last executing test programs:

8.706173637s ago: executing program 0 (id=2132):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000001"], 0x18}, 0x0, 0x20040000})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffc}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000400)="b8", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r3, 0x1)
getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x5}, &(0x7f00000000c0)=0x8)
ioctl$VIDIOC_G_FBUF(r0, 0x8030560a, &(0x7f0000000200)={0x80, 0x7, &(0x7f0000000100)="af25589b4999a717a49100600f7de4beb7e4f63cbcdd7baf7e69a2db90d496711a1e67473a2da34bc64a1b87db48c8140b287bcb6db61bd22c912721e01c4a31f809562f04c98b39ab1eebe22c14c76ab8d48a391d245e27c61f7874c192b2b67caee3b013aec2e79591e96b2e1fbe36d14945339e64318fe17365b550182858cfcbc986c8257a6fbbd92181a0cb1a211cc27e8bdd0ae75acc56cdd12cf6d3f9ee98d6c7086e1812b56944f6a6f1bbf27d831ba2e63d9e5a9624428c0227c41cc828370db2d273a740a9fccd46706b3790b6e8e2e50edc96f616deb9fe3bf4b30cc57f6a52542f76f79c2ccd3a23c17e65", {0x8, 0x7, 0x32314d48, 0x9, 0x8, 0x100, 0x5, 0x200000}})
syz_usb_ep_write(r1, 0x81, 0xfffffffffffffdca, &(0x7f0000000080)="c0")
readv(r2, &(0x7f0000000040)=[{0x0}], 0x1)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0)

5.538855013s ago: executing program 0 (id=2177):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x90}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})

5.384164721s ago: executing program 0 (id=2182):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x98}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.284280366s ago: executing program 0 (id=2185):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.147696102s ago: executing program 0 (id=2188):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = dup(r0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000000)={0x2f, {0x0, 0x0, 0x4}})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r2, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r3, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f5"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r9, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

5.042580888s ago: executing program 0 (id=2191):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x44}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, 0x0, 0x0, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.930077738s ago: executing program 1 (id=2204):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.735320385s ago: executing program 1 (id=2206):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.550643536s ago: executing program 1 (id=2208):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900010073797a30000000000900020073797a3200000000380000001c0a050000000000000000000200000a0c00034000000000a8283fcc0900020073797a32000000000900010073797a30"], 0x8c}}, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

3.496592224s ago: executing program 2 (id=2209):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x90}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})

3.22323786s ago: executing program 1 (id=2211):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x18, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x14, 0x2, 0x0, 0x1, [{0x4}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x98}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e7", 0x9b}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.22275694s ago: executing program 2 (id=2212):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f5"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

3.058057402s ago: executing program 2 (id=2214):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x18, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x14, 0x2, 0x0, 0x1, [{0x4}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xa4}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.051637199s ago: executing program 1 (id=2215):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.93401398s ago: executing program 3 (id=2216):
mkdir(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.44697815s ago: executing program 1 (id=2217):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x3, 'Yf\''}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001300)={0x84, &(0x7f0000000e40)=ANY=[@ANYBLOB="050003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x3, "a343ed"}, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001480)={0x84, &(0x7f0000000f80)={0x0, 0x6, 0x3, "0f4461"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.360446994s ago: executing program 2 (id=2218):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x6, 0xa, 0x4, 0x2}, {0x0, 0x5, 0x8, 0x8}, {0xe, 0x2, 0x9, 0x3}, {0xfeff, 0x81, 0x0, 0x3}, {0x3, 0xdb, 0x4, 0xfff}, {0x6, 0x9, 0xab, 0xff}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)={0x0, <r1=>0x0})
syz_open_procfs(r1, &(0x7f0000000080)='net/rt6_stats\x00')
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="040e1a00031000"], 0xf)

2.3593704s ago: executing program 3 (id=2219):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x90}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})

2.087340657s ago: executing program 3 (id=2220):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x44}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040), 0x0, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.783799295s ago: executing program 3 (id=2221):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000000e3fef97601"])
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, 0x0, 0x0, 0x20008040, &(0x7f0000000080)={0x11, 0x8100, r4, 0x1, 0x6, 0x6, @broadcast}, 0x14)

1.503916813s ago: executing program 3 (id=2222):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x18, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x14, 0x2, 0x0, 0x1, [{0x4}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x98}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e7", 0x9b}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.255086961s ago: executing program 2 (id=2223):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f5"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

1.089794867s ago: executing program 2 (id=2224):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 3 (id=2225):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_DESC={0x18, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x14, 0x2, 0x0, 0x1, [{0x4}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xa4}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {0x0}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

open blockdev
[  302.255763][ T9079] /dev/rnullb0: Can't open blockdev
[  302.302688][    T9] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  302.331989][ T5924] usb 4-1: Using ep0 maxpacket: 8
[  302.340486][    T9] usb 1-1: unable to read config index 0 descriptor/start: -61
[  302.348187][ T5924] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  302.348247][ T5924] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  302.348279][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.348303][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  302.363953][    T9] usb 1-1: can't read configurations, error -61
[  302.399496][  T983] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  302.403059][ T5924] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  302.411482][    T9] usb usb1-port1: unable to enumerate USB device
[  302.421411][ T5924] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  302.443813][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.459107][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  302.479430][ T5924] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  302.487078][ T5924] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  302.500421][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  302.517415][ T5924] usb 4-1: config 168 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  302.537131][ T5924] usb 4-1: string descriptor 0 read error: -22
[  302.543727][ T5924] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice= 3.6e
[  302.555853][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.573866][  T983] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.584372][ T5924] adutux 4-1:168.0: interrupt endpoints not found
[  302.584422][  T983] usb 2-1: config 0 interface 0 has no altsetting 0
[  302.614765][  T983] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  302.624572][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.642219][  T983] usb 2-1: Product: syz
[  302.646674][  T983] usb 2-1: Manufacturer: syz
[  302.651299][  T983] usb 2-1: SerialNumber: syz
[  302.663501][  T983] usb 2-1: config 0 descriptor??
[  302.673885][  T983] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  302.686676][  T983] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  302.699309][  T983] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  302.708492][  T983] usb 2-1: media controller created
[  302.734907][  T983] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  302.791584][ T9091] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1284'.
[  302.806806][  T983] DVB: Unable to find symbol tda10046_attach()
[  302.813723][ T9091] fuse: Bad value for 'fd'
[  302.821219][ T9065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.830573][ T9065] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.842824][  T983] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  302.851695][  T983] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  302.871191][ T9077] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1278'.
[  302.886921][  T983] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  302.932229][  T983] usb 2-1: USB disconnect, device number 82
[  302.965808][ T9093] dvmrp0: entered allmulticast mode
[  303.555815][ T2152] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  303.712915][ T2152] usb 3-1: Using ep0 maxpacket: 32
[  303.722803][ T2152] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  303.732303][ T2152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.743775][ T2152] usb 3-1: config 0 descriptor??
[  303.782199][ T5924] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  303.932007][ T5924] usb 2-1: Using ep0 maxpacket: 8
[  303.942024][ T5924] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  303.951663][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.960113][ T2152] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  303.967050][ T5924] usb 2-1: Product: syz
[  303.971240][ T5924] usb 2-1: Manufacturer: syz
[  303.977516][ T5924] usb 2-1: SerialNumber: syz
[  303.983781][ T2152] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  304.010320][ T2152] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  304.018738][ T5924] usb 2-1: config 0 descriptor??
[  304.033071][ T2152] usb 3-1: media controller created
[  304.076092][ T2152] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  304.166118][ T2152] az6027: usb out operation failed. (-71)
[  304.179131][ T2152] az6027: usb out operation failed. (-71)
[  304.185512][ T2152] stb0899_attach: Driver disabled by Kconfig
[  304.191740][ T2152] az6027: no front-end attached
[  304.191740][ T2152] 
[  304.199807][ T2152] az6027: usb out operation failed. (-71)
[  304.206415][ T2152] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  304.224302][ T2152] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input38
[  304.253268][ T9100] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  304.270740][ T2152] dvb-usb: schedule remote query interval to 400 msecs.
[  304.290874][ T5924] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  304.302339][ T2152] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  304.311455][ T5924] gspca_sunplus: reg_w_riv err -71
[  304.322066][ T5924] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  304.334520][ T2152] usb 3-1: USB disconnect, device number 74
[  304.358897][ T5924] usb 2-1: USB disconnect, device number 83
[  304.445354][ T2152] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  304.473758][ T9108] ./cgroup: Can't lookup blockdev
[  304.729431][ T9110] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1293'.
[  304.739276][  T983] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  304.749299][ T9110] fuse: Bad value for 'fd'
[  304.860264][  T926] usb 4-1: USB disconnect, device number 77
[  304.869463][ T5924] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  304.923089][  T983] usb 1-1: config 1 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 92, changing to 10
[  304.940180][ T5924] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  304.945017][  T983] usb 1-1: config 1 interface 0 altsetting 252 endpoint 0x2 has an invalid bInterval 236, changing to 11
[  304.981925][  T983] usb 1-1: config 1 interface 0 has no altsetting 0
[  304.996317][  T983] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.40
[  305.007475][  T983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.020414][  T983] usb 1-1: Product: 饭顯뷼퍦傘㙲蹓품쭶턒䚙埈ꪥ毎۽
[  305.038438][  T983] usb 1-1: Manufacturer: ц
[  305.066860][  T983] usb 1-1: SerialNumber: ⻲끻ῷ㧇ॉ奫郧崍엏怴䳴떿㍋Ȕጋ쩠앬秢犓粊콈틛⍽꽚რꚟ㌘븜㧝쾎콤쿄䮐꒬䠯躔라睳죲侚
[  305.302093][ T5924] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  305.452610][ T5924] usb 4-1: Using ep0 maxpacket: 8
[  305.462223][ T5924] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  305.471777][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.483102][ T5924] usb 4-1: config 0 descriptor??
[  305.512052][ T2152] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  305.529368][  T983] usbhid 1-1:1.0: can't add hid device: -71
[  305.535718][  T983] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  305.547943][  T983] usb 1-1: USB disconnect, device number 84
[  305.672055][ T2152] usb 2-1: Using ep0 maxpacket: 32
[  305.684929][ T2152] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  305.699862][ T2152] usb 2-1: config 0 has no interface number 0
[  305.709205][ T2152] usb 2-1: config 0 interface 12 has no altsetting 0
[  305.720044][ T2152] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  305.730696][ T2152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.739149][ T2152] usb 2-1: Product: syz
[  305.744003][ T2152] usb 2-1: Manufacturer: syz
[  305.748685][ T2152] usb 2-1: SerialNumber: syz
[  305.759763][ T2152] usb 2-1: config 0 descriptor??
[  306.034555][ T9132] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1302'.
[  306.044935][ T9132] fuse: Bad value for 'fd'
[  306.101238][ T5924] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  306.121016][ T5924] asix 4-1:0.0: probe with driver asix failed with error -32
[  306.154437][  T983] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  306.186605][  T983] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  306.691995][  T926] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  306.762213][  T983] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  306.846313][  T926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  306.857322][  T926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  306.867315][  T926] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  306.876640][  T926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.887658][  T926] usb 1-1: config 0 descriptor??
[  306.912052][  T983] usb 3-1: Using ep0 maxpacket: 8
[  306.920548][  T983] usb 3-1: unable to get BOS descriptor or descriptor too short
[  306.930338][  T983] usb 3-1: config 0 has an invalid interface number: 65 but max is 0
[  306.938920][  T983] usb 3-1: config 0 has no interface number 0
[  306.945796][  T983] usb 3-1: config 0 interface 65 has no altsetting 0
[  306.958132][  T983] usb 3-1: New USB device found, idVendor=052b, idProduct=1911, bcdDevice= 1.00
[  306.967543][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.975854][  T983] usb 3-1: Product: ᔄ蹓갆餝쎯씎媾ꆇ傅组᥯蚣嶻᪩✂᪦橵︆穬쿞鐤챐嚞஡鸄⽠頶蕤䭻ｼ큘뻫⸎’ᝊ㖬㦟⤘ﻡ脣鷼靗〨唐枅낊ᒓ䑎郴镍ඪ此᱘஬⨑碥氓흲✧텹궒䃠鱁夐갦୦욧∰㬞蜤ꋮ
[  307.002343][  T983] usb 3-1: SerialNumber: syz
[  307.010438][  T983] usb 3-1: config 0 descriptor??
[  307.317828][  T926] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  307.332881][  T926] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  307.354118][  T926] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0003/input/input39
[  307.448149][  T926] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  307.517712][ T9142] /dev/rnullb0: Can't open blockdev
[  307.545165][ T9155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.560568][ T9155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.610179][ T2152] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  307.646083][ T2152] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  307.662028][ T2152] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  307.690047][  T983] usb-storage 3-1:0.65: USB Mass Storage device detected
[  307.698195][ T2152] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  307.718555][    T9] usb 1-1: USB disconnect, device number 85
[  307.744704][  T983] usb-storage 3-1:0.65: Quirks match for vid 052b pid 1911: 20
[  307.745894][ T2152] usb 2-1: USB disconnect, device number 84
[  307.882545][  T983] usb 3-1: USB disconnect, device number 75
[  307.927811][ T9165] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  307.950793][ T9165] netlink: 57 bytes leftover after parsing attributes in process `syz.0.1307'.
[  308.044188][ T9168] /dev/rnullb0: Can't open blockdev
[  308.085923][ T2152] usb 4-1: USB disconnect, device number 78
[  308.151743][ T9171] tipc: Started in network mode
[  308.159617][ T9171] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  308.176830][ T9171] tipc: Enabled bearer <udp:syz1>, priority 10
[  308.503899][ T9189] FAULT_INJECTION: forcing a failure.
