last executing test programs:

6m48.296514792s ago: executing program 3 (id=1075):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x37, @string={0x37, 0x3, "e27ca40d78b519993f5161cd95eaf8d457259d63355e90c6130f2914e1a1953d1eeeb0ad90582d0809d2695805ced99df7f6de4541"}}}, &(0x7f0000000540)={0x34, &(0x7f0000000280)={0x40, 0x16, 0x58, "5f7acbcd0276b3ad7857bc13994604db06e1951d46300ef5086c9cb3ca990a9d52053666696c0d8e7c50afac6093a56894353d254cb4b09b7cc9b27800014b5cbb928b96f4530af316c1e2fcd6cb82cf39895162feda3fd8"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000480)={0x20, 0x0, 0xad, {0xab, "63856291177ffd833a26a71bfdd7475a2eb480370a24f462df124fafe7c63d16e1afbac3425aaa9e5a91de54b0d428e1b3d25d770d3168307a24dffb6f4f7720baa390b0c2303de1e77f15d33f3838760a7e0b550f50d53057bdf5c0d7693b3cc459c4dc64e0210d3c35dd5b38ad0e26f5620ab56edd0908d67dc57af87d358b02e55fa93efebf6810c188fd84b2cdb0a5df1e919cd3a59484a811c41148b89b19a90eaddc54e2de642468"}}, 0x0, &(0x7f00000003c0)={0x20, 0x0, 0x1, 0x8}})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000795d6c08450c01806dc4010203010902124d36000000000904"], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

6m47.022766387s ago: executing program 3 (id=1094):
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x100002d4, 0x190, 0x0, 0x0, 0xdd9f83, 0x1, 0x9, 0x200, 0x2, 0x1, 0x722, 0xed, 0x2800, 0x7f, 0x3b, 0x0, {0xfff, 0x6fd8e84b}, 0x3, 0xed}})
ioctl$VIDIOC_G_JPEGCOMP(0xffffffffffffffff, 0x808c563d, &(0x7f0000000000))

6m46.916656477s ago: executing program 3 (id=1095):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe8050001000600000005000500020000000500040000000000090002"], 0x5c}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0xf5}, 0x58)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

6m46.886269346s ago: executing program 3 (id=1097):
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)={0x100, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @generic="590dde9a7f3a37e26c7e4a3b6de268a707b621dc47d7dce1aa744509637a8e83f21f6cdac09ceccf8f776f8bf32dfd77128354cb08365f05953339000f8b96f288212d62af3d65b5feb4f6b9766154a0dd1ef2b838b9d7219db882b02995dd120a67cee16b09758612a57ed88f0a4d7df417e40cc102fd744ae51bead8d5539d2067494785139f06a54a846ba4e4e1613bf2e9f0ba0e03e697a25317d50ddb806c4d9a929f811861891e77c38e0149c7bec0c2e61a81b8d092270d6800b87ef0d7d1431f5dd3e1353a89c08e01ac39a12a437daa5ed405354629f17ec83f25318423f9d186"]}, 0x100}], 0x1}, 0xb000000)

6m46.752581392s ago: executing program 3 (id=1098):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11c}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_DESC={0xc, 0x18, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x0)

6m46.713821587s ago: executing program 3 (id=1099):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)="d8000000180081054e81f782db44b904021d005c06007c09e8fed9e40a00154002001426c1e1b8c708001e0000000401a80016000800024009001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee7a7cef4090000001fb791643a5ee4ce1b14d6d93059dac7149393cccfbd6761e627d4c12cdfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a502504000000fa09d5e14ace69ed0bffece0b42a9ecbee5d81320344d2f16af094531c7fe95aa049a240db2d68a5b23564b8808b", 0xd8}], 0x1}, 0x400a044)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
openat$cgroup_type(r2, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x10903411, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
mkdirat(r6, &(0x7f0000000100)='./file0\x00', 0x4)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f00000003c0)={0x0, 0x8}, 0x8)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r9, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r5, 0xc00464af, &(0x7f0000000140)=r10)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r4, 0x0, 0x2, 0x2}}, 0x20)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$CLEAR(r11, 0x3b88, &(0x7f0000000140)={0xc})
socket$inet_sctp(0x2, 0x5, 0x84)
sendfile(r11, r0, 0x0, 0x20000007fffeffc)

6m31.501216942s ago: executing program 32 (id=1099):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)="d8000000180081054e81f782db44b904021d005c06007c09e8fed9e40a00154002001426c1e1b8c708001e0000000401a80016000800024009001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee7a7cef4090000001fb791643a5ee4ce1b14d6d93059dac7149393cccfbd6761e627d4c12cdfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a502504000000fa09d5e14ace69ed0bffece0b42a9ecbee5d81320344d2f16af094531c7fe95aa049a240db2d68a5b23564b8808b", 0xd8}], 0x1}, 0x400a044)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
openat$cgroup_type(r2, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x10903411, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
mkdirat(r6, &(0x7f0000000100)='./file0\x00', 0x4)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f00000003c0)={0x0, 0x8}, 0x8)
r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r9, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r5, 0xc00464af, &(0x7f0000000140)=r10)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r4, 0x0, 0x2, 0x2}}, 0x20)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$CLEAR(r11, 0x3b88, &(0x7f0000000140)={0xc})
socket$inet_sctp(0x2, 0x5, 0x84)
sendfile(r11, r0, 0x0, 0x20000007fffeffc)

2m33.66707117s ago: executing program 0 (id=3144):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd2c, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x33f}]}, 0x34}}, 0xfffffffc)

2m33.515387041s ago: executing program 0 (id=3148):
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x82, 0x24, 0x37, 0x40, 0x6cd, 0x102, 0x501e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x8, 0x20, 0x4, [{{0x9, 0x4, 0x3b, 0x5, 0x0, 0x86, 0x80, 0x71, 0x9}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0x3009}}]})
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000002700)={&(0x7f0000002640)=[{0x50, 0x801, 0x0, 0x0}, {0x6, 0x1000, 0x0, &(0x7f00000002c0)}], 0x2})

2m31.936367237s ago: executing program 0 (id=3157):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="00c10100bbbbbbbbbbbbaaaaaaaaaa3088a84d008100660086dd6eb3d5f0019511ff"], 0x1d7)

2m31.692803239s ago: executing program 0 (id=3158):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0xf, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x8000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000480)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff00000000000000000000000000000008000300", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})

2m31.659418144s ago: executing program 0 (id=3159):
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1000, 0x0)
fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0/file0\x00', 0x1)
r0 = open(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
fcntl$lock(r0, 0x9, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x269010000, 0xffffffffffffffff})
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0)

2m30.728286786s ago: executing program 0 (id=3166):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140))
r2 = userfaultfd(0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xc4)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r4, &(0x7f00000002c0)=[{&(0x7f0000000540)=""/92, 0x5c}], 0x1)
mmap(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x1000001, 0x4010, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="080008000000000000001400000045ab001c00660000501190787f000001e0000008907884d36ca2bb3e09ef1f9417aa5b8200ea59fc4085751262db673c79970ef2c7e21d0fb775d4bebcb71f7cb3f73a251874bf8271f4b24a9736fa8e2faeb1a6a69dd63caa82733b4cafea134d6203e436d6efbd69067160328d8b37347bd6dd5233e1c7a65615492f1e142ba0db1b1590c418b97626c19cf9790e231eb4df374a09e905b48804f9e59a70e52ab8bb39208a4bf8e5"], 0x2a)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8002, 0xe4)
r7 = dup2(r1, r1)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r8, &(0x7f0000000a40)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000100)="02", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r8, 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r8, 0x84, 0x70, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010102}}, [0xffffffff80000000, 0x7, 0x7c, 0x8, 0x1, 0x3, 0x7, 0x7fffffff, 0xffffffffffffffff, 0x3, 0x2, 0xfffffffffffffffc, 0x2, 0x5, 0x7]}, &(0x7f0000000440)=0x100)
read$FUSE(r7, &(0x7f0000004d80)={0x2020}, 0x2020)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)

2m15.604144915s ago: executing program 33 (id=3166):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140))
r2 = userfaultfd(0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xc4)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r4, &(0x7f00000002c0)=[{&(0x7f0000000540)=""/92, 0x5c}], 0x1)
mmap(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x1000001, 0x4010, 0xffffffffffffffff, 0x0)
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="080008000000000000001400000045ab001c00660000501190787f000001e0000008907884d36ca2bb3e09ef1f9417aa5b8200ea59fc4085751262db673c79970ef2c7e21d0fb775d4bebcb71f7cb3f73a251874bf8271f4b24a9736fa8e2faeb1a6a69dd63caa82733b4cafea134d6203e436d6efbd69067160328d8b37347bd6dd5233e1c7a65615492f1e142ba0db1b1590c418b97626c19cf9790e231eb4df374a09e905b48804f9e59a70e52ab8bb39208a4bf8e5"], 0x2a)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8002, 0xe4)
r7 = dup2(r1, r1)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r8, &(0x7f0000000a40)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000100)="02", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r8, 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r8, 0x84, 0x70, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010102}}, [0xffffffff80000000, 0x7, 0x7c, 0x8, 0x1, 0x3, 0x7, 0x7fffffff, 0xffffffffffffffff, 0x3, 0x2, 0xfffffffffffffffc, 0x2, 0x5, 0x7]}, &(0x7f0000000440)=0x100)
read$FUSE(r7, &(0x7f0000004d80)={0x2020}, 0x2020)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)

13.514325453s ago: executing program 1 (id=4119):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x2, 0x18, 0x0, {0x0, 0x2007}, {0x9, 0x3, 0xfffffffe}, {0x40000000, 0xffff0000}, {0x1000000, 0x0, 0x1}, 0x0, 0x3f0, 0x0, 0x4d613, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x39, 0x1, 0x1, 0x1})

13.279105988s ago: executing program 1 (id=4121):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x45932000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0)

13.028808592s ago: executing program 1 (id=4123):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000002000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000568000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a3000000000"], 0xf0}}, 0x0)

12.891436409s ago: executing program 1 (id=4124):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x2000000}}, 0x84}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

12.66060778s ago: executing program 1 (id=4126):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x37, @string={0x37, 0x3, "e27ca40d78b519993f5161cd95eaf8d457259d63355e90c6130f2914e1a1953d1eeeb0ad90582d0809d2695805ced99df7f6de4541"}}}, &(0x7f0000000540)={0x34, &(0x7f0000000280)={0x40, 0x16, 0x58, "5f7acbcd0276b3ad7857bc13994604db06e1951d46300ef5086c9cb3ca990a9d52053666696c0d8e7c50afac6093a56894353d254cb4b09b7cc9b27800014b5cbb928b96f4530af316c1e2fcd6cb82cf39895162feda3fd8"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000480)={0x20, 0x0, 0xad, {0xab, "63856291177ffd833a26a71bfdd7475a2eb480370a24f462df124fafe7c63d16e1afbac3425aaa9e5a91de54b0d428e1b3d25d770d3168307a24dffb6f4f7720baa390b0c2303de1e77f15d33f3838760a7e0b550f50d53057bdf5c0d7693b3cc459c4dc64e0210d3c35dd5b38ad0e26f5620ab56edd0908d67dc57af87d358b02e55fa93efebf6810c188fd84b2cdb0a5df1e919cd3a59484a811c41148b89b19a90eaddc54e2de642468"}}, 0x0, &(0x7f00000003c0)={0x20, 0x0, 0x1, 0x8}})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000795d6c08450c01806dc4010203010902124d36000000000904"], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff0802110000"], 0x6f4}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

