurations: 112, using maximum allowed: 8
[  121.917400][ T5828] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  121.926626][ T5828] usb 1-1: New USB device strings: Mfr=144, Product=246, SerialNumber=0
[  121.935042][ T5828] usb 1-1: Product: syz
[  121.939261][ T5828] usb 1-1: Manufacturer: syz
[  121.955009][ T5828] r8152-cfgselector 1-1: Unknown version 0x0000
[  121.961344][ T5828] r8152-cfgselector 1-1: config 0 descriptor??
[  121.974792][ T5900] cdc_mbim 2-1:1.0: setting tx_max = 184
[  121.983471][ T5900] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device
[  121.994440][ T5900] wwan wwan0: port wwan0mbim0 attached
[  122.007978][ T5900] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 5e:37:e2:c8:b8:ab
[  122.034015][ T5875] usb 4-1: device descriptor read/64, error -71
[  122.188483][    C1] wdm_int_callback: 5731 callbacks suppressed
[  122.188510][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.201321][    C1] wdm_int_callback: 5731 callbacks suppressed
[  122.201343][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.214018][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.220761][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.230703][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.237419][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.245226][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.251946][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.259060][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.265778][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.272216][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.278915][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.285362][ T5875] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  122.285504][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.299767][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.306773][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.313499][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.321029][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.327773][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.335618][    C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71
[  122.342341][    C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes
[  122.455383][ T5875] usb 4-1: device descriptor read/64, error -71
[  122.530654][ T6367] Zero length message leads to an empty skb
[  122.565233][ T5875] usb usb4-port1: attempt power cycle
[  122.726276][ T5828] r8152-cfgselector 1-1: USB disconnect, device number 12
[  122.907455][ T5875] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  122.944704][ T5875] usb 4-1: device descriptor read/8, error -71
[  123.043640][ T5490] 8021q: adding VLAN 0 to HW filter on device wwan0
[  123.194041][ T5875] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  123.234732][ T5875] usb 4-1: device descriptor read/8, error -71
[  123.352173][ T5875] usb usb4-port1: unable to enumerate USB device
[  123.522032][ T5828] usb 2-1: USB disconnect, device number 12
[  123.532611][ T5828] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  123.569466][ T5875] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  123.643616][ T5828] wwan wwan0: port wwan0mbim0 disconnected
[  123.773943][ T5875] usb 1-1: Using ep0 maxpacket: 32
[  123.781307][ T5875] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  123.792500][ T5875] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  123.803610][ T5875] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  123.812742][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  123.823001][ T5875] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  123.832811][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  123.846616][ T5875] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  123.863999][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.875216][ T5875] usb 1-1: config 0 descriptor??
[  123.994304][ T5828] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  124.104990][ T5875] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  124.153982][ T5828] usb 2-1: Using ep0 maxpacket: 16
[  124.161069][ T5828] usb 2-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  124.176827][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.190642][ T5828] usb 2-1: config 0 descriptor??
[  124.323980][ T5868] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  124.374478][   T43] usb 1-1: USB disconnect, device number 13
[  124.390274][   T43] usblp0: removed
[  124.483972][ T5868] usb 3-1: Using ep0 maxpacket: 32
[  124.492909][ T5868] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  124.501977][ T5868] usb 3-1: config 0 has no interface number 0
[  124.510084][ T5868] usb 3-1: config 0 interface 184 has no altsetting 0
[  124.523779][ T5868] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  124.533430][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.541963][ T5868] usb 3-1: Product: syz
[  124.546706][ T5868] usb 3-1: Manufacturer: syz
[  124.551363][ T5868] usb 3-1: SerialNumber: syz
[  124.561350][ T5868] usb 3-1: config 0 descriptor??
[  124.583118][ T5868] smsc75xx v1.0.0
[  125.191321][ T5868] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  125.204988][ T5868] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  125.264037][  T886] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  125.283950][ T5875] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  125.418160][  T886] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[  125.427184][  T886] usb 1-1: config 0 has no interface number 0
[  125.433596][  T886] usb 1-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06
[  125.443453][  T886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.458780][  T886] usb 1-1: config 0 descriptor??
[  125.464169][ T5875] usb 4-1: Using ep0 maxpacket: 32
[  125.487855][ T5875] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  125.500267][ T5875] usb 4-1: config 0 has no interface number 0
[  125.508919][ T5875] usb 4-1: config 0 interface 184 has no altsetting 0
[  125.518200][ T5875] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  125.527545][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.535808][ T5875] usb 4-1: Product: syz
[  125.540077][ T5875] usb 4-1: Manufacturer: syz
[  125.544851][ T5875] usb 4-1: SerialNumber: syz
[  125.556182][ T5875] usb 4-1: config 0 descriptor??
[  125.572246][ T5875] smsc75xx v1.0.0
[  125.627942][ T5828] pegasus 2-1:0.0: can't reset MAC
[  125.635463][ T5828] pegasus 2-1:0.0: probe with driver pegasus failed with error -5
[  125.839025][    T9] usb 2-1: USB disconnect, device number 13
[  125.972448][ T5875] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  125.983571][ T5875] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  125.993495][ T5875] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  126.005089][ T5875] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[  126.022807][ T5868] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  126.044716][ T5868] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  126.055544][ T5868] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  126.066634][ T5868] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  126.082956][ T5868] usb 3-1: USB disconnect, device number 9
[  126.822811][ T6478] warning: `syz.2.129' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  127.130690][ T6485] netlink: 'syz.2.132': attribute type 25 has an invalid length.
[  127.370860][ T6489] netlink: 'syz.1.134': attribute type 15 has an invalid length.
[  127.378791][ T6489] netlink: 24 bytes leftover after parsing attributes in process `syz.1.134'.
[  127.474022][ T5828] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  127.625982][ T5828] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  127.636358][ T5828] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  127.647569][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.658564][ T5828] usb 3-1: config 0 descriptor??
[  127.669086][ T5828] pwc: Askey VC010 type 2 USB webcam detected.
[  127.693996][ T5875] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  127.714550][ T5829] Bluetooth: hci4: command 0x1003 tx timeout
[  127.715166][ T5835] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  127.743965][  T886] usb 1-1: string descriptor 0 read error: -71
[  127.757293][  T886] usb-storage 1-1:0.168: USB Mass Storage device detected
[  127.770732][  T886] usb-storage 1-1:0.168: Quirks match for vid 05ab pid 0060: 2
[  127.820641][  T886] usb 1-1: USB disconnect, device number 14
[  127.844542][ T5875] usb 2-1: Using ep0 maxpacket: 32
[  127.852892][ T5875] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  127.861979][ T5875] usb 2-1: config 0 has no interface number 0
[  127.869534][ T5875] usb 2-1: config 0 interface 184 has no altsetting 0
[  127.879841][ T5875] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  127.889145][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.897214][ T5875] usb 2-1: Product: syz
[  127.901398][ T5875] usb 2-1: Manufacturer: syz
[  127.906159][ T5875] usb 2-1: SerialNumber: syz
[  127.913632][ T5875] usb 2-1: config 0 descriptor??
[  127.921876][ T5875] smsc75xx v1.0.0
[  128.034804][ T5882] usb 4-1: USB disconnect, device number 14
[  128.076140][ T5828] pwc: recv_control_msg error -32 req 02 val 2b00
[  128.105350][ T5828] pwc: recv_control_msg error -32 req 02 val 2700
[  128.116342][ T5828] pwc: recv_control_msg error -32 req 02 val 2c00
[  128.124173][ T5828] pwc: recv_control_msg error -32 req 04 val 1000
[  128.133496][ T5828] pwc: recv_control_msg error -32 req 04 val 1300
[  128.143820][ T5828] pwc: recv_control_msg error -32 req 04 val 1400
[  128.151413][ T5828] pwc: recv_control_msg error -32 req 02 val 2000
[  128.162101][ T5828] pwc: recv_control_msg error -32 req 02 val 2100
[  128.171381][ T5828] pwc: recv_control_msg error -32 req 04 val 1500
[  128.385476][ T5828] pwc: recv_control_msg error -32 req 02 val 2400
[  128.404768][ T5828] pwc: recv_control_msg error -32 req 02 val 2600
[  128.414056][ T5828] pwc: recv_control_msg error -32 req 02 val 2900
[  128.430359][ T5828] pwc: recv_control_msg error -32 req 02 val 2800
[  128.591041][ T5875] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  128.601928][ T5875] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  128.648493][ T5828] pwc: recv_control_msg error -71 req 04 val 1200
[  128.667908][ T5828] pwc: Registered as video103.
[  128.701695][ T5828] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8
[  128.742071][ T5828] usb 3-1: USB disconnect, device number 10
[  129.517829][ T5875] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  129.530864][ T5875] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  129.543998][ T5875] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  129.556718][ T5875] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  129.577741][ T5875] usb 2-1: USB disconnect, device number 14
[  129.703974][ T5828] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  129.854004][ T5828] usb 3-1: Using ep0 maxpacket: 16
[  129.863294][ T5828] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.874091][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  129.887888][ T5828] usb 3-1: New USB device found, idVendor=0711, idProduct=0950, bcdDevice= 6.9d
[  129.899916][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.909173][ T5828] usb 3-1: Product: syz
[  129.913581][ T5828] usb 3-1: Manufacturer: syz
[  129.918688][ T5828] usb 3-1: SerialNumber: syz
[  129.927591][ T5828] usb 3-1: config 0 descriptor??
[  129.939797][ T5828] sisusb 3-1:0.0: Invalid USB2VGA device
[  129.946505][ T5828] sisusb 3-1:0.0: probe with driver sisusb failed with error -22
[  130.033967][   T43] usb 1-1: Using ep0 maxpacket: 32
[  130.046364][   T43] usb 1-1: too many configurations: 17, using maximum allowed: 8
[  130.068231][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.084225][   T43] usb 1-1: config 0 has no interface number 0
[  130.095826][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.121242][   T43] usb 1-1: config 0 has no interface number 0
[  130.139322][ T6515] binder_alloc: 6514: binder_alloc_buf, no vma
[  130.140304][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.156834][   T43] usb 1-1: config 0 has no interface number 0
[  130.161112][ T5875] usb 3-1: USB disconnect, device number 11
[  130.166494][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.213246][   T43] usb 1-1: config 0 has no interface number 0
[  130.231384][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.244881][   T43] usb 1-1: config 0 has no interface number 0
[  130.262900][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.271440][   T43] usb 1-1: config 0 has no interface number 0
[  130.285704][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.294119][   T43] usb 1-1: config 0 has no interface number 0
[  130.301670][   T43] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  130.312112][   T43] usb 1-1: config 0 has no interface number 0
[  130.321250][   T43] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  130.331674][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.349182][   T43] usb 1-1: Product: syz
[  130.353577][   T43] usb 1-1: Manufacturer: syz
[  130.358330][   T43] usb 1-1: SerialNumber: syz
[  130.375651][   T43] usb 1-1: config 0 descriptor??
[  130.385722][   T43] etas_es58x 1-1:0.2: Starting syz syz (Serial Number syz)
[  130.942810][   T43] etas_es58x 1-1:0.2: could not parse product info: 'ࠅ'
[  131.323522][   T43] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  131.507157][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.518564][   T43] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  131.555284][   T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  131.574607][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.598100][   T43] usb 3-1: Product: syz
[  131.605697][   T43] usb 3-1: Manufacturer: syz
[  131.616450][   T43] usb 3-1: SerialNumber: syz
[  131.645104][   T43] cdc_mbim 3-1:1.0: skipping garbage
[  131.828680][    C0] etas_es58x 1-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x015D.
[  131.836943][ T6523] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  131.839696][    C0] etas_es58x 1-1:0.2: Recovery successful! Dropped 347 bytes (urb_cmd_len: 9)
[  131.855656][    C0] etas_es58x 1-1:0.2: es58x_fd_handle_urb_cmd: Unknown command type (0x00) and command ID (0x00) combination
[  131.867229][    C0] etas_es58x 1-1:0.2: ops->handle_urb_cmd() returned error -EBADRQC
[  131.944462][ T5490] etas_es58x 1-1:0.2 can1: bit-timing not yet defined
[  132.078338][    C0] etas_es58x 1-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  132.078918][ T5828] usb 1-1: USB disconnect, device number 15
[  132.087616][    C0] etas_es58x 1-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  132.087704][    C0] etas_es58x 1-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  132.112035][    C0] etas_es58x 1-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  132.121316][    C0] etas_es58x 1-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  132.130549][    C0] etas_es58x 1-1:0.2 can0: es58x_write_bulk_callback: error -EPROTO
[  132.140383][ T5828] etas_es58x 1-1:0.2: Disconnecting syz syz
[  132.143453][ T5490] etas_es58x 1-1:0.2 can1: es58x_open: Could not open the network device: -EINVAL
[  132.496631][ T6523] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  132.521129][   T43] cdc_mbim 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  132.531085][   T43] cdc_mbim 3-1:1.0: setting rx_max = 2048
[  132.727308][   T43] cdc_mbim 3-1:1.0: setting tx_max = 184
[  132.742117][ T6496] Set syz1 is full, maxelem 65536 reached
[  132.744272][   T43] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device
[  132.778707][   T43] wwan wwan0: port wwan0mbim0 attached
[  132.821813][   T43] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 02:79:97:51:af:22
[  132.931323][    C1] wdm_int_callback: 5594 callbacks suppressed
[  132.931348][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  132.944166][    C1] wdm_int_callback: 5594 callbacks suppressed
[  132.944186][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  132.956810][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  132.963526][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  132.971010][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  132.977732][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  132.985119][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  132.991834][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  132.998529][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.005242][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.011897][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.018615][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.025591][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.032315][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.038702][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.045407][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.051772][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.058480][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.065016][    C1] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  133.071732][    C1] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  133.295590][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  133.464013][    T9] usb 4-1: Using ep0 maxpacket: 16
[  133.476040][    T9] usb 4-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  133.495429][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.515335][    T9] usb 4-1: config 0 descriptor??
[  134.073216][ T5900] IPVS: starting estimator thread 0...
[  134.144231][ T5991] usb 3-1: USB disconnect, device number 12
[  134.159956][ T5991] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  134.166383][ T6596] IPVS: using max 25 ests per chain, 60000 per kthread
[  134.195954][ T6600] FAULT_INJECTION: forcing a failure.