[  308.503899][ T9189] name failslab, interval 1, probability 0, space 0, times 0
[  308.528508][ T9191] fuse: Bad value for 'fd'
[  308.529032][ T9189] CPU: 1 UID: 0 PID: 9189 Comm: syz.0.1317 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  308.529062][ T9189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  308.529093][ T9189] Call Trace:
[  308.529102][ T9189]  <TASK>
[  308.529112][ T9189]  dump_stack_lvl+0x189/0x250
[  308.529144][ T9189]  ? __pfx____ratelimit+0x10/0x10
[  308.529177][ T9189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.529204][ T9189]  ? __pfx__printk+0x10/0x10
[  308.529231][ T9189]  ? __lock_acquire+0xab9/0xd20
[  308.529288][ T9189]  should_fail_ex+0x414/0x560
[  308.529330][ T9189]  should_failslab+0xa8/0x100
[  308.529361][ T9189]  kmem_cache_alloc_noprof+0x73/0x3c0
[  308.529384][ T9189]  ? skb_clone+0x212/0x3a0
[  308.529413][ T9189]  skb_clone+0x212/0x3a0
[  308.529435][ T9189]  ? ip6_finish_output2+0x3d3/0x16a0
[  308.529460][ T9189]  ip6_finish_output2+0x3e4/0x16a0
[  308.529499][ T9189]  ? __pfx_ip6_finish_output2+0x10/0x10
[  308.529523][ T9189]  ? ip6_mtu+0x7d/0x3f0
[  308.529557][ T9189]  ? ip6_mtu+0x7d/0x3f0
[  308.529593][ T9189]  ip6_finish_output+0x234/0x7d0
[  308.529631][ T9189]  ip6_mr_output+0x4e9/0x1100
[  308.529674][ T9189]  ? ip6_mr_output+0x1ca/0x1100
[  308.529711][ T9189]  ? __pfx_ip6_mr_output+0x10/0x10
[  308.529752][ T9189]  ? __ip6_local_out+0x609/0x870
[  308.529786][ T9189]  ? __ip6_local_out+0x82c/0x870
[  308.529811][ T9189]  ? __lock_acquire+0xab9/0xd20
[  308.529843][ T9189]  ? __ip6_local_out+0x609/0x870
[  308.529887][ T9189]  ? skb_dst+0x4f/0xd0
[  308.529915][ T9189]  ? dst_output+0x177/0x1c0
[  308.529941][ T9189]  ? ip6_send_skb+0x10f/0x390
[  308.529963][ T9189]  ip6_send_skb+0x1d5/0x390
[  308.529989][ T9189]  rawv6_push_pending_frames+0x6e9/0x8d0
[  308.530025][ T9189]  ? __pfx_rawv6_push_pending_frames+0x10/0x10
[  308.530058][ T9189]  ? __pfx_raw6_getfrag+0x10/0x10
[  308.530094][ T9189]  rawv6_sendmsg+0x1331/0x1820
[  308.530139][ T9189]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  308.530193][ T9189]  ? __lock_acquire+0xab9/0xd20
[  308.530225][ T9189]  ? __pfx_aa_sk_perm+0x10/0x10
[  308.530258][ T9189]  ? sock_rps_record_flow+0x19/0x410
[  308.530290][ T9189]  ? inet_sendmsg+0x2f4/0x370
[  308.530315][ T9189]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  308.530352][ T9189]  __sock_sendmsg+0x19c/0x270
[  308.530385][ T9189]  ____sys_sendmsg+0x52d/0x830
[  308.530414][ T9189]  ? __pfx_____sys_sendmsg+0x10/0x10
[  308.530448][ T9189]  ? import_iovec+0x74/0xa0
[  308.530476][ T9189]  ___sys_sendmsg+0x21f/0x2a0
[  308.530501][ T9189]  ? __pfx____sys_sendmsg+0x10/0x10
[  308.530570][ T9189]  ? __fget_files+0x2a/0x420
[  308.530598][ T9189]  ? __fget_files+0x3a0/0x420
[  308.530641][ T9189]  __sys_sendmmsg+0x227/0x430
[  308.530671][ T9189]  ? __pfx___sys_sendmmsg+0x10/0x10
[  308.530690][ T9189]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  308.530751][ T9189]  ? ksys_write+0x22a/0x250
[  308.530782][ T9189]  ? __pfx_ksys_write+0x10/0x10
[  308.530806][ T9189]  ? rcu_is_watching+0x15/0xb0
[  308.530836][ T9189]  __x64_sys_sendmmsg+0xa0/0xc0
[  308.530862][ T9189]  do_syscall_64+0xfa/0x3b0
[  308.530890][ T9189]  ? lockdep_hardirqs_on+0x9c/0x150
[  308.530918][ T9189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.530941][ T9189]  ? clear_bhb_loop+0x60/0xb0
[  308.530969][ T9189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.530990][ T9189] RIP: 0033:0x7f2b10f8e929
[  308.531009][ T9189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.531028][ T9189] RSP: 002b:00007f2b11eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  308.531053][ T9189] RAX: ffffffffffffffda RBX: 00007f2b111b5fa0 RCX: 00007f2b10f8e929
[  308.531070][ T9189] RDX: 0000000000000002 RSI: 00002000000006c0 RDI: 0000000000000003
[  308.531083][ T9189] RBP: 00007f2b11eb9090 R08: 0000000000000000 R09: 0000000000000000
[  308.531098][ T9189] R10: 0000000000001004 R11: 0000000000000246 R12: 0000000000000001
[  308.531110][ T9189] R13: 0000000000000000 R14: 00007f2b111b5fa0 R15: 00007fff01e5e898
[  308.531146][ T9189]  </TASK>
[  309.122162][ T5924] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  309.293566][ T5924] usb 3-1: Using ep0 maxpacket: 32
[  309.293582][  T983] tipc: Node number set to 4269801514
[  309.307251][ T5924] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  309.318683][ T9208] openvswitch: netlink: Message has 24 unknown bytes.
[  309.326216][ T5924] usb 3-1: config 0 has no interface number 0
[  309.326273][ T5924] usb 3-1: config 0 interface 12 has no altsetting 0
[  309.337405][ T5924] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  309.342404][ T9208] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  309.376940][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.399843][ T5924] usb 3-1: Product: syz
[  309.412292][ T5924] usb 3-1: Manufacturer: syz
[  309.417084][ T5924] usb 3-1: SerialNumber: syz
[  309.430604][ T9208] overlayfs: conflicting lowerdir path
[  309.442873][ T5924] usb 3-1: config 0 descriptor??
[  309.661705][ T9219] fuse: Bad value for 'fd'
[  309.812097][ T5865] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  309.971926][  T926] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  309.972225][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  309.986980][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  309.997671][ T5865] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  310.006720][ T5865] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  310.019763][ T5865] usb 1-1: config 0 interface 0 has no altsetting 1
[  310.029194][ T5865] usb 1-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57
[  310.038495][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.046697][ T5865] usb 1-1: Product: syz
[  310.050922][ T5865] usb 1-1: Manufacturer: syz
[  310.055600][ T5865] usb 1-1: SerialNumber: syz
[  310.063183][ T5865] usb 1-1: config 0 descriptor??
[  310.078774][ T5865] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  310.104089][ T5865] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  310.132057][  T926] usb 4-1: device descriptor read/64, error -71
[  310.143282][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  310.192059][  T983] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  310.351916][  T983] usb 2-1: Using ep0 maxpacket: 32
[  310.358976][  T983] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  310.367644][  T983] usb 2-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config
[  310.379742][  T983] usb 2-1: config 0 has no interface number 0
[  310.386055][  T926] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  310.396761][  T983] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  310.407151][  T983] usb 2-1: config 0 interface 133 altsetting 0 has an endpoint descriptor with address 0x66, changing to 0x6
[  310.420525][  T983] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x6 has invalid maxpacket 26214, setting to 1024
[  310.433518][  T983] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  310.445627][  T983] usb 2-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  310.469490][  T983] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  310.481635][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.489946][  T983] usb 2-1: Product: syz
[  310.494315][  T983] usb 2-1: Manufacturer: syz
[  310.494560][ T5865] usb 1-1: USB disconnect, device number 86
[  310.498947][  T983] usb 2-1: SerialNumber: syz
[  310.503149][  T983] usb 2-1: config 0 descriptor??
[  310.522064][ T9227] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  310.529922][ T9227] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  310.537225][  T926] usb 4-1: device descriptor read/64, error -71
[  310.655405][  T926] usb usb4-port1: attempt power cycle
[  310.762974][  T983] usb 2-1: probing VID:PID(0424:012C)   
[  310.770266][  T983] usb 2-1: vub300 testing BULK OUT EndPoint(0) 0B
[  310.777057][  T983] usb 2-1: vub300 testing BULK OUT EndPoint(1) 06
[  310.788271][  T983] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  310.796224][  T983] vub300 2-1:0.133: probe with driver vub300 failed with error -22
[  310.809649][  T983] usb 2-1: USB disconnect, device number 85
[  311.001941][  T926] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  311.039681][  T926] usb 4-1: device descriptor read/8, error -71
[  311.291912][  T926] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  311.305377][ T5924] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  311.324117][ T5924] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  311.333687][ T5924] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  311.341903][  T926] usb 4-1: device descriptor read/8, error -71
[  311.349022][ T5924] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  311.382322][ T5924] usb 3-1: USB disconnect, device number 76
[  311.459067][  T926] usb usb4-port1: unable to enumerate USB device
[  311.473018][ T9239] fuse: Bad value for 'fd'
[  311.858461][ T9252] FAULT_INJECTION: forcing a failure.
[  311.858461][ T9252] name failslab, interval 1, probability 0, space 0, times 0
[  311.871508][ T9252] CPU: 0 UID: 0 PID: 9252 Comm: syz.0.1344 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  311.871538][ T9252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  311.871552][ T9252] Call Trace:
[  311.871560][ T9252]  <TASK>
[  311.871569][ T9252]  dump_stack_lvl+0x189/0x250
[  311.871598][ T9252]  ? __pfx____ratelimit+0x10/0x10
[  311.871625][ T9252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.871648][ T9252]  ? __pfx__printk+0x10/0x10
[  311.871678][ T9252]  ? __memcg_slab_post_alloc_hook+0x522/0x7f0
[  311.871705][ T9252]  should_fail_ex+0x414/0x560
[  311.871743][ T9252]  should_failslab+0xa8/0x100
[  311.871769][ T9252]  kmem_cache_alloc_noprof+0x73/0x3c0
[  311.871791][ T9252]  ? inet_bind2_bucket_create+0x34/0x4b0
[  311.871821][ T9252]  ? inet_bind_bucket_create+0x30/0x240
[  311.871851][ T9252]  inet_bind2_bucket_create+0x34/0x4b0
[  311.871883][ T9252]  inet_csk_get_port+0xf34/0x1740
[  311.871905][ T9252]  ? inet_csk_get_port+0xb11/0x1740
[  311.871945][ T9252]  __inet_bind+0x5da/0xb80
[  311.871976][ T9252]  inet_bind_sk+0x120/0x1e0
[  311.871996][ T9252]  ? tomoyo_socket_bind_permission+0x1e7/0x290
[  311.872022][ T9252]  ? __pfx_inet_bind_sk+0x10/0x10
[  311.872043][ T9252]  ? apparmor_socket_bind+0xff/0x1e0
[  311.872075][ T9252]  ? bpf_lsm_socket_bind+0x9/0x20
[  311.872106][ T9252]  __sys_bind+0x2c6/0x3e0
[  311.872138][ T9252]  ? __pfx___sys_bind+0x10/0x10
[  311.872177][ T9252]  ? __pfx_ksys_write+0x10/0x10
[  311.872199][ T9252]  ? rcu_is_watching+0x15/0xb0
[  311.872235][ T9252]  __x64_sys_bind+0x7a/0x90
[  311.872263][ T9252]  do_syscall_64+0xfa/0x3b0
[  311.872288][ T9252]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.872311][ T9252]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.872331][ T9252]  ? clear_bhb_loop+0x60/0xb0
[  311.872355][ T9252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.872373][ T9252] RIP: 0033:0x7f2b10f8e929
[  311.872392][ T9252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.872410][ T9252] RSP: 002b:00007f2b11eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  311.872432][ T9252] RAX: ffffffffffffffda RBX: 00007f2b111b5fa0 RCX: 00007f2b10f8e929
[  311.872445][ T9252] RDX: 0000000000000047 RSI: 0000200000000040 RDI: 0000000000000006
[  311.872458][ T9252] RBP: 00007f2b11eb9090 R08: 0000000000000000 R09: 0000000000000000
[  311.872470][ T9252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.872482][ T9252] R13: 0000000000000000 R14: 00007f2b111b5fa0 R15: 00007fff01e5e898
[  311.872512][ T9252]  </TASK>
[  312.164583][ T9254] /dev/rnullb0: Can't open blockdev
[  312.290814][ T9261] fuse: Bad value for 'fd'
[  312.499338][ T9270] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.552791][ T9270] bond0: (slave rose0): Enslaving as an active interface with an up link
[  312.940724][ T9290] fuse: Bad value for 'fd'
[  312.982153][ T5924] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  313.141968][ T5924] usb 3-1: Using ep0 maxpacket: 32
[  313.174990][ T5924] usb 3-1: config index 0 descriptor too short (expected 539, got 27)
[  313.192136][ T5924] usb 3-1: config 0 has an invalid interface number: 35 but max is -1
[  313.213363][ T5924] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  313.241901][ T5924] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  313.260634][ T5924] usb 3-1: config 0 has no interface number 0
[  313.294080][ T5924] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  313.305196][ T9304] syzkaller1: entered promiscuous mode
[  313.310713][ T9304] syzkaller1: entered allmulticast mode
[  313.324256][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.335470][ T5924] usb 3-1: Product: syz
[  313.339688][ T5924] usb 3-1: Manufacturer: syz
[  313.367783][ T5924] usb 3-1: SerialNumber: syz
[  313.393693][ T5924] usb 3-1: config 0 descriptor??
[  313.572477][  T926] usb 1-1: new low-speed USB device number 87 using dummy_hcd
[  313.604297][ T5924] cdc_acm 3-1:0.35: Zero length descriptor references
[  313.617604][ T5924] cdc_acm 3-1:0.35: probe with driver cdc_acm failed with error -22
[  313.635874][ T5924] usb 3-1: USB disconnect, device number 77
[  313.656664][  T983] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  313.768721][  T926] usb 1-1: string descriptor 0 read error: -22
[  313.775425][  T926] usb 1-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  313.786062][  T926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.805082][  T983] usb 4-1: device descriptor read/64, error -71
[  313.812843][  T926] usb 1-1: config 0 descriptor??
[  313.822620][  T926] usbtest 1-1:0.0: FX2 device
[  313.827357][  T926] usbtest 1-1:0.0: low-speed {control intr-in intr-out} tests (+alt)
[  314.042259][  T926] usb 1-1: USB disconnect, device number 87
[  314.071912][  T983] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  314.202407][  T983] usb 4-1: device descriptor read/64, error -71
[  314.229731][ T9333] FAULT_INJECTION: forcing a failure.