10.634892249s ago: executing program 1 (id=4145):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x7}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720fff500054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9d", 0x1cb}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d729f3dd409d39ff6d5cca", 0x46}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3a9", 0x50}], 0x4, 0x0, 0x0, 0x900}}], 0x2, 0x0)

9.58083262s ago: executing program 5 (id=4150):
syz_usb_connect$uac1(0x3, 0xcf, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x3, 0x1, 0x3, 0x40, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0xa}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x100, 0x5, 0x6, 0xb}, @mixer_unit={0x5, 0x24, 0x4, 0x5, 0xf1}, @mixer_unit={0x7, 0x24, 0x4, 0x3, 0x84, "830d"}, @selector_unit={0x8, 0x24, 0x5, 0x5, 0x7, "795703"}, @feature_unit={0x13, 0x24, 0x6, 0x2, 0x6, 0x6, [0x4, 0x5, 0xa, 0x4, 0x5, 0xa], 0xe9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xfb, 0xbf, 0x1001}, @as_header={0x7, 0x24, 0x1, 0x5, 0x47}, @as_header={0x7, 0x24, 0x1, 0x0, 0x1}, @as_header={0x7, 0x24, 0x1, 0x5, 0xaa, 0x4}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xb7, 0x4, 0x4, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x0, 0xa, 0x1, {0x7, 0x25, 0x1, 0x0, 0xfa, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x7f, 0x4, 0x6, 0x9, "b507"}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x7, 0x9, 0x0, {0x7, 0x25, 0x1, 0x183, 0x6a, 0xfff3}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0x3, 0x4, 0xd9, 0xff, 0x6}, 0x24b, &(0x7f0000000140)={0x5, 0xf, 0x24b, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x3, 0x9, 0x2}, @generic={0xfd, 0x10, 0x1, "6eb530a331a73d1a040ed092638b46eed02f9245047ba6cb5093e24bb40c3b836fb2677987eb1b3784c10a1a520a633569a563d0b3cd43050b1a736e9c2fa769c8c4f1989e49314a1d66f66a04e66f2cbf6648a78777eff4c1e6c1a1213a4c380af062858dd8df7ba7f3c11d5be9e0993c14e5fc532bb7847650b16d13b9317f57e1e074a5a2dc8b34e1a5f120b1758eb3e122d2a5dca634bcef7b5a4478bb6fc19b2c3bdca2a971b41ae97d38693a9f9ad571657bedfc827dba567d24c55e8316f1f68bff6fbf94c298a9d547653bea0c7d656c26b3d2cc8f2c8fde98d0fc0bddd9643b4f1ccee820a0de2ce63804bd6865c17e7a1bfddd96d3"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x41, 0x2, 0x6, 0x10, 0xf}, @generic={0x52, 0x10, 0x3, "83c8e14af42a211aa48d76b5f69f3bf6d4acacfd7fc860465381ca2d99c0a8f26db0ae442440b33ce58bc7b2f508cb601acba04bf6d6bcde2ec2a804c84f97cc69ed5878fe6f5771adddcb877abc14"}, @generic={0xe2, 0x10, 0x2, "d03316f3018477f95a738e881dba6ba7ad3fe555b8c7b87aadb1ad534d2c166f32aa8dd5484d65a327cce8bb6ba0ed8f244317d88f39d24be3a0af6c12959effe885c1fb9dc992b999008d4efa10275c76a88efcf3dff7aa80326d08cb42f7288709a5eedcbf02b702be07c4f5c83303c3db4d2923260551b765fa773c8beec724b4407e2e57550392bb5a93cf6817296d7563c3b834db8156e7ba7eb8786fe8abc4dda55b1a91e8525efc68c76627403eda529ddd63f84edc91928a0951c75ff4fd4c7fd625f2c2d2ddb0263f287518c1baa31990220876d9969e57ec5f29"}]}, 0x1, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x444}}]})
syz_usb_connect(0x4, 0x3b9, &(0x7f0000000440)={{0x12, 0x1, 0x250, 0x9b, 0x6c, 0x70, 0x20, 0x19d2, 0x78, 0xbf34, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3a7, 0x1, 0x7, 0xd2, 0x20, 0x6e, [{{0x9, 0x4, 0x5a, 0x6, 0xa, 0xd5, 0x21, 0xfc, 0x9, [@uac_as, @generic={0xac, 0x21, "ac5ac09ae647e150429e00b82876e731e0f4da23960befb156987b2c1c21749a0da52f2a8544090267c83f728292d9cc52d84aae00fee6a4e14e1eaa4b819de43d9ba96d667c4eed4013b664c2c0dac31ce1e874be08a81ea2d905ddb16d47fa1ebbc953632ab0d343bcc8ffa34158e7c30d6d5085079c788a5cada167f76a4d8dad1936af86c81e6ac08ba19bcb5d105b0bae88e7e89aaa78958dbcde46b4daf6494fdb47cbc26c8224"}], [{{0x9, 0x5, 0x9, 0x10, 0x60, 0x0, 0x40, 0x5}}, {{0x9, 0x5, 0xb, 0xc, 0x400, 0x9, 0xfc, 0x1, [@generic={0xf2, 0xa, "9ba156fcf91c13b829dff6c0cdb1e7388ef5841c19fecc2bf47cd090711825bef305d2be0a3eb98e2d0d267b743dde6b17cce65dc840dc22c84999ffa3167ce72896c3e9962df249e7bc81062afd408a7aa62576c570319031b7976b0fefa86accf806495bf5a1910518a2ef370ea47b7288f37e12bef12edf9d76cf6f6b0748876db5d97ac0a0586140b0a7f74dc18b55cbd9b047ad8fa61e78396da41ef9285451a3e26ab34aa36c94e4b1a7ed83c30bd2473976ae0d4febf6c4e412e2d970358a18b7f3703838d046dd2ee20a0fb10730f950eb77545af9d469cee358de5f6f4beb34ab44e57de6983ca9b1d7e063"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0x3}]}}, {{0x9, 0x5, 0xb, 0x0, 0x40, 0xad, 0x3, 0x80}}, {{0x9, 0x5, 0xb, 0x3, 0x20, 0x1, 0xca, 0x8}}, {{0x9, 0x5, 0x3, 0x3, 0x20, 0x0, 0x1, 0xb9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x50}, @generic={0x59, 0x1, "1e40846f4dac8a89016f47c65ac993f1e40515edb7973b1e83c20821a0b3333ad01a14639f7ad9af2e5170f53c2384ee410237c3fdbf0a5eb9a18bb622f8a77281b1a0a4f44606421fccaf28f0d475525addf72bffdd7c"}]}}, {{0x9, 0x5, 0xf, 0x8, 0x40, 0x0, 0x7, 0xff, [@generic={0x5d, 0xd, "62503e723ad8750fe83b6ec5da18752ea83e2faf2cb721856bc10136256c286b7c9bb4afbf22dab21d9e16206e1d5dbc63cfefb4925d248779f2b12559404306199a54557ce95c9af7de93eb991853dd10914843f40bda390cd9fd"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0xd, 0x3}}, {{0x9, 0x5, 0x7, 0xc, 0x597, 0xf, 0x9a, 0x4e, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x7, 0x2, 0x81, [@generic={0xc9, 0x10, "334dab4d9fc044e15aa26464e1d9573c82fca5bca5403dce30c6479f9926c82be72e0e57f0141befc076fabeb06bed4f0517cee42223e1c5f8d2f30db6ff50c6827e9335f4943f9afbf5a14b1aed18dc61a34de291dda12de96325ce0f715994b2175ca3598375b603e6e83e9d5904852883003391ff2ec13cfe0f30c4782d1619773201211ec69ba5f1f3232235a7054d5151b4c012d611025fd1919e052291e7b72235d61cfa552701d925c9e320880527fe59e38553bc4855d2b4d51a8bd8cc8f598a2d39e0"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x668, 0x7f, 0x9, 0x4, [@generic={0x9, 0x31, "e37bac7425784d"}]}}]}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000800)={0xa, 0x6, 0x310, 0x6d, 0x4, 0x0, 0x20, 0x3}, 0x30, &(0x7f0000000840)={0x5, 0xf, 0x30, 0x3, [@ptm_cap={0x3}, @generic={0x1d, 0x10, 0x4, "f87dbbcaa6f090cef1ddc99563769977e854bd416f9332a78409"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x62, 0x4, 0x10, 0x8, 0x2}]}, 0x2, [{0xf3, &(0x7f0000000880)=@string={0xf3, 0x3, "1578e779c1726d69753da9786dd50bddee5cbe57a7e12ed9404b0766f329498f5e1282e9050173e3ec882fa175f2ffbc63dff4b6a6d7c8334081ce1ab3fe7f092626a19f7c53d6cce2eeb427e8be4eed6d68e85dd89d7f38141a28965904214367579623a80935b57b30d54aec152b442537b72803dfd29621a8a9419d64f0a757acf1816a49074bd656ba524708a560e22322bbd4d22dba2ebdd74eedc21a4aeb627f6d0c746084dd1ff4141a41bd2a8408a8a950bfed4d09f7687dffb3fd5abdb7b5ff80b0f3ace99a09c027044098bbcaf2963427040c7fac609ac20f5aac8275bd3f7f46454d4b413cdc58027a80d2"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x300a}}]})
syz_usb_connect$cdc_ecm(0x2, 0x5b, &(0x7f0000000a00)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49, 0x1, 0x1, 0xf, 0xe0, 0x2, [{{0x9, 0x4, 0x0, 0xc, 0x3, 0x2, 0x6, 0x0, 0x4, {{0xa, 0x24, 0x6, 0x0, 0x0, "6f85645950"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x7, 0x1}}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x7, 0x3, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0xfb}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x5, 0xc0, 0x6}}}}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000a80)={0xa, 0x6, 0x310, 0x2, 0x6, 0x9, 0x8, 0x1}, 0x96, &(0x7f0000000ac0)={0x5, 0xf, 0x96, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x8, 0x9, 0x36, 0x9, 0x1}, @generic={0x5c, 0x10, 0x2, "ad6e43a94d7d5a7548cd0b98305707b6f0d1459679f67531b0cdf8541e725bd1ddd50d0a17a172cac2cd4e762f960d360a33dd61351b920a00734fab5fa85478ab5ea83aad2cb3a5078885dae016cb37a382d695055d08ea2e"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x4, 0xc, 0xffff}, @ssp_cap={0x20, 0x10, 0xa, 0x7, 0x5, 0x1913, 0x0, 0xff, [0xff0000, 0xff00, 0xc000, 0xff000f, 0x3fc0]}]}, 0x2, [{0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x3, &(0x7f0000000bc0)=@string={0x3, 0x3, 'U'}}]})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000c80)={'vcan0\x00', @broadcast})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000cc0), &(0x7f0000000d00)=0x4)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000d40)={0x67, 0x8, '\x00', [@jumbo={0xc2, 0x4, 0x10001}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x1}, @generic={0x9, 0x26, "e21cb98624fc46a51b56156a45cb0eb67fa37b047a2d95fb582098db47c1814bd1ec4ec2358a"}]}, 0x50)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$can_j1939(r2, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000dc0)="143fc997e086638b887623c81be3509e45c68664c45a7639d653398edb588ba99697f0cbb1d6cbe04b688d856eab42ad3b9de10006c812888c2d2650aa8fa53753d41d7d6dbf2f95b4136b2473fb4737d284d10c5e657758929a6845c7605cde7f4b8f8afe359894241c1e950b64f780b772bcaed86affbee274cd5e97b7a7cf36809e4182d10d177a3c6c85d40b0ed9341c3cf0415ac710b0c40df6bcf4fed3c54db074ecbc315046533e01dda71a3374a0a30b33b37c57f83f0656e9e0d54b628babeba4f2834ef08e03834c7e3a675334347184d72930", 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x8080)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000f40)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000f80)={<r4=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(r3, 0x40086425, &(0x7f0000000fc0)={r4, 0x2})
sendto$inet6(r1, &(0x7f0000001000)="cb566c64e667fb48e302ea7f46eeba893e4dadaeed8c5fae1d8b34ead561fed6434b3edc5af75e838a663936ea0129d003326535ceacb0458304f7e14f5cf0f4538c728e3a4d9d2c716e3ae97194bfae663e34139bd638466775864e880dd55ff9df668f1902cba6aacff60338fa59d09ceaf9336240fbd93592ae5ead", 0x7d, 0x40, &(0x7f0000001080)={0xa, 0x4e24, 0x9, @loopback, 0x3}, 0x1c)
r5 = ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f00000010c0)={0x6})
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000001100)={0x8, 'lo\x00', {'ip6_vti0\x00'}})
r6 = syz_open_dev$dri(&(0x7f0000001140), 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000001580)={&(0x7f0000001480)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000014c0)=[0x0, 0x0], &(0x7f0000001500)=[<r7=>0x0, 0x0], &(0x7f0000001540)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x2, 0x2, 0x5})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f00000015c0)={&(0x7f0000001180)=[0x0, 0x0], &(0x7f00000011c0)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000001400)=[0x0, 0x0], &(0x7f0000001440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x2, 0x2, 0x0, r7})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001640)={0x0, 0x0, r3})
ioctl$DRM_IOCTL_SWITCH_CTX(r5, 0x40086424, &(0x7f0000001680)={r4, 0x2})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r3, 0xc008aec1, &(0x7f00000016c0)={0x2, 0x0, [{0x40000000, 0xf, 0x5, 0x0, 0x3, 0x230d, 0x4}, {0x40000001, 0x8000, 0x3, 0x0, 0x3ff, 0x4, 0x40}]})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r5, 0x4010ae74, &(0x7f0000001740)={0x8000, 0x3, 0x8})
ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000001780)={&(0x7f0000ffe000/0x1000)=nil})
ioctl$FIOCLEX(r2, 0x5451)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000017c0), 0x8080, 0x0)
ioctl$PPPIOCSDEBUG(r8, 0x40047440, &(0x7f0000001800)=0x4)
stat(&(0x7f0000001840)='./file0\x00', &(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
quotactl_fd$Q_GETQUOTA(r3, 0xffffffff80000700, r9, &(0x7f0000001900))