[  134.195954][ T6600] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.303046][ T6600] CPU: 0 UID: 0 PID: 6600 Comm: syz.1.156 Not tainted syzkaller #0 PREEMPT(full) 
[  134.303077][ T6600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  134.303090][ T6600] Call Trace:
[  134.303098][ T6600]  <TASK>
[  134.303107][ T6600]  dump_stack_lvl+0x189/0x250
[  134.303138][ T6600]  ? __pfx____ratelimit+0x10/0x10
[  134.303163][ T6600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.303188][ T6600]  ? __pfx__printk+0x10/0x10
[  134.303214][ T6600]  ? fs_reclaim_acquire+0x7d/0x100
[  134.303244][ T6600]  should_fail_ex+0x414/0x560
[  134.303275][ T6600]  prepare_alloc_pages+0x22b/0x650
[  134.303305][ T6600]  __alloc_frozen_pages_noprof+0x123/0x370
[  134.303332][ T6600]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  134.303362][ T6600]  ? policy_nodemask+0x27c/0x720
[  134.303383][ T6600]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  134.303415][ T6600]  alloc_pages_mpol+0x232/0x4a0
[  134.303443][ T6600]  alloc_pages_noprof+0xa9/0x190
[  134.303469][ T6600]  binder_alloc_new_buf+0x1db5/0x2f80
[  134.303525][ T6600]  ? __pfx_binder_alloc_new_buf+0x10/0x10
[  134.303552][ T6600]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  134.303581][ T6600]  binder_transaction+0x23a4/0x6450
[  134.303616][ T6600]  ? __lock_acquire+0xab9/0xd20
[  134.303651][ T6600]  ? __lock_acquire+0xab9/0xd20
[  134.303681][ T6600]  ? __pfx_binder_transaction+0x10/0x10
[  134.303707][ T6600]  ? __lock_acquire+0xab9/0xd20
[  134.303757][ T6600]  ? __might_fault+0xb0/0x130
[  134.303811][ T6600]  binder_ioctl_write_read+0xd5a/0xa070
[  134.303860][ T6600]  ? is_bpf_text_address+0x26/0x2b0
[  134.303888][ T6600]  ? is_bpf_text_address+0x26/0x2b0
[  134.303910][ T6600]  ? kernel_text_address+0xa5/0xe0
[  134.303942][ T6600]  ? unwind_get_return_address+0x4d/0x90
[  134.303980][ T6600]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  134.304019][ T6600]  ? stack_trace_save+0x9c/0xe0
[  134.304047][ T6600]  ? stack_depot_save_flags+0x40/0x860
[  134.304082][ T6600]  ? kasan_save_track+0x4f/0x80
[  134.304100][ T6600]  ? kasan_save_track+0x3e/0x80
[  134.304117][ T6600]  ? kasan_save_free_info+0x46/0x50
[  134.304143][ T6600]  ? __kasan_slab_free+0x5c/0x80
[  134.304161][ T6600]  ? kfree+0x1c0/0x680
[  134.304186][ T6600]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  134.304230][ T6600]  ? security_file_ioctl+0xcb/0x2d0
[  134.304251][ T6600]  ? __se_sys_ioctl+0x47/0x170
[  134.304279][ T6600]  ? do_syscall_64+0xfa/0xfa0
[  134.304302][ T6600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.304340][ T6600]  ? __pfx_binder_debug+0x10/0x10
[  134.304368][ T6600]  ? do_raw_spin_lock+0x121/0x290
[  134.304413][ T6600]  ? _raw_spin_unlock+0x28/0x50
[  134.304434][ T6600]  ? binder_get_thread+0x178/0x6d0
[  134.304468][ T6600]  binder_ioctl+0x3c5/0x1a10
[  134.304489][ T6600]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  134.304519][ T6600]  ? do_vfs_ioctl+0xbe8/0x1430
[  134.304548][ T6600]  ? __pfx_binder_ioctl+0x10/0x10
[  134.304566][ T6600]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  134.304635][ T6600]  ? __fget_files+0x2a/0x420
[  134.304682][ T6600]  ? __fget_files+0x3a0/0x420
[  134.304706][ T6600]  ? __fget_files+0x2a/0x420
[  134.304734][ T6600]  ? bpf_lsm_file_ioctl+0x9/0x20
[  134.304757][ T6600]  ? __pfx_binder_ioctl+0x10/0x10
[  134.304775][ T6600]  __se_sys_ioctl+0xfc/0x170
[  134.304809][ T6600]  do_syscall_64+0xfa/0xfa0
[  134.304844][ T6600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.304864][ T6600]  ? clear_bhb_loop+0x60/0xb0
[  134.304889][ T6600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.304909][ T6600] RIP: 0033:0x7f8ca5f8f749
[  134.304928][ T6600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.304944][ T6600] RSP: 002b:00007f8ca6e83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.304966][ T6600] RAX: ffffffffffffffda RBX: 00007f8ca61e5fa0 RCX: 00007f8ca5f8f749
[  134.304981][ T6600] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  134.305006][ T6600] RBP: 00007f8ca6e83090 R08: 0000000000000000 R09: 0000000000000000
[  134.305018][ T6600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.305030][ T6600] R13: 00007f8ca61e6038 R14: 00007f8ca61e5fa0 R15: 00007ffc51e622a8
[  134.305062][ T6600]  </TASK>
[  134.824504][ T5991] wwan wwan0: port wwan0mbim0 disconnected
[  135.050702][ T6610] syzkaller1: entered promiscuous mode
[  135.073471][ T6610] syzkaller1: entered allmulticast mode
[  135.279041][ T6622] netlink: 16 bytes leftover after parsing attributes in process `syz.1.162'.
[  135.289291][    T9] pegasus 4-1:0.0: can't reset MAC
[  135.294856][    T9] pegasus 4-1:0.0: probe with driver pegasus failed with error -5
[  135.496458][ T5991] usb 4-1: USB disconnect, device number 15
[  135.593962][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  135.753943][    T9] usb 2-1: Using ep0 maxpacket: 8
[  135.764119][    T9] usb 2-1: too many configurations: 178, using maximum allowed: 8
[  135.795211][    T9] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  135.813961][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[  135.822010][    T9] usb 2-1: Product: syz
[  135.843934][    T9] usb 2-1: Manufacturer: syz
[  135.849539][    T9] usb 2-1: SerialNumber: syz
[  135.857870][    T9] usb 2-1: config 0 descriptor??
[  135.868907][    T9] gspca_main: 047d:5003 too many config
[  136.011219][ T6644] process 'syz.2.167' launched './file0' with NULL argv: empty string added
[  136.084667][    T9] usb 2-1: USB disconnect, device number 15
[  136.194355][ T5991] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  136.345649][ T5991] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.357080][ T5991] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  136.367660][ T5991] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.378654][ T5991] usb 1-1: config 0 descriptor??
[  136.384733][ T5916] usb 3-1: new low-speed USB device number 13 using dummy_hcd
[  136.557461][ T5916] usb 3-1: unable to get BOS descriptor or descriptor too short
[  136.566858][ T5916] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  136.575730][ T5916] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  136.587487][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.596588][ T5916] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  136.605221][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.615417][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.624496][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.635700][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.647613][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.664438][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.676345][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.689191][ T6640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.701625][ T6640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.936359][ T5991] logitech-djreceiver 0003:046D:C71F.0003: unbalanced collection at end of report description
[  136.948386][ T5991] logitech-djreceiver 0003:046D:C71F.0003: logi_dj_probe: parse failed
[  136.958876][ T5991] logitech-djreceiver 0003:046D:C71F.0003: probe with driver logitech-djreceiver failed with error -22
[  137.125563][ T5900] usb 1-1: USB disconnect, device number 16
[  137.764736][ T1143] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.856918][ T1143] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.940288][ T6669] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  137.947002][ T6669] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  137.965437][ T1143] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.976268][ T6669] vhci_hcd vhci_hcd.0: Device attached
[  137.982662][ T6669] netlink: zone id is out of range
[  137.982678][ T6669] netlink: zone id is out of range
[  137.982687][ T6669] netlink: zone id is out of range
[  137.982696][ T6669] netlink: zone id is out of range
[  137.982705][ T6669] netlink: zone id is out of range
[  137.982714][ T6669] netlink: zone id is out of range
[  137.982723][ T6669] netlink: zone id is out of range
[  137.982732][ T6669] netlink: zone id is out of range
[  137.982740][ T6669] netlink: zone id is out of range
[  137.982748][ T6669] netlink: zone id is out of range
[  137.983972][ T6674] usbip_core: unknown command
[  138.048557][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  138.055345][ T5868] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  138.063508][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  138.083005][ T6669] syzkaller1: entered promiscuous mode
[  138.088856][ T6669] syzkaller1: entered allmulticast mode
[  138.136845][ T6674] vhci_hcd: unknown pdu 0
[  138.141267][ T6674] usbip_core: unknown command
[  138.149239][   T60] vhci_hcd vhci_hcd.0: stop threads
[  138.155925][   T60] vhci_hcd vhci_hcd.0: release socket
[  138.163058][   T60] vhci_hcd vhci_hcd.0: disconnect device
[  138.182383][ T1143] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.260398][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  138.263995][ T5868] usb 2-1: Using ep0 maxpacket: 32
[  138.275210][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  138.285058][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  138.287746][ T5868] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  138.304575][ T5868] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  138.313505][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  138.314843][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  138.325553][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  138.340216][ T5868] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  138.350871][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  138.361792][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  138.376649][ T5868] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  138.386244][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.410449][ T5868] usb 2-1: config 0 descriptor??
[  138.454212][ T1143] bridge_slave_1: left allmulticast mode
[  138.467838][ T1143] bridge_slave_1: left promiscuous mode
[  138.475122][ T1143] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.489385][ T1143] bridge_slave_0: left allmulticast mode
[  138.496451][ T1143] bridge_slave_0: left promiscuous mode
[  138.502997][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.650649][ T5868] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  138.727393][ T5900] usb usb34-port1: attempt power cycle
[  138.858287][ T5868] usb 2-1: USB disconnect, device number 16
[  138.889929][ T5868] usblp0: removed
[  138.941303][ T1143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.957127][ T1143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  138.969254][ T1143] bond0 (unregistering): Released all slaves
[  139.175754][ T5916] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  139.186858][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.208710][ T5916] usb 3-1: can't set config #1, error -71
[  139.219450][ T5916] usb 3-1: USB disconnect, device number 13
[  139.287187][ T5900] usb usb34-port1: unable to enumerate USB device
[  139.517192][ T1143] hsr_slave_0: left promiscuous mode
[  139.540296][ T6698] FAULT_INJECTION: forcing a failure.
[  139.540296][ T6698] name failslab, interval 1, probability 0, space 0, times 0
[  139.574128][ T6698] CPU: 1 UID: 0 PID: 6698 Comm: syz.2.188 Not tainted syzkaller #0 PREEMPT(full) 
[  139.574156][ T6698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.574168][ T6698] Call Trace:
[  139.574176][ T6698]  <TASK>
[  139.574184][ T6698]  dump_stack_lvl+0x189/0x250
[  139.574214][ T6698]  ? __pfx____ratelimit+0x10/0x10
[  139.574239][ T6698]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.574264][ T6698]  ? __pfx__printk+0x10/0x10
[  139.574284][ T6698]  ? save_netdev_trace_buffer+0x4b5/0x5a0
[  139.574330][ T6698]  should_fail_ex+0x414/0x560
[  139.574362][ T6698]  should_failslab+0xa8/0x100
[  139.574388][ T6698]  kmem_cache_alloc_noprof+0x88/0x700
[  139.574418][ T6698]  ? skb_clone+0x212/0x3a0
[  139.574446][ T6698]  skb_clone+0x212/0x3a0
[  139.574473][ T6698]  __netlink_deliver_tap+0x424/0x8b0
[  139.574509][ T6698]  ? netlink_deliver_tap+0x2e/0x1b0
[  139.574533][ T6698]  netlink_deliver_tap+0x19c/0x1b0
[  139.574557][ T6698]  netlink_unicast+0x7fa/0x9e0
[  139.574587][ T6698]  ? __pfx_netlink_unicast+0x10/0x10
[  139.574609][ T6698]  ? netlink_sendmsg+0x642/0xb30
[  139.574630][ T6698]  ? skb_put+0x11b/0x210
[  139.574664][ T6698]  netlink_sendmsg+0x805/0xb30
[  139.574699][ T6698]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.574725][ T6698]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  139.574767][ T6698]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.574789][ T6698]  sock_sendmsg_nosec+0x18f/0x1d0
[  139.574821][ T6698]  ____sys_sendmsg+0x577/0x8b0
[  139.574854][ T6698]  ? __pfx_____sys_sendmsg+0x10/0x10
[  139.574888][ T6698]  ? import_iovec+0x74/0xa0
[  139.574911][ T6698]  ___sys_sendmsg+0x21f/0x2a0
[  139.574937][ T6698]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.575001][ T6698]  ? __fget_files+0x2a/0x420
[  139.575026][ T6698]  ? __fget_files+0x3a0/0x420
[  139.575062][ T6698]  __x64_sys_sendmsg+0x19b/0x260
[  139.575089][ T6698]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  139.575123][ T6698]  ? __pfx_ksys_write+0x10/0x10
[  139.575156][ T6698]  ? do_syscall_64+0xbe/0xfa0
[  139.575188][ T6698]  do_syscall_64+0xfa/0xfa0
[  139.575215][ T6698]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.575235][ T6698]  ? clear_bhb_loop+0x60/0xb0
[  139.575260][ T6698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.575279][ T6698] RIP: 0033:0x7f6ea1f8f749
[  139.575297][ T6698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.575314][ T6698] RSP: 002b:00007f6ea2dcb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.575335][ T6698] RAX: ffffffffffffffda RBX: 00007f6ea21e5fa0 RCX: 00007f6ea1f8f749
[  139.575350][ T6698] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 0000000000000004
[  139.575363][ T6698] RBP: 00007f6ea2dcb090 R08: 0000000000000000 R09: 0000000000000000
[  139.575375][ T6698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.575386][ T6698] R13: 00007f6ea21e6038 R14: 00007f6ea21e5fa0 R15: 00007fff39c97318
[  139.575421][ T6698]  </TASK>
[  139.576176][ T1143] hsr_slave_1: left promiscuous mode
[  139.880970][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  139.888497][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_0
[  139.901638][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.909153][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.008749][ T1143] veth1_macvtap: left promiscuous mode
[  140.022065][ T1143] veth0_macvtap: left promiscuous mode
[  140.037622][ T1143] veth1_vlan: left promiscuous mode
[  140.043270][ T1143] veth0_vlan: left promiscuous mode
[  140.134420][ T6716] FAULT_INJECTION: forcing a failure.