[  314.229731][ T9333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  314.252138][ T9333] CPU: 0 UID: 0 PID: 9333 Comm: syz.1.1375 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  314.252167][ T9333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  314.252178][ T9333] Call Trace:
[  314.252229][ T9333]  <TASK>
[  314.252238][ T9333]  dump_stack_lvl+0x189/0x250
[  314.252267][ T9333]  ? __pfx____ratelimit+0x10/0x10
[  314.252305][ T9333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.252327][ T9333]  ? __pfx__printk+0x10/0x10
[  314.252348][ T9333]  ? __might_fault+0xb0/0x130
[  314.252382][ T9333]  should_fail_ex+0x414/0x560
[  314.252416][ T9333]  _copy_from_iter+0x1db/0x16f0
[  314.252459][ T9333]  ? __pfx__copy_from_iter+0x10/0x10
[  314.252486][ T9333]  ? __pfx_woken_wake_function+0x10/0x10
[  314.252516][ T9333]  ? file_tty_write+0x2e8/0x990
[  314.252541][ T9333]  ? rcu_is_watching+0x15/0xb0
[  314.252559][ T9333]  ? kfree+0x4d/0x440
[  314.252579][ T9333]  file_tty_write+0x486/0x990
[  314.252605][ T9333]  vfs_write+0x54b/0xa90
[  314.252629][ T9333]  ? __pfx_tty_write+0x10/0x10
[  314.252646][ T9333]  ? __pfx_vfs_write+0x10/0x10
[  314.252676][ T9333]  ? __fget_files+0x2a/0x420
[  314.252711][ T9333]  ksys_write+0x145/0x250
[  314.252735][ T9333]  ? __pfx_ksys_write+0x10/0x10
[  314.252754][ T9333]  ? rcu_is_watching+0x15/0xb0
[  314.252777][ T9333]  ? do_syscall_64+0xbe/0x3b0
[  314.252805][ T9333]  do_syscall_64+0xfa/0x3b0
[  314.252827][ T9333]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.252848][ T9333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.252867][ T9333]  ? clear_bhb_loop+0x60/0xb0
[  314.252889][ T9333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.252905][ T9333] RIP: 0033:0x7fe22498e929
[  314.252923][ T9333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.252940][ T9333] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  314.252971][ T9333] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  314.252986][ T9333] RDX: 0000000000001006 RSI: 00002000000004c0 RDI: 0000000000000004
[  314.252998][ T9333] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000000000000
[  314.253009][ T9333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  314.253019][ T9333] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  314.253051][ T9333]  </TASK>
[  314.313641][  T983] usb usb4-port1: attempt power cycle
[  314.512045][  T926] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  314.691974][  T983] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  314.723818][  T983] usb 4-1: device descriptor read/8, error -71
[  314.812101][  T926] usb 3-1: Using ep0 maxpacket: 32
[  314.819846][  T926] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  314.828385][  T926] usb 3-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config
[  314.841256][  T926] usb 3-1: config 0 has no interface number 0
[  314.849671][  T926] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  314.860864][  T926] usb 3-1: config 0 interface 133 altsetting 0 has an endpoint descriptor with address 0x66, changing to 0x6
[  314.875987][  T926] usb 3-1: config 0 interface 133 altsetting 0 endpoint 0x6 has invalid maxpacket 26214, setting to 1024
[  314.889483][  T926] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  314.899914][  T926] usb 3-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  314.912322][ T5978] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  314.916746][  T926] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  314.930148][  T926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.938395][  T926] usb 3-1: Product: syz
[  314.944907][  T926] usb 3-1: Manufacturer: syz
[  314.949886][  T926] usb 3-1: SerialNumber: syz
[  314.959204][  T926] usb 3-1: config 0 descriptor??
[  314.971998][  T983] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  314.983167][ T9335] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  314.992394][ T9335] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  315.022800][  T983] usb 4-1: device descriptor read/8, error -71
[  315.082051][ T5978] usb 1-1: Using ep0 maxpacket: 32
[  315.094998][ T5978] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  315.103305][ T5978] usb 1-1: config 0 has no interface number 0
[  315.109445][ T5978] usb 1-1: config 0 interface 12 has no altsetting 0
[  315.126611][ T5978] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  315.135848][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.142781][  T983] usb usb4-port1: unable to enumerate USB device
[  315.144264][ T5978] usb 1-1: Product: syz
[  315.155917][ T5978] usb 1-1: Manufacturer: syz
[  315.160566][ T5978] usb 1-1: SerialNumber: syz
[  315.181067][ T5978] usb 1-1: config 0 descriptor??
[  315.219196][  T926] usb 3-1: probing VID:PID(0424:012C)   
[  315.226558][  T926] usb 3-1: vub300 testing BULK OUT EndPoint(0) 0B
[  315.233901][  T926] usb 3-1: vub300 testing BULK OUT EndPoint(1) 06
[  315.240479][  T926] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  315.248775][  T926] vub300 3-1:0.133: probe with driver vub300 failed with error -22
[  315.273099][  T926] usb 3-1: USB disconnect, device number 78
[  315.402074][  T983] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  315.553370][  T983] usb 2-1: Using ep0 maxpacket: 8
[  315.560832][  T983] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  315.572187][  T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.584410][  T983] usb 2-1: config 0 descriptor??
[  316.042002][ T5924] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  316.194186][ T5924] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.204881][ T5924] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  316.205119][  T983] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  316.224950][ T5924] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  316.227706][  T983] asix 2-1:0.0: probe with driver asix failed with error -32
[  316.235679][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.253733][ T5924] usb 3-1: Product: syz
[  316.258255][ T5924] usb 3-1: Manufacturer: syz
[  316.264691][ T5924] usb 3-1: SerialNumber: syz
[  316.273493][ T5924] usb 3-1: config 0 descriptor??
[  316.490652][   T30] audit: type=1800 audit(1751604691.618:4): pid=9361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1376" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  317.026283][ T5978] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  317.036346][ T5978] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  317.047399][ T5978] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  317.056213][ T5978] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  317.085573][ T5978] usb 1-1: USB disconnect, device number 88
[  317.317192][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.402011][ T5865] usb 4-1: new full-speed USB device number 87 using dummy_hcd
[  317.558011][ T5865] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  317.568871][ T5865] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  317.580729][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  317.592304][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  317.602764][ T5865] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  317.616532][ T9385] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1385'.
[  317.621484][ T5865] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  317.627631][ T9385] fuse: Bad value for 'fd'
[  317.638841][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  317.649157][ T5865] usb 4-1: Product: syz
[  317.653742][ T5865] usb 4-1: Manufacturer: syz
[  317.658495][ T5865] usb 4-1: SerialNumber: syz
[  317.666770][ T5865] usb 4-1: config 0 descriptor??
[  317.880576][ T5865] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  317.890738][ T5865] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  318.089754][ T5865] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  318.101911][ T5865] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  318.121936][ T5865] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  318.173573][ T5924] usb 2-1: USB disconnect, device number 86
[  318.289592][ T5865] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  318.327894][ T9406] warning: `syz.1.1393' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  318.602245][ T5978] usb 1-1: new full-speed USB device number 89 using dummy_hcd
[  318.754691][ T5978] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  318.763026][ T5978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.774405][ T5978] usb 1-1: config 0 has no interface number 0
[  318.783936][ T5978] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  318.793325][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.801530][ T5978] usb 1-1: Product: syz
[  318.806323][ T5978] usb 1-1: Manufacturer: syz
[  318.810998][ T5978] usb 1-1: SerialNumber: syz
[  318.820359][ T5978] usb 1-1: config 0 descriptor??
[  318.836764][  T983] usb 3-1: USB disconnect, device number 79
[  318.857467][ T5978] hub 1-1:0.31: bad descriptor, ignoring hub
[  318.864304][ T5978] hub 1-1:0.31: probe with driver hub failed with error -5
[  318.876395][ T5978] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  318.883169][ T5978] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized!
[  318.894594][ T5978] usb 1-1: Failed to create links for entity 6
[  318.900983][ T5978] usb 1-1: Failed to register entities (-22).
[  319.094865][ T5865] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[  319.103767][ T5865] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  319.115848][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  319.123516][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  319.135697][ T5865] usb 4-1: USB disconnect, device number 87
[  319.208188][ T9412] /dev/rnullb0: Can't open blockdev
[  319.222088][  T983] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  319.392367][  T983] usb 3-1: Using ep0 maxpacket: 8
[  319.406263][  T983] usb 3-1: config 2 has an invalid interface number: 31 but max is 0
[  319.422049][  T983] usb 3-1: config 2 has no interface number 0
[  319.428197][  T983] usb 3-1: config 2 interface 31 has no altsetting 0
[  319.444223][  T983] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  319.455212][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.463773][  T983] usb 3-1: Product: syz
[  319.468090][  T983] usb 3-1: Manufacturer: syz
[  319.474820][  T983] usb 3-1: SerialNumber: syz
[  319.492656][  T983] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22
[  319.711304][  T983] usb 3-1: USB disconnect, device number 80
[  319.781989][ T5865] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  319.805558][ T9428] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1404'.
[  319.818016][ T9428] /dev/rnullb0: Can't open blockdev
[  319.941971][ T5865] usb 2-1: Using ep0 maxpacket: 8
[  319.949167][ T5865] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  319.958708][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.969251][ T5865] usb 2-1: config 0 descriptor??
[  320.112133][    T9] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  320.241974][    T9] usb 4-1: device descriptor read/64, error -71
[  320.481963][    T9] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  320.595571][ T5865] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  320.612156][    T9] usb 4-1: device descriptor read/64, error -71
[  320.618999][ T5865] asix 2-1:0.0: probe with driver asix failed with error -61
[  320.747487][    T9] usb usb4-port1: attempt power cycle
[  321.031989][ T5865] usb 3-1: new full-speed USB device number 81 using dummy_hcd
[  321.082724][ T3415] wlan1: Trigger new scan to find an IBSS to join
[  321.104480][    T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  321.145026][    T9] usb 4-1: device descriptor read/8, error -71
[  321.184911][ T5865] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.196335][ T5865] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  321.209137][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  321.220284][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  321.230609][ T5865] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  321.245791][ T5865] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  321.255010][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  321.263543][ T5865] usb 3-1: Product: syz
[  321.268090][ T5865] usb 3-1: Manufacturer: syz
[  321.273430][ T5865] usb 3-1: SerialNumber: syz
[  321.280745][ T5865] usb 3-1: config 0 descriptor??
[  321.391951][    T9] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  321.412433][ T2152] usb 1-1: USB disconnect, device number 89
[  321.420460][    T9] usb 4-1: device descriptor read/8, error -71
[  321.498677][ T5865] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  321.505971][ T5865] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  321.542535][    T9] usb usb4-port1: unable to enumerate USB device
[  321.699215][ T5865] radio-si470x 3-1:0.0: software version 0, hardware version 0
[  321.706887][ T5865] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  321.719908][ T5865] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  321.899937][ T5865] radio-si470x 3-1:0.0: submitting int urb failed (-90)
[  322.566629][  T926] usb 2-1: USB disconnect, device number 87
[  322.711984][ T5865] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32
[  322.725922][ T5865] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22
[  322.747660][ T9458] FAULT_INJECTION: forcing a failure.
[  322.747660][ T9458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.761486][ T9458] CPU: 0 UID: 0 PID: 9458 Comm: syz.1.1415 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  322.761508][ T9458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  322.761518][ T9458] Call Trace:
[  322.761524][ T9458]  <TASK>
[  322.761530][ T9458]  dump_stack_lvl+0x189/0x250
[  322.761550][ T9458]  ? __pfx____ratelimit+0x10/0x10
[  322.761569][ T9458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.761585][ T9458]  ? __pfx__printk+0x10/0x10
[  322.761602][ T9458]  ? __might_fault+0xb0/0x130
[  322.761626][ T9458]  should_fail_ex+0x414/0x560
[  322.761653][ T9458]  _copy_from_user+0x2d/0xb0
[  322.761667][ T9458]  snd_rawmidi_kernel_write1+0x3ab/0x650
[  322.761699][ T9458]  snd_rawmidi_write+0x5ad/0xbd0
[  322.761729][ T9458]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  322.761748][ T9458]  ? __pfx_default_wake_function+0x10/0x10
[  322.761771][ T9458]  ? common_file_perm+0x199/0x200
[  322.761794][ T9458]  ? bpf_lsm_file_permission+0x9/0x20
[  322.761811][ T9458]  ? security_file_permission+0x75/0x290
[  322.761844][ T9458]  ? rw_verify_area+0x258/0x650
[  322.761872][ T9458]  vfs_writev+0x4b3/0x960
[  322.761903][ T9458]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  322.761930][ T9458]  ? __pfx_vfs_writev+0x10/0x10
[  322.761984][ T9458]  ? __fget_files+0x2a/0x420
[  322.762016][ T9458]  ? __fget_files+0x3a0/0x420
[  322.762042][ T9458]  ? __fget_files+0x2a/0x420
[  322.762075][ T9458]  do_writev+0x14d/0x2d0
[  322.762103][ T9458]  ? __pfx_do_writev+0x10/0x10
[  322.762123][ T9458]  ? rcu_is_watching+0x15/0xb0
[  322.762141][ T9458]  ? do_syscall_64+0xbe/0x3b0
[  322.762163][ T9458]  do_syscall_64+0xfa/0x3b0
[  322.762182][ T9458]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.762200][ T9458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.762216][ T9458]  ? clear_bhb_loop+0x60/0xb0
[  322.762236][ T9458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.762250][ T9458] RIP: 0033:0x7fe22498e929
[  322.762263][ T9458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.762276][ T9458] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  322.762291][ T9458] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  322.762302][ T9458] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000004
[  322.762311][ T9458] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000000000000
[  322.762319][ T9458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  322.762328][ T9458] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  322.762349][ T9458]  </TASK>
[  323.055114][ T5865] usb 3-1: USB disconnect, device number 81
[  323.346380][ T9472] /dev/rnullb0: Can't open blockdev
[  323.450041][ T9480] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1424'.
[  323.459954][ T9480] fuse: Bad value for 'fd'
[  323.502085][ T2152] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  323.584736][ T5844] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  323.662081][ T5865] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  323.669817][ T2152] usb 4-1: device descriptor read/64, error -71
[  323.842006][ T5865] usb 2-1: Using ep0 maxpacket: 8
[  323.849116][ T5865] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  323.860000][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.871567][ T5865] usb 2-1: config 0 descriptor??
[  323.942098][ T2152] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  323.951928][  T983] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  324.036408][   T12] wlan1: Trigger new scan to find an IBSS to join
[  324.081999][ T2152] usb 4-1: device descriptor read/64, error -71
[  324.122019][  T983] usb 3-1: Using ep0 maxpacket: 32
[  324.133719][  T983] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  324.149256][  T983] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  324.161572][  T983] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  324.177062][  T983] usb 3-1: Product: syz
[  324.181375][  T983] usb 3-1: Manufacturer: syz
[  324.187036][  T983] usb 3-1: SerialNumber: syz
[  324.200788][  T983] usb 3-1: config 0 descriptor??
[  324.208156][ T9489] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  324.212328][ T2152] usb usb4-port1: attempt power cycle
[  324.233506][  T983] hub 3-1:0.0: bad descriptor, ignoring hub
[  324.243407][  T983] hub 3-1:0.0: probe with driver hub failed with error -5
[  324.430686][ T9489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  324.448103][ T9489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  324.490086][ T5865] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  324.502875][ T5865] asix 2-1:0.0: probe with driver asix failed with error -61
[  324.563040][  T983] usb 3-1: USB disconnect, device number 82
[  324.582212][ T2152] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  324.612684][ T2152] usb 4-1: device descriptor read/8, error -71
[  324.802057][ T9499] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1433'.
[  324.815688][ T9499] fuse: Bad value for 'fd'
[  324.872686][ T2152] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  324.902770][ T2152] usb 4-1: device descriptor read/8, error -71
[  325.025522][ T2152] usb usb4-port1: unable to enumerate USB device
[  325.749194][ T9542] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1452'.
[  325.762761][ T9542] 9pnet_fd: Insufficient options for proto=fd
[  325.781782][ T9542] /dev/rnullb0: Can't open blockdev
[  325.946918][ T9549] syz.2.1455 (9549): attempted to duplicate a private mapping with mremap.  This is not supported.