6.360158125s ago: executing program 5 (id=4163):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000030e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

3.370832863s ago: executing program 5 (id=4168):
accept4$netrom(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @bcast}, [@netrom, @bcast, @netrom, @default, @null, @default, @netrom, @default]}, &(0x7f0000000600)=0x48, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
close(r2)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x0, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xfffffffffffffe1e}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000280)=0x4)
ioctl$PPPIOCSMRRU(r3, 0x4004743b, &(0x7f0000000000)=0x5)
syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0xb}]}}, 0x0}, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x7f, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6d, 0x2, 0x1, 0x9, 0x80, 0x80, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "6aac2df820"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x19, 0x10, 0xd, 0xef}, {0x6, 0x24, 0x1a, 0x800, 0x32}, [@network_terminal={0x7, 0x24, 0xa, 0x6, 0x6, 0xb, 0xe6}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0xff}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0x4, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0xf2, 0x8, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x5, 0x6, 0x6}}}}}}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x0, 0x3, 0x7f, 0x7f, 0x40, 0x1}, 0xcc, &(0x7f00000003c0)={0x5, 0xf, 0xcc, 0x4, [@generic={0xa6, 0x10, 0x4, "11cd3005871c16d4d006954fba9f55074601d5b4a654120bcdb8b1623097f45eeb276603aa982f7ac1e7b11985899bfd3505a0f718694edcd7a808f7c1f89cc76916742d671f0c9c21f2892169de3cce7857064cfb8d3c33dc32202e6656b61e5d87818216970820c9823c4d6880ae30619296ca4ae91e4896200d594f253504025901e779218e6b3a1a62e82e08f26e3d5ad29aa6e2da9b6095bd9d846bb4b5cfcda1"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x5b, 0x3, 0x9, 0x4, 0x10}, @wireless={0xb, 0x10, 0x1, 0xe, 0x3a, 0x5, 0x1, 0x6, 0x4}, @wireless={0xb, 0x10, 0x1, 0x8, 0x4d, 0x3, 0x9, 0x4, 0x1}]}, 0x2, [{0x4d, &(0x7f0000000200)=@string={0x4d, 0x3, "a2bfbad54bcbadfccdb42d823880b1fb7f297d79b6f03f6f42c23f5bb2e3544330e8bbaf9788bd23656ab43e5758317f169f70bd2ef25a6592acede4fa5eb49ab1ff9c2008aec1acc98e01"}}, {0xac, &(0x7f00000004c0)=@string={0xac, 0x3, "5efb4495c5a001af2d10b4e0059029bbb5b480a99542ee010d0a7ac188444c35b9ccf40dfbdc8cd3ee366d9caf2c293bad498f03a8cd8de5ba1f5a5a4208c0293f484dc1ed6ebc4262f0953a55a8d4f1772a16a13a176e6c07bf707beb62e58c41204df193a2a80fe29cd9c6e5203ae72baba344c3093c6fce9e1371b2e71a3fc421942dc92a5645378ad650f6e573f4b02697d51c4af7bc35dd1ee3ebe8df47acfbb64bd327f8adbf3c"}}]})
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)=""/82, 0x52}, {&(0x7f0000000fc0)=""/4096, 0x1000}], 0x2}, 0x5}], 0x1, 0x2000, 0x0)
syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x73, @multicast2, 0x4e22, 0xc, 'lblc\x00', 0x4, 0x4d, 0x10}, 0x2c)

2.944566016s ago: executing program 2 (id=4172):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @fib={{0x8, 0x11}, @void}}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb8}}, 0x40000)

2.653231989s ago: executing program 2 (id=4173):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
setrlimit(0x6, &(0x7f0000000040)={0x0, 0x3})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000450300"])
fcntl$addseals(r3, 0x409, 0x8)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000800)="3bae1baf930b4569b9dd", 0xa}], 0x1, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r5, 0x40187013, &(0x7f0000000140)={0x0, 0x1, {0x0, 0x0, 0xc, 0x1, 0x3, 0x0, 0x3, 0x0, 0xffffffffffffffff}})
r6 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f0000000200)=@ethtool_sset_info={0x14, 0x0, 0x101}})
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r7, &(0x7f00000001c0)={0x1d, 0x0, 0x2, {0x2, 0xff, 0x6}, 0x1}, 0x18)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000080)=@ethtool_eee={0x45, 0x81, 0x6, 0x100, 0xe, 0x5, 0x47, 0x1, [0x3, 0x2d5]}})
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='bfs\x00', 0x208003, 0x0)

2.208389756s ago: executing program 2 (id=4174):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
r2 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
syz_open_dev$mouse(&(0x7f0000000100), 0x7, 0x23a080)
r4 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x45520000, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
setsockopt$CAN_RAW_RECV_OWN_MSGS(r5, 0x65, 0x4, &(0x7f0000000140)=0x1, 0x4)
socket(0x23, 0x5, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

2.13728609s ago: executing program 4 (id=4175):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0xac)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000006480)={0x28, 0x13, 0x1, 0x2, 0x25dfdbf6, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x3fff, 0x0, 0x0, @fd}, @nested={0x8, 0x1a, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x28}], 0x1}, 0x0)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'gretap0\x00', &(0x7f00000001c0)={'syztnl1\x00', <r2=>0x0, 0x700, 0x7800, 0x4, 0x5, {{0x28, 0x4, 0x3, 0x3c, 0xa0, 0x66, 0x0, 0x10, 0x4, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0xc, 0x9f, 0x3, 0xc, [{@multicast2}]}, @timestamp={0x44, 0x1c, 0xb1, 0x0, 0x3, [0x0, 0x73a85368, 0x40, 0xffffff80, 0x10001, 0x8]}, @ssrr={0x89, 0xb, 0x2b, [@loopback, @multicast1]}, @end, @generic={0x4e, 0xe, "a773534472d5c2891b6bf6d3"}, @timestamp={0x44, 0x2c, 0xc1, 0x0, 0x3, [0xae1, 0x8, 0x8, 0x1, 0x3b3, 0x8000, 0x78, 0x3, 0x6, 0x9]}, @lsrr={0x83, 0x1b, 0x16, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @rand_addr=0x64010102, @private=0xa010102, @loopback, @remote]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'gre0\x00', &(0x7f00000000c0)={'gre0\x00', r2, 0x7800, 0x1, 0xdb0d, 0x5, {{0xb, 0x4, 0x0, 0x31, 0x2c, 0x66, 0x0, 0x5, 0x2f, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@end, @rr={0x7, 0x17, 0x13, [@loopback, @local, @rand_addr=0x64010102, @broadcast, @empty]}]}}}}})

1.82447015s ago: executing program 4 (id=4176):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2400}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x0)

1.765231722s ago: executing program 2 (id=4177):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaaaa86dd6d002000003011ff00000000000000"], 0x6a)