[  140.134420][ T6716] name failslab, interval 1, probability 0, space 0, times 0
[  140.201125][ T6716] CPU: 1 UID: 0 PID: 6716 Comm: syz.0.191 Not tainted syzkaller #0 PREEMPT(full) 
[  140.201153][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  140.201165][ T6716] Call Trace:
[  140.201172][ T6716]  <TASK>
[  140.201181][ T6716]  dump_stack_lvl+0x189/0x250
[  140.201212][ T6716]  ? __pfx____ratelimit+0x10/0x10
[  140.201237][ T6716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.201263][ T6716]  ? __pfx__printk+0x10/0x10
[  140.201293][ T6716]  ? __pfx___might_resched+0x10/0x10
[  140.201323][ T6716]  should_fail_ex+0x414/0x560
[  140.201375][ T6716]  should_failslab+0xa8/0x100
[  140.201402][ T6716]  __kmalloc_noprof+0xdf/0x800
[  140.201421][ T6716]  ? kfree+0x4d/0x680
[  140.201446][ T6716]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  140.201485][ T6716]  tomoyo_realpath_from_path+0xe3/0x5d0
[  140.201520][ T6716]  ? tomoyo_domain+0xd8/0x130
[  140.201550][ T6716]  tomoyo_path_perm+0x213/0x4b0
[  140.201577][ T6716]  ? tomoyo_path_perm+0x1e3/0x4b0
[  140.201609][ T6716]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  140.201644][ T6716]  ? lockdep_unlock+0x89/0x120
[  140.201686][ T6716]  ? check_path+0x21/0x40
[  140.201711][ T6716]  ? check_noncircular+0xe0/0x160
[  140.201748][ T6716]  ? validate_chain+0x897/0x2130
[  140.201779][ T6716]  security_inode_getattr+0x12f/0x330
[  140.201804][ T6716]  vfs_getattr+0x23/0x70
[  140.201831][ T6716]  ovl_clear_empty+0x1b9/0x5e0
[  140.201866][ T6716]  ? __pfx_ovl_clear_empty+0x10/0x10
[  140.201896][ T6716]  ? mnt_get_write_access+0x66/0x280
[  140.201957][ T6716]  ? mnt_want_write+0x7b/0x90
[  140.201989][ T6716]  ? ovl_nlink_start+0x215/0x3e0
[  140.202018][ T6716]  ovl_do_remove+0x378/0xd50
[  140.202052][ T6716]  ? __pfx_ovl_do_remove+0x10/0x10
[  140.202074][ T6716]  ? down_write+0x162/0x1f0
[  140.202104][ T6716]  ? __pfx_down_write+0x10/0x10
[  140.202138][ T6716]  ? do_raw_spin_unlock+0x122/0x240
[  140.202167][ T6716]  ? bpf_lsm_inode_rmdir+0x9/0x20
[  140.202192][ T6716]  vfs_rmdir+0x512/0x660
[  140.202220][ T6716]  do_rmdir+0x27f/0x4a0
[  140.202248][ T6716]  ? __pfx_do_rmdir+0x10/0x10
[  140.202270][ T6716]  ? strncpy_from_user+0x150/0x2c0
[  140.202300][ T6716]  ? getname_flags+0x1e5/0x540
[  140.202329][ T6716]  __x64_sys_unlinkat+0xc2/0xf0
[  140.202354][ T6716]  do_syscall_64+0xfa/0xfa0
[  140.202382][ T6716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.202402][ T6716]  ? clear_bhb_loop+0x60/0xb0
[  140.202428][ T6716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.202447][ T6716] RIP: 0033:0x7f09bcf8f749
[  140.202466][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.202482][ T6716] RSP: 002b:00007f09bddab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  140.202505][ T6716] RAX: ffffffffffffffda RBX: 00007f09bd1e5fa0 RCX: 00007f09bcf8f749
[  140.202520][ T6716] RDX: 0000000000000200 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  140.202533][ T6716] RBP: 00007f09bddab090 R08: 0000000000000000 R09: 0000000000000000
[  140.202546][ T6716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  140.202557][ T6716] R13: 00007f09bd1e6038 R14: 00007f09bd1e5fa0 R15: 00007ffeaeaaee48
[  140.202600][ T6716]  </TASK>
[  140.202611][ T6716] ERROR: Out of memory at tomoyo_realpath_from_path.
[  140.397485][ T6722] overlayfs: failed to get inode (-116)
[  140.447540][ T5829] Bluetooth: hci2: command tx timeout
[  140.562485][ T6722] overlayfs: failed to get inode (-116)
[  140.793986][ T5828] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  140.881062][ T1143] team0 (unregistering): Port device team_slave_1 removed
[  140.916924][ T1143] team0 (unregistering): Port device team_slave_0 removed
[  140.977405][ T5828] usb 2-1: config 2 has an invalid interface number: 174 but max is 0
[  140.987088][ T5828] usb 2-1: config 2 has no interface number 0
[  140.993505][ T5828] usb 2-1: config 2 interface 174 altsetting 0 has an endpoint descriptor with address 0x9E, changing to 0x8E
[  141.005801][ T5828] usb 2-1: config 2 interface 174 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1023
[  141.016122][ T5828] usb 2-1: config 2 interface 174 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  141.026314][ T5828] usb 2-1: config 2 interface 174 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  141.039817][ T5828] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  141.050037][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.058191][ T5828] usb 2-1: Product: syz
[  141.064724][ T5828] usb 2-1: Manufacturer: syz
[  141.069396][ T5828] usb 2-1: SerialNumber: syz
[  141.078855][ T6723] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  141.303801][ T5828] usb 2-1: probing VID:PID(0424:012C)   
[  141.330866][ T5828] usb 2-1: vub300 testing BULK IN EndPoint(0) 8E
[  141.337990][ T5828] usb 2-1: vub300 testing BULK IN EndPoint(1) 82
[  141.344916][ T5828] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  141.352796][ T5828] vub300 2-1:2.174: probe with driver vub300 failed with error -22
[  141.373034][ T5828] usb 2-1: USB disconnect, device number 17
[  141.427253][ T6726] batadv_slave_1: entered promiscuous mode
[  141.438644][ T6677] chnl_net:caif_netlink_parms(): no params data found
[  141.456495][ T6725] batadv_slave_1: left promiscuous mode
[  141.593701][ T6730] netlink: 32 bytes leftover after parsing attributes in process `syz.2.194'.
[  141.614339][ T6677] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.621575][ T6677] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.630146][ T6677] bridge_slave_0: entered allmulticast mode
[  141.640095][ T6677] bridge_slave_0: entered promiscuous mode
[  141.650643][ T6677] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.658057][ T6677] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.665662][ T6677] bridge_slave_1: entered allmulticast mode
[  141.673341][ T6677] bridge_slave_1: entered promiscuous mode
[  141.760372][ T6677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.787113][ T6677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.860483][ T6677] team0: Port device team_slave_0 added
[  141.872435][ T6677] team0: Port device team_slave_1 added
[  142.044171][ T6741] netlink: 'syz.2.195': attribute type 3 has an invalid length.
[  142.414074][ T5900] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  142.428035][ T6736] syzkaller0: entered promiscuous mode
[  142.433643][ T6736] syzkaller0: entered allmulticast mode
[  142.439445][    T9] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  142.513937][ T5829] Bluetooth: hci2: command tx timeout
[  142.564025][ T5900] usb 2-1: Using ep0 maxpacket: 16
[  142.577651][ T5900] usb 2-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  142.587532][ T6677] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.606105][ T6677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  142.632849][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.651273][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.683924][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  142.692893][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  142.707916][ T5900] usb 2-1: config 0 descriptor??
[  142.719420][ T6677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.746900][ T6677] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.765415][ T6677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  142.791945][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  142.826086][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.834514][    T9] usb 1-1: Product: syz
[  142.838775][    T9] usb 1-1: Manufacturer: syz
[  142.843428][    T9] usb 1-1: SerialNumber: syz
[  142.845842][ T6677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.082812][    T9] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[  143.090251][    T9] cdc_ncm 1-1:1.0: bind() failure
[  143.113242][    T9] usb 1-1: USB disconnect, device number 17
[  143.984048][    T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  144.144376][    T9] usb 1-1: Using ep0 maxpacket: 32
[  144.164038][    T9] usb 1-1: too many configurations: 17, using maximum allowed: 8
[  144.176155][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.194427][    T9] usb 1-1: config 0 has no interface number 0
[  144.223013][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.236772][    T9] usb 1-1: config 0 has no interface number 0
[  144.246739][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.265964][ T6677] hsr_slave_0: entered promiscuous mode
[  144.271732][    T9] usb 1-1: config 0 has no interface number 0
[  144.279719][ T6677] hsr_slave_1: entered promiscuous mode
[  144.286709][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.295423][ T6677] debugfs: 'hsr0' already exists in 'hsr'
[  144.301285][ T6677] Cannot create hsr debugfs directory
[  144.306770][    T9] usb 1-1: config 0 has no interface number 0
[  144.315462][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.323545][    T9] usb 1-1: config 0 has no interface number 0
[  144.355788][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.373217][ T5900] pegasus 2-1:0.0: can't reset MAC
[  144.379198][    T9] usb 1-1: config 0 has no interface number 0
[  144.386768][ T5900] pegasus 2-1:0.0: probe with driver pegasus failed with error -5
[  144.405127][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.422412][ T5900] usb 2-1: USB disconnect, device number 18
[  144.429086][    T9] usb 1-1: config 0 has no interface number 0
[  144.454573][    T9] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  144.463254][    T9] usb 1-1: config 0 has no interface number 0
[  144.477350][    T9] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  144.495207][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.513549][    T9] usb 1-1: Product: syz
[  144.523681][    T9] usb 1-1: Manufacturer: syz
[  144.533800][    T9] usb 1-1: SerialNumber: syz
[  144.543758][    T9] usb 1-1: config 0 descriptor??
[  144.560138][    T9] etas_es58x 1-1:0.2: Starting syz syz (Serial Number syz)
[  144.585225][ T5829] Bluetooth: hci2: command tx timeout
[  144.614204][ T5828] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  144.774732][ T5828] usb 3-1: Using ep0 maxpacket: 8
[  144.787527][ T5828] usb 3-1: too many configurations: 178, using maximum allowed: 8
[  144.794278][ T6677] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  144.820873][ T5828] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  144.825485][ T6677] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  144.838345][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[  144.850167][ T5828] usb 3-1: Product: syz
[  144.854667][ T5828] usb 3-1: Manufacturer: syz
[  144.859471][ T5828] usb 3-1: SerialNumber: syz
[  144.865924][ T6677] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  144.870426][ T5828] usb 3-1: config 0 descriptor??
[  144.887367][ T5828] gspca_main: 047d:5003 too many config
[  144.893106][ T6677] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  145.092923][ T6764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.114926][    T9] etas_es58x 1-1:0.2: could not parse product info: 'ࠅ'
[  145.117604][ T6764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.143021][ T6677] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.178330][ T6677] 8021q: adding VLAN 0 to HW filter on device team0
[  145.197115][ T6792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.229043][ T6792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.250063][ T6521] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.257330][ T6521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.282948][ T6792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.292622][ T6792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.337589][ T6521] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.344884][ T6521] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.446692][    T9] usb 3-1: USB disconnect, device number 14
[  145.831570][ T6677] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.905141][ T5910] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  146.076417][ T5910] usb 3-1: config 8 has an invalid interface number: 223 but max is 0
[  146.100319][ T5910] usb 3-1: config 8 contains an unexpected descriptor of type 0x1, skipping
[  146.114474][ T5910] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  146.136839][ T5910] usb 3-1: config 8 has no interface number 0
[  146.143051][ T5910] usb 3-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64
[  146.164054][ T5910] usb 3-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  146.180976][ T5910] usb 3-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  146.200358][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.212153][ T5910] usb 3-1: Product: syz
[  146.216428][ T5910] usb 3-1: Manufacturer: syz
[  146.221115][ T5910] usb 3-1: SerialNumber: syz
[  146.294207][ T5828] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  146.371034][ T6677] veth0_vlan: entered promiscuous mode
[  146.390873][ T6677] veth1_vlan: entered promiscuous mode
[  146.443915][ T5828] usb 2-1: Using ep0 maxpacket: 16
[  146.450401][ T6804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.463546][ T5828] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  146.474119][ T6677] veth0_macvtap: entered promiscuous mode
[  146.477327][ T6804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.483408][ T5828] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  146.505719][ T5828] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  146.515550][ T6677] veth1_macvtap: entered promiscuous mode
[  146.523938][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.532357][ T5828] usb 2-1: Product: syz
[  146.536526][ T5910] usb 3-1: USB disconnect, device number 15
[  146.543738][ T5828] usb 2-1: Manufacturer: syz
[  146.549231][ T5828] usb 2-1: SerialNumber: syz
[  146.579768][ T6677] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.614617][ T6677] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.630711][ T4987] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.642367][ T4987] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.652839][ T4987] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.665295][ T5829] Bluetooth: hci2: command tx timeout
[  146.667630][ T4987] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.815736][   T43] usb 1-1: USB disconnect, device number 18
[  146.824362][   T43] etas_es58x 1-1:0.2: Disconnecting syz syz
[  146.974821][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  146.982774][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.161124][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.192109][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.200375][ T6840] tipc: Can't bind to reserved service type 0
[  147.220229][   T30] audit: type=1326 audit(1764049550.952:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.0.206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09bcf8f749 code=0x0
[  147.591166][ T5828] usb 2-1: 0:2 : does not exist
[  147.661803][ T5828] usb 2-1: USB disconnect, device number 19
[  147.700391][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  148.104116][ T5828] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  148.276414][ T5828] usb 3-1: Using ep0 maxpacket: 16
[  148.294614][ T6875] FAULT_INJECTION: forcing a failure.