[  325.984115][ T9549] evm: overlay not supported
[  326.301983][ T2152] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  326.439585][ T5978] usb 2-1: USB disconnect, device number 88
[  326.482173][ T2152] usb 3-1: Using ep0 maxpacket: 8
[  326.493482][ T2152] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  326.521899][ T2152] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  326.549940][ T9573] fuse: Bad value for 'fd'
[  326.556633][ T2152] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  326.584117][ T2152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.609583][ T2152] usb 3-1: config 0 descriptor??
[  326.993222][ T3485] wlan1: Trigger new scan to find an IBSS to join
[  327.268014][ T9609] fuse: Bad value for 'fd'
[  327.394605][    T9] usb 4-1: new full-speed USB device number 96 using dummy_hcd
[  327.562323][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.573395][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  327.591447][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  327.603003][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  327.613260][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  327.630012][    T9] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  327.645763][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  327.664498][    T9] usb 4-1: Product: syz
[  327.672454][    T9] usb 4-1: Manufacturer: syz
[  327.682179][    T9] usb 4-1: SerialNumber: syz
[  327.700734][    T9] usb 4-1: config 0 descriptor??
[  327.922492][    T9] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  327.932596][   T13] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  327.938526][    T9] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  328.130228][    T9] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  328.151957][    T9] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  328.176988][    T9] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  328.330854][    T9] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  328.443094][  T926] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  328.465582][ T9661] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  328.475912][ T9661] use of bytesused == 0 is deprecated and will be removed in the future,
[  328.484797][ T9661] use the actual size instead.
[  328.582034][  T926] usb 1-1: device descriptor read/64, error -71
[  328.705498][ T9667] block nbd1: NBD_DISCONNECT
[  328.821950][  T926] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  328.952112][  T926] usb 1-1: device descriptor read/64, error -71
[  329.021990][ T5904] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  329.062780][  T926] usb usb1-port1: attempt power cycle
[  329.087016][ T2152] usb 3-1: USB disconnect, device number 83
[  329.133966][    T9] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[  329.144538][    T9] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  329.165380][    T9] usb 4-1: USB disconnect, device number 96
[  329.173825][ T5904] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  329.194784][ T5904] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  329.206093][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.225990][ T5904] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[  329.412119][  T926] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  329.433230][  T926] usb 1-1: device descriptor read/8, error -71
[  329.612015][ T2152] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  329.671957][  T926] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  329.702596][  T926] usb 1-1: device descriptor read/8, error -71
[  329.710361][ T9675] program syz.3.1503 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  329.723659][ T9675] /dev/rnullb0: Can't open blockdev
[  329.778287][ T2152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.792974][ T2152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.803819][ T2152] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  329.813599][ T2152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.813874][  T926] usb usb1-port1: unable to enumerate USB device
[  329.825316][ T2152] usb 3-1: config 0 descriptor??
[  330.185186][ T9693] /dev/rnullb0: Can't open blockdev
[  330.459409][ T5844] Bluetooth: hci1: unexpected cc 0x204e length: 3 > 1
[  330.467157][ T5844] Bluetooth: hci1: unexpected event for opcode 0x204e
[  330.621938][  T926] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  330.784271][  T926] usb 4-1: Using ep0 maxpacket: 8
[  330.791393][  T926] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  330.800205][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  330.811765][  T926] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  330.824246][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 183, changing to 11
[  330.836331][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  330.849299][  T926] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  330.865757][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  330.877178][  T926] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  330.889277][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 183, changing to 11
[  330.900734][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  330.914810][  T926] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  330.922421][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  330.933965][  T926] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  330.945800][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 183, changing to 11
[  330.958739][  T926] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  330.977201][  T926] usb 4-1: string descriptor 0 read error: -22
[  330.983755][  T926] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  330.995695][  T926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.016165][  T926] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  331.248030][ T5924] usb 4-1: USB disconnect, device number 97
[  331.350743][ T9706] process 'syz.0.1514' launched './file0' with NULL argv: empty string added
[  331.799269][ T9719] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1520'.
[  331.851656][  T926] usb 2-1: USB disconnect, device number 89
[  332.062368][ T5924] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  332.158033][ T2152] usbhid 3-1:0.0: can't add hid device: -71
[  332.178519][ T9732] fuse: Bad value for 'fd'
[  332.180709][ T2152] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  332.216825][ T2152] usb 3-1: USB disconnect, device number 84
[  332.238960][ T5924] usb 1-1: config 1 has an invalid descriptor of length 101, skipping remainder of the config
[  332.252275][ T5924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  332.268080][ T5924] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  332.279773][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  332.289449][ T5924] usb 1-1: SerialNumber: syz
[  332.530812][ T5924] usb 1-1: 0:2 : does not exist
[  332.546162][ T5924] usb 1-1: unit 120 not found!
[  332.598435][ T5924] usb 1-1: USB disconnect, device number 94
[  332.806865][ T9757] FAULT_INJECTION: forcing a failure.
[  332.806865][ T9757] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  332.821887][ T9748] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  332.854456][ T9757] CPU: 1 UID: 0 PID: 9757 Comm: syz.3.1534 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  332.854488][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  332.854501][ T9757] Call Trace:
[  332.854509][ T9757]  <TASK>
[  332.854518][ T9757]  dump_stack_lvl+0x189/0x250
[  332.854546][ T9757]  ? __pfx____ratelimit+0x10/0x10
[  332.854572][ T9757]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.854596][ T9757]  ? __pfx__printk+0x10/0x10
[  332.854620][ T9757]  ? fs_reclaim_acquire+0x7d/0x100
[  332.854656][ T9757]  should_fail_ex+0x414/0x560
[  332.854694][ T9757]  prepare_alloc_pages+0x213/0x610
[  332.854729][ T9757]  __alloc_frozen_pages_noprof+0x123/0x370
[  332.854763][ T9757]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  332.854796][ T9757]  ? __lock_acquire+0xab9/0xd20
[  332.854836][ T9757]  alloc_pages_mpol+0x232/0x4a0
[  332.854867][ T9757]  alloc_pages_noprof+0xa9/0x190
[  332.854893][ T9757]  pte_alloc_one+0x21/0x170
[  332.854916][ T9757]  __pte_alloc+0x25/0x1a0
[  332.854948][ T9757]  walk_pgd_range+0xf5d/0x1d40
[  332.854991][ T9757]  ? __pfx_guard_install_set_pte+0x10/0x10
[  332.855016][ T9757]  ? __pfx_guard_install_set_pte+0x10/0x10
[  332.855041][ T9757]  ? __pfx_guard_install_set_pte+0x10/0x10
[  332.855065][ T9757]  ? __pfx_guard_install_set_pte+0x10/0x10
[  332.855100][ T9757]  ? __pfx_guard_install_pte_entry+0x10/0x10
[  332.855126][ T9757]  ? __pfx_walk_pgd_range+0x10/0x10
[  332.855159][ T9757]  __walk_page_range+0x14c/0x710
[  332.855185][ T9757]  ? find_vma+0xe7/0x160
[  332.855205][ T9757]  ? __pfx_find_vma+0x10/0x10
[  332.855238][ T9757]  walk_page_range_mm+0x454/0x660
[  332.855284][ T9757]  ? __pfx_walk_page_range_mm+0x10/0x10
[  332.855323][ T9757]  madvise_vma_behavior+0x163f/0x3860
[  332.855355][ T9757]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  332.855388][ T9757]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  332.855422][ T9757]  ? __lock_acquire+0xab9/0xd20
[  332.855458][ T9757]  ? __lock_acquire+0xab9/0xd20
[  332.855501][ T9757]  ? __lock_acquire+0xab9/0xd20
[  332.855551][ T9757]  ? mas_prev_slot+0xb31/0xbb0
[  332.855593][ T9757]  ? find_vma_prev+0xfc/0x170
[  332.855613][ T9757]  ? __pfx_find_vma_prev+0x10/0x10
[  332.855645][ T9757]  ? _parse_integer_limit+0x1ae/0x1f0
[  332.855680][ T9757]  madvise_walk_vmas+0x51c/0xa30
[  332.855703][ T9757]  ? __lock_acquire+0xab9/0xd20
[  332.855745][ T9757]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  332.855774][ T9757]  ? blk_start_plug+0x6f/0x1b0
[  332.855806][ T9757]  madvise_do_behavior+0x38e/0x550
[  332.855837][ T9757]  ? __pfx_madvise_do_behavior+0x10/0x10
[  332.855871][ T9757]  ? down_read+0x1ad/0x2e0
[  332.855908][ T9757]  do_madvise+0x1bc/0x270
[  332.855933][ T9757]  ? __pfx_do_madvise+0x10/0x10
[  332.856001][ T9757]  ? __pfx_ksys_write+0x10/0x10
[  332.856035][ T9757]  __x64_sys_madvise+0xa7/0xc0
[  332.856067][ T9757]  do_syscall_64+0xfa/0x3b0
[  332.856092][ T9757]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.856118][ T9757]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.856137][ T9757]  ? clear_bhb_loop+0x60/0xb0
[  332.856162][ T9757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.856181][ T9757] RIP: 0033:0x7f8b1398e929
[  332.856200][ T9757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.856217][ T9757] RSP: 002b:00007f8b148c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  332.856239][ T9757] RAX: ffffffffffffffda RBX: 00007f8b13bb5fa0 RCX: 00007f8b1398e929
[  332.856261][ T9757] RDX: 0000000000000066 RSI: 000000000000d000 RDI: 0000200000130000
[  332.856275][ T9757] RBP: 00007f8b148c5090 R08: 0000000000000000 R09: 0000000000000000
[  332.856287][ T9757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.856299][ T9757] R13: 0000000000000001 R14: 00007f8b13bb5fa0 R15: 00007ffc283d7838
[  332.856331][ T9757]  </TASK>
[  333.231610][    C1] vkms_vblank_simulate: vblank timer overrun
[  333.404983][ T9762] No control pipe specified
[  333.445545][ T9762] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1536'.
[  333.956916][ T9785] /dev/rnullb0: Can't open blockdev
[  334.142696][ T9791] loop8: detected capacity change from 0 to 7
[  334.247543][ T9791] Dev loop8: unable to read RDB block 7
[  334.278286][ T9791]  loop8: unable to read partition table
[  334.284429][  T926] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  334.304754][ T9791] loop8: partition table beyond EOD, truncated
[  334.314408][ T9791] loop_reread_partitions: partition scan of loop8 (�被x������ ) failed (rc=-5)
[  334.443685][  T926] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  334.462243][  T926] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  334.471351][  T926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.520615][  T926] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  334.632057][ T5924] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  334.816243][ T5924] usb 1-1: config 17 has an invalid interface number: 255 but max is 0
[  334.828894][ T5924] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  334.858941][ T5924] usb 1-1: config 17 has no interface number 0
[  334.869835][ T5924] usb 1-1: too many endpoints for config 17 interface 255 altsetting 255: 255, using maximum allowed: 30
[  334.881428][ T5924] usb 1-1: config 17 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  334.898984][ T5924] usb 1-1: config 17 interface 255 has no altsetting 0
[  334.906829][ T5924] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  334.918830][ T9814] /dev/rnullb0: Can't open blockdev
[  334.923532][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.948372][ T5924] aiptek 1-1:17.255: interface has no int in endpoints, but must have minimum 1
[  337.420421][  T926] usb 1-1: USB disconnect, device number 95
[  337.907458][ T9889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  337.950937][ T5978] usb 4-1: USB disconnect, device number 98
[  338.052488][ T5924] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  338.137817][ T9896] o2cb: This node has not been configured.
[  338.144955][ T9896] o2cb: Cluster check failed. Fix errors before retrying.
[  338.155480][ T9896] (syz.3.1592,9896,0):user_dlm_register:674 ERROR: status = -22
[  338.172244][ T9896] (syz.3.1592,9896,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "syz0"
[  338.247265][ T5924] usb 2-1: config 17 has an invalid interface number: 255 but max is 0
[  338.262021][ T5924] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  338.294919][ T5924] usb 2-1: config 17 has no interface number 0
[  338.312164][ T5924] usb 2-1: too many endpoints for config 17 interface 255 altsetting 255: 255, using maximum allowed: 30
[  338.333898][ T5924] usb 2-1: config 17 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  338.374850][ T5924] usb 2-1: config 17 interface 255 has no altsetting 0
[  338.390451][ T5924] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  338.403174][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.425601][ T5924] aiptek 2-1:17.255: interface has no int in endpoints, but must have minimum 1
[  338.495656][ T9910] /dev/rnullb0: Can't open blockdev
[  338.638862][ T9918] fuse: Bad value for 'fd'
[  338.938441][ T9933] /dev/rnullb0: Can't open blockdev
[  339.119480][ T9943] fuse: Bad value for 'fd'
[  339.312277][ T5924] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  339.350012][ T9955] atomic_op ffff888075917998 conn xmit_atomic 0000000000000000
[  339.475891][ T5924] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  339.493973][ T5924] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  339.507308][ T5924] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  339.519236][ T5924] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  339.528636][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.556289][ T9940] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  339.780868][ T9971] fuse: Bad value for 'fd'
[  339.791196][ T9968] syz.0.1625 uses old SIOCAX25GETINFO
[  339.803748][ T9968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1625'.
[  340.219594][ T9991] fuse: Bad value for 'fd'
[  340.402768][ T5924] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  340.415832][ T5924] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input46
[  340.496476][ T5978] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  340.672012][ T5978] usb 3-1: Using ep0 maxpacket: 8
[  340.683345][ T5978] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  340.694961][ T5978] usb 3-1: config 179 has no interface number 0
[  340.701397][ T5978] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  340.718283][ T5978] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  340.731723][ T5978] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  340.751536][ T5978] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  340.773806][ T5978] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  340.795950][ T5978] usb 3-1: config 179 interface 65 has no altsetting 0
[  340.892600][ T5924] usb 2-1: USB disconnect, device number 90
[  340.907988][ T5978] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  340.919277][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.947382][T10014] fuse: Bad value for 'fd'
[  341.048610][ T5978] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input47
[  341.128443][ T5188] input input47: unable to receive magic message: -110
[  341.193056][ T5188] input input47: unable to receive magic message: -32
[  341.243871][ T5188] input input47: unable to receive magic message: -32
[  341.267703][ T5188] input input47: unable to receive magic message: -32
[  341.293290][ T5188] input input47: unable to receive magic message: -32
[  341.309419][ T5188] input input47: unable to receive magic message: -32
[  341.416364][ T9993] /dev/rnullb0: Can't open blockdev
[  341.437146][ T9993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.448258][ T9993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.529833][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  341.529838][  T926] usb 3-1: USB disconnect, device number 85
[  341.740464][T10039] fuse: Bad value for 'fd'
[  342.102342][  T926] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  342.135521][ T5978] usb 4-1: USB disconnect, device number 99
[  342.141540][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  342.269166][  T926] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  342.298096][  T926] usb 3-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3
[  342.316758][  T926] usb 3-1: Product: syz
[  342.320988][  T926] usb 3-1: Manufacturer: syz
[  342.341864][  T926] usb 3-1: SerialNumber: syz
[  342.365210][  T926] r8152-cfgselector 3-1: Unknown version 0x0000
[  342.374754][T10067] fuse: Bad value for 'fd'
[  342.379359][  T926] r8152-cfgselector 3-1: config 0 descriptor??