1.668289808s ago: executing program 4 (id=4178):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
readv(r0, &(0x7f0000000000), 0x0)
syz_clone3(&(0x7f0000002500)={0x2000100, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, &(0x7f00000024c0)}, 0x58)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x808000, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000080))

1.088707341s ago: executing program 2 (id=4179):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x0, 0x0, 0xddffffff, 0x0, 0x0, 0x0, 0x1000000})

960.244652ms ago: executing program 5 (id=4180):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x300, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x80ffffff}}}, 0xb8}}, 0x0)

940.315297ms ago: executing program 2 (id=4181):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0x2e}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
timer_create(0x3, &(0x7f0000000180)={0x0, 0x21, 0x4, @thr={&(0x7f0000000300)="ee3ba470fc8c943ee7a265e8c5271505bf9d5453d1003634d01814bfb53002e22b6b562636b4afb756ab9106dd371c5357e5b5f6bbcec968fe993f840d79f85930da6513aaeb13a612d633a2b2a90aeaa04778cd8d70548c50ec2fb671b50a97d7ce70e238ecd4a6cd670fe177ce8e3af2c9716e57eb131e5f75c0f4f3aec648b95d1b18d492a0b85ea91ec2edaa6967dfd8b0fc4622460e", &(0x7f00000003c0)="c956c1a6866c4c278a2db9f9a7cac584b735939600feec009bcc083581fe37369ab3bec6532829a04236a5a0f82964372dc620e9d5389d20c2d8a1bc9c939099564a94d0c24014d2caaa829063c13ba42e42bf6b897f1d300539f8b434263092346be7fc68422f7df82f1372df9a09b1c382d16e4200e057f64220deb26ce94a00aee69c6d57a52e231916cbd017baf57fbdb939193aca98f540f59c178fd11494d9ca9c97b08dd9477a9916767c8578aff6865104ae492e7dba44de6446a00298328c4b7adca6852b78"}}, &(0x7f00000001c0))
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TLS_TX(r1, 0x11e, 0x1, 0x0, 0x3a)
r2 = syz_open_dev$I2C(&(0x7f0000003840), 0x0, 0x2)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000001280)={&(0x7f0000000000)=[{0x0, 0x4c11, 0x1, &(0x7f0000001300)="e2"}], 0x1})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fadvise64(r3, 0x92, 0x1, 0x2)
r4 = accept4(r1, &(0x7f00000000c0)=@phonet, &(0x7f0000000140)=0x80, 0x800)
ioctl(r4, 0x80000001, &(0x7f0000000240)="353a591e9caaef3333651c458d0a867b42f6464e2d21537525d43e063fc0fdcff569a2ced9c2a5166867145046df7752e572a522ca9b13f41dbd9b6a128c12c92300d9c97385a666cc6df1407d16577b11baf09c4c168388033321087bee211214b4b5b5281e48c886d5159fdff5a8ec8152e2b0662de80f363618b64ca9ba77287ffae8e18118ae9d131214fb8a920e47013969de2703e071a48be489feb1")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r3, 0xa4717000)

680.73209ms ago: executing program 5 (id=4182):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0xff6a, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0xdc}}, 0x0)

525.299904ms ago: executing program 5 (id=4183):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000003700)=""/4081, 0xff1}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000780)=""/198, 0xc6}, {&(0x7f0000000580)=""/176, 0xb0}], 0x4}, 0x0)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRESHEX=0x0, @ANYRES8=r0, @ANYRES32=r0], 0x0)
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000880)=[@rdmsr={0x32, 0x18, {0x926}}, @wrmsr={0x1e, 0x20, {0xb09, 0x4}}, @wr_crn={0x46, 0x20, {0x6, 0xf}}, @wr_crn={0x46, 0x20, {0x0, 0x5}}, @uexit={0x0, 0x18, 0x8}, @rdmsr={0x32, 0x18, {0xb87}}, @code={0xa, 0x7c, {"66baf80cb8fc55b281ef66bafc0cb80e000000efc4a169e8fcb974010000b8db051297ba000000000f3064daad0000000048b89c6bdb88ea7190b30f23c80f21f835000040000f23f8460f01c4b805000000b9008000000f01d90f01c48f4810ef5462060d66ba200066ed"}}, @uexit={0x0, 0x18}, @wr_crn={0x46, 0x20, {0x0, 0x1000}}, @rdmsr={0x32, 0x18, {0x400000b3}}, @wrmsr={0x1e, 0x20, {0x966}}, @uexit={0x0, 0x18, 0x7}, @cpuid={0x14, 0x18, {0x7f, 0x3}}, @rdmsr={0x32, 0x18, {0x97f}}, @wr_crn={0x46, 0x20, {0x8, 0xff}}, @wr_crn={0x46, 0x20, {0xeff715e8f41d0b72, 0x7f}}, @rdmsr={0x32, 0x18, {0x8b1}}, @cpuid={0x14, 0x18, {0x2, 0x8}}, @rdmsr={0x32, 0x18, {0xb3a}}, @uexit={0x0, 0x18, 0x5}, @wr_crn={0x46, 0x20, {0x4, 0xfffffffffffffffa}}, @wr_crn={0x46, 0x20, {0x0, 0x7}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x9}, @wr_crn={0x46, 0x20, {0x8, 0x2}}, @code={0xa, 0x66, {"0f08c744240000300000c744240200000000c7442406000000000f011424b91d0b00000f3266b841000f00d8440f3567f345acb9f50b00000f322664f30f098f4928913bb99d000040b80d000000ba000000000f30"}}, @wrmsr={0x1e, 0x20, {0xa61, 0x1}}, @code={0xa, 0x53, {"c4036942b4b545cbafe7ab676536490fae263e0f0e66f364410f009800000000660ff229400f01c9c4427d59f4f30fa7d00fc72bb9800000c00f3235010000000f30"}}, @rdmsr={0x32, 0x18, {0x823}}, @code={0xa, 0x66, {"66ba4200b0fdee66b81f018ec866baf80cb85a18ea8def66bafc0c66ed450f01cac4e3717d71ce0066b8b0000f00d82e640fae2ac74424006b000000c744240206000000ff2c248f29d89b05373f0000460f015fcd"}}, @wr_crn={0x46, 0x20, {0x4, 0x8000000000000000}}], 0x483})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rename(&(0x7f0000000100)='./file1\x00', &(0x7f0000000240)='./file0\x00')
r3 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0)
getdents64(r3, 0x0, 0x0)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000002700)={&(0x7f0000002640)=[{0x50, 0x801, 0x0, 0x0}, {0x6, 0x1000, 0x700, &(0x7f00000002c0)}], 0x2})

442.692274ms ago: executing program 4 (id=4184):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000640)={0x400, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x8, 0x1}, {0x1000000}})

172.625955ms ago: executing program 4 (id=4185):
r0 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000340)=0x1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0, 0xff8d}, 0x20000001)

0s ago: executing program 4 (id=4186):
r0 = socket$igmp6(0xa, 0x3, 0x3a)
getsockopt$MRT6(r0, 0x29, 0xd0, 0xffffffffffffffff, &(0x7f00000000c0)) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0) (async, rerun: 64)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (rerun: 64)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x430, 0x9, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_USERDATA={0x79, 0xd, 0x1, 0x0, "77cf6fd61cf0985bd84786ec1e37fc2377ff0f5eda99df5323d8a03926ff31d1d049ee2dab59e783410cea6bf84978d4018692fe174a68b212accc403329edb4791a3e44bb08f6d8f3282e55543877c4a7e32e20a8d8d5b3f8a3aa0a839885522338bfdb01588026bf652bb1b5749921c58492df63"}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x10c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}, {0x30, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x13}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}, {0x40, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0xc}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x9}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0xa}, @NFTA_NAT_REG_PROTO_MAX={0x8, 0x6, 0x1, 0x0, 0xe}]}}}, {0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x69}]}}}, {0x48, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_RT_KEY={0x8}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x8}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x5}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0x238, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x68, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1b34fdd9}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xce6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x48}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8}]}]}, @NFTA_SET_DESC_CONCAT={0x178, 0x2, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x712f7f50}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7fff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb31}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}, {0x44, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7ff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}, {0x44, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffe01}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffffa}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x81}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}]}, {0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff0a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x95a}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8e}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7ff}]}]}, @NFTA_SET_DESC_CONCAT={0x54, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6e4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x401}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1ff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}]}]}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x4}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x478}}, 0x0) (async)
writev(r1, &(0x7f0000000300)=[{&(0x7f0000000680)="580000004b8004023655fdbaded39d65000b4824ca940417a3cd3639e431e8e2125f6c00940f6a0325010ebc0000000000000080001328baf0fffeffe809005300fff5dd02000000000000000c10003d5bcf6916b4114b32793792c395da89991a8be619c7ce1ecf8b6e3501aeb67cdb99f356f9518492cbf6d88e98f0df275f9f6dd0e185ac9b0b8902c883e0b63cf78a6f36b97cab227f62b6d35dcd058a8957d1bbf401e51d4302cbc17c3201e7b12fa4daac244b96d402183b429bbe400236cd1f8d50f2568ac466a6d40024f87588cbe7808c481b157f18acb07cee62b1d238ba704435ee1c055697eb1ee0e2cfa36d2efbf1ac9fa85fe4", 0xfdae}], 0x1)

kernel console output (not intermixed with test programs):