[  148.294614][ T6875] name failslab, interval 1, probability 0, space 0, times 0
[  148.295455][ T5828] usb 3-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  148.335707][ T5991] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  148.343428][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.344350][ T6875] CPU: 0 UID: 0 PID: 6875 Comm: syz.4.213 Not tainted syzkaller #0 PREEMPT(full) 
[  148.344378][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  148.344393][ T6875] Call Trace:
[  148.344403][ T6875]  <TASK>
[  148.344412][ T6875]  dump_stack_lvl+0x189/0x250
[  148.344449][ T6875]  ? __pfx____ratelimit+0x10/0x10
[  148.344477][ T6875]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.344508][ T6875]  ? __pfx__printk+0x10/0x10
[  148.344543][ T6875]  ? __pfx___might_resched+0x10/0x10
[  148.344567][ T6875]  ? fs_reclaim_acquire+0x7d/0x100
[  148.344598][ T6875]  should_fail_ex+0x414/0x560
[  148.344635][ T6875]  should_failslab+0xa8/0x100
[  148.344672][ T6875]  __kmalloc_noprof+0xdf/0x800
[  148.344693][ T6875]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  148.344728][ T6875]  ? rcu_is_watching+0x15/0xb0
[  148.344764][ T6875]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  148.344808][ T6875]  genl_family_rcv_msg_doit+0xb8/0x300
[  148.344851][ T6875]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  148.344895][ T6875]  ? apparmor_capable+0x137/0x1b0
[  148.344922][ T6875]  ? bpf_lsm_capable+0x9/0x20
[  148.344952][ T6875]  ? security_capable+0x7e/0x2e0
[  148.344994][ T6875]  genl_rcv_msg+0x60e/0x790
[  148.345036][ T6875]  ? __pfx_genl_rcv_msg+0x10/0x10
[  148.345073][ T6875]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  148.345100][ T6875]  ? __pfx_nl802154_add_llsec_seclevel+0x10/0x10
[  148.345132][ T6875]  ? __pfx_nl802154_post_doit+0x10/0x10
[  148.345178][ T6875]  netlink_rcv_skb+0x208/0x470
[  148.345203][ T6875]  ? __lock_acquire+0xab9/0xd20
[  148.345229][ T6875]  ? __pfx_genl_rcv_msg+0x10/0x10
[  148.345263][ T6875]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  148.345313][ T6875]  ? down_read+0x1ad/0x2e0
[  148.345350][ T6875]  genl_rcv+0x28/0x40
[  148.345379][ T6875]  netlink_unicast+0x82f/0x9e0
[  148.345414][ T6875]  ? __pfx_netlink_unicast+0x10/0x10
[  148.345441][ T6875]  ? netlink_sendmsg+0x642/0xb30
[  148.345465][ T6875]  ? skb_put+0x11b/0x210
[  148.345494][ T6875]  netlink_sendmsg+0x805/0xb30
[  148.345532][ T6875]  ? __pfx_netlink_sendmsg+0x10/0x10
[  148.345563][ T6875]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  148.345610][ T6875]  ? __pfx_netlink_sendmsg+0x10/0x10
[  148.345636][ T6875]  sock_sendmsg_nosec+0x18f/0x1d0
[  148.345678][ T6875]  ____sys_sendmsg+0x577/0x8b0
[  148.345716][ T6875]  ? __pfx_____sys_sendmsg+0x10/0x10
[  148.345755][ T6875]  ? import_iovec+0x74/0xa0
[  148.345782][ T6875]  ___sys_sendmsg+0x21f/0x2a0
[  148.345812][ T6875]  ? __pfx____sys_sendmsg+0x10/0x10
[  148.345883][ T6875]  ? __fget_files+0x2a/0x420
[  148.345911][ T6875]  ? __fget_files+0x3a0/0x420
[  148.345952][ T6875]  __x64_sys_sendmsg+0x19b/0x260
[  148.345983][ T6875]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  148.346022][ T6875]  ? __pfx_ksys_write+0x10/0x10
[  148.346049][ T6875]  ? do_syscall_64+0xbe/0xfa0
[  148.346084][ T6875]  do_syscall_64+0xfa/0xfa0
[  148.346115][ T6875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.346138][ T6875]  ? clear_bhb_loop+0x60/0xb0
[  148.346167][ T6875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.346191][ T6875] RIP: 0033:0x7f4d8c18f749
[  148.346212][ T6875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.346232][ T6875] RSP: 002b:00007f4d8d01e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  148.346258][ T6875] RAX: ffffffffffffffda RBX: 00007f4d8c3e5fa0 RCX: 00007f4d8c18f749
[  148.346274][ T6875] RDX: 0000000020044010 RSI: 0000200000000140 RDI: 0000000000000005
[  148.346291][ T6875] RBP: 00007f4d8d01e090 R08: 0000000000000000 R09: 0000000000000000
[  148.346306][ T6875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.346319][ T6875] R13: 00007f4d8c3e6038 R14: 00007f4d8c3e5fa0 R15: 00007fff5153b6d8
[  148.346361][ T6875]  </TASK>
[  148.445722][ T6877] EXT4-fs (loop1): unable to read superblock
[  148.473244][ T5828] usb 3-1: config 0 descriptor??
[  148.825269][ T5991] usb 1-1: Using ep0 maxpacket: 16
[  148.845660][ T5991] usb 1-1: unable to get BOS descriptor or descriptor too short
[  148.869052][ T5991] usb 1-1: config 6 has an invalid interface number: 202 but max is 0
[  148.885853][ T5991] usb 1-1: config 6 has no interface number 0
[  148.897435][ T5991] usb 1-1: config 6 interface 202 has no altsetting 0
[  148.916917][ T5991] usb 1-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d4.1f
[  148.926352][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.939841][ T5991] usb 1-1: Product: syz
[  148.950647][ T5991] usb 1-1: Manufacturer: syz
[  148.955528][ T5991] usb 1-1: SerialNumber: syz
[  149.195348][ T6869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'.
[  149.210625][ T5991] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out.
[  149.250332][ T5991] usb 1-1: USB disconnect, device number 19
[  149.302705][ T6895] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  149.341671][ T6895] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  149.348708][ T6895] comedi comedi3: 8255: I/O port conflict (0x21,4)
[  149.357287][ T6895] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  149.364659][ T6895] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  149.371225][ T6895] comedi comedi3: 8255: I/O port conflict (0x3fb,4)
[  149.380901][ T6895] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  149.687378][ T5991] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  149.877250][ T5991] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  149.888058][ T5991] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  149.900714][ T5991] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  149.924878][ T5991] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  149.935648][ T6902] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  149.953882][ T6902] overlayfs: missing 'lowerdir'
[  149.960698][ T5991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.970804][ T5991] usb 2-1: Product: syz
[  149.979755][ T5991] usb 2-1: Manufacturer: syz
[  149.989903][ T5991] usb 2-1: SerialNumber: syz
[  149.999051][ T5991] usb 2-1: config 0 descriptor??
[  150.005500][ T6900] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  150.014825][ T6900] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  150.025324][ T5991] usb 2-1: ucan: probing device on interface #0
[  150.435340][ T5991] usb 2-1: ucan: device reported invalid tx-fifo size
[  150.452415][ T5991] usb 2-1: ucan: probe failed; try to update the device firmware
[  150.536717][ T5828] pegasus 3-1:0.0: can't reset MAC
[  150.542278][ T5828] pegasus 3-1:0.0: probe with driver pegasus failed with error -5
[  150.564167][ T5828] usb 3-1: USB disconnect, device number 16
[  150.725617][ T6913] overlayfs: failed lookup in lower (newroot/64, name='file1', err=-40): overlapping layers
[  151.184170][ T5900] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  151.227447][ T5916] usb 2-1: USB disconnect, device number 20
[  151.344024][ T5900] usb 1-1: Using ep0 maxpacket: 16
[  151.351360][ T5900] usb 1-1: unable to get BOS descriptor or descriptor too short
[  151.367052][ T5900] usb 1-1: config 255 has an invalid interface number: 48 but max is 0
[  151.375552][ T5900] usb 1-1: config 255 has no interface number 0
[  151.381862][ T5900] usb 1-1: config 255 interface 48 has no altsetting 0
[  151.391787][ T5900] usb 1-1: New USB device found, idVendor=2013, idProduct=024f, bcdDevice=e8.70
[  151.406872][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.429314][ T5900] usb 1-1: Product: syz
[  151.433570][ T5900] usb 1-1: Manufacturer: syz
[  151.443929][ T5900] usb 1-1: SerialNumber: syz
[  151.671117][ T5900] em28xx 1-1:255.48: audio device (2013:024f): interface 48, class 1
[  151.711153][ T5900] usb 1-1: USB disconnect, device number 20
[  151.747624][ T6929] netlink: 56 bytes leftover after parsing attributes in process `syz.2.227'.
[  151.785485][ T6929] program syz.2.227 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  151.861125][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.229'.
[  152.304517][ T6943] sg_write: data in/out 768/46 bytes for SCSI command 0x0-- guessing data in;
[  152.304517][ T6943]    program syz.0.233 not setting count and/or reply_len properly
[  152.384753][ T5991] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  152.585637][ T5991] usb 2-1: config index 0 descriptor too short (expected 65183, got 72)
[  152.606414][ T5991] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  152.616024][ T5991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.626206][ T5991] usb 2-1: Product: syz
[  152.632706][ T5991] usb 2-1: Manufacturer: syz
[  152.637651][ T5991] usb 2-1: SerialNumber: syz
[  152.655141][ T5991] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  152.709290][ T5916] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  152.764136][ T5828] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  152.874510][ T6952] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.236'.
[  152.887308][ T6951] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.236'.
[  152.901185][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.236'.
[  152.926673][ T6939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.939701][ T6939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.953811][ T6939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.954289][ T5828] usb 1-1: Using ep0 maxpacket: 32
[  152.971762][ T6939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.976615][ T5828] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  152.990869][ T5828] usb 1-1: config 0 has no interface number 0
[  153.000498][ T5828] usb 1-1: config 0 interface 184 has no altsetting 0
[  153.013197][ T6939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.013931][ T5828] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  153.032704][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.043337][ T5828] usb 1-1: Product: syz
[  153.047758][ T5828] usb 1-1: Manufacturer: syz
[  153.052757][ T5828] usb 1-1: SerialNumber: syz
[  153.064784][ T6939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.076591][ T5828] usb 1-1: config 0 descriptor??
[  153.087731][ T5828] smsc75xx v1.0.0
[  153.102605][ T5991] usb 2-1: USB disconnect, device number 21
[  153.691966][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  153.703313][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  153.713563][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  153.725036][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  153.734905][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  153.745719][ T5828] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  153.758772][ T5828] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  153.797837][ T5916] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  153.820921][ T5916] ath9k_htc: Failed to initialize the device
[  153.833546][ T5991] usb 2-1: ath9k_htc: USB layer deinitialized
[  154.183991][ T5991] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  154.191586][ T6987] netlink: 200 bytes leftover after parsing attributes in process `syz.4.246'.
[  154.354090][ T5991] usb 2-1: device descriptor read/64, error -71
[  154.607376][ T5991] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  154.754072][ T5991] usb 2-1: device descriptor read/64, error -71
[  154.824091][ T5828] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  154.843929][   T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  154.864395][ T5991] usb usb2-port1: attempt power cycle
[  154.974016][ T5828] usb 5-1: Using ep0 maxpacket: 32
[  154.981455][ T5828] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  154.992018][ T5828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.004108][ T5828] usb 5-1: config 0 descriptor??
[  155.011949][   T43] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  155.023884][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.031913][   T43] usb 3-1: Product: syz
[  155.036381][ T5828] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  155.042735][   T43] usb 3-1: Manufacturer: syz
[  155.047468][   T43] usb 3-1: SerialNumber: syz
[  155.204575][ T5991] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  155.231256][ T7003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.242341][ T7003] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.255716][ T5828] gspca_vc032x: reg_r err -32
[  155.265532][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.272110][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.279411][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.284966][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.290615][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.298381][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.310398][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.315950][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.321325][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.326800][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.332146][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.337638][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.342996][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.349265][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.354718][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.360153][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.365552][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.370961][ T5828] gspca_vc032x: I2c Bus Busy Wait 00
[  155.376587][ T5828] gspca_vc032x: Unknown sensor...
[  155.381854][ T5828] vc032x 5-1:0.0: probe with driver vc032x failed with error -22
[  155.415845][ T5991] usb 2-1: device not accepting address 24, error -71
[  155.466391][   T43] net_ratelimit: 1 callbacks suppressed
[  155.466432][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  155.484802][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  155.525562][   T24] usb 1-1: USB disconnect, device number 21
[  155.819340][ T7023] netlink: 164 bytes leftover after parsing attributes in process `syz.1.259'.
[  156.013976][    T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  156.165827][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.176886][    T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  156.190539][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.200078][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.208583][    T9] usb 1-1: Product: syz
[  156.212789][    T9] usb 1-1: Manufacturer: syz
[  156.219513][    T9] usb 1-1: SerialNumber: syz
[  156.235883][    T9] cdc_mbim 1-1:1.0: skipping garbage
[  156.285274][ T5991] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  156.321829][ T5991] usb 2-1: Using ep0 maxpacket: 32
[  156.331342][ T5991] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.346230][ T5991] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  156.355782][ T5991] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.364059][ T5991] usb 2-1: Product: syz
[  156.368459][ T5991] usb 2-1: Manufacturer: syz
[  156.373124][ T5991] usb 2-1: SerialNumber: syz
[  156.382213][ T5991] usb 2-1: config 0 descriptor??
[  156.391335][ T5991] usb 2-1: bad CDC descriptors
[  156.397591][ T5991] usb 2-1: unsupported MDLM descriptors
[  156.432485][ T7021] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  156.600363][   T24] usb 2-1: USB disconnect, device number 25
[  156.922639][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPIPE
[  156.936967][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[  157.044441][ T7021] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  157.052521][    T9] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  157.060129][    T9] cdc_mbim 1-1:1.0: setting rx_max = 2048
[  157.255520][    T9] cdc_mbim 1-1:1.0: setting tx_max = 184
[  157.263957][    T9] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device
[  157.274287][    T9] wwan wwan0: port wwan0mbim0 attached
[  157.287588][    T9] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 86:98:e5:ad:69:9f
[  157.434632][ T5900] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  157.460272][    C1] wdm_int_callback: 5046 callbacks suppressed
[  157.460297][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.473107][    C1] wdm_int_callback: 5046 callbacks suppressed
[  157.473128][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.485818][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.492536][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.498984][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.505694][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.512120][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.518829][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.525305][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.532017][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.538490][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.545207][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.552801][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.559542][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.566621][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.573341][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.579749][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.586453][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.592852][    C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71
[  157.599560][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes
[  157.621382][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000400. ret = -EPROTO
[  157.634466][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  157.646316][   T43] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  157.670478][   T43] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  157.701816][   T43] usb 3-1: USB disconnect, device number 17
[  157.779376][ T7011] usb 5-1: USB disconnect, device number 2
[  158.366007][ T7064] netlink: 'syz.2.263': attribute type 6 has an invalid length.