[  342.807007][T10043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.832314][T10043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.841586][    T9] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  342.858421][T10043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.873414][T10043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.884961][ T5978] r8152-cfgselector 3-1: USB disconnect, device number 86
[  343.035952][    T9] usb 4-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  343.061888][    T9] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  343.082448][    T9] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  343.101887][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.323329][    T9] usb 4-1: string descriptor 0 read error: -32
[  343.342585][    T9] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  343.816918][T10096] fuse: Bad value for 'fd'
[  344.661020][T10119] fuse: Bad value for 'fd'
[  345.329321][T10129] input: syz1 as /devices/virtual/input/input49
[  345.623694][ T5978] usb 4-1: USB disconnect, device number 100
[  345.753474][T10137] fuse: Bad value for 'fd'
[  346.362521][ T5978] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  346.493088][T10161] fuse: Bad value for 'fd'
[  346.550323][ T5978] usb 4-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  346.575037][ T5978] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  346.601970][ T5978] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  346.621454][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.702159][ T5924] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  346.854169][ T5924] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  346.872085][ T5924] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  346.892342][ T5978] usb 4-1: string descriptor 0 read error: -32
[  346.900359][ T5924] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  346.911670][ T5978] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  346.920806][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  346.929460][ T5924] usb 3-1: SerialNumber: syz
[  348.423340][ T5924] usb 3-1: 0:2 : does not exist
[  348.479429][ T5924] usb 3-1: USB disconnect, device number 87
[  349.177146][  T983] usb 4-1: USB disconnect, device number 101
[  349.403749][T10183] fuse: Bad value for 'fd'
[  349.474929][    T9] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  349.634477][    T9] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  349.658194][    T9] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  349.685314][    T9] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  349.712831][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.947367][T10212] fuse: Bad value for 'fd'
[  349.971460][    T9] usb 1-1: string descriptor 0 read error: -32
[  349.988029][    T9] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[  350.395557][T10233] fuse: Bad value for 'fd'
[  350.863232][T10254] fuse: Bad value for 'fd'
[  351.370284][T10283] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  351.385041][T10283] FAULT_INJECTION: forcing a failure.
[  351.385041][T10283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.401460][T10283] CPU: 0 UID: 0 PID: 10283 Comm: syz.3.1765 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  351.401492][T10283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  351.401505][T10283] Call Trace:
[  351.401514][T10283]  <TASK>
[  351.401523][T10283]  dump_stack_lvl+0x189/0x250
[  351.401551][T10283]  ? __pfx____ratelimit+0x10/0x10
[  351.401578][T10283]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.401601][T10283]  ? __pfx__printk+0x10/0x10
[  351.401624][T10283]  ? __might_fault+0xb0/0x130
[  351.401658][T10283]  should_fail_ex+0x414/0x560
[  351.401694][T10283]  _copy_from_user+0x2d/0xb0
[  351.401715][T10283]  iommufd_fops_ioctl+0x411/0x580
[  351.401743][T10283]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  351.401769][T10283]  ? __fget_files+0x2a/0x420
[  351.401805][T10283]  ? __fget_files+0x2a/0x420
[  351.401835][T10283]  ? bpf_lsm_file_ioctl+0x9/0x20
[  351.401854][T10283]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  351.401874][T10283]  __se_sys_ioctl+0xf9/0x170
[  351.401898][T10283]  do_syscall_64+0xfa/0x3b0
[  351.401924][T10283]  ? lockdep_hardirqs_on+0x9c/0x150
[  351.401949][T10283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.401969][T10283]  ? clear_bhb_loop+0x60/0xb0
[  351.401994][T10283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.402013][T10283] RIP: 0033:0x7f8b1398e929
[  351.402031][T10283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.402048][T10283] RSP: 002b:00007f8b148c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  351.402070][T10283] RAX: ffffffffffffffda RBX: 00007f8b13bb5fa0 RCX: 00007f8b1398e929
[  351.402085][T10283] RDX: 0000200000000100 RSI: 0000000000003b85 RDI: 0000000000000004
[  351.402098][T10283] RBP: 00007f8b148c5090 R08: 0000000000000000 R09: 0000000000000000
[  351.402111][T10283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.402123][T10283] R13: 0000000000000000 R14: 00007f8b13bb5fa0 R15: 00007ffc283d7838
[  351.402154][T10283]  </TASK>
[  351.897330][T10304] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1776'.
[  351.921979][  T926] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  352.092000][  T926] usb 2-1: Using ep0 maxpacket: 8
[  352.099056][  T926] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.111377][  T926] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  352.121068][  T926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.138081][  T926] usb 2-1: config 0 descriptor??
[  352.148794][  T926] gspca_main: vc032x-2.14.0 probing 046d:0892
[  352.201984][  T983] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  352.259352][ T5924] usb 1-1: USB disconnect, device number 96
[  352.320679][T10313] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1780'.
[  352.322421][T10314] /dev/rnullb0: Can't open blockdev
[  352.336373][  T983] usb 4-1: device descriptor read/64, error -71
[  352.532052][ T5904] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  352.592160][  T983] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  352.698378][ T5904] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  352.708298][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.717793][ T5904] usb 3-1: Product: syz
[  352.722532][ T5904] usb 3-1: Manufacturer: syz
[  352.727209][ T5904] usb 3-1: SerialNumber: syz
[  352.732018][  T983] usb 4-1: device descriptor read/64, error -71
[  352.743946][ T5904] usb 3-1: config 0 descriptor??
[  352.753027][  T926] gspca_vc032x: reg_r err -32
[  352.757828][  T926] vc032x 2-1:0.0: probe with driver vc032x failed with error -32
[  352.808171][T10328] /dev/rnullb0: Can't open blockdev
[  352.842301][  T983] usb usb4-port1: attempt power cycle
[  352.955171][ T5904] usb 3-1: f81604_read: reg: 105 failed: -EPROTO
[  352.962996][ T5904] f81604 3-1:0.0: Setting termination of CH#0 failed: -EPROTO
[  352.970664][ T5904] f81604 3-1:0.0: probe with driver f81604 failed with error -71
[  353.004457][ T5904] usb 3-1: USB disconnect, device number 88
[  353.122103][ T5905] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  353.204380][  T983] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  353.232540][  T983] usb 4-1: device descriptor read/8, error -71
[  353.274517][ T5905] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  353.286733][ T5905] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  353.299902][ T5905] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  353.309048][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.323555][ T5905] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[  353.472083][  T983] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  353.492549][  T983] usb 4-1: device descriptor read/8, error -71
[  353.603605][  T983] usb usb4-port1: unable to enumerate USB device
[  354.029894][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1797'.
[  354.272608][T10352] IPv6: NLM_F_CREATE should be specified when creating new route
[  354.590652][T10363] /dev/rnullb0: Can't open blockdev
[  354.709191][ T5905] usb 2-1: USB disconnect, device number 91
[  354.901056][T10375] FAULT_INJECTION: forcing a failure.
[  354.901056][T10375] name failslab, interval 1, probability 0, space 0, times 0
[  354.915550][T10375] CPU: 0 UID: 0 PID: 10375 Comm: syz.1.1807 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  354.915572][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  354.915581][T10375] Call Trace:
[  354.915587][T10375]  <TASK>
[  354.915594][T10375]  dump_stack_lvl+0x189/0x250
[  354.915615][T10375]  ? __pfx____ratelimit+0x10/0x10
[  354.915635][T10375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.915651][T10375]  ? __pfx__printk+0x10/0x10
[  354.915669][T10375]  ? __pfx___might_resched+0x10/0x10
[  354.915684][T10375]  ? fs_reclaim_acquire+0x7d/0x100
[  354.915707][T10375]  should_fail_ex+0x414/0x560
[  354.915734][T10375]  should_failslab+0xa8/0x100
[  354.915753][T10375]  __kmalloc_noprof+0xcb/0x4f0
[  354.915768][T10375]  ? tomoyo_mount_permission+0x27a/0x970
[  354.915783][T10375]  ? tomoyo_encode+0x28b/0x550
[  354.915802][T10375]  tomoyo_encode+0x28b/0x550
[  354.915820][T10375]  ? tomoyo_mount_permission+0x27a/0x970
[  354.915836][T10375]  tomoyo_mount_permission+0x331/0x970
[  354.915856][T10375]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  354.915914][T10375]  security_sb_mount+0xec/0x350
[  354.915934][T10375]  path_mount+0xbc/0xfe0
[  354.915952][T10375]  ? user_path_at+0x44/0x60
[  354.915965][T10375]  ? kmem_cache_free+0x18f/0x400
[  354.915987][T10375]  __se_sys_mount+0x317/0x410
[  354.916012][T10375]  ? __pfx___se_sys_mount+0x10/0x10
[  354.916036][T10375]  ? do_syscall_64+0xbe/0x3b0
[  354.916055][T10375]  ? __x64_sys_mount+0x20/0xc0
[  354.916077][T10375]  do_syscall_64+0xfa/0x3b0
[  354.916100][T10375]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.916118][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.916132][T10375]  ? clear_bhb_loop+0x60/0xb0
[  354.916149][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.916163][T10375] RIP: 0033:0x7fe22498e929
[  354.916176][T10375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.916188][T10375] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  354.916203][T10375] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  354.916214][T10375] RDX: 0000200000000240 RSI: 0000200000000040 RDI: 0000200000000100
[  354.916224][T10375] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000000000000
[  354.916233][T10375] R10: 0000000000808000 R11: 0000000000000246 R12: 0000000000000001
[  354.916241][T10375] R13: 0000000000000001 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  354.916263][T10375]  </TASK>
[  354.982079][ T5924] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  355.333834][ T5924] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  355.334362][T10388] /dev/rnullb0: Can't open blockdev
[  355.362687][ T5924] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  355.379396][T10389] /dev/rnullb0: Can't open blockdev
[  355.405481][ T5924] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  355.420864][ T5924] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  355.435235][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.447773][T10367] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  355.642488][ T5905] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  355.792309][ T5905] usb 4-1: Using ep0 maxpacket: 8
[  355.799054][ T5905] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  355.807588][ T5905] usb 4-1: config 179 has no interface number 0
[  355.816853][ T5905] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  355.828075][ T5904] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  355.835847][ T5905] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  355.848646][ T5905] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  355.860387][ T5905] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  355.872929][ T5905] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  355.886303][ T5905] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  355.895495][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.910228][T10392] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  355.938965][ T5978] usb 1-1: USB disconnect, device number 97
[  356.006151][T10402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1818'.
[  356.037005][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  356.054895][ T5904] usb 2-1: config 0 interface 0 has no altsetting 0
[  356.066328][ T5904] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  356.075943][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.084127][ T5904] usb 2-1: Product: syz
[  356.088416][ T5904] usb 2-1: Manufacturer: syz
[  356.093562][ T5904] usb 2-1: SerialNumber: syz
[  356.109599][ T5904] usb 2-1: config 0 descriptor??
[  356.157928][ T5905] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input54
[  356.283391][ T5924] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  356.311179][ T5924] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input53
[  356.355761][T10392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.393009][T10392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.537522][ T5904] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  356.732573][  T926] usb 4-1: USB disconnect, device number 106
[  356.732637][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  356.747025][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  356.788233][T10398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1817'.
[  357.041235][ T5904] gs_usb 2-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  357.076777][ T5904] usb 2-1: USB disconnect, device number 92
[  357.162057][ T5905] usb 1-1: new low-speed USB device number 98 using dummy_hcd
[  357.342984][ T5905] usb 1-1: Invalid ep0 maxpacket: 32
[  357.471998][ T5905] usb 1-1: new low-speed USB device number 99 using dummy_hcd
[  357.585983][ T5978] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  357.632090][ T5905] usb 1-1: Invalid ep0 maxpacket: 32
[  357.638169][ T5905] usb usb1-port1: attempt power cycle
[  357.755470][ T5978] usb 4-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  357.772703][ T5978] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  357.798453][ T5978] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  357.800888][T10430] /dev/rnullb0: Can't open blockdev
[  357.811207][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.857614][ T5978] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  357.873721][ T5904] usb 3-1: USB disconnect, device number 89
[  357.873720][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  357.985409][ T5905] usb 1-1: new low-speed USB device number 100 using dummy_hcd
[  357.990936][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  358.024355][ T5905] usb 1-1: Invalid ep0 maxpacket: 32
[  358.134778][T10440] FAULT_INJECTION: forcing a failure.
[  358.134778][T10440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.152828][T10440] CPU: 0 UID: 0 PID: 10440 Comm: syz.1.1834 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  358.152859][T10440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  358.152871][T10440] Call Trace:
[  358.152879][T10440]  <TASK>
[  358.152889][T10440]  dump_stack_lvl+0x189/0x250
[  358.152917][T10440]  ? __pfx____ratelimit+0x10/0x10
[  358.152945][T10440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.152967][T10440]  ? __pfx__printk+0x10/0x10
[  358.153004][T10440]  should_fail_ex+0x414/0x560
[  358.153042][T10440]  _copy_to_user+0x31/0xb0
[  358.153065][T10440]  simple_read_from_buffer+0xe1/0x170
[  358.153098][T10440]  proc_fail_nth_read+0x1df/0x250
[  358.153121][T10440]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.153144][T10440]  ? rw_verify_area+0x258/0x650
[  358.153167][T10440]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.153188][T10440]  vfs_read+0x200/0x980
[  358.153218][T10440]  ? __pfx___mutex_lock+0x10/0x10
[  358.153245][T10440]  ? __pfx_vfs_read+0x10/0x10
[  358.153271][T10440]  ? __fget_files+0x2a/0x420
[  358.153304][T10440]  ? __fget_files+0x3a0/0x420
[  358.153330][T10440]  ? __fget_files+0x2a/0x420
[  358.153367][T10440]  ksys_read+0x145/0x250
[  358.153394][T10440]  ? __pfx_ksys_read+0x10/0x10
[  358.153425][T10440]  ? do_syscall_64+0xbe/0x3b0
[  358.153456][T10440]  do_syscall_64+0xfa/0x3b0
[  358.153482][T10440]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.153507][T10440]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.153617][T10440]  ? clear_bhb_loop+0x60/0xb0
[  358.153655][T10440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.153675][T10440] RIP: 0033:0x7fe22498d33c
[  358.153695][T10440] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  358.153713][T10440] RSP: 002b:00007fe2258c4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  358.153736][T10440] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498d33c
[  358.153764][T10440] RDX: 000000000000000f RSI: 00007fe2258c40a0 RDI: 0000000000000004
[  358.153777][T10440] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000099b33000
[  358.153790][T10440] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  358.153801][T10440] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  358.153831][T10440]  </TASK>
[  358.409543][ T5905] usb 1-1: new low-speed USB device number 101 using dummy_hcd
[  358.441501][ T5905] usb 1-1: Invalid ep0 maxpacket: 32
[  358.448529][ T5905] usb usb1-port1: unable to enumerate USB device
[  358.781939][ T5905] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  358.855978][T10464] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1845'.