sb 6-1: Product: syz
[  592.713287][   T43] usb 6-1: Manufacturer: syz
[  592.738359][   T43] usb 6-1: SerialNumber: syz
[  592.751571][   T43] usb 6-1: config 0 descriptor??
[  592.849528][T15371] /dev/rnullb0: Can't open blockdev
[  592.899585][ T2155] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  592.950985][ T2155] usb 3-1: device descriptor read/8, error -71
[  593.008167][   T43] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  593.039439][   T43] gspca_sn9c2028: read1 error -71
[  593.048814][   T43] gspca_sn9c2028: read1 error -71
[  593.069841][   T43] gspca_sn9c2028: read1 error -71
[  593.075016][   T43] sn9c2028 6-1:0.211: probe with driver sn9c2028 failed with error -71
[  593.107152][   T43] usb 6-1: USB disconnect, device number 9
[  593.123467][T15377] /dev/rnullb0: Can't open blockdev
[  593.201834][ T2155] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[  593.229737][ T2155] usb 3-1: device descriptor read/8, error -71
[  593.349633][ T2155] usb usb3-port1: unable to enumerate USB device
[  593.449087][ T5933] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  593.613516][ T5933] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.639087][ T5933] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  593.659048][ T5933] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.683596][ T5933] usb 5-1: config 0 descriptor??
[  593.918571][   T61] bridge_slave_1: left allmulticast mode
[  593.939310][   T61] bridge_slave_1: left promiscuous mode
[  593.965608][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.016178][   T61] bridge_slave_0: left allmulticast mode
[  594.026897][   T61] bridge_slave_0: left promiscuous mode
[  594.049375][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.118663][ T5933] keytouch 0003:0926:3333.004F: fixing up Keytouch IEC report descriptor
[  594.164761][ T5933] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.004F/input/input119
[  594.378170][ T5933] keytouch 0003:0926:3333.004F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  594.990181][ T2155] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  595.149078][ T2155] usb 6-1: Using ep0 maxpacket: 16
[  595.162396][ T2155] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  595.183264][ T2155] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  595.197181][ T2155] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  595.206948][ T2155] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.232467][ T2155] usb 6-1: config 0 descriptor??
[  595.496420][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.508212][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.524198][   T61] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  595.548643][   T61] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  595.565649][   T61] bond0 (unregistering): Released all slaves
[  595.601510][ T5933] usb 5-1: USB disconnect, device number 84
[  595.657678][ T2155] hid (null): unknown global tag 0xc
[  595.669863][ T2155] hid (null): global environment stack underflow
[  595.682360][ T2155] hid (null): unknown global tag 0xe
[  595.867610][ T2155] usb 6-1: string descriptor 0 read error: -71
[  595.910991][ T2155] usb 6-1: Max retries (5) exceeded reading string descriptor 200
[  595.949573][ T2155] letsketch 0003:6161:4D15.0050: probe with driver letsketch failed with error -32
[  595.957012][T15425] x_tables: unsorted entry at hook 1
[  596.069236][ T2155] usb 6-1: USB disconnect, device number 10
[  596.130783][T15427] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3474'.
[  596.170934][T15429] /dev/rnullb0: Can't open blockdev
[  596.179196][   T61] hsr_slave_0: left promiscuous mode
[  596.193203][   T61] hsr_slave_1: left promiscuous mode
[  596.214562][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  596.279412][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  596.616377][ T5933] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  596.796592][ T5933] usb 3-1: Using ep0 maxpacket: 8
[  596.808759][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  596.830301][ T5933] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  596.856445][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.900424][ T5933] usb 3-1: config 0 descriptor??
[  597.156669][ T5933] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  597.182201][ T5933] usb 3-1: USB disconnect, device number 34
[  597.570016][   T61] team0 (unregistering): Port device team_slave_1 removed
[  597.666895][   T61] team0 (unregistering): Port device team_slave_0 removed
[  598.477379][T15464] netlink: 'syz.1.3483': attribute type 10 has an invalid length.
[  598.509534][T15464] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3483'.
[  598.743771][T15469] netlink: 'syz.1.3485': attribute type 10 has an invalid length.
[  599.267997][T15485] netlink: 'syz.5.3491': attribute type 8 has an invalid length.
[  599.440058][T15488] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3491'.
[  599.515984][T15485] /dev/rnullb0: Can't open blockdev
[  599.831271][T15504] binder: BINDER_SET_CONTEXT_MGR already set
[  599.837356][T15504] binder: 15503:15504 ioctl 4018620d 200000000040 returned -16
[  599.899918][T15504] binder: 15503:15504 ioctl c0306201 2000000001c0 returned -14
[  600.604797][T15527] /dev/rnullb0: Can't open blockdev
[  600.641345][T15525] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3506'.
[  601.129049][   T30] audit: type=1800 audit(1753757237.443:19): pid=15543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3513" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  601.329238][    T9] usb 2-1: new full-speed USB device number 116 using dummy_hcd
[  601.491417][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  601.519383][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  601.541504][    T9] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  601.559016][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.596278][    T9] usb 2-1: config 0 descriptor??
[  601.651818][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  601.679064][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  601.712653][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  601.740537][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  601.764015][    T9] usb 2-1: media controller created
[  601.794390][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  601.818287][T15563] syzkaller1: entered promiscuous mode
[  601.844751][T15563] syzkaller1: entered allmulticast mode
[  601.851883][T15545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.860973][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  601.866841][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  601.890375][T15545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.913716][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input120
[  601.957457][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  601.957486][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  602.005039][    T9] usb 2-1: USB disconnect, device number 116
[  602.187312][T15573] netlink: set zone limit has 4 unknown bytes
[  602.231765][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  603.089051][ T5933] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  603.268382][ T5933] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  603.279002][ T5933] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.318420][ T5933] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  603.332220][ T5933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.354551][ T5933] usb 6-1: Product: syz
[  603.367602][ T5933] usb 6-1: Manufacturer: syz
[  603.388909][ T5933] usb 6-1: SerialNumber: syz
[  603.979486][    T9] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  604.149105][    T9] usb 2-1: Using ep0 maxpacket: 8
[  604.163188][T15624] FAULT_INJECTION: forcing a failure.
[  604.163188][T15624] name failslab, interval 1, probability 0, space 0, times 0
[  604.189433][    T9] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  604.197842][    T9] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  604.214183][T15624] CPU: 1 UID: 0 PID: 15624 Comm: syz.2.3541 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  604.214217][T15624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  604.214231][T15624] Call Trace:
[  604.214242][T15624]  <TASK>
[  604.214251][T15624]  dump_stack_lvl+0x189/0x250
[  604.214286][T15624]  ? __pfx____ratelimit+0x10/0x10
[  604.214321][T15624]  ? __pfx_dump_stack_lvl+0x10/0x10
[  604.214351][T15624]  ? __pfx__printk+0x10/0x10
[  604.214393][T15624]  ? __mutex_trylock_common+0x153/0x260
[  604.214426][T15624]  ? ref_tracker_alloc+0x318/0x460
[  604.214459][T15624]  should_fail_ex+0x414/0x560
[  604.214490][T15624]  should_failslab+0xa8/0x100
[  604.214517][T15624]  kmem_cache_alloc_noprof+0x73/0x3c0
[  604.214540][T15624]  ? skb_clone+0x212/0x3a0
[  604.214570][T15624]  skb_clone+0x212/0x3a0
[  604.214598][T15624]  __netlink_deliver_tap+0x404/0x850
[  604.214644][T15624]  ? netlink_deliver_tap+0x2e/0x1b0
[  604.214678][T15624]  netlink_deliver_tap+0x19c/0x1b0
[  604.214711][T15624]  __netlink_sendskb+0x47/0x90
[  604.214740][T15624]  netlink_dump+0xa62/0xe60
[  604.214784][T15624]  ? __pfx_netlink_dump+0x10/0x10
[  604.214828][T15624]  ? netlink_lookup+0x30/0x200
[  604.214855][T15624]  ? netlink_lookup+0x30/0x200
[  604.214890][T15624]  __netlink_dump_start+0x5cb/0x7e0
[  604.214927][T15624]  ? nft_netlink_dump_start_rcu+0xb6/0x1a0
[  604.214954][T15624]  nft_netlink_dump_start_rcu+0xdb/0x1a0
[  604.214984][T15624]  nf_tables_getrule_reset+0x1c8/0x600
[  604.215012][T15624]  ? __pfx_nf_tables_getrule_reset+0x10/0x10
[  604.215035][T15624]  ? __pfx_nf_tables_dumpreset_rules_start+0x10/0x10
[  604.215066][T15624]  ? __pfx_nf_tables_dumpreset_rules+0x10/0x10
[  604.215096][T15624]  ? __pfx_nf_tables_dump_rules_done+0x10/0x10
[  604.215131][T15624]  ? __nla_parse+0x40/0x60
[  604.215160][T15624]  ? __pfx_nf_tables_getrule_reset+0x10/0x10
[  604.215185][T15624]  nfnetlink_rcv_msg+0x80e/0x1130
[  604.215213][T15624]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  604.215260][T15624]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  604.215283][T15624]  ? kasan_save_free_info+0x46/0x50
[  604.215373][T15624]  netlink_rcv_skb+0x205/0x470
[  604.215404][T15624]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  604.215433][T15624]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  604.215477][T15624]  ? bpf_lsm_capable+0x9/0x20
[  604.215499][T15624]  ? security_capable+0x7e/0x2e0
[  604.215537][T15624]  nfnetlink_rcv+0x26a/0x2520
[  604.215568][T15624]  ? __dev_queue_xmit+0x1d79/0x3b50
[  604.215605][T15624]  ? __dev_queue_xmit+0x27b/0x3b50
[  604.215631][T15624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.215664][T15624]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  604.215689][T15624]  ? __pfx___dev_queue_xmit+0x10/0x10
[  604.215730][T15624]  ? ref_tracker_free+0x63a/0x7d0
[  604.215756][T15624]  ? __copy_skb_header+0xa7/0x550
[  604.215782][T15624]  ? __pfx_ref_tracker_free+0x10/0x10
[  604.215809][T15624]  ? __skb_clone+0x63/0x7a0
[  604.215837][T15624]  ? __skb_clone+0x483/0x7a0
[  604.215868][T15624]  ? skb_clone+0x246/0x3a0
[  604.215894][T15624]  ? __netlink_deliver_tap+0x807/0x850
[  604.215925][T15624]  ? netlink_deliver_tap+0x2e/0x1b0
[  604.215963][T15624]  ? netlink_deliver_tap+0x2e/0x1b0
[  604.215993][T15624]  ? netlink_deliver_tap+0x2e/0x1b0
[  604.216031][T15624]  netlink_unicast+0x759/0x8e0
[  604.216071][T15624]  netlink_sendmsg+0x805/0xb30
[  604.216114][T15624]  ? __pfx_netlink_sendmsg+0x10/0x10
[  604.216150][T15624]  ? aa_sock_msg_perm+0xf1/0x1d0
[  604.216183][T15624]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  604.216212][T15624]  ? __pfx_netlink_sendmsg+0x10/0x10
[  604.216245][T15624]  __sock_sendmsg+0x219/0x270
[  604.216277][T15624]  ____sys_sendmsg+0x505/0x830
[  604.216307][T15624]  ? __pfx_____sys_sendmsg+0x10/0x10
[  604.216340][T15624]  ? import_iovec+0x74/0xa0
[  604.216373][T15624]  ___sys_sendmsg+0x21f/0x2a0
[  604.216399][T15624]  ? __pfx____sys_sendmsg+0x10/0x10
[  604.216462][T15624]  ? __fget_files+0x2a/0x420
[  604.216492][T15624]  ? __fget_files+0x3a0/0x420
[  604.216534][T15624]  __x64_sys_sendmsg+0x19b/0x260
[  604.216560][T15624]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  604.216595][T15624]  ? __pfx_ksys_write+0x10/0x10
[  604.216619][T15624]  ? rcu_is_watching+0x15/0xb0
[  604.216652][T15624]  ? do_syscall_64+0xbe/0x3b0