[  158.422075][ T5490] 8021q: adding VLAN 0 to HW filter on device wwan0
[  158.896734][    C1] cdc_mbim 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  158.906643][    T9] usb 1-1: USB disconnect, device number 22
[  158.948997][    T9] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM
[  159.176367][    T9] wwan wwan0: port wwan0mbim0 disconnected
[  159.465867][ T7045] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  159.477341][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout
[  159.487498][ T7045] Bluetooth: hci1: Opcode 0x0406 failed: -110
[  159.953266][ T7107] netlink: 12 bytes leftover after parsing attributes in process `syz.4.269'.
[  160.162974][ T7045] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  160.179105][ T7045] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  160.188275][ T7045] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.202196][ T7045] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.218101][ T7045] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  160.226524][ T7045] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  160.237296][ T7045] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  160.247643][ T7045] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  160.253814][ T7045] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  160.269527][ T7045] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  160.506060][ T7125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.272'.
[  160.543974][    T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  160.714030][    T9] usb 1-1: Using ep0 maxpacket: 32
[  160.723202][    T9] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  160.739429][    T9] usb 1-1: config 0 has no interface number 0
[  160.745756][    T9] usb 1-1: config 0 interface 184 has no altsetting 0
[  160.765821][    T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  160.796228][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.805931][    T9] usb 1-1: Product: syz
[  160.815269][    T9] usb 1-1: Manufacturer: syz
[  160.819971][    T9] usb 1-1: SerialNumber: syz
[  160.843151][    T9] usb 1-1: config 0 descriptor??
[  160.866419][    T9] smsc75xx v1.0.0
[  160.914010][   T43] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  160.922061][ T7145] fuse: Unknown parameter 'f'
[  160.938251][ T7145] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  161.101136][   T43] usb 5-1: config 1 has an invalid descriptor of length 144, skipping remainder of the config
[  161.112656][   T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  161.126909][   T43] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  161.139024][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  161.147915][   T43] usb 5-1: SerialNumber: syz
[  161.210282][ T5940] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  161.240633][ T5940] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  161.334428][ T7011] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  161.377165][ T7134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.399035][ T7134] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.440414][   T43] usb 5-1: 0:2 : does not exist
[  161.455758][   T43] usb 5-1: unit 255 not found!
[  161.488403][   T43] usb 5-1: USB disconnect, device number 3
[  161.498700][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  161.521080][ T7011] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  161.532947][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  161.543907][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout
[  161.563304][ T7011] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.572250][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  161.579243][ T7011] usb 3-1: Product: syz
[  161.588568][ T7011] usb 3-1: Manufacturer: syz
[  161.593194][ T7011] usb 3-1: SerialNumber: syz
[  161.608314][ T7011] usb 3-1: config 0 descriptor??
[  161.617513][ T7011] gspca_main: sunplus-2.14.0 probing 055f:c230
[  161.629217][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  161.660559][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  161.688590][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  161.715566][    T9] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  162.194185][ T5829] Bluetooth: hci3: command 0x206a tx timeout
[  162.223153][ T7011] gspca_sunplus: reg_r err -71
[  162.230285][ T7011] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  162.249499][ T7011] usb 3-1: USB disconnect, device number 18
[  162.267654][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout
[  162.267675][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  162.304013][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  162.424132][   T43] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  162.454132][    T9] usb 5-1: Using ep0 maxpacket: 16
[  162.473730][    T9] usb 5-1: config 0 has an invalid interface number: 94 but max is 0
[  162.484103][    T9] usb 5-1: config 0 has an invalid descriptor of length 10, skipping remainder of the config
[  162.494677][    T9] usb 5-1: config 0 has no interface number 0
[  162.503714][    T9] usb 5-1: New USB device found, idVendor=04dd, idProduct=8007, bcdDevice=45.90
[  162.513981][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.522006][    T9] usb 5-1: Product: syz
[  162.526317][    T9] usb 5-1: Manufacturer: syz
[  162.530999][    T9] usb 5-1: SerialNumber: syz
[  162.545818][    T9] usb 5-1: config 0 descriptor??
[  162.557851][    T9] usb 5-1: unsupported MDLM descriptors
[  162.584234][   T43] usb 2-1: Using ep0 maxpacket: 32
[  162.593627][   T43] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  162.610227][   T43] usb 2-1: config 0 has no interface number 0
[  162.621081][   T43] usb 2-1: config 0 interface 184 has no altsetting 0
[  162.633297][   T43] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  162.642748][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.652975][   T43] usb 2-1: Product: syz
[  162.657719][   T43] usb 2-1: Manufacturer: syz
[  162.664002][   T43] usb 2-1: SerialNumber: syz
[  162.679757][   T43] usb 2-1: config 0 descriptor??
[  162.688912][   T43] smsc75xx v1.0.0
[  162.692593][   T43] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  162.706310][   T43] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  162.763078][ T7172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.789459][ T7172] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.822711][   T43] usb 1-1: USB disconnect, device number 23
[  163.054411][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.124944][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.133651][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.142493][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.164570][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.314372][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.335308][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.475940][   T24] usb 5-1: USB disconnect, device number 4
[  163.634316][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  163.718533][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.730852][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  163.792536][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  164.273675][ T5835] Bluetooth: hci3: command 0x206a tx timeout
[  164.293909][   T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  164.343988][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  164.354678][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout
[  164.447480][   T43] usb 1-1: Using ep0 maxpacket: 32
[  164.461667][   T43] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  164.470759][   T43] usb 1-1: config 0 has no interface number 0
[  164.477196][   T43] usb 1-1: config 0 interface 184 has no altsetting 0
[  164.487093][   T43] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  164.500013][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.511981][   T43] usb 1-1: Product: syz
[  164.516504][   T43] usb 1-1: Manufacturer: syz
[  164.521335][   T43] usb 1-1: SerialNumber: syz
[  164.529521][   T43] usb 1-1: config 0 descriptor??
[  164.543633][   T43] smsc75xx v1.0.0
[  165.093932][ T5916] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  165.149503][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  165.160499][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  165.185071][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  165.196013][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  165.208424][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  165.224790][ T5991] usb 2-1: USB disconnect, device number 27
[  165.231959][   T43] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  165.258438][   T43] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  165.267058][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  165.274958][ T5916] usb 3-1: too many configurations: 17, using maximum allowed: 8
[  165.292962][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.314477][ T5916] usb 3-1: config 0 has no interface number 0
[  165.336417][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.345531][ T5916] usb 3-1: config 0 has no interface number 0
[  165.355668][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.363708][ T5916] usb 3-1: config 0 has no interface number 0
[  165.382436][ T7278] netlink: 48 bytes leftover after parsing attributes in process `syz.1.299'.
[  165.397508][ T7280] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  165.397797][ T7278] IPVS: stopping backup sync thread 7280 ...
[  165.418709][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.429658][ T5916] usb 3-1: config 0 has no interface number 0
[  165.439018][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.447527][ T5916] usb 3-1: config 0 has no interface number 0
[  165.455179][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.463436][ T5916] usb 3-1: config 0 has no interface number 0
[  165.471117][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.479636][ T5916] usb 3-1: config 0 has no interface number 0
[  165.486861][ T5916] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  165.495624][ T5916] usb 3-1: config 0 has no interface number 0
[  165.504322][ T5916] usb 3-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  165.513553][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.521904][ T5916] usb 3-1: Product: syz
[  165.526527][ T5916] usb 3-1: Manufacturer: syz
[  165.531232][ T5916] usb 3-1: SerialNumber: syz
[  165.542724][ T5916] usb 3-1: config 0 descriptor??
[  165.556042][ T5916] etas_es58x 3-1:0.2: Starting syz syz (Serial Number syz)
[  166.022864][ T7292] usb usb8: usbfs: process 7292 (syz.4.304) did not claim interface 0 before use
[  166.104461][ T5916] etas_es58x 3-1:0.2: could not parse product info: 'ࠅ'
[  166.344058][ T5835] Bluetooth: hci3: command 0x206a tx timeout
[  166.426708][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout
[  166.432965][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.640662][    C0] etas_es58x 3-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x015D.
[  166.651669][    C0] etas_es58x 3-1:0.2: Recovery successful! Dropped 347 bytes (urb_cmd_len: 9)
[  166.660523][    C0] etas_es58x 3-1:0.2: es58x_fd_handle_urb_cmd: Unknown command type (0x00) and command ID (0x00) combination
[  166.672080][    C0] etas_es58x 3-1:0.2: ops->handle_urb_cmd() returned error -EBADRQC
[  166.685820][ T5490] etas_es58x 3-1:0.2 can0: bit-timing not yet defined
[  166.843248][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  166.852503][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  166.861704][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  166.870898][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  166.880074][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  166.889272][    C0] etas_es58x 3-1:0.2 can0: es58x_write_bulk_callback: error -EPROTO
[  166.898402][ T5490] etas_es58x 3-1:0.2 can0: es58x_open: Could not open the network device: -EINVAL
[  166.900235][    T9] usb 3-1: USB disconnect, device number 19
[  166.915913][    T9] etas_es58x 3-1:0.2: Disconnecting syz syz
[  167.080238][ T5991] usb 1-1: USB disconnect, device number 24
[  167.173634][ T7322] FAULT_INJECTION: forcing a failure.
[  167.173634][ T7322] name failslab, interval 1, probability 0, space 0, times 0
[  167.186426][ T7322] CPU: 0 UID: 0 PID: 7322 Comm: syz.1.309 Not tainted syzkaller #0 PREEMPT(full) 
[  167.186452][ T7322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  167.186465][ T7322] Call Trace:
[  167.186473][ T7322]  <TASK>
[  167.186481][ T7322]  dump_stack_lvl+0x189/0x250
[  167.186513][ T7322]  ? __pfx____ratelimit+0x10/0x10
[  167.186538][ T7322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.186564][ T7322]  ? __pfx__printk+0x10/0x10
[  167.186592][ T7322]  ? __pfx___might_resched+0x10/0x10
[  167.186616][ T7322]  ? fs_reclaim_acquire+0x7d/0x100
[  167.186644][ T7322]  should_fail_ex+0x414/0x560
[  167.186676][ T7322]  should_failslab+0xa8/0x100
[  167.186702][ T7322]  __kmalloc_cache_noprof+0x84/0x700
[  167.186723][ T7322]  ? binder_transaction+0x1e44/0x6450
[  167.186742][ T7322]  ? do_raw_spin_unlock+0x122/0x240
[  167.186777][ T7322]  binder_transaction+0x1e44/0x6450
[  167.186842][ T7322]  ? __pfx_binder_transaction+0x10/0x10
[  167.186870][ T7322]  ? __lock_acquire+0xab9/0xd20
[  167.186903][ T7322]  ? __might_fault+0xb0/0x130
[  167.186958][ T7322]  binder_ioctl_write_read+0xd5a/0xa070
[  167.187004][ T7322]  ? is_bpf_text_address+0x26/0x2b0
[  167.187031][ T7322]  ? is_bpf_text_address+0x26/0x2b0
[  167.187054][ T7322]  ? kernel_text_address+0xa5/0xe0
[  167.187087][ T7322]  ? unwind_get_return_address+0x4d/0x90
[  167.187126][ T7322]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  167.187160][ T7322]  ? stack_trace_save+0x9c/0xe0
[  167.187182][ T7322]  ? stack_depot_save_flags+0x40/0x860
[  167.187218][ T7322]  ? kasan_save_track+0x4f/0x80
[  167.187236][ T7322]  ? kasan_save_track+0x3e/0x80
[  167.187253][ T7322]  ? kasan_save_free_info+0x46/0x50
[  167.187278][ T7322]  ? __kasan_slab_free+0x5c/0x80
[  167.187297][ T7322]  ? kfree+0x1c0/0x680
[  167.187323][ T7322]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  167.187353][ T7322]  ? security_file_ioctl+0xcb/0x2d0
[  167.187374][ T7322]  ? __se_sys_ioctl+0x47/0x170
[  167.187402][ T7322]  ? do_syscall_64+0xfa/0xfa0
[  167.187425][ T7322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.187464][ T7322]  ? __pfx_binder_debug+0x10/0x10
[  167.187491][ T7322]  ? do_raw_spin_lock+0x121/0x290
[  167.187537][ T7322]  ? _raw_spin_unlock+0x28/0x50
[  167.187559][ T7322]  ? binder_get_thread+0x178/0x6d0
[  167.187594][ T7322]  binder_ioctl+0x3c5/0x1a10
[  167.187616][ T7322]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  167.187645][ T7322]  ? do_vfs_ioctl+0xbe8/0x1430
[  167.187674][ T7322]  ? __pfx_binder_ioctl+0x10/0x10
[  167.187692][ T7322]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  167.187763][ T7322]  ? __fget_files+0x2a/0x420
[  167.187793][ T7322]  ? __fget_files+0x3a0/0x420
[  167.187816][ T7322]  ? __fget_files+0x2a/0x420
[  167.187844][ T7322]  ? bpf_lsm_file_ioctl+0x9/0x20
[  167.187867][ T7322]  ? __pfx_binder_ioctl+0x10/0x10
[  167.187886][ T7322]  __se_sys_ioctl+0xfc/0x170
[  167.187919][ T7322]  do_syscall_64+0xfa/0xfa0
[  167.187947][ T7322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.187967][ T7322]  ? clear_bhb_loop+0x60/0xb0
[  167.187992][ T7322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.188012][ T7322] RIP: 0033:0x7f8ca5f8f749
[  167.188029][ T7322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.188047][ T7322] RSP: 002b:00007f8ca6e83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  167.188069][ T7322] RAX: ffffffffffffffda RBX: 00007f8ca61e5fa0 RCX: 00007f8ca5f8f749
[  167.188083][ T7322] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  167.188097][ T7322] RBP: 00007f8ca6e83090 R08: 0000000000000000 R09: 0000000000000000
[  167.188108][ T7322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.188121][ T7322] R13: 00007f8ca61e6038 R14: 00007f8ca61e5fa0 R15: 00007ffc51e622a8
[  167.188152][ T7322]  </TASK>
[  167.563961][   T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  167.671008][ T7328] netlink: 16 bytes leftover after parsing attributes in process `syz.1.310'.