[  358.866030][T10464] blktrace: Concurrent blktraces are not allowed on rnullb0
[  358.935097][ T5905] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  358.946835][ T5905] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  358.957931][ T5905] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  358.969358][ T5905] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  358.978494][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.993205][T10451] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  359.814537][ T5905] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  359.844810][ T5905] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input56
[  360.070155][T10474] fuse: Bad value for 'fd'
[  360.398472][ T5924] usb 4-1: USB disconnect, device number 107
[  360.648568][T10489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  361.158480][T10510] /dev/rnullb0: Can't open blockdev
[  361.262748][ T5924] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  361.443944][ T5924] usb 4-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  361.464473][ T5924] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  361.492758][ T5924] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  361.512260][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.559198][ T5924] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[  361.609896][ T5924] usb 2-1: USB disconnect, device number 93
[  361.609931][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  361.859971][T10533] fuse: Bad value for 'fd'
[  362.077561][T10543] /dev/rnullb0: Can't open blockdev
[  362.301904][ T5924] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  362.327315][T10559] fuse: Bad value for 'fd'
[  362.366040][T10561] /dev/rnullb0: Can't open blockdev
[  362.474131][ T5924] usb 1-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  362.492423][ T5924] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  362.521865][ T5924] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  362.545124][ T5924] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  362.555297][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.573660][T10544] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  362.845455][T10583] fuse: Bad value for 'fd'
[  363.239907][T10604] fuse: Bad value for 'fd'
[  363.374018][T10608] FAULT_INJECTION: forcing a failure.
[  363.374018][T10608] name failslab, interval 1, probability 0, space 0, times 0
[  363.387017][T10608] CPU: 1 UID: 0 PID: 10608 Comm: syz.1.1910 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  363.387057][T10608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  363.387070][T10608] Call Trace:
[  363.387078][T10608]  <TASK>
[  363.387086][T10608]  dump_stack_lvl+0x189/0x250
[  363.387115][T10608]  ? __pfx____ratelimit+0x10/0x10
[  363.387141][T10608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.387164][T10608]  ? __pfx__printk+0x10/0x10
[  363.387193][T10608]  ? __pfx___might_resched+0x10/0x10
[  363.387213][T10608]  ? fs_reclaim_acquire+0x7d/0x100
[  363.387244][T10608]  should_fail_ex+0x414/0x560
[  363.387280][T10608]  should_failslab+0xa8/0x100
[  363.387307][T10608]  __kmalloc_noprof+0xcb/0x4f0
[  363.387328][T10608]  ? kfree+0x4d/0x440
[  363.387345][T10608]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  363.387375][T10608]  tomoyo_realpath_from_path+0xe3/0x5d0
[  363.387401][T10608]  ? tomoyo_domain+0xd9/0x130
[  363.387430][T10608]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  363.387462][T10608]  tomoyo_path_number_perm+0x1e8/0x5a0
[  363.387496][T10608]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  363.387545][T10608]  ? __lock_acquire+0xab9/0xd20
[  363.387597][T10608]  ? __fget_files+0x2a/0x420
[  363.387628][T10608]  ? __fget_files+0x2a/0x420
[  363.387654][T10608]  ? __fget_files+0x3a0/0x420
[  363.387679][T10608]  ? __fget_files+0x2a/0x420
[  363.387711][T10608]  security_file_ioctl+0xcb/0x2d0
[  363.387742][T10608]  __se_sys_ioctl+0x47/0x170
[  363.387767][T10608]  do_syscall_64+0xfa/0x3b0
[  363.387793][T10608]  ? lockdep_hardirqs_on+0x9c/0x150
[  363.387817][T10608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.387837][T10608]  ? clear_bhb_loop+0x60/0xb0
[  363.387861][T10608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.387881][T10608] RIP: 0033:0x7fe22498e929
[  363.387898][T10608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.387915][T10608] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  363.387936][T10608] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  363.387951][T10608] RDX: 00002000000001c0 RSI: 00000000401070cd RDI: 0000000000000005
[  363.387965][T10608] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000000000000
[  363.387977][T10608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.387988][T10608] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  363.388020][T10608]  </TASK>
[  363.388037][T10608] ERROR: Out of memory at tomoyo_realpath_from_path.
[  363.656490][ T5924] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  363.667696][ T5924] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input58
[  363.914550][T10623] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  363.922261][T10623] UDF-fs: Scanning with blocksize 512 failed
[  363.931158][T10623] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  363.939009][T10623] UDF-fs: Scanning with blocksize 1024 failed
[  363.945915][T10623] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  363.953783][T10623] UDF-fs: Scanning with blocksize 2048 failed
[  363.970708][T10623] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  363.978470][T10623] UDF-fs: Scanning with blocksize 4096 failed
[  364.083079][ T5904] usb 4-1: USB disconnect, device number 108
[  364.175938][T10635] fuse: Bad value for 'fd'
[  364.380225][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1924'.
[  364.391953][ T5905] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  364.553955][ T5905] usb 3-1: Using ep0 maxpacket: 8
[  364.565857][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.586665][ T5905] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  364.602105][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.621374][ T5905] usb 3-1: config 0 descriptor??
[  364.653421][ T5905] gspca_main: vc032x-2.14.0 probing 046d:0892
[  365.001927][ T5904] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  365.079224][  T983] usb 1-1: USB disconnect, device number 102
[  365.079376][    C1] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  365.166804][ T5904] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  365.184462][ T5904] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  365.195889][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.230059][ T5904] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[  365.317082][T10672] /dev/rnullb0: Can't open blockdev
[  365.580732][T10684] netlink: 1640 bytes leftover after parsing attributes in process `syz.0.1941'.
[  365.591577][T10684] fuse: Bad value for 'fd'
[  365.676180][ T5905] gspca_vc032x: reg_r err -32
[  365.681226][ T5905] vc032x 3-1:0.0: probe with driver vc032x failed with error -32
[  365.711627][ T5905] usb 3-1: USB disconnect, device number 90
[  365.822043][ T5904] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  365.985458][ T5904] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  365.997853][ T5904] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  366.009289][ T5904] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  366.020881][ T5904] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  366.030183][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.055597][T10686] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  366.353117][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1953'.
[  366.367485][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1953'.
[  366.378277][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1953'.
[  366.677686][T10729] FAULT_INJECTION: forcing a failure.
[  366.677686][T10729] name failslab, interval 1, probability 0, space 0, times 0
[  366.696867][T10729] CPU: 0 UID: 0 PID: 10729 Comm: syz.2.1962 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  366.696897][T10729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  366.696915][T10729] Call Trace:
[  366.696922][T10729]  <TASK>
[  366.696931][T10729]  dump_stack_lvl+0x189/0x250
[  366.696959][T10729]  ? __pfx____ratelimit+0x10/0x10
[  366.696986][T10729]  ? __pfx_dump_stack_lvl+0x10/0x10
[  366.697016][T10729]  ? __pfx__printk+0x10/0x10
[  366.697045][T10729]  ? __pfx___might_resched+0x10/0x10
[  366.697064][T10729]  ? fs_reclaim_acquire+0x7d/0x100
[  366.697096][T10729]  should_fail_ex+0x414/0x560
[  366.697134][T10729]  should_failslab+0xa8/0x100
[  366.697160][T10729]  __kmalloc_node_noprof+0xd1/0x4e0
[  366.697182][T10729]  ? crypto_create_tfm_node+0x83/0x3f0
[  366.697219][T10729]  crypto_create_tfm_node+0x83/0x3f0
[  366.697256][T10729]  crypto_ahash_init_tfm+0x162/0x770
[  366.697284][T10729]  ? __kmalloc_node_noprof+0x293/0x4e0
[  366.697314][T10729]  crypto_create_tfm_node+0x189/0x3f0
[  366.697350][T10729]  crypto_alloc_tfm_node+0x172/0x3f0
[  366.697392][T10729]  tcp_sigpool_alloc_ahash+0x886/0xc70
[  366.697429][T10729]  ? __pfx_tcp_sigpool_alloc_ahash+0x10/0x10
[  366.697451][T10729]  ? __might_fault+0xb0/0x130
[  366.697483][T10729]  tcp_md5_alloc_sigpool+0x1b/0x50
[  366.697515][T10729]  tcp_md5_do_add+0x107/0x3a0
[  366.697548][T10729]  tcp_v4_parse_md5_keys+0x412/0x600
[  366.697576][T10729]  ? __pfx_tcp_v4_parse_md5_keys+0x10/0x10
[  366.697596][T10729]  ? __lock_acquire+0xab9/0xd20
[  366.697648][T10729]  ? __local_bh_enable_ip+0x12d/0x1c0
[  366.697668][T10729]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  366.697699][T10729]  do_tcp_setsockopt+0x10d5/0x1f10
[  366.697735][T10729]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  366.697769][T10729]  ? __pfx_aa_sk_perm+0x10/0x10
[  366.697786][T10729]  ? __lock_acquire+0xab9/0xd20
[  366.697820][T10729]  ? aa_sock_opt_perm+0xff/0x1b0
[  366.697843][T10729]  ? sock_common_setsockopt+0x36/0xc0
[  366.697868][T10729]  ? tcp_setsockopt+0x3d/0xe0
[  366.697894][T10729]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  366.697924][T10729]  do_sock_setsockopt+0x25a/0x3e0
[  366.697959][T10729]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  366.697996][T10729]  ? __fget_files+0x2a/0x420
[  366.698040][T10729]  __x64_sys_setsockopt+0x18b/0x220
[  366.698079][T10729]  do_syscall_64+0xfa/0x3b0
[  366.698105][T10729]  ? lockdep_hardirqs_on+0x9c/0x150
[  366.698130][T10729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.698151][T10729]  ? clear_bhb_loop+0x60/0xb0
[  366.698176][T10729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.698200][T10729] RIP: 0033:0x7f1ad058e929
[  366.698219][T10729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.698236][T10729] RSP: 002b:00007f1ad142a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  366.698258][T10729] RAX: ffffffffffffffda RBX: 00007f1ad07b5fa0 RCX: 00007f1ad058e929
[  366.698273][T10729] RDX: 000000000000000e RSI: 0000000000000006 RDI: 0000000000000003
[  366.698284][T10729] RBP: 00007f1ad142a090 R08: 00000000000000d8 R09: 0000000000000000
[  366.698297][T10729] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  366.698309][T10729] R13: 0000000000000000 R14: 00007f1ad07b5fa0 R15: 00007ffd373d2398
[  366.698341][T10729]  </TASK>
[  367.083556][ T5904] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  367.093699][ T5904] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input60
[  367.786156][ T5904] usb 2-1: USB disconnect, device number 94
[  368.135977][T10771] FAULT_INJECTION: forcing a failure.
[  368.135977][T10771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.173616][T10771] CPU: 1 UID: 0 PID: 10771 Comm: syz.1.1979 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  368.173648][T10771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  368.173662][T10771] Call Trace:
[  368.173670][T10771]  <TASK>
[  368.173679][T10771]  dump_stack_lvl+0x189/0x250
[  368.173707][T10771]  ? __pfx____ratelimit+0x10/0x10
[  368.173735][T10771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.173757][T10771]  ? __pfx__printk+0x10/0x10
[  368.173781][T10771]  ? __might_fault+0xb0/0x130
[  368.173815][T10771]  should_fail_ex+0x414/0x560
[  368.173852][T10771]  _copy_from_user+0x2d/0xb0
[  368.173881][T10771]  __sys_sendto+0x25c/0x520
[  368.173914][T10771]  ? __pfx___sys_sendto+0x10/0x10
[  368.173942][T10771]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  368.173982][T10771]  ? __fget_files+0x3a0/0x420
[  368.174020][T10771]  ? ksys_write+0x22a/0x250
[  368.174047][T10771]  ? __pfx_ksys_write+0x10/0x10
[  368.174075][T10771]  __x64_sys_sendto+0xde/0x100
[  368.174107][T10771]  do_syscall_64+0xfa/0x3b0
[  368.174134][T10771]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.174159][T10771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.174180][T10771]  ? clear_bhb_loop+0x60/0xb0
[  368.174203][T10771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.174222][T10771] RIP: 0033:0x7fe22498e929
[  368.174240][T10771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.174257][T10771] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  368.174279][T10771] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  368.174294][T10771] RDX: 00000000000005dc RSI: 0000200000000000 RDI: 0000000000000005
[  368.174307][T10771] RBP: 00007fe2258c4090 R08: 0000200000000080 R09: 0000000000000014
[  368.174321][T10771] R10: 0000000020008040 R11: 0000000000000246 R12: 0000000000000001
[  368.174334][T10771] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  368.174366][T10771]  </TASK>
[  368.657151][ T5904] usb 4-1: USB disconnect, device number 109
[  368.663303][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  368.902010][ T5865] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[  368.962020][T10802] fuse: Bad value for 'fd'
[  369.065450][ T5865] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  369.095402][ T5865] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  369.132953][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.160272][ T5865] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[  369.362021][ T5904] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  369.514127][ T5904] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  369.531927][ T5904] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  369.552559][ T5904] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  369.581930][ T5904] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  369.603658][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.620556][T10810] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  369.775736][T10840] /dev/rnullb0: Can't open blockdev
[  370.235863][T10862] loop6: detected capacity change from 0 to 63
[  370.255957][ T5977] Buffer I/O error on dev loop6, logical block 0, async page read
[  370.272419][ T5977] Buffer I/O error on dev loop6, logical block 0, async page read
[  370.285912][ T5977] Buffer I/O error on dev loop6, logical block 0, async page read
[  370.297183][ T5977] Buffer I/O error on dev loop6, logical block 0, async page read
[  370.309303][ T5977] Buffer I/O error on dev loop6, logical block 0, async page read
[  370.696539][T10886] fuse: Bad value for 'fd'
[  370.992643][ T5904] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  371.011053][ T5904] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input62
[  371.607374][ T5905] usb 1-1: USB disconnect, device number 103
[  372.145533][ T5978] usb 3-1: USB disconnect, device number 91
[  372.145697][    C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  372.298683][T10944] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2050'.
[  372.638085][T10956] FAULT_INJECTION: forcing a failure.