[  604.216688][T15624]  do_syscall_64+0xfa/0x3b0
[  604.216717][T15624]  ? lockdep_hardirqs_on+0x9c/0x150
[  604.216746][T15624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.216767][T15624]  ? clear_bhb_loop+0x60/0xb0
[  604.216793][T15624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.216812][T15624] RIP: 0033:0x7fe8e958e9a9
[  604.216832][T15624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.216862][T15624] RSP: 002b:00007fe8ea367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  604.216883][T15624] RAX: ffffffffffffffda RBX: 00007fe8e97b5fa0 RCX: 00007fe8e958e9a9
[  604.216897][T15624] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  604.216909][T15624] RBP: 00007fe8ea367090 R08: 0000000000000000 R09: 0000000000000000
[  604.216921][T15624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  604.216933][T15624] R13: 0000000000000000 R14: 00007fe8e97b5fa0 R15: 00007ffd5c111648
[  604.216962][T15624]  </TASK>
[  604.219435][    T9] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  604.455324][ T5933] cdc_ncm 6-1:1.0: bind() failure
[  604.796130][ T5933] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  604.806130][ T5933] cdc_ncm 6-1:1.1: bind() failure
[  604.831540][ T5933] usb 6-1: USB disconnect, device number 11
[  604.859012][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  604.878336][    T9] usb 2-1: config 0 has no interface number 0
[  604.898640][    T9] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  604.915486][    T9] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  604.934731][    T9] usb 2-1: config 0 interface 211 has no altsetting 0
[  604.945055][    T9] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  604.959005][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.977472][    T9] usb 2-1: Product: syz
[  604.982344][    T9] usb 2-1: Manufacturer: syz
[  604.986983][    T9] usb 2-1: SerialNumber: syz
[  605.010136][    T9] usb 2-1: config 0 descriptor??
[  605.019173][ T5946] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  605.173945][ T5946] usb 3-1: Using ep0 maxpacket: 8
[  605.181352][ T5946] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  605.194729][ T5946] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  605.214199][ T5946] usb 3-1: config 0 has no interface number 0
[  605.226060][ T5946] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  605.242698][ T5946] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  605.246897][    T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  605.270601][    T9] gspca_sn9c2028: read1 error -71
[  605.276377][    T9] gspca_sn9c2028: read1 error -71
[  605.289334][    T9] gspca_sn9c2028: read1 error -71
[  605.294549][    T9] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  605.313843][ T5946] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  605.365544][ T5946] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  605.374390][    T9] usb 2-1: USB disconnect, device number 117
[  605.379226][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  605.396473][T15644] /dev/rnullb0: Can't open blockdev
[  605.401967][ T5946] usb 3-1: Product: syz
[  605.419902][ T5946] usb 3-1: config 0 descriptor??
[  605.441371][T15628] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  605.696416][ T5946] usb 3-1: USB disconnect, device number 35
[  606.535050][T15677] /dev/rnullb0: Can't open blockdev
[  607.033656][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  607.111020][T15694] syzkaller1: entered promiscuous mode
[  607.124339][T15694] syzkaller1: entered allmulticast mode
[  607.225823][    T9] usb 6-1: Using ep0 maxpacket: 8
[  607.275439][    T9] usb 6-1: config index 0 descriptor too short (expected 19730, got 18)
[  607.286228][    T9] usb 6-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  607.316585][    T9] usb 6-1: config 0 has an invalid interface number: 211 but max is 53
[  607.334062][    T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 54
[  607.379385][    T9] usb 6-1: config 0 has no interface number 0
[  607.385561][    T9] usb 6-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  607.417571][    T9] usb 6-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  607.436813][    T9] usb 6-1: config 0 interface 211 has no altsetting 0
[  607.458759][    T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  607.481539][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.509519][    T9] usb 6-1: Product: syz
[  607.513844][    T9] usb 6-1: Manufacturer: syz
[  607.538081][    T9] usb 6-1: SerialNumber: syz
[  607.560576][    T9] usb 6-1: config 0 descriptor??
[  607.825702][    T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  607.840068][    T9] gspca_sn9c2028: read1 error -71
[  607.855819][    T9] gspca_sn9c2028: read1 error -71
[  607.865948][    T9] gspca_sn9c2028: read1 error -71
[  607.879190][    T9] sn9c2028 6-1:0.211: probe with driver sn9c2028 failed with error -71
[  607.930372][    T9] usb 6-1: USB disconnect, device number 12
[  607.996913][T15708] x_tables: unsorted entry at hook 1
[  608.352725][T15723] Invalid logical block size (150994944)
[  608.361602][T15727] /dev/rnullb0: Can't open blockdev
[  609.018589][T15754] netlink: 'syz.1.3583': attribute type 10 has an invalid length.
[  609.539444][T15768] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  609.546039][T15768] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  609.628594][T15768] vhci_hcd vhci_hcd.0: Device attached
[  609.665915][T15775] netlink: 'syz.2.3589': attribute type 21 has an invalid length.
[  609.729382][T15775] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3589'.
[  609.809183][    T9] vhci_hcd: vhci_device speed not set
[  609.879035][    T9] usb 35-1: new full-speed USB device number 10 using vhci_hcd
[  609.889061][ T5939] usb 2-1: new low-speed USB device number 118 using dummy_hcd
[  610.090500][ T5939] usb 2-1: config 0 has no interfaces?
[  610.096072][ T5939] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  610.148204][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.180483][ T5939] usb 2-1: config 0 descriptor??
[  610.388501][T15797] binder: 15796:15797 ioctl c400941b 200000000a00 returned -22
[  610.404332][T15769] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 9
[  610.410904][T15768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.422457][ T3487] vhci_hcd: stop threads
[  610.422604][T15797] binder: 15796:15797 ioctl c4089434 200000000e00 returned -22
[  610.426773][ T3487] vhci_hcd: release socket
[  610.441342][ T2155] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  610.462447][T15797] binder: 15796:15797 ioctl c0306201 200000000000 returned -22
[  610.463628][T15768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.486273][ T3487] vhci_hcd: disconnect device
[  610.508665][ T5933] usb 2-1: USB disconnect, device number 118
[  610.599242][ T2155] usb 6-1: Using ep0 maxpacket: 8
[  610.617911][ T2155] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  610.647808][ T2155] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  610.669058][ T2155] usb 6-1: Product: syz
[  610.673307][ T2155] usb 6-1: Manufacturer: syz
[  610.698305][ T2155] usb 6-1: SerialNumber: syz
[  610.710058][ T2155] usb 6-1: config 0 descriptor??
[  610.728408][ T2155] usbtest 6-1:0.0: FX2 device
[  610.739057][ T2155] usbtest 6-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  610.783061][T15805] /dev/rnullb0: Can't open blockdev
[  610.915026][T15807] /dev/rnullb0: Can't open blockdev
[  610.956161][ T2155] usb 6-1: USB disconnect, device number 13
[  611.796129][T15828] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3607'.
[  612.249580][ T5933] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  612.431774][ T5933] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  612.442983][ T5933] usb 6-1: config 0 has no interface number 0
[  612.461627][ T5933] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  612.479096][ T5933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.497447][ T5933] usb 6-1: Product: syz
[  612.511009][ T5933] usb 6-1: Manufacturer: syz
[  612.515682][ T5933] usb 6-1: SerialNumber: syz
[  612.552489][ T5933] usb 6-1: config 0 descriptor??
[  612.764862][ T5933] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state
[  612.806562][ T5933] usb 6-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2
[  612.839789][ T5933] usb 6-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw
[  613.224467][T15853] syzkaller1: entered promiscuous mode
[  613.245223][T15853] syzkaller1: entered allmulticast mode
[  613.409795][T15859] overlay: ./file0 is not a directory
[  613.549299][T15861] netlink: set zone limit has 4 unknown bytes
[  613.689416][   T43] usb 5-1: new full-speed USB device number 85 using dummy_hcd
[  613.871030][   T43] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1
[  613.899117][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 97, changing to 4
[  613.939142][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 24929, setting to 1023
[  613.985556][   T43] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  614.013038][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.050557][   T43] usb 5-1: Product: syz
[  614.070277][   T43] usb 5-1: Manufacturer: syz
[  614.091606][   T43] usb 5-1: SerialNumber: syz
[  614.118187][   T43] usb 5-1: config 0 descriptor??
[  614.147671][   T43] streamzap 5-1:0.0: streamzap_probe: endpoint doesn't match input device 0201
[  614.460019][ T5939] usb 5-1: USB disconnect, device number 85
[  614.536422][T15882] input: syz0 as /devices/virtual/input/input122
[  615.049203][    T9] vhci_hcd: vhci_device speed not set
[  615.514211][   T43] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  615.669136][   T43] usb 5-1: Using ep0 maxpacket: 8
[  615.680937][   T43] usb 5-1: config index 0 descriptor too short (expected 19730, got 18)
[  615.709162][   T43] usb 5-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  615.739008][   T43] usb 5-1: config 0 has an invalid interface number: 211 but max is 53
[  615.757552][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 54
[  615.779173][   T43] usb 5-1: config 0 has no interface number 0
[  615.785343][   T43] usb 5-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  615.817394][T15903] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3632'.
[  615.837200][   T43] usb 5-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  615.837727][T15904] /dev/rnullb0: Can't open blockdev
[  615.889335][   T43] usb 5-1: config 0 interface 211 has no altsetting 0
[  615.901203][   T43] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  615.910421][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.918455][   T43] usb 5-1: Product: syz
[  615.922713][   T43] usb 5-1: Manufacturer: syz
[  615.927333][   T43] usb 5-1: SerialNumber: syz
[  615.943676][   T43] usb 5-1: config 0 descriptor??
[  616.069819][T15906] loop6: detected capacity change from 0 to 2560
[  616.093586][T15906] buffer_io_error: 27 callbacks suppressed
[  616.093607][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.129313][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.137387][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.179827][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.195905][   T43] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  616.203949][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.229482][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.237634][   T43] gspca_sn9c2028: read1 error -71
[  616.243892][   T43] gspca_sn9c2028: read1 error -71
[  616.256541][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.271257][   T43] gspca_sn9c2028: read1 error -71
[  616.276409][   T43] sn9c2028 5-1:0.211: probe with driver sn9c2028 failed with error -71
[  616.301294][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.316644][   T43] usb 5-1: USB disconnect, device number 86
[  616.349146][T15906] ldm_validate_partition_table(): Disk read failed.
[  616.380293][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.402557][T15906] Buffer I/O error on dev loop6, logical block 0, async page read
[  616.421430][T15906] Dev loop6: unable to read RDB block 0
[  616.439984][T15906]  loop6: unable to read partition table
[  616.456011][T15906] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  616.659330][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout
[  616.660170][ T2155] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  616.677159][T15909] netlink: 'syz.1.3634': attribute type 21 has an invalid length.
[  616.695658][ T2155] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  616.749112][T15909] netlink: 'syz.1.3634': attribute type 6 has an invalid length.
[  616.767414][T15909] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3634'.
[  617.819216][ T5896] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  617.999053][ T5896] usb 5-1: Using ep0 maxpacket: 8
[  618.011029][ T5896] usb 5-1: config index 0 descriptor too short (expected 19730, got 18)
[  618.027570][ T5896] usb 5-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  618.069147][ T5896] usb 5-1: config 0 has an invalid interface number: 211 but max is 53
[  618.077564][ T5896] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 54
[  618.078446][T15945] netlink: 'syz.1.3648': attribute type 20 has an invalid length.
[  618.129298][ T5896] usb 5-1: config 0 has no interface number 0
[  618.136804][ T5896] usb 5-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  618.163772][T15947] /dev/rnullb0: Can't open blockdev
[  618.168542][ T5896] usb 5-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  618.193078][ T5896] usb 5-1: config 0 interface 211 has no altsetting 0
[  618.212293][ T5896] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  618.227230][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.230862][T15930] overlayfs: statfs failed on './file0'
[  618.259236][ T5896] usb 5-1: Product: syz
[  618.263559][ T5896] usb 5-1: Manufacturer: syz
[  618.268215][ T5896] usb 5-1: SerialNumber: syz
[  618.305529][ T5896] usb 5-1: config 0 descriptor??
[  618.474958][T15952] binder: 15950:15952 ioctl 40345622 2000000001c0 returned -22
[  618.542476][ T5896] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  618.552629][ T5896] gspca_sn9c2028: read1 error -71
[  618.558170][ T5896] gspca_sn9c2028: read1 error -71
[  618.566494][ T5896] gspca_sn9c2028: read1 error -71
[  618.584322][ T5896] sn9c2028 5-1:0.211: probe with driver sn9c2028 failed with error -71
[  618.621404][ T5896] usb 5-1: USB disconnect, device number 87
[  619.358067][T15970] ieee802154 phy0 wpan0: encryption failed: -22
[  619.375762][T15968] /dev/rnullb0: Can't open blockdev
[  619.857935][T15991] syzkaller1: entered promiscuous mode
[  619.869312][T15991] syzkaller1: entered allmulticast mode
[  620.316209][T16004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3669'.
[  620.389189][   T43] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  620.459081][ T5946] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  620.549227][   T43] usb 2-1: Using ep0 maxpacket: 8
[  620.564014][   T43] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  620.572898][   T43] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  620.594435][   T43] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  620.613377][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  620.633719][   T43] usb 2-1: config 0 has no interface number 0
[  620.645742][ T5946] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  620.654563][   T43] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  620.666347][ T5946] usb 5-1: config 160 has no interface number 0
[  620.681569][ T5946] usb 5-1: config 160 interface 200 has no altsetting 0
[  620.701883][   T43] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  620.716607][   T43] usb 2-1: config 0 interface 211 has no altsetting 0
[  620.728829][ T5946] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  620.743547][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.753416][ T5946] usb 5-1: Product: syz
[  620.758117][ T5946] usb 5-1: Manufacturer: syz
[  620.765869][   T43] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  620.775774][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.784355][ T5946] usb 5-1: SerialNumber: syz
[  620.799352][   T43] usb 2-1: Product: syz
[  620.803617][   T43] usb 2-1: Manufacturer: syz
[  620.808383][   T43] usb 2-1: SerialNumber: syz
[  620.840306][   T43] usb 2-1: config 0 descriptor??
[  621.043163][ T5946] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  621.074193][   T43] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  621.081532][ T5946] usb 5-1: MIDIStreaming interface descriptor not found
[  621.099976][   T43] gspca_sn9c2028: read1 error -71
[  621.105569][   T43] gspca_sn9c2028: read1 error -71
[  621.121715][   T43] gspca_sn9c2028: read1 error -71
[  621.126891][   T43] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  621.175165][ T5946] usb 5-1: USB disconnect, device number 88
[  621.188786][   T43] usb 2-1: USB disconnect, device number 119
[  621.260349][ T7008] udevd[7008]: setting mode of /dev/dmmidi3 to 020660 failed: No such file or directory
[  621.290550][ T7008] udevd[7008]: setting owner of /dev/dmmidi3 to uid=0, gid=29 failed: No such file or directory
[  621.300966][T13636] udevd[13636]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  621.659399][ T5896] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  621.809106][ T5896] usb 3-1: device descriptor read/64, error -71
[  621.854746][T16027] binder: BINDER_SET_CONTEXT_MGR already set
[  621.863414][T16029] netlink: 'syz.1.3680': attribute type 10 has an invalid length.
[  621.873022][T16027] binder: 16026:16027 ioctl 4018620d 200000004a80 returned -16
[  622.059354][ T5896] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  622.219407][ T5896] usb 3-1: device descriptor read/64, error -71
[  622.329500][ T5896] usb usb3-port1: attempt power cycle
[  622.352722][T16039] /dev/rnullb0: Can't open blockdev
[  622.694216][T16048] misc userio: Begin command sent, but we're already running
[  622.709179][ T5896] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  622.750481][ T5896] usb 3-1: device descriptor read/8, error -71
[  622.985496][T16054] loop3: detected capacity change from 0 to 7
[  622.995872][ T6510]  loop3: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
[  623.002989][ T5896] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  623.013048][    T9] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  623.025225][ T6510] loop3: p1 start 1029989888 is beyond EOD, truncated
[  623.033781][ T6510] loop3: p2 start 2878989330 is beyond EOD, truncated
[  623.042181][ T6510] loop3: p3 start 571092530 is beyond EOD, truncated
[  623.049600][ T6510] loop3: p4 start 1864591932 is beyond EOD, 
[  623.049738][ T5896] usb 3-1: device descriptor read/8, error -71
[  623.062591][ T6510] truncated
[  623.065747][ T6510] loop3: p5 start 4040747046 is beyond EOD, truncated
[  623.072895][ T6510] loop3: p6 start 747796890 is beyond EOD, truncated
[  623.079864][ T6510] loop3: p7 start 876033588 is beyond EOD, truncated
[  623.086587][ T6510] loop3: p8 start 431590914 is beyond EOD, truncated
[  623.093668][ T6510] loop3: p9 start 27938030 is beyond EOD, truncated
[  623.100643][ T6510] loop3: p10 start 4133286817 is beyond EOD, truncated
[  623.108810][T16054]  loop3: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
[  623.121488][T16054] loop3: p1 start 1029989888 is beyond EOD, truncated
[  623.128393][T16054] loop3: p2 start 2878989330 is beyond EOD, truncated
[  623.135795][T16054] loop3: p3 start 571092530 is beyond EOD, truncated
[  623.143638][T16054] loop3: p4 start 1864591932 is beyond EOD, truncated
[  623.151263][T16054] loop3: p5 start 4040747046 is beyond EOD, truncated
[  623.158091][T16054] loop3: p6 start 747796890 is beyond EOD, truncated
[  623.165504][T16054] loop3: p7 start 876033588 is beyond EOD, truncated
[  623.172760][T16054] loop3: p8 start 431590914 is beyond EOD, truncated
[  623.180505][ T5896] usb usb3-port1: unable to enumerate USB device
[  623.187617][T16054] loop3: p9 start 27938030 is beyond EOD, truncated
[  623.194581][T16054] loop3: p10 start 4133286817 is beyond EOD, truncated
[  623.203388][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  623.214736][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  623.249029][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.270577][    T9] usb 5-1: config 0 descriptor??
[  623.619166][ T5946] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  623.696908][    T9] keytouch 0003:0926:3333.0051: fixing up Keytouch IEC report descriptor
[  623.720077][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0051/input/input124
[  623.779075][ T5946] usb 2-1: Using ep0 maxpacket: 16
[  623.797218][ T5946] usb 2-1: unable to get BOS descriptor or descriptor too short
[  623.806702][ T5946] usb 2-1: config 1 has an invalid interface number: 160 but max is 0
[  623.815136][ T5946] usb 2-1: config 1 has no interface number 0
[  623.821721][ T5946] usb 2-1: config 1 interface 160 has no altsetting 0
[  623.834739][ T5946] usb 2-1: New USB device found, idVendor=0c88, idProduct=0021, bcdDevice=19.47
[  623.849706][ T5946] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.864893][ T5946] usb 2-1: Product: syz
[  623.872240][ T5946] usb 2-1: Manufacturer: syz
[  623.876907][ T5946] usb 2-1: SerialNumber: syz
[  623.893665][    T9] keytouch 0003:0926:3333.0051: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  624.126998][T16056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  624.145049][T16056] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  624.223572][    T9] usb 5-1: USB disconnect, device number 89
[  624.314346][ T5946] usb 2-1: palm_os_4_probe - error -71 getting connection info
[  624.322423][ T5946] visor 2-1:1.160: Handspring Visor / Palm OS converter detected
[  624.341284][ T5946] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  624.359544][ T5946] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  624.388204][ T5946] usb 2-1: USB disconnect, device number 120
[  624.418049][ T5946] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  624.442779][ T5946] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  624.455918][ T5946] visor 2-1:1.160: device disconnected
[  624.805840][T16064] binder: BINDER_SET_CONTEXT_MGR already set
[  624.812075][T16064] binder: 16063:16064 ioctl 4018620d 2000000002c0 returned -16
[  624.949719][    T9] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  625.103026][T16074] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3700'.
[  625.139402][    T9] usb 3-1: Using ep0 maxpacket: 32
[  625.150395][    T9] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  625.189122][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  625.195821][    T9] usb 3-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  625.239020][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.259667][    T9] usb 3-1: config 0 descriptor??
[  625.698818][    T9] aquacomputer_d5next 0003:0C70:F011.0052: hidraw0: USB HID v0.07 Device [HID 0c70:f011] on usb-dummy_hcd.2-1/input0
[  625.826428][ T5167] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  625.836433][T16085] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3703'.
[  625.871957][ T5167] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  625.885279][ T5167] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  625.900485][ T5167] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  625.921233][ T5167] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  625.961410][    T9] usb 3-1: USB disconnect, device number 40
[  625.971121][ T5845] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  626.000043][ T5845] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  626.008266][ T5845] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  626.029153][ T5845] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  626.046248][ T5845] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  626.111841][T15347] syz_tun (unregistering): left allmulticast mode
[  626.156763][T15347] syz_tun (unregistering): left promiscuous mode
[  626.167187][T15347] bridge0: port 3(syz_tun) entered disabled state
[  626.417720][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.781421][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.990116][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.132537][   T13] team0: Port device netdevsim0 removed
[  627.168762][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.227406][T16110] syzkaller1: entered promiscuous mode
[  627.233143][T16110] syzkaller1: entered allmulticast mode
[  627.576014][T16082] chnl_net:caif_netlink_parms(): no params data found
[  627.642657][T16124] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  627.669434][T16124] /dev/rnullb0: Can't open blockdev