[  167.694008][   T24] usb 5-1: device descriptor read/64, error -71
[  167.894103][ T5991] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  167.933925][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  167.982190][ T7345] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  168.047637][ T5991] usb 1-1: Using ep0 maxpacket: 32
[  168.056515][ T5991] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  168.074095][   T24] usb 5-1: device descriptor read/64, error -71
[  168.081410][ T5991] usb 1-1: config 0 has no interface number 0
[  168.089421][ T5991] usb 1-1: config 0 interface 184 has no altsetting 0
[  168.119964][ T5991] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  168.133496][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.143713][ T5991] usb 1-1: Product: syz
[  168.163740][ T5991] usb 1-1: Manufacturer: syz
[  168.174783][ T5991] usb 1-1: SerialNumber: syz
[  168.197956][   T24] usb usb5-port1: attempt power cycle
[  168.205970][ T5991] usb 1-1: config 0 descriptor??
[  168.218457][ T5991] smsc75xx v1.0.0
[  168.544048][   T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  168.569911][   T24] usb 5-1: device descriptor read/8, error -71
[  168.622963][ T5991] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  168.634208][   T43] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  168.641928][ T5991] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  168.652441][ T5991] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  168.666649][ T5991] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -32
[  168.804882][   T43] usb 3-1: Using ep0 maxpacket: 32
[  168.816339][   T43] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  168.825004][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  168.833392][   T43] usb 3-1: config 0 has no interface number 0
[  168.841743][   T43] usb 3-1: config 0 interface 184 has no altsetting 0
[  168.849934][   T24] usb 5-1: device descriptor read/8, error -71
[  168.857845][   T43] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  168.874055][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.882265][   T43] usb 3-1: Product: syz
[  168.902624][   T43] usb 3-1: Manufacturer: syz
[  168.908672][   T43] usb 3-1: SerialNumber: syz
[  168.925129][   T43] usb 3-1: config 0 descriptor??
[  168.940148][   T43] smsc75xx v1.0.0
[  168.975271][   T24] usb usb5-port1: unable to enumerate USB device
[  169.544156][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  169.556694][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  169.567240][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  169.579494][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  169.590637][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  169.601656][   T43] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  169.616048][   T43] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  169.844038][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  169.993948][    T9] usb 2-1: Using ep0 maxpacket: 32
[  170.000056][    T9] usb 2-1: too many configurations: 17, using maximum allowed: 8
[  170.010746][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.034025][    T9] usb 2-1: config 0 has no interface number 0
[  170.046486][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.057258][    T9] usb 2-1: config 0 has no interface number 0
[  170.065877][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.074392][    T9] usb 2-1: config 0 has no interface number 0
[  170.084505][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.092534][    T9] usb 2-1: config 0 has no interface number 0
[  170.100499][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.110050][    T9] usb 2-1: config 0 has no interface number 0
[  170.119135][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.128208][    T9] usb 2-1: config 0 has no interface number 0
[  170.137046][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.146611][    T9] usb 2-1: config 0 has no interface number 0
[  170.158133][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  170.166305][    T9] usb 2-1: config 0 has no interface number 0
[  170.187480][    T9] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  170.203975][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.212026][    T9] usb 2-1: Product: syz
[  170.219624][ T5940] usb 1-1: USB disconnect, device number 25
[  170.227657][    T9] usb 2-1: Manufacturer: syz
[  170.236614][    T9] usb 2-1: SerialNumber: syz
[  170.260672][    T9] usb 2-1: config 0 descriptor??
[  170.271645][    T9] etas_es58x 2-1:0.2: Starting syz syz (Serial Number syz)
[  170.290955][ T7413] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.324'.
[  170.424851][ T5900] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  170.573979][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  170.581396][ T5900] usb 5-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  170.590683][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.602563][ T5900] usb 5-1: config 0 descriptor??
[  170.654253][   T43] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  170.806101][   T43] usb 1-1: unable to read config index 0 descriptor/start: -61
[  170.815215][   T43] usb 1-1: can't read configurations, error -61
[  170.823875][    T9] etas_es58x 2-1:0.2: could not parse product info: 'ࠅ'
[  170.954486][   T43] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  171.127451][   T43] usb 1-1: unable to read config index 0 descriptor/start: -61
[  171.140711][   T43] usb 1-1: can't read configurations, error -61
[  171.149873][   T43] usb usb1-port1: attempt power cycle
[  171.397825][    T9] usb 3-1: USB disconnect, device number 20
[  171.493994][   T43] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  171.514635][    C0] etas_es58x 2-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x015D.
[  171.525650][    C0] etas_es58x 2-1:0.2: Recovery successful! Dropped 347 bytes (urb_cmd_len: 9)
[  171.534524][    C0] etas_es58x 2-1:0.2: es58x_fd_handle_urb_cmd: Unknown command type (0x00) and command ID (0x00) combination
[  171.546082][    C0] etas_es58x 2-1:0.2: ops->handle_urb_cmd() returned error -EBADRQC
[  171.559621][   T43] usb 1-1: unable to read config index 0 descriptor/start: -61
[  171.567396][   T43] usb 1-1: can't read configurations, error -61
[  171.580852][ T5490] etas_es58x 2-1:0.2 can0: bit-timing not yet defined
[  171.704586][   T43] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  171.716752][    C0] etas_es58x 2-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  171.725964][    C0] etas_es58x 2-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  171.728183][   T43] usb 1-1: unable to read config index 0 descriptor/start: -61
[  171.735183][    C0] etas_es58x 2-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  171.742986][   T43] usb 1-1: can't read configurations, error -61
[  171.752166][    C0] etas_es58x 2-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  171.758935][   T43] usb usb1-port1: unable to enumerate USB device
[  171.767547][    C0] etas_es58x 2-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  171.782993][    C0] etas_es58x 2-1:0.2 can0: es58x_write_bulk_callback: error -EPROTO
[  171.791141][ T5490] etas_es58x 2-1:0.2 can0: es58x_open: Could not open the network device: -EINVAL
[  171.792589][    T9] usb 2-1: USB disconnect, device number 28
[  171.809004][    T9] etas_es58x 2-1:0.2: Disconnecting syz syz
[  172.247829][ T5900] pegasus 5-1:0.0: can't reset MAC
[  172.260443][ T5900] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  172.279139][ T5900] usb 5-1: USB disconnect, device number 9
[  172.601759][   T24] IPVS: starting estimator thread 0...
[  172.694219][ T7467] IPVS: using max 26 ests per chain, 62400 per kthread
[  172.748980][ T7475] FAULT_INJECTION: forcing a failure.
[  172.748980][ T7475] name failslab, interval 1, probability 0, space 0, times 0
[  172.754260][   T24] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  172.762370][ T7475] CPU: 0 UID: 0 PID: 7475 Comm: syz.2.335 Not tainted syzkaller #0 PREEMPT(full) 
[  172.762401][ T7475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  172.762417][ T7475] Call Trace:
[  172.762426][ T7475]  <TASK>
[  172.762435][ T7475]  dump_stack_lvl+0x189/0x250
[  172.762473][ T7475]  ? __pfx____ratelimit+0x10/0x10
[  172.762502][ T7475]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.762533][ T7475]  ? __pfx__printk+0x10/0x10
[  172.762567][ T7475]  ? __pfx___might_resched+0x10/0x10
[  172.762599][ T7475]  should_fail_ex+0x414/0x560
[  172.762637][ T7475]  should_failslab+0xa8/0x100
[  172.762668][ T7475]  kmem_cache_alloc_noprof+0x88/0x700
[  172.762704][ T7475]  ? fuse_get_req+0x7b9/0x10c0
[  172.762743][ T7475]  fuse_get_req+0x7b9/0x10c0
[  172.762791][ T7475]  ? __pfx_fuse_get_req+0x10/0x10
[  172.762821][ T7475]  ? __kasan_kmalloc+0x93/0xb0
[  172.762852][ T7475]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  172.762872][ T7475]  ? fuse_lookup_name+0x1b5/0x860
[  172.762895][ T7475]  ? fuse_lookup+0x1f0/0x480
[  172.762920][ T7475]  ? __lookup_slow+0x297/0x3d0
[  172.762949][ T7475]  ? lookup_slow+0x53/0x70
[  172.762976][ T7475]  ? walk_component+0x2d2/0x400
[  172.763003][ T7475]  ? path_lookupat+0x163/0x430
[  172.763030][ T7475]  ? filename_lookup+0x212/0x570
[  172.763056][ T7475]  ? vfs_statx+0xf8/0x550
[  172.763078][ T7475]  ? __se_sys_statx+0x1a8/0x240
[  172.763105][ T7475]  ? do_syscall_64+0xfa/0xfa0
[  172.763132][ T7475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.763166][ T7475]  __fuse_simple_request+0x2bb/0x1bb0
[  172.763215][ T7475]  ? __pfx___fuse_simple_request+0x10/0x10
[  172.763272][ T7475]  ? __kasan_kmalloc+0x93/0xb0
[  172.763297][ T7475]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  172.763318][ T7475]  ? __pfx___mutex_trylock_common+0x10/0x10
[  172.763358][ T7475]  fuse_lookup_name+0x34c/0x860
[  172.763401][ T7475]  ? __pfx_fuse_lookup_name+0x10/0x10
[  172.763429][ T7475]  ? fuse_lock_inode+0xd3/0x120
[  172.763452][ T7475]  ? seqcount_lockdep_reader_access+0x122/0x1c0
[  172.763502][ T7475]  ? d_alloc_parallel+0x366/0x1610
[  172.763550][ T7475]  fuse_lookup+0x1f0/0x480
[  172.763585][ T7475]  ? __pfx_fuse_lookup+0x10/0x10
[  172.763643][ T7475]  ? __raw_spin_lock_init+0x45/0x100
[  172.763677][ T7475]  ? __init_waitqueue_head+0xa9/0x150
[  172.763716][ T7475]  __lookup_slow+0x297/0x3d0
[  172.763750][ T7475]  ? __pfx___lookup_slow+0x10/0x10
[  172.763817][ T7475]  ? down_read+0x1ad/0x2e0
[  172.763874][ T7475]  lookup_slow+0x53/0x70
[  172.763905][ T7475]  walk_component+0x2d2/0x400
[  172.763933][ T7475]  ? path_lookupat+0x156/0x430
[  172.763966][ T7475]  path_lookupat+0x163/0x430
[  172.764004][ T7475]  filename_lookup+0x212/0x570
[  172.764041][ T7475]  ? __pfx_filename_lookup+0x10/0x10
[  172.764120][ T7475]  vfs_statx+0xf8/0x550
[  172.764147][ T7475]  ? strncpy_from_user+0x150/0x2c0
[  172.764178][ T7475]  ? __pfx_vfs_statx+0x10/0x10
[  172.764218][ T7475]  __se_sys_statx+0x1a8/0x240
[  172.764251][ T7475]  ? __pfx___se_sys_statx+0x10/0x10
[  172.764307][ T7475]  ? __pfx_ksys_write+0x10/0x10
[  172.764332][ T7475]  ? do_syscall_64+0xbe/0xfa0
[  172.764360][ T7475]  ? __x64_sys_statx+0x20/0xc0
[  172.764392][ T7475]  do_syscall_64+0xfa/0xfa0
[  172.764424][ T7475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.764446][ T7475]  ? clear_bhb_loop+0x60/0xb0
[  172.764474][ T7475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.764497][ T7475] RIP: 0033:0x7f6ea1f8f749
[  172.764517][ T7475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.764537][ T7475] RSP: 002b:00007f6ea2dcb038 EFLAGS: 00000246 ORIG_RAX: 000000000000014c
[  172.764562][ T7475] RAX: ffffffffffffffda RBX: 00007f6ea21e5fa0 RCX: 00007f6ea1f8f749
[  172.764580][ T7475] RDX: 0000000000001000 RSI: 0000200000000640 RDI: ffffffffffffff9c
[  172.764593][ T7475] RBP: 00007f6ea2dcb090 R08: 0000000000000000 R09: 0000000000000000
[  172.764603][ T7475] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001
[  172.764616][ T7475] R13: 00007f6ea21e6038 R14: 00007f6ea21e5fa0 R15: 00007fff39c97318
[  172.764655][ T7475]  </TASK>
[  173.131746][ T5900] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  173.286561][   T24] usb 2-1: Using ep0 maxpacket: 32
[  173.294701][   T24] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  173.303158][   T24] usb 2-1: config 0 has no interface number 0
[  173.310965][   T24] usb 2-1: config 0 interface 184 has no altsetting 0
[  173.322764][   T24] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  173.340524][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.349030][   T24] usb 2-1: Product: syz
[  173.353370][   T24] usb 2-1: Manufacturer: syz
[  173.358631][   T24] usb 2-1: SerialNumber: syz
[  173.367675][   T24] usb 2-1: config 0 descriptor??
[  173.377559][   T24] smsc75xx v1.0.0
[  173.383898][ T5900] usb 5-1: Using ep0 maxpacket: 32
[  173.390842][ T5900] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  173.414096][ T5900] usb 5-1: config 0 has no interface number 0
[  173.422740][ T5900] usb 5-1: config 0 interface 184 has no altsetting 0
[  173.436767][ T5900] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  173.449155][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.457294][ T5900] usb 5-1: Product: syz
[  173.461478][ T5900] usb 5-1: Manufacturer: syz
[  173.470525][ T5900] usb 5-1: SerialNumber: syz
[  173.480393][ T5900] usb 5-1: config 0 descriptor??
[  173.503632][ T5900] smsc75xx v1.0.0
[  173.794589][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  173.812182][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  173.828764][   T24] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  173.839940][   T24] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[  174.115432][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  174.147150][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  174.164333][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  174.185677][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  174.208394][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  174.239615][ T5900] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  174.257549][ T5900] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[  174.436098][ T7513] loop4: detected capacity change from 0 to 524287936
[  174.734482][   T24] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  174.863961][   T24] usb 1-1: device descriptor read/64, error -71
[  175.073947][ T7011] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  175.103943][   T24] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  175.234185][   T24] usb 1-1: device descriptor read/64, error -71
[  175.242137][ T7011] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  175.251490][ T7011] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.263550][ T7011] usb 3-1: config 0 descriptor??