[  372.638085][T10956] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.702063][T10956] CPU: 0 UID: 0 PID: 10956 Comm: syz.0.2055 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  372.702094][T10956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.702106][T10956] Call Trace:
[  372.702114][T10956]  <TASK>
[  372.702123][T10956]  dump_stack_lvl+0x189/0x250
[  372.702151][T10956]  ? __pfx____ratelimit+0x10/0x10
[  372.702178][T10956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.702202][T10956]  ? __pfx__printk+0x10/0x10
[  372.702238][T10956]  should_fail_ex+0x414/0x560
[  372.702275][T10956]  _copy_to_user+0x31/0xb0
[  372.702297][T10956]  simple_read_from_buffer+0xe1/0x170
[  372.702330][T10956]  proc_fail_nth_read+0x1df/0x250
[  372.702353][T10956]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  372.702376][T10956]  ? rw_verify_area+0x258/0x650
[  372.702398][T10956]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  372.702426][T10956]  vfs_read+0x200/0x980
[  372.702456][T10956]  ? __pfx___mutex_lock+0x10/0x10
[  372.702484][T10956]  ? __pfx_vfs_read+0x10/0x10
[  372.702509][T10956]  ? __fget_files+0x2a/0x420
[  372.702542][T10956]  ? __fget_files+0x3a0/0x420
[  372.702568][T10956]  ? __fget_files+0x2a/0x420
[  372.702604][T10956]  ksys_read+0x145/0x250
[  372.702631][T10956]  ? __pfx_ksys_read+0x10/0x10
[  372.702661][T10956]  ? do_syscall_64+0xbe/0x3b0
[  372.702692][T10956]  do_syscall_64+0xfa/0x3b0
[  372.702717][T10956]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.702742][T10956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.702762][T10956]  ? clear_bhb_loop+0x60/0xb0
[  372.702787][T10956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.702806][T10956] RIP: 0033:0x7f2b10f8d33c
[  372.702823][T10956] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  372.702841][T10956] RSP: 002b:00007f2b11eb9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  372.702862][T10956] RAX: ffffffffffffffda RBX: 00007f2b111b5fa0 RCX: 00007f2b10f8d33c
[  372.702878][T10956] RDX: 000000000000000f RSI: 00007f2b11eb90a0 RDI: 0000000000000007
[  372.702890][T10956] RBP: 00007f2b11eb9090 R08: 0000000000000000 R09: 0000000000000000
[  372.702902][T10956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.702914][T10956] R13: 0000000000000000 R14: 00007f2b111b5fa0 R15: 00007fff01e5e898
[  372.702946][T10956]  </TASK>
[  373.191901][ T5905] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  373.232398][ T5924] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  373.354744][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.379127][ T5905] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  373.392042][ T5905] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  373.401434][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.408716][ T5924] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  373.411086][ T5905] usb 3-1: Product: syz
[  373.425700][ T5905] usb 3-1: Manufacturer: syz
[  373.430330][ T5905] usb 3-1: SerialNumber: syz
[  373.435280][ T5924] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  373.435315][ T5924] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  373.435364][ T5924] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  373.435388][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.443025][T10964] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  373.462733][ T5905] usb 3-1: config 0 descriptor??
[  373.499947][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2066'.
[  373.721607][   T30] audit: type=1800 audit(1751604748.848:5): pid=10962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2058" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  374.650656][T11027] fuse: Bad value for 'fd'
[  374.867546][ T5924] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  374.890320][ T5924] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input63
[  374.982020][ T5905] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[  375.184775][ T5905] usb 1-1: Using ep0 maxpacket: 8
[  375.200920][ T5905] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  375.212293][ T5905] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  375.221502][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.249363][ T5905] usb 1-1: config 0 descriptor??
[  375.263529][ T5905] gspca_main: vc032x-2.14.0 probing 046d:0892
[  375.762214][ T5904] usb 3-1: USB disconnect, device number 92
[  376.008214][T11060] autofs: Unknown parameter '0x0000000000000004'
[  376.031125][  T983] usb 4-1: USB disconnect, device number 110
[  376.031181][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  376.261908][ T5904] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[  376.393197][T11070] fuse: Bad value for 'fd'
[  376.420798][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  376.450107][ T5904] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  376.464720][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.474834][ T5905] gspca_vc032x: reg_w err -71
[  376.479797][ T5905] vc032x 1-1:0.0: probe with driver vc032x failed with error -71
[  376.505701][ T5904] usb 2-1: config 0 descriptor??
[  376.519157][ T5905] usb 1-1: USB disconnect, device number 104
[  376.533263][T11059] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  376.759492][T11059] Invalid ELF header len 16
[  376.987002][ T5904] elan 0003:04F3:0755.0004: unknown main item tag 0x0
[  377.012531][ T5904] elan 0003:04F3:0755.0004: item fetching failed at offset 3/5
[  377.028227][ T5904] elan 0003:04F3:0755.0004: Hid Parse failed
[  377.055218][ T5904] elan 0003:04F3:0755.0004: probe with driver elan failed with error -22
[  377.201880][ T5904] usb 2-1: USB disconnect, device number 95
[  377.275235][T11088] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.2115'.
[  377.289054][T11088] fuse: Bad value for 'fd'
[  377.294186][ T5905] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  377.454111][ T5905] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  377.473045][ T5905] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  377.490465][ T5905] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  377.511897][ T5905] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  377.521103][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.559650][T11082] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  378.026504][T11110] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2125'.
[  378.036860][T11110] fuse: Bad value for 'fd'
[  378.190658][T11118] netlink: 'syz.0.2131': attribute type 1 has an invalid length.
[  378.552175][ T5978] usb 1-1: new full-speed USB device number 105 using dummy_hcd
[  378.692096][ T5978] usb 1-1: device descriptor read/64, error -71
[  378.772467][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  378.814989][T11135] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.2138'.
[  378.843081][T11135] fuse: Bad value for 'fd'
[  378.941911][ T5978] usb 1-1: new full-speed USB device number 106 using dummy_hcd
[  378.945845][ T5905] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  378.967846][ T5905] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input64
[  379.092083][ T5978] usb 1-1: device descriptor read/64, error -71
[  379.236158][ T5978] usb usb1-port1: attempt power cycle
[  379.591911][ T5978] usb 1-1: new full-speed USB device number 107 using dummy_hcd
[  379.623119][ T5978] usb 1-1: device descriptor read/8, error -71
[  379.863333][T11158] fuse: Bad value for 'fd'
[  379.882133][ T5978] usb 1-1: new full-speed USB device number 108 using dummy_hcd
[  379.924748][ T5978] usb 1-1: device descriptor read/8, error -71
[  380.033868][ T5978] usb usb1-port1: unable to enumerate USB device
[  380.067177][T11168] /dev/rnullb0: Can't open blockdev
[  380.099168][ T2152] usb 4-1: USB disconnect, device number 111
[  380.099251][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  380.373892][T11179] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  380.421829][T11182] fuse: Bad value for 'fd'
[  380.752685][ T2152] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  380.784057][T11204] fuse: Bad value for 'fd'
[  380.914058][ T2152] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  380.939370][ T2152] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  380.954100][ T2152] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  380.966608][ T2152] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  380.978507][ T2152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.007414][T11190] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  381.051122][T11217] FAULT_INJECTION: forcing a failure.
[  381.051122][T11217] name failslab, interval 1, probability 0, space 0, times 0
[  381.064481][T11217] CPU: 1 UID: 0 PID: 11217 Comm: syz.1.2173 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  381.064512][T11217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  381.064525][T11217] Call Trace:
[  381.064533][T11217]  <TASK>
[  381.064541][T11217]  dump_stack_lvl+0x189/0x250
[  381.064573][T11217]  ? __pfx____ratelimit+0x10/0x10
[  381.064607][T11217]  ? __pfx_dump_stack_lvl+0x10/0x10
[  381.064629][T11217]  ? __pfx__printk+0x10/0x10
[  381.064655][T11217]  ? __pfx___might_resched+0x10/0x10
[  381.064675][T11217]  ? fs_reclaim_acquire+0x7d/0x100
[  381.064707][T11217]  should_fail_ex+0x414/0x560
[  381.064744][T11217]  should_failslab+0xa8/0x100
[  381.064771][T11217]  __kmalloc_noprof+0xcb/0x4f0
[  381.064793][T11217]  ? tomoyo_encode+0x28b/0x550
[  381.064820][T11217]  tomoyo_encode+0x28b/0x550
[  381.064849][T11217]  tomoyo_realpath_from_path+0x58d/0x5d0
[  381.064884][T11217]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  381.064916][T11217]  tomoyo_path_number_perm+0x1e8/0x5a0
[  381.064950][T11217]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  381.065000][T11217]  ? __lock_acquire+0xab9/0xd20
[  381.065051][T11217]  ? __fget_files+0x2a/0x420
[  381.065082][T11217]  ? __fget_files+0x2a/0x420
[  381.065107][T11217]  ? __fget_files+0x3a0/0x420
[  381.065133][T11217]  ? __fget_files+0x2a/0x420
[  381.065164][T11217]  security_file_ioctl+0xcb/0x2d0
[  381.065196][T11217]  __se_sys_ioctl+0x47/0x170
[  381.065221][T11217]  do_syscall_64+0xfa/0x3b0
[  381.065246][T11217]  ? lockdep_hardirqs_on+0x9c/0x150
[  381.065271][T11217]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.065290][T11217]  ? clear_bhb_loop+0x60/0xb0
[  381.065314][T11217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.065334][T11217] RIP: 0033:0x7fe22498e929
[  381.065351][T11217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  381.065368][T11217] RSP: 002b:00007fe2258c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  381.065389][T11217] RAX: ffffffffffffffda RBX: 00007fe224bb5fa0 RCX: 00007fe22498e929
[  381.065404][T11217] RDX: 0000200000000180 RSI: 00000000c058565d RDI: 0000000000000003
[  381.065417][T11217] RBP: 00007fe2258c4090 R08: 0000000000000000 R09: 0000000000000000
[  381.065429][T11217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  381.065441][T11217] R13: 0000000000000000 R14: 00007fe224bb5fa0 R15: 00007fffd7d8d978
[  381.065473][T11217]  </TASK>
[  381.065519][T11217] ERROR: Out of memory at tomoyo_realpath_from_path.
[  381.477772][T11224] fuse: Bad value for 'fd'
[  381.911558][T11252] fuse: Bad value for 'fd'
[  382.481559][T11269] netlink: 'syz.2.2198': attribute type 1 has an invalid length.
[  382.506520][ T2152] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  382.535349][ T2152] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input65
[  382.764715][T11273] fuse: Bad value for 'fd'
[  382.786602][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  382.799660][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  382.809087][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  382.818458][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  382.827138][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  383.105830][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.221263][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.329232][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.464504][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.576617][ T5904] usb 4-1: USB disconnect, device number 112
[  383.576708][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  383.627245][T11297] fuse: Bad value for 'fd'
[  383.737485][T11275] chnl_net:caif_netlink_parms(): no params data found
[  384.027226][   T12] bridge_slave_1: left allmulticast mode
[  384.035784][   T12] bridge_slave_1: left promiscuous mode
[  384.043684][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.058761][   T12] bridge_slave_0: left allmulticast mode
[  384.067762][   T12] bridge_slave_0: left promiscuous mode
[  384.073986][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.414788][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  384.427573][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  384.439904][   T12] bond0 (unregistering): Released all slaves
[  384.523883][T11275] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.549797][T11275] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.570612][T11275] bridge_slave_0: entered allmulticast mode
[  384.595412][T11275] bridge_slave_0: entered promiscuous mode
[  384.622301][T11275] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.638473][T11275] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.653243][   T12] IPVS: stopping master sync thread 6382 ...