[  175.344411][   T24] usb usb1-port1: attempt power cycle
[  175.473685][ T7011] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  175.553527][ T5900] usb 2-1: USB disconnect, device number 29
[  175.666923][ T7526] binder: 7525:7526 ioctl 8933 200000000540 returned -22
[  175.694035][   T24] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  175.709846][ T7011] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  175.717941][ T7011] [drm] Initialized udl on minor 2
[  175.734696][   T24] usb 1-1: device descriptor read/8, error -71
[  175.886284][ T7518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.898618][ T5900] usb 5-1: USB disconnect, device number 10
[  175.900261][ T7518] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.967435][ T7011] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  176.004177][   T24] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  176.027187][ T7011] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  176.037435][ T5991] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  176.056924][   T24] usb 1-1: device descriptor read/8, error -71
[  176.068384][ T7011] usb 3-1: USB disconnect, device number 21
[  176.075018][ T5991] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  176.094354][ T5991] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  176.194531][   T24] usb usb1-port1: unable to enumerate USB device
[  176.275770][ T5835] Bluetooth: hci2: unexpected event for opcode 0x0401
[  176.496706][ T7548] /dev/nullb0: Can't open blockdev
[  176.504866][ T7548] /dev/nullb0: Can't open blockdev
[  176.586213][ T5900] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  176.737894][ T7555] netlink: 4 bytes leftover after parsing attributes in process `syz.2.356'.
[  176.764299][ T5900] usb 2-1: Using ep0 maxpacket: 32
[  176.771856][ T5900] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  176.782593][ T5900] usb 2-1: config 0 has no interface number 0
[  176.798769][ T5900] usb 2-1: config 0 interface 184 has no altsetting 0
[  176.805940][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  176.823088][ T5900] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  176.837631][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.854157][ T5900] usb 2-1: Product: syz
[  176.858673][ T5900] usb 2-1: Manufacturer: syz
[  176.863388][ T5900] usb 2-1: SerialNumber: syz
[  176.874950][ T5900] usb 2-1: config 0 descriptor??
[  176.887056][ T5900] smsc75xx v1.0.0
[  176.964064][    T9] usb 5-1: Using ep0 maxpacket: 32
[  176.971100][    T9] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  177.013266][    T9] usb 5-1: config 0 has no interface number 0
[  177.023325][    T9] usb 5-1: config 0 interface 184 has no altsetting 0
[  177.038713][    T9] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  177.047968][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.058526][    T9] usb 5-1: Product: syz
[  177.071401][    T9] usb 5-1: Manufacturer: syz
[  177.079713][    T9] usb 5-1: SerialNumber: syz
[  177.099471][    T9] usb 5-1: config 0 descriptor??
[  177.112024][    T9] smsc75xx v1.0.0
[  177.290505][ T5900] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  177.301648][ T5900] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  177.318932][ T5900] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  177.337252][ T5900] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[  177.726590][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  177.749752][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  177.764237][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  177.795761][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  177.805664][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  177.822131][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  177.835461][    T9] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[  177.854311][ T5900] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  178.033934][ T5900] usb 1-1: Using ep0 maxpacket: 16
[  178.041486][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.051910][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  178.062957][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  178.077266][ T5900] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  178.086508][ T5900] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  178.094570][ T5900] usb 1-1: Manufacturer: syz
[  178.102225][ T5900] usb 1-1: config 0 descriptor??
[  178.174046][ T7011] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  178.335740][ T7011] usb 3-1: Using ep0 maxpacket: 8
[  178.342658][ T7011] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  178.354696][ T7011] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  178.365019][ T7011] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  178.376053][ T7011] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  178.389361][ T7011] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  178.398577][ T7011] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.625283][ T7011] usb 3-1: GET_CAPABILITIES returned 0
[  178.631502][ T7011] usbtmc 3-1:16.0: can't read capabilities
[  178.874905][ T7011] usb 3-1: USB disconnect, device number 22
[  179.370602][ T7011] usb 2-1: USB disconnect, device number 30
[  179.580748][ T7579] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  179.601288][ T7011] usb 5-1: USB disconnect, device number 11
[  179.686348][ T7582] netlink: 'syz.4.363': attribute type 10 has an invalid length.
[  179.694921][ T7582] lo: entered promiscuous mode
[  179.704622][ T7582] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  179.721780][ T7584] capability: warning: `syz.1.364' uses 32-bit capabilities (legacy support in use)
[  179.854864][   T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  180.013959][ T7011] usb 5-1: new low-speed USB device number 12 using dummy_hcd
[  180.037048][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.048136][   T24] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  180.060763][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  180.070187][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.079438][   T24] usb 3-1: Product: syz
[  180.083716][   T24] usb 3-1: Manufacturer: syz
[  180.088624][   T24] usb 3-1: SerialNumber: syz
[  180.100891][   T24] cdc_mbim 3-1:1.0: skipping garbage
[  180.163945][ T5916] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  180.177986][ T7011] usb 5-1: unable to get BOS descriptor or descriptor too short
[  180.187134][ T7011] usb 5-1: config 1 has an invalid interface number: 131 but max is 0
[  180.195509][ T7011] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  180.205770][ T7011] usb 5-1: config 1 has no interface number 0
[  180.212170][ T7011] usb 5-1: config 1 interface 131 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  180.225846][ T7011] usb 5-1: config 1 interface 131 has no altsetting 0
[  180.238338][ T7011] usb 5-1: string descriptor 0 read error: -22
[  180.245068][ T7011] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  180.254604][ T7011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.272003][ T7011] usb 5-1: bad CDC descriptors
[  180.299250][ T7580] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  180.314460][ T5916] usb 2-1: Using ep0 maxpacket: 32
[  180.321578][ T5916] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  180.330054][ T5916] usb 2-1: config 0 has no interface number 0
[  180.336297][ T5916] usb 2-1: config 0 interface 184 has no altsetting 0
[  180.347730][ T5916] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  180.356950][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.365485][ T5916] usb 2-1: Product: syz
[  180.369923][ T5916] usb 2-1: Manufacturer: syz
[  180.374622][ T5916] usb 2-1: SerialNumber: syz
[  180.383660][ T5916] usb 2-1: config 0 descriptor??
[  180.394245][ T5916] smsc75xx v1.0.0
[  180.473582][    T9] usb 5-1: USB disconnect, device number 12
[  180.571943][ T5900] usb 1-1: USB disconnect, device number 34
[  180.801167][ T5916] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  180.812164][ T5916] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  180.822989][ T5916] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  180.834174][ T5916] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[  180.910605][ T7580] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  180.918436][   T24] cdc_mbim 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  180.926066][   T24] cdc_mbim 3-1:1.0: setting rx_max = 2048
[  180.934035][ T5900] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  181.083927][ T5900] usb 1-1: Using ep0 maxpacket: 8
[  181.106150][ T5900] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  181.128649][   T24] cdc_mbim 3-1:1.0: setting tx_max = 184
[  181.129434][ T5900] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  181.145666][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  181.147415][   T24] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device
[  181.156157][ T5900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  181.173219][ T5900] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  181.175675][   T24] wwan wwan0: port wwan0mbim0 attached
[  181.186783][ T5900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  181.203671][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.206294][   T24] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, ca:48:52:e5:22:ef
[  181.365682][    C0] wdm_int_callback: 5823 callbacks suppressed
[  181.365707][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.378518][    C0] wdm_int_callback: 5823 callbacks suppressed
[  181.378545][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.391466][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.398193][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.404667][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.411482][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.419362][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.426083][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.434027][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.440756][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.450526][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.457251][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.463658][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.470379][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.476868][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.483588][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.490414][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.497126][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.504245][ T5900] usb 1-1: GET_CAPABILITIES returned 0
[  181.509859][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  181.509883][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  181.531759][ T5900] usbtmc 1-1:16.0: can't read capabilities
[  181.675889][ T5900] usb 1-1: USB disconnect, device number 35
[  181.904032][ T5991] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  182.054547][ T5991] usb 5-1: Using ep0 maxpacket: 8
[  182.066262][ T5991] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  182.077861][ T5991] usb 5-1: config 179 has no interface number 0
[  182.088411][ T5991] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  182.099800][ T5991] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  182.112047][ T5991] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  182.125677][ T5991] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  182.138511][ T5991] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  182.156462][ T5991] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  182.166109][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.182030][ T7610] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  182.318611][ T5490] 8021q: adding VLAN 0 to HW filter on device wwan0
[  182.499279][ T5991] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input10
[  182.594034][ T5900] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  182.688086][ T7625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.732647][ T7625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.797829][   T24] usb 3-1: USB disconnect, device number 23
[  182.814149][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  182.821821][ T5900] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  182.837576][ T5900] usb 1-1: config 0 has no interface number 0
[  182.859068][   T24] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  182.874329][ T5900] usb 1-1: config 0 interface 184 has no altsetting 0
[  182.934100][ T5900] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  182.954429][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.998343][ T5900] usb 1-1: Product: syz
[  183.017968][ T5900] usb 1-1: Manufacturer: syz
[  183.022643][ T5900] usb 1-1: SerialNumber: syz
[  183.033500][ T5910] usb 2-1: USB disconnect, device number 31
[  183.088195][ T5900] usb 1-1: config 0 descriptor??
[  183.125788][ T5900] smsc75xx v1.0.0
[  183.161922][   T24] wwan wwan0: port wwan0mbim0 disconnected
[  183.327314][ T7640] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.374'.
[  183.354734][ T7639] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.374'.
[  183.706064][ T5900] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  183.731345][ T5900] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  183.834393][ T5940] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  184.014427][ T5940] usb 2-1: Using ep0 maxpacket: 32
[  184.039117][ T5940] usb 2-1: unable to get BOS descriptor or descriptor too short
[  184.056427][ T5940] usb 2-1: config 4 has an invalid interface number: 10 but max is 0
[  184.076838][ T5940] usb 2-1: config 4 has no interface number 0
[  184.093336][ T5940] usb 2-1: config 4 interface 10 has no altsetting 0
[  184.109984][ T5940] usb 2-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=b6.15
[  184.126621][ T5940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.148168][ T5940] usb 2-1: Product: syz
[  184.164420][ T5940] usb 2-1: Manufacturer: syz
[  184.182951][ T5940] usb 2-1: SerialNumber: syz
[  184.195339][ T5875] usb 5-1: USB disconnect, device number 13
[  184.195600][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  184.209689][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  184.218669][    C1] ==================================================================
[  184.226765][    C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  184.234631][    C1] Read of size 4 at addr ffff88805a61485c by task kworker/u8:6/1143
[  184.242640][    C1] 
[  184.245000][    C1] CPU: 1 UID: 0 PID: 1143 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  184.245027][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  184.245057][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[  184.245101][    C1] Call Trace:
[  184.245110][    C1]  <IRQ>
[  184.245118][    C1]  dump_stack_lvl+0x189/0x250
[  184.245146][    C1]  ? __kasan_check_byte+0x12/0x40
[  184.245171][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.245198][    C1]  ? lock_release+0x4b/0x3d0
[  184.245224][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  184.245256][    C1]  print_report+0xca/0x240
[  184.245285][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  184.245314][    C1]  kasan_report+0x118/0x150
[  184.245338][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  184.245372][    C1]  do_raw_spin_lock+0x23d/0x290
[  184.245402][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  184.245434][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  184.245469][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  184.245495][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  184.245519][    C1]  ? kcov_remote_stop+0x78/0x700