[  384.656454][T11275] bridge_slave_1: entered allmulticast mode
[  384.667730][T11275] bridge_slave_1: entered promiscuous mode
[  384.717119][T11320] fuse: Bad value for 'fd'
[  384.718183][ T5845] Bluetooth: hci1: unexpected event for opcode 0x1003
[  384.836245][ T5978] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  384.912016][ T5845] Bluetooth: hci2: command tx timeout
[  384.983654][T11275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.004605][ T5978] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  385.022654][T11275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.032255][ T5978] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  385.051935][ T5978] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  385.081247][ T5978] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  385.104753][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.120474][T11316] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  385.308108][T11275] team0: Port device team_slave_0 added
[  385.356393][T11275] team0: Port device team_slave_1 added
[  385.380535][   T12] hsr_slave_0: left promiscuous mode
[  385.405712][   T12] hsr_slave_1: left promiscuous mode
[  385.425992][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  385.446376][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  385.467457][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  385.502060][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  385.580955][   T12] veth1_macvtap: left promiscuous mode
[  385.587700][   T12] veth0_macvtap: left promiscuous mode
[  385.597528][   T12] veth1_vlan: left promiscuous mode
[  385.603129][   T12] veth0_vlan: left promiscuous mode
[  386.271187][   T12] team0 (unregistering): Port device team_slave_1 removed
[  386.310363][   T12] team0 (unregistering): Port device team_slave_0 removed
[  386.536745][ T5978] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  386.551006][ T5978] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input66
[  386.973420][T11275] batman_adv: batadv0: Adding interface: batadv_slave_0
[  386.992194][ T5845] Bluetooth: hci2: command tx timeout
[  386.997976][T11275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  387.023906][    C1] ==================================================================
[  387.023926][    C1] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0
[  387.023960][    C1] Write of size 8 at addr ffff888024092a40 by task syz-executor/11275
[  387.023978][    C1] 
[  387.023990][    C1] CPU: 1 UID: 0 PID: 11275 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  387.024014][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  387.024027][    C1] Call Trace:
[  387.024035][    C1]  <IRQ>
[  387.024043][    C1]  dump_stack_lvl+0x189/0x250
[  387.024067][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  387.024090][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.024109][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  387.024131][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.024151][    C1]  ? lock_release+0x4b/0x3e0
[  387.024181][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  387.024203][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  387.024228][    C1]  print_report+0xd2/0x2b0
[  387.024254][    C1]  ? flush_tlb_func+0x23d/0x6c0
[  387.024278][    C1]  kasan_report+0x118/0x150
[  387.024302][    C1]  ? flush_tlb_func+0x23d/0x6c0
[  387.024330][    C1]  kasan_check_range+0x2b0/0x2c0
[  387.024355][    C1]  flush_tlb_func+0x23d/0x6c0
[  387.024385][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.024408][    C1]  ? sched_clock_cpu+0x74/0x430
[  387.024428][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.024448][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.024473][    C1]  __flush_smp_call_function_queue+0x370/0xaa0
[  387.024495][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.024521][    C1]  __sysvec_call_function_single+0xa8/0x3d0
[  387.024549][    C1]  sysvec_call_function_single+0x9e/0xc0
[  387.024573][    C1]  </IRQ>
[  387.024580][    C1]  <TASK>
[  387.024588][    C1]  asm_sysvec_call_function_single+0x1a/0x20
[  387.024609][    C1] RIP: 0010:console_flush_all+0x7f7/0xc40
[  387.024635][    C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24
[  387.024653][    C1] RSP: 0018:ffffc9000ada69a0 EFLAGS: 00000293
[  387.024672][    C1] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: ffff888029c5bc00
[  387.024688][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  387.024701][    C1] RBP: ffffc9000ada6af0 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  387.024716][    C1] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000
[  387.024731][    C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740
[  387.024756][    C1]  ? console_flush_all+0x13a/0xc40
[  387.024794][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  387.024818][    C1]  ? kasan_save_track+0x4f/0x80
[  387.024841][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  387.024871][    C1]  console_unlock+0xc4/0x270
[  387.024892][    C1]  ? __pfx_console_unlock+0x10/0x10
[  387.024915][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  387.024943][    C1]  vprintk_emit+0x5b7/0x7a0
[  387.024965][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  387.024984][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  387.025022][    C1]  _printk+0xcf/0x120
[  387.025047][    C1]  ? __pfx__printk+0x10/0x10
[  387.025071][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  387.025097][    C1]  batadv_hardif_enable_interface+0x7b9/0xa30
[  387.025131][    C1]  batadv_meshif_slave_add+0x79/0x100
[  387.025162][    C1]  do_set_master+0x533/0x6d0
[  387.025197][    C1]  do_setlink+0xcf0/0x41c0
[  387.025227][    C1]  ? trace_sched_exit_tp+0x38/0x120
[  387.025259][    C1]  ? __pfx_do_setlink+0x10/0x10
[  387.025289][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.025321][    C1]  ? do_raw_spin_lock+0x121/0x290
[  387.025350][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  387.025373][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.025398][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  387.025421][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  387.025446][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.025467][    C1]  ? __mutex_lock+0xa6d/0xe80
[  387.025493][    C1]  ? __mutex_lock+0x51b/0xe80
[  387.025521][    C1]  ? rtnl_newlink+0x8db/0x1c70
[  387.025548][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  387.025579][    C1]  ? ns_capable+0x8a/0xf0
[  387.025597][    C1]  ? rtnl_link_get_net_capable+0x16a/0x350
[  387.025629][    C1]  rtnl_newlink+0x160b/0x1c70
[  387.025661][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  387.025691][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.025725][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.025764][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  387.025803][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  387.025833][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  387.025863][    C1]  ? kernel_text_address+0xa5/0xe0
[  387.025889][    C1]  ? __kernel_text_address+0xd/0x40
[  387.025913][    C1]  ? unwind_get_return_address+0x4d/0x90
[  387.025937][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.025976][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  387.026002][    C1]  rtnetlink_rcv_msg+0x7cf/0xb70
[  387.026031][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  387.026057][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  387.026093][    C1]  netlink_rcv_skb+0x208/0x470
[  387.026121][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  387.026149][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  387.026181][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  387.026207][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  387.026236][    C1]  netlink_unicast+0x75b/0x8d0
[  387.026267][    C1]  netlink_sendmsg+0x805/0xb30
[  387.026300][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.026339][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[  387.026361][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  387.026391][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.026419][    C1]  __sock_sendmsg+0x219/0x270
[  387.026445][    C1]  __sys_sendto+0x3bd/0x520
[  387.026474][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  387.026510][    C1]  ? fput_close_sync+0x119/0x200
[  387.026536][    C1]  ? __pfx_fput_close_sync+0x10/0x10
[  387.026558][    C1]  __x64_sys_sendto+0xde/0x100
[  387.026589][    C1]  do_syscall_64+0xfa/0x3b0
[  387.026616][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.026635][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  387.026656][    C1]  ? clear_bhb_loop+0x60/0xb0
[  387.026678][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.026697][    C1] RIP: 0033:0x7f8524d907bc
[  387.026715][    C1] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  387.026733][    C1] RSP: 002b:00007ffd61c28750 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  387.026754][    C1] RAX: ffffffffffffffda RBX: 00007f8525ae4620 RCX: 00007f8524d907bc
[  387.026770][    C1] RDX: 0000000000000028 RSI: 00007f8525ae4670 RDI: 0000000000000003
[  387.026789][    C1] RBP: 0000000000000000 R08: 00007ffd61c287a4 R09: 000000000000000c
[  387.026802][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  387.026814][    C1] R13: 0000000000000000 R14: 00007f8525ae4670 R15: 0000000000000000
[  387.026836][    C1]  </TASK>
[  387.026844][    C1] 
[  387.026858][    C1] Allocated by task 5834:
[  387.026870][    C1]  kasan_save_track+0x3e/0x80
[  387.026889][    C1]  __kasan_slab_alloc+0x6c/0x80
[  387.026909][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  387.026930][    C1]  copy_mm+0xdb/0x4b0
[  387.026948][    C1]  copy_process+0x1706/0x3c00
[  387.026966][    C1]  kernel_clone+0x21e/0x870
[  387.026987][    C1]  __x64_sys_clone+0x18b/0x1e0
[  387.027008][    C1]  do_syscall_64+0xfa/0x3b0
[  387.027032][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.027051][    C1] 
[  387.027056][    C1] Freed by task 11345:
[  387.027066][    C1]  kasan_save_track+0x3e/0x80
[  387.027084][    C1]  kasan_save_free_info+0x46/0x50
[  387.027111][    C1]  __kasan_slab_free+0x62/0x70
[  387.027130][    C1]  kmem_cache_free+0x18f/0x400
[  387.027151][    C1]  exit_mm+0x1da/0x2c0
[  387.027173][    C1]  do_exit+0x648/0x2300
[  387.027195][    C1]  do_group_exit+0x21c/0x2d0
[  387.027218][    C1]  get_signal+0x1286/0x1340
[  387.027245][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  387.027272][    C1]  exit_to_user_mode_loop+0x75/0x110
[  387.027299][    C1]  do_syscall_64+0x2bd/0x3b0
[  387.027323][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.027341][    C1] 
[  387.027348][    C1] The buggy address belongs to the object at ffff888024092040
[  387.027348][    C1]  which belongs to the cache mm_struct of size 2584
[  387.027366][    C1] The buggy address is located 2560 bytes inside of
[  387.027366][    C1]  freed 2584-byte region [ffff888024092040, ffff888024092a58)
[  387.027387][    C1] 
[  387.027393][    C1] The buggy address belongs to the physical page:
[  387.027404][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24090
[  387.027424][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  387.027440][    C1] memcg:ffff888075553701
[  387.027450][    C1] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  387.027475][    C1] page_type: f5(slab)
[  387.027494][    C1] raw: 00fff00000000040 ffff88801a84bb40 ffffea000084c200 dead000000000003
[  387.027513][    C1] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888075553701
[  387.027534][    C1] head: 00fff00000000040 ffff88801a84bb40 ffffea000084c200 dead000000000003
[  387.027552][    C1] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888075553701
[  387.027570][    C1] head: 00fff00000000003 ffffea0000902401 00000000ffffffff 00000000ffffffff
[  387.027587][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  387.027599][    C1] page dumped because: kasan: bad access detected
[  387.027614][    C1] page_owner tracks the page as allocated
[  387.027623][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5498, tgid 5498 (dhcpcd), ts 62788623458, free_ts 62263270411
[  387.027659][    C1]  post_alloc_hook+0x240/0x2a0
[  387.027682][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  387.027708][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  387.027735][    C1]  alloc_pages_mpol+0x232/0x4a0
[  387.027757][    C1]  allocate_slab+0x8a/0x370
[  387.027790][    C1]  ___slab_alloc+0xbeb/0x1410
[  387.027813][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[  387.027833][    C1]  copy_mm+0xdb/0x4b0
[  387.027851][    C1]  copy_process+0x1706/0x3c00
[  387.027869][    C1]  kernel_clone+0x21e/0x870
[  387.027889][    C1]  __x64_sys_clone+0x18b/0x1e0
[  387.027909][    C1]  do_syscall_64+0xfa/0x3b0
[  387.027934][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.027952][    C1] page last free pid 9 tgid 9 stack trace:
[  387.027964][    C1]  __free_frozen_pages+0xb80/0xd80
[  387.027986][    C1]  __put_partials+0x156/0x1a0
[  387.028010][    C1]  put_cpu_partial+0x17c/0x250
[  387.028034][    C1]  __slab_free+0x2d5/0x3c0
[  387.028058][    C1]  qlist_free_all+0x97/0x140
[  387.028075][    C1]  kasan_quarantine_reduce+0x148/0x160
[  387.028093][    C1]  __kasan_slab_alloc+0x22/0x80
[  387.028114][    C1]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  387.028135][    C1]  __alloc_skb+0x112/0x2d0
[  387.028162][    C1]  mld_newpack+0x13c/0xc40
[  387.028178][    C1]  add_grhead+0x5a/0x2a0
[  387.028193][    C1]  add_grec+0x13b2/0x1670
[  387.028221][    C1]  mld_ifc_work+0x6e6/0xde0
[  387.028247][    C1]  process_scheduled_works+0xae1/0x17b0
[  387.028276][    C1]  worker_thread+0x8a0/0xda0
[  387.028293][    C1]  kthread+0x70e/0x8a0
[  387.028315][    C1] 
[  387.028320][    C1] Memory state around the buggy address:
[  387.028332][    C1]  ffff888024092900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  387.028346][    C1]  ffff888024092980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  387.028360][    C1] >ffff888024092a00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[  387.028371][    C1]                                            ^
[  387.028383][    C1]  ffff888024092a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  387.028397][    C1]  ffff888024092b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  387.028408][    C1] ==================================================================
[  387.028427][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  387.028442][    C1] CPU: 1 UID: 0 PID: 11275 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  387.028466][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  387.028479][    C1] Call Trace:
[  387.028487][    C1]  <IRQ>
[  387.028496][    C1]  dump_stack_lvl+0x99/0x250
[  387.028520][    C1]  ? __asan_memcpy+0x40/0x70
[  387.028539][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  387.028558][    C1]  ? __pfx__printk+0x10/0x10
[  387.028584][    C1]  panic+0x2db/0x790
[  387.028604][    C1]  ? __pfx_panic+0x10/0x10
[  387.028625][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  387.028650][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  387.028673][    C1]  ? print_memory_metadata+0x314/0x400
[  387.028703][    C1]  ? flush_tlb_func+0x23d/0x6c0
[  387.028727][    C1]  check_panic_on_warn+0x89/0xb0
[  387.028759][    C1]  ? flush_tlb_func+0x23d/0x6c0
[  387.028799][    C1]  end_report+0x78/0x160
[  387.028822][    C1]  kasan_report+0x129/0x150
[  387.028846][    C1]  ? flush_tlb_func+0x23d/0x6c0
[  387.028875][    C1]  kasan_check_range+0x2b0/0x2c0
[  387.028900][    C1]  flush_tlb_func+0x23d/0x6c0
[  387.028930][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.028953][    C1]  ? sched_clock_cpu+0x74/0x430
[  387.028974][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.028993][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.029018][    C1]  __flush_smp_call_function_queue+0x370/0xaa0
[  387.029040][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  387.029067][    C1]  __sysvec_call_function_single+0xa8/0x3d0
[  387.029094][    C1]  sysvec_call_function_single+0x9e/0xc0
[  387.029119][    C1]  </IRQ>
[  387.029127][    C1]  <TASK>
[  387.029135][    C1]  asm_sysvec_call_function_single+0x1a/0x20
[  387.029156][    C1] RIP: 0010:console_flush_all+0x7f7/0xc40
[  387.029181][    C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24
[  387.029199][    C1] RSP: 0018:ffffc9000ada69a0 EFLAGS: 00000293
[  387.029219][    C1] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: ffff888029c5bc00
[  387.029235][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  387.029249][    C1] RBP: ffffc9000ada6af0 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  387.029264][    C1] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000
[  387.029280][    C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740
[  387.029307][    C1]  ? console_flush_all+0x13a/0xc40
[  387.029334][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  387.029358][    C1]  ? kasan_save_track+0x4f/0x80
[  387.029379][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  387.029407][    C1]  console_unlock+0xc4/0x270
[  387.029428][    C1]  ? __pfx_console_unlock+0x10/0x10
[  387.029451][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  387.029479][    C1]  vprintk_emit+0x5b7/0x7a0
[  387.029502][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  387.029522][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  387.029560][    C1]  _printk+0xcf/0x120
[  387.029584][    C1]  ? __pfx__printk+0x10/0x10
[  387.029609][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  387.029635][    C1]  batadv_hardif_enable_interface+0x7b9/0xa30
[  387.029669][    C1]  batadv_meshif_slave_add+0x79/0x100
[  387.029701][    C1]  do_set_master+0x533/0x6d0
[  387.029735][    C1]  do_setlink+0xcf0/0x41c0
[  387.029766][    C1]  ? trace_sched_exit_tp+0x38/0x120
[  387.029805][    C1]  ? __pfx_do_setlink+0x10/0x10
[  387.029836][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.029869][    C1]  ? do_raw_spin_lock+0x121/0x290
[  387.029897][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  387.029921][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.029947][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  387.029970][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  387.029996][    C1]  ? rcu_is_watching+0x15/0xb0
[  387.030017][    C1]  ? __mutex_lock+0xa6d/0xe80
[  387.030044][    C1]  ? __mutex_lock+0x51b/0xe80
[  387.030073][    C1]  ? rtnl_newlink+0x8db/0x1c70
[  387.030101][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  387.030133][    C1]  ? ns_capable+0x8a/0xf0
[  387.030152][    C1]  ? rtnl_link_get_net_capable+0x16a/0x350
[  387.030184][    C1]  rtnl_newlink+0x160b/0x1c70
[  387.030217][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  387.030248][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.030283][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.030322][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  387.030355][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  387.030384][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  387.030416][    C1]  ? kernel_text_address+0xa5/0xe0
[  387.030442][    C1]  ? __kernel_text_address+0xd/0x40
[  387.030468][    C1]  ? unwind_get_return_address+0x4d/0x90
[  387.030493][    C1]  ? __lock_acquire+0xab9/0xd20
[  387.030534][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  387.030560][    C1]  rtnetlink_rcv_msg+0x7cf/0xb70
[  387.030588][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  387.030615][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  387.030651][    C1]  netlink_rcv_skb+0x208/0x470
[  387.030678][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  387.030706][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  387.030739][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  387.030766][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  387.030802][    C1]  netlink_unicast+0x75b/0x8d0
[  387.030833][    C1]  netlink_sendmsg+0x805/0xb30
[  387.030866][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.030896][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[  387.030920][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  387.030948][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.030977][    C1]  __sock_sendmsg+0x219/0x270
[  387.031003][    C1]  __sys_sendto+0x3bd/0x520
[  387.031033][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  387.031069][    C1]  ? fput_close_sync+0x119/0x200
[  387.031094][    C1]  ? __pfx_fput_close_sync+0x10/0x10
[  387.031118][    C1]  __x64_sys_sendto+0xde/0x100
[  387.031149][    C1]  do_syscall_64+0xfa/0x3b0
[  387.031176][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.031195][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  387.031216][    C1]  ? clear_bhb_loop+0x60/0xb0
[  387.031239][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.031259][    C1] RIP: 0033:0x7f8524d907bc
[  387.031275][    C1] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  387.031293][    C1] RSP: 002b:00007ffd61c28750 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  387.031314][    C1] RAX: ffffffffffffffda RBX: 00007f8525ae4620 RCX: 00007f8524d907bc
[  387.031330][    C1] RDX: 0000000000000028 RSI: 00007f8525ae4670 RDI: 0000000000000003
[  387.031343][    C1] RBP: 0000000000000000 R08: 00007ffd61c287a4 R09: 000000000000000c
[  387.031357][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  387.031370][    C1] R13: 0000000000000000 R14: 00007f8525ae4670 R15: 0000000000000000
[  387.031392][    C1]  </TASK>
[  387.031683][    C1] Kernel Offset: disabled