[  184.245551][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  184.245586][    C1]  __usb_hcd_giveback_urb+0x3b0/0x540
[  184.245627][    C1]  dummy_timer+0x85f/0x45b0
[  184.245662][    C1]  ? __lock_acquire+0xab9/0xd20
[  184.245689][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  184.245732][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  184.245764][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  184.245793][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  184.245823][    C1]  __hrtimer_run_queues+0x51c/0xc70
[  184.245851][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  184.245885][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  184.245913][    C1]  ? read_tsc+0x9/0x20
[  184.245948][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  184.245981][    C1]  handle_softirqs+0x27d/0x880
[  184.246007][    C1]  ? do_softirq+0xec/0x180
[  184.246032][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  184.246058][    C1]  ? __alloc_skb+0x200/0x430
[  184.246077][    C1]  ? __alloc_skb+0x200/0x430
[  184.246096][    C1]  do_softirq+0xec/0x180
[  184.246118][    C1]  </IRQ>
[  184.246125][    C1]  <TASK>
[  184.246133][    C1]  ? __pfx_do_softirq+0x10/0x10
[  184.246160][    C1]  ? lockdep_softirqs_on+0x13b/0x1c0
[  184.246182][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  184.246206][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  184.246229][    C1]  ? __kasan_mempool_unpoison_object+0x9f/0x130
[  184.246253][    C1]  ? napi_skb_cache_get+0x151/0x790
[  184.246274][    C1]  ? napi_skb_cache_get+0x3c9/0x790
[  184.246293][    C1]  ? napi_skb_cache_get+0x151/0x790
[  184.246315][    C1]  __alloc_skb+0x224/0x430
[  184.246336][    C1]  ? __pfx___alloc_skb+0x10/0x10
[  184.246360][    C1]  nsim_dev_trap_report_work+0x29a/0xb80
[  184.246391][    C1]  ? process_one_work+0x868/0x15e0
[  184.246413][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  184.246438][    C1]  ? process_one_work+0x868/0x15e0
[  184.246459][    C1]  process_one_work+0x93a/0x15e0
[  184.246479][    C1]  ? __lock_acquire+0xab9/0xd20
[  184.246508][    C1]  ? __pfx_process_one_work+0x10/0x10
[  184.246533][    C1]  ? assign_work+0x3a1/0x410
[  184.246555][    C1]  worker_thread+0x9b0/0xee0
[  184.246590][    C1]  kthread+0x711/0x8a0
[  184.246628][    C1]  ? __pfx_worker_thread+0x10/0x10
[  184.246653][    C1]  ? __pfx_kthread+0x10/0x10
[  184.246682][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  184.246704][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  184.246730][    C1]  ? __pfx_kthread+0x10/0x10
[  184.246757][    C1]  ret_from_fork+0x599/0xb30
[  184.246780][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  184.246805][    C1]  ? __switch_to_asm+0x39/0x70
[  184.246831][    C1]  ? __switch_to_asm+0x33/0x70
[  184.246857][    C1]  ? __pfx_kthread+0x10/0x10
[  184.246885][    C1]  ret_from_fork_asm+0x1a/0x30
[  184.246922][    C1]  </TASK>
[  184.246930][    C1] 
[  184.614210][    C1] Allocated by task 5991:
[  184.618542][    C1]  kasan_save_track+0x3e/0x80
[  184.623250][    C1]  __kasan_kmalloc+0x93/0xb0
[  184.627854][    C1]  __kmalloc_cache_noprof+0x3e2/0x700
[  184.633227][    C1]  xpad_probe+0x428/0x1fc0
[  184.637660][    C1]  usb_probe_interface+0x668/0xc90
[  184.642778][    C1]  really_probe+0x26d/0xad0
[  184.647285][    C1]  __driver_probe_device+0x18c/0x320
[  184.652583][    C1]  driver_probe_device+0x4f/0x240
[  184.657610][    C1]  __device_attach_driver+0x279/0x430
[  184.662984][    C1]  bus_for_each_drv+0x251/0x2e0
[  184.667866][    C1]  __device_attach+0x2b8/0x430
[  184.672646][    C1]  bus_probe_device+0x185/0x260
[  184.677507][    C1]  device_add+0x7b6/0xb80
[  184.681864][    C1]  usb_set_configuration+0x1a87/0x2110
[  184.687415][    C1]  usb_generic_driver_probe+0x8d/0x150
[  184.692898][    C1]  usb_probe_device+0x1c4/0x3c0
[  184.697764][    C1]  really_probe+0x26d/0xad0
[  184.702272][    C1]  __driver_probe_device+0x18c/0x320
[  184.707579][    C1]  driver_probe_device+0x4f/0x240
[  184.712605][    C1]  __device_attach_driver+0x279/0x430
[  184.718000][    C1]  bus_for_each_drv+0x251/0x2e0
[  184.722865][    C1]  __device_attach+0x2b8/0x430
[  184.727644][    C1]  bus_probe_device+0x185/0x260
[  184.732504][    C1]  device_add+0x7b6/0xb80
[  184.736842][    C1]  usb_new_device+0xa39/0x1720
[  184.741612][    C1]  hub_event+0x29b1/0x4ef0
[  184.746039][    C1]  process_one_work+0x93a/0x15e0
[  184.750983][    C1]  worker_thread+0x9b0/0xee0
[  184.755597][    C1]  kthread+0x711/0x8a0
[  184.759686][    C1]  ret_from_fork+0x599/0xb30
[  184.764279][    C1]  ret_from_fork_asm+0x1a/0x30
[  184.769061][    C1] 
[  184.771398][    C1] Freed by task 5875:
[  184.775375][    C1]  kasan_save_track+0x3e/0x80
[  184.780074][    C1]  kasan_save_free_info+0x46/0x50
[  184.785106][    C1]  __kasan_slab_free+0x5c/0x80
[  184.789873][    C1]  kfree+0x1c0/0x680
[  184.793774][    C1]  xpad_disconnect+0x350/0x480
[  184.798547][    C1]  usb_unbind_interface+0x26e/0x910
[  184.803756][    C1]  device_release_driver_internal+0x4d9/0x800
[  184.809836][    C1]  bus_remove_device+0x34d/0x440
[  184.814775][    C1]  device_del+0x511/0x8e0
[  184.819117][    C1]  usb_disable_device+0x3d4/0x8e0
[  184.824165][    C1]  usb_disconnect+0x32f/0x990
[  184.828853][    C1]  hub_event+0x1ca9/0x4ef0
[  184.833282][    C1]  process_one_work+0x93a/0x15e0
[  184.838224][    C1]  worker_thread+0x9b0/0xee0
[  184.842818][    C1]  kthread+0x711/0x8a0
[  184.846901][    C1]  ret_from_fork+0x599/0xb30
[  184.851497][    C1]  ret_from_fork_asm+0x1a/0x30
[  184.856284][    C1] 
[  184.858678][    C1] Last potentially related work creation:
[  184.864405][    C1]  kasan_save_stack+0x3e/0x60
[  184.869101][    C1]  kasan_record_aux_stack+0xbd/0xd0
[  184.874311][    C1]  insert_work+0x3d/0x330
[  184.878643][    C1]  __queue_work+0xc51/0xf90
[  184.883154][    C1]  queue_work_on+0x181/0x270
[  184.887747][    C1]  xpad_irq_in+0xb57/0x25f0
[  184.892274][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[  184.897661][    C1]  dummy_timer+0x85f/0x45b0
[  184.902181][    C1]  __hrtimer_run_queues+0x51c/0xc70
[  184.907385][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  184.912507][    C1]  handle_softirqs+0x27d/0x880
[  184.917277][    C1]  __irq_exit_rcu+0xca/0x1f0
[  184.921873][    C1]  irq_exit_rcu+0x9/0x30
[  184.926123][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  184.931770][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  184.937771][    C1] 
[  184.940103][    C1] Second to last potentially related work creation:
[  184.946793][    C1]  kasan_save_stack+0x3e/0x60
[  184.951479][    C1]  kasan_record_aux_stack+0xbd/0xd0
[  184.956696][    C1]  insert_work+0x3d/0x330
[  184.961131][    C1]  __queue_work+0xc51/0xf90
[  184.965660][    C1]  queue_work_on+0x181/0x270
[  184.970257][    C1]  xpad_irq_in+0xb57/0x25f0
[  184.974774][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[  184.980165][    C1]  dummy_timer+0x85f/0x45b0
[  184.984685][    C1]  __hrtimer_run_queues+0x51c/0xc70
[  184.989952][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  184.995090][    C1]  handle_softirqs+0x27d/0x880
[  184.999867][    C1]  __irq_exit_rcu+0xca/0x1f0
[  185.004471][    C1]  irq_exit_rcu+0x9/0x30
[  185.008744][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  185.014391][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.020405][    C1] 
[  185.022739][    C1] The buggy address belongs to the object at ffff88805a614800
[  185.022739][    C1]  which belongs to the cache kmalloc-1k of size 1024
[  185.036801][    C1] The buggy address is located 92 bytes inside of
[  185.036801][    C1]  freed 1024-byte region [ffff88805a614800, ffff88805a614c00)
[  185.050606][    C1] 
[  185.052940][    C1] The buggy address belongs to the physical page:
[  185.059374][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a617000 pfn:0x5a610
[  185.069471][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  185.077980][    C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  185.086493][    C1] page_type: f5(slab)
[  185.090500][    C1] raw: 00fff00000000240 ffff88813fe26dc0 ffffea0001f21810 ffffea00016ac010
[  185.099114][    C1] raw: ffff88805a617000 000000000010000c 00000000f5000000 0000000000000000
[  185.107718][    C1] head: 00fff00000000240 ffff88813fe26dc0 ffffea0001f21810 ffffea00016ac010
[  185.116403][    C1] head: ffff88805a617000 000000000010000c 00000000f5000000 0000000000000000
[  185.125098][    C1] head: 00fff00000000003 ffffea0001698401 00000000ffffffff 00000000ffffffff
[  185.133785][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  185.142644][    C1] page dumped because: kasan: bad access detected
[  185.149075][    C1] page_owner tracks the page as allocated
[  185.154799][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 23, tgid 23 (ksoftirqd/1), ts 96516141585, free_ts 30090288764
[  185.173649][    C1]  post_alloc_hook+0x234/0x290
[  185.178440][    C1]  get_page_from_freelist+0x2365/0x2440
[  185.184020][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  185.189929][    C1]  alloc_pages_mpol+0x232/0x4a0
[  185.194791][    C1]  allocate_slab+0x86/0x3b0
[  185.199315][    C1]  ___slab_alloc+0xf56/0x1990
[  185.203994][    C1]  __slab_alloc+0x65/0x100
[  185.208421][    C1]  __kmalloc_noprof+0x47d/0x800
[  185.213276][    C1]  ieee802_11_parse_elems_full+0x152/0x2ab0
[  185.219177][    C1]  ieee80211_inform_bss+0x147/0x1130
[  185.224477][    C1]  cfg80211_inform_single_bss_data+0xccc/0x1aa0
[  185.230734][    C1]  cfg80211_inform_bss_data+0x203/0x3b40
[  185.236387][    C1]  cfg80211_inform_bss_frame_data+0x3c7/0x730
[  185.242476][    C1]  ieee80211_bss_info_update+0x749/0x9e0
[  185.248124][    C1]  ieee80211_scan_rx+0x593/0xa20
[  185.253082][    C1]  ieee80211_rx_list+0x2381/0x3040
[  185.258199][    C1] page last free pid 1 tgid 1 stack trace:
[  185.264006][    C1]  __free_frozen_pages+0xbc8/0xd30
[  185.269125][    C1]  free_contig_range+0x1bd/0x4a0
[  185.274067][    C1]  destroy_args+0x69/0x660
[  185.278492][    C1]  debug_vm_pgtable+0x38f/0x3a0
[  185.283357][    C1]  do_one_initcall+0x1fb/0x870
[  185.288127][    C1]  do_initcall_level+0x104/0x190
[  185.293089][    C1]  do_initcalls+0x59/0xa0
[  185.297435][    C1]  kernel_init_freeable+0x334/0x4b0
[  185.302643][    C1]  kernel_init+0x1d/0x1d0
[  185.306985][    C1]  ret_from_fork+0x599/0xb30
[  185.311580][    C1]  ret_from_fork_asm+0x1a/0x30
[  185.316357][    C1] 
[  185.318687][    C1] Memory state around the buggy address:
[  185.324316][    C1]  ffff88805a614700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  185.332377][    C1]  ffff88805a614780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  185.340437][    C1] >ffff88805a614800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  185.348497][    C1]                                                     ^
[  185.355442][    C1]  ffff88805a614880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  185.363499][    C1]  ffff88805a614900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  185.371557][    C1] ==================================================================
[  185.379625][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  185.386821][    C1] CPU: 1 UID: 0 PID: 1143 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  185.396282][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  185.406350][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[  185.413138][    C1] Call Trace:
[  185.416424][    C1]  <IRQ>
[  185.419272][    C1]  dump_stack_lvl+0x99/0x250
[  185.423872][    C1]  ? __asan_memcpy+0x40/0x70
[  185.428470][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.433676][    C1]  ? __pfx__printk+0x10/0x10
[  185.438285][    C1]  vpanic+0x237/0x6d0
[  185.442273][    C1]  ? __pfx_vpanic+0x10/0x10
[  185.446811][    C1]  panic+0xb9/0xc0
[  185.450540][    C1]  ? __pfx_panic+0x10/0x10
[  185.454965][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  185.460871][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  185.465901][    C1]  check_panic_on_warn+0x89/0xb0
[  185.470855][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  185.475889][    C1]  end_report+0x6f/0x160
[  185.480137][    C1]  kasan_report+0x129/0x150
[  185.484644][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  185.489688][    C1]  do_raw_spin_lock+0x23d/0x290
[  185.494555][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  185.499961][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  185.505346][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  185.510566][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  185.516463][    C1]  ? kcov_remote_stop+0x78/0x700
[  185.521414][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  185.526626][    C1]  __usb_hcd_giveback_urb+0x3b0/0x540
[  185.532012][    C1]  dummy_timer+0x85f/0x45b0
[  185.536556][    C1]  ? __lock_acquire+0xab9/0xd20
[  185.541421][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  185.546829][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  185.551789][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  185.556746][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  185.561714][    C1]  __hrtimer_run_queues+0x51c/0xc70
[  185.566929][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  185.572932][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  185.578661][    C1]  ? read_tsc+0x9/0x20
[  185.582776][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  185.587904][    C1]  handle_softirqs+0x27d/0x880
[  185.592678][    C1]  ? do_softirq+0xec/0x180
[  185.597104][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  185.602431][    C1]  ? __alloc_skb+0x200/0x430
[  185.607043][    C1]  ? __alloc_skb+0x200/0x430
[  185.611648][    C1]  do_softirq+0xec/0x180
[  185.615897][    C1]  </IRQ>
[  185.618855][    C1]  <TASK>
[  185.621789][    C1]  ? __pfx_do_softirq+0x10/0x10
[  185.626670][    C1]  ? lockdep_softirqs_on+0x13b/0x1c0
[  185.631970][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  185.637178][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  185.642910][    C1]  ? __kasan_mempool_unpoison_object+0x9f/0x130
[  185.649153][    C1]  ? napi_skb_cache_get+0x151/0x790
[  185.654371][    C1]  ? napi_skb_cache_get+0x3c9/0x790
[  185.659572][    C1]  ? napi_skb_cache_get+0x151/0x790
[  185.664789][    C1]  __alloc_skb+0x224/0x430
[  185.669212][    C1]  ? __pfx___alloc_skb+0x10/0x10
[  185.674171][    C1]  nsim_dev_trap_report_work+0x29a/0xb80
[  185.679823][    C1]  ? process_one_work+0x868/0x15e0
[  185.684944][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  185.690154][    C1]  ? process_one_work+0x868/0x15e0
[  185.695269][    C1]  process_one_work+0x93a/0x15e0
[  185.700210][    C1]  ? __lock_acquire+0xab9/0xd20
[  185.705076][    C1]  ? __pfx_process_one_work+0x10/0x10
[  185.710460][    C1]  ? assign_work+0x3a1/0x410
[  185.715060][    C1]  worker_thread+0x9b0/0xee0
[  185.719665][    C1]  kthread+0x711/0x8a0
[  185.723748][    C1]  ? __pfx_worker_thread+0x10/0x10
[  185.728874][    C1]  ? __pfx_kthread+0x10/0x10
[  185.733475][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  185.738693][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.743902][    C1]  ? __pfx_kthread+0x10/0x10
[  185.748538][    C1]  ret_from_fork+0x599/0xb30
[  185.753133][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  185.758271][    C1]  ? __switch_to_asm+0x39/0x70
[  185.763043][    C1]  ? __switch_to_asm+0x33/0x70
[  185.767813][    C1]  ? __pfx_kthread+0x10/0x10
[  185.772426][    C1]  ret_from_fork_asm+0x1a/0x30
[  185.777319][    C1]  </TASK>
[  185.780488][    C1] Kernel Offset: disabled
[  185.784820][    C1] Rebooting in 86400 seconds..