[  627.912643][   T13] bridge_slave_1: left allmulticast mode
[  627.918383][   T13] bridge_slave_1: left promiscuous mode
[  627.975477][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.037640][   T13] bridge_slave_0: left allmulticast mode
[  628.069661][   T13] bridge_slave_0: left promiscuous mode
[  628.090232][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.185377][ T5845] Bluetooth: hci6: command tx timeout
[  628.781400][   T13] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  628.808085][   T13] bridge0 (unregistering): left promiscuous mode
[  628.971136][T16142] input: syz0 as /devices/virtual/input/input125
[  629.197006][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  629.226910][   T13] bond_slave_0: left promiscuous mode
[  629.246784][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  629.256474][   T13] bond_slave_1: left promiscuous mode
[  629.265340][   T13] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  629.276554][   T13] bond0 (unregistering): Released all slaves
[  629.573727][T16082] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.585074][T16082] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.597188][T16082] bridge_slave_0: entered allmulticast mode
[  629.609937][T16082] bridge_slave_0: entered promiscuous mode
[  629.648065][T16082] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.669134][T16082] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.690823][T16082] bridge_slave_1: entered allmulticast mode
[  629.707120][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  629.713682][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  629.715444][T16082] bridge_slave_1: entered promiscuous mode
[  629.763057][T16155] loop6: detected capacity change from 0 to 2560
[  629.784131][T16155] buffer_io_error: 11 callbacks suppressed
[  629.784153][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.810542][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.818541][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.826701][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.865112][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.888747][T16082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  629.899150][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.929184][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.947122][T16082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  629.959248][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.988717][T16155] ldm_validate_partition_table(): Disk read failed.
[  630.020294][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  630.099381][T16155] Buffer I/O error on dev loop6, logical block 0, async page read
[  630.119363][T16155] Dev loop6: unable to read RDB block 0
[  630.139640][T16155]  loop6: unable to read partition table
[  630.170325][T16155] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  630.250752][T16082] team0: Port device team_slave_0 added
[  630.259406][ T5845] Bluetooth: hci6: command tx timeout
[  630.287465][T16082] team0: Port device team_slave_1 added
[  630.511618][T16082] batman_adv: batadv0: Adding interface: batadv_slave_0
[  630.548997][T16082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  630.694763][T16082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  630.840960][T16082] batman_adv: batadv0: Adding interface: batadv_slave_1
[  630.894157][T16082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  630.993536][T16082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  631.179270][ T5946] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  631.237516][T16197] kernel profiling enabled (shift: 0)
[  631.251488][T16082] hsr_slave_0: entered promiscuous mode
[  631.258309][T16082] hsr_slave_1: entered promiscuous mode
[  631.306252][T16082] debugfs: 'hsr0' already exists in 'hsr'
[  631.330520][T16082] Cannot create hsr debugfs directory
[  631.350573][ T5946] usb 2-1: Using ep0 maxpacket: 8
[  631.362469][ T5946] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  631.381227][T16017] Bluetooth: hci6: Opcode 0x0c1a failed: -110
[  631.389124][ T5946] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  631.413796][T16017] Bluetooth: hci6: Error when powering off device on rfkill (-110)
[  631.440108][ T5946] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  631.461048][ T5946] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  631.508293][ T5946] usb 2-1: config 0 has no interface number 0
[  631.534649][ T5946] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  631.569158][ T5946] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  631.611376][ T5889] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  631.619752][ T5946] usb 2-1: config 0 interface 211 has no altsetting 0
[  631.638773][ T5946] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  631.649078][ T5946] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.668426][ T5946] usb 2-1: Product: syz
[  631.677874][ T5946] usb 2-1: Manufacturer: syz
[  631.697405][ T5946] usb 2-1: SerialNumber: syz
[  631.729853][ T5946] usb 2-1: config 0 descriptor??
[  631.771847][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  631.805458][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  631.817970][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[  631.845977][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[  631.883374][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  631.930254][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  631.969506][ T5889] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  631.970880][ T5946] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  631.986992][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.009285][ T5889] usb 3-1: Product: syz
[  632.019340][ T5946] gspca_sn9c2028: read1 error -71
[  632.027474][ T5946] gspca_sn9c2028: read1 error -71
[  632.043954][ T5946] gspca_sn9c2028: read1 error -71
[  632.046133][ T5889] usb 3-1: Manufacturer: syz
[  632.053271][ T5946] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  632.063924][ T5889] usb 3-1: SerialNumber: syz
[  632.083844][ T5946] usb 2-1: USB disconnect, device number 121
[  632.101240][ T5889] usb 3-1: config 0 descriptor??
[  632.110620][T16200] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  632.123230][ T5889] ati_remote 3-1:0.0: ati_remote_probe: Unexpected endpoint_out
[  632.249731][   T13] hsr_slave_0: left promiscuous mode
[  632.269382][   T13] hsr_slave_1: left promiscuous mode
[  632.275847][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  632.294254][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  632.310299][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  632.328168][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  632.360950][ T5946] usb 3-1: USB disconnect, device number 41
[  632.401838][   T13] veth1_macvtap: left promiscuous mode
[  632.407453][   T13] veth0_macvtap: left promiscuous mode
[  632.431758][   T13] veth1_vlan: left promiscuous mode
[  632.450219][   T13] veth0_vlan: left promiscuous mode
[  632.857162][T16197] syz.5.3736: vmalloc error: size 705499136, failed to allocated page array size 1377928, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  632.909139][T16197] CPU: 1 UID: 0 PID: 16197 Comm: syz.5.3736 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  632.909171][T16197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  632.909185][T16197] Call Trace:
[  632.909194][T16197]  <TASK>
[  632.909204][T16197]  dump_stack_lvl+0x189/0x250
[  632.909244][T16197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.909274][T16197]  ? __pfx__printk+0x10/0x10
[  632.909336][T16197]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  632.909368][T16197]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  632.909401][T16197]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  632.909437][T16197]  warn_alloc+0x214/0x310
[  632.909471][T16197]  ? __pfx_warn_alloc+0x10/0x10
[  632.909509][T16197]  ? __get_vm_area_node+0x28f/0x300
[  632.909533][T16197]  ? profile_init+0xb4/0x100
[  632.909563][T16197]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  632.909615][T16197]  ? policy_nodemask+0x27c/0x720
[  632.909649][T16197]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  632.909676][T16197]  ? alloc_pages_mpol+0x3cd/0x4a0
[  632.909704][T16197]  ? profile_init+0xb4/0x100
[  632.909729][T16197]  vzalloc_noprof+0xb2/0xf0
[  632.909753][T16197]  ? profile_init+0xb4/0x100
[  632.909779][T16197]  profile_init+0xb4/0x100
[  632.909805][T16197]  profiling_store+0x70/0x120
[  632.909835][T16197]  ? __pfx_sysfs_kf_write+0x10/0x10
[  632.909854][T16197]  kernfs_fop_write_iter+0x375/0x4f0
[  632.909892][T16197]  vfs_write+0x54b/0xa90
[  632.909925][T16197]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  632.909957][T16197]  ? __pfx_vfs_write+0x10/0x10
[  632.909997][T16197]  ? __fget_files+0x2a/0x420
[  632.910039][T16197]  ksys_write+0x145/0x250
[  632.910070][T16197]  ? __pfx_ksys_write+0x10/0x10
[  632.910104][T16197]  ? do_syscall_64+0xbe/0x3b0
[  632.910141][T16197]  do_syscall_64+0xfa/0x3b0
[  632.910172][T16197]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.910203][T16197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.910224][T16197]  ? clear_bhb_loop+0x60/0xb0
[  632.910251][T16197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.910272][T16197] RIP: 0033:0x7f8f7598e9a9
[  632.910292][T16197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.910310][T16197] RSP: 002b:00007f8f7687c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  632.910333][T16197] RAX: ffffffffffffffda RBX: 00007f8f75bb6080 RCX: 00007f8f7598e9a9
[  632.910348][T16197] RDX: 0000000000000012 RSI: 0000200000000000 RDI: 0000000000000005
[  632.910362][T16197] RBP: 00007f8f75a10d69 R08: 0000000000000000 R09: 0000000000000000
[  632.910376][T16197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  632.910388][T16197] R13: 0000000000000001 R14: 00007f8f75bb6080 R15: 00007ffdc4e739c8
[  632.910424][T16197]  </TASK>
[  632.910446][T16197] Mem-Info:
[  633.210557][T16197] active_anon:6639 inactive_anon:0 isolated_anon:0
[  633.210557][T16197]  active_file:28419 inactive_file:52477 isolated_file:0
[  633.210557][T16197]  unevictable:768 dirty:77 writeback:0
[  633.210557][T16197]  slab_reclaimable:11340 slab_unreclaimable:101688
[  633.210557][T16197]  mapped:35743 shmem:1364 pagetables:1394
[  633.210557][T16197]  sec_pagetables:0 bounce:0
[  633.210557][T16197]  kernel_misc_reclaimable:0
[  633.210557][T16197]  free:1223702 free_pcp:24357 free_cma:0
[  633.289059][T16197] Node 0 active_anon:26556kB inactive_anon:0kB active_file:113660kB inactive_file:209708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142972kB dirty:304kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12304kB pagetables:5412kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  633.326493][T16197] Node 1 active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  633.367817][T16197] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  633.367931][T16197] lowmem_reserve[]: 0 2496 2497 2497 2497
[  633.367987][T16197] Node 0 DMA32 free:1047060kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26608kB inactive_anon:0kB active_file:113660kB inactive_file:208636kB unevictable:2236kB writepending:300kB present:3129332kB managed:2556420kB mlocked:800kB bounce:0kB free_pcp:40968kB local_pcp:22628kB free_cma:0kB
[  633.368054][T16197] lowmem_reserve[]: 0 0 1 1 1
[  633.368107][T16197] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1072kB unevictable:0kB writepending:4kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  633.368170][T16197] lowmem_reserve[]: 0 0 0 0 0
[  633.368223][T16197] Node 1 Normal free:3832384kB boost:0kB min:55672kB low:69588kB high:83504kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:54764kB local_pcp:34540kB free_cma:0kB
[  633.368289][T16197] lowmem_reserve[]: 0 0 0 0 0
[  633.368342][T16197] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  633.368546][T16197] Node 0 DMA32: 1183*4kB (UM) 207*8kB (UME) 412*16kB (ME) 563*32kB (ME) 286*64kB (UME) 15*128kB (UME) 26*256kB (ME) 16*512kB (M) 98*1024kB (UME) 12*2048kB (UME) 209*4096kB (UM) = 1047060kB
[  633.368770][T16197] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  633.372989][T16197] Node 1 Normal: 16*4kB (UE) 14*8kB (UE) 9*16kB (UE) 6*32kB (U) 9*64kB (UM) 6*128kB (UE) 7*256kB (UM) 10*512kB (UE) 8*1024kB (UE) 5*2048kB (UME) 929*4096kB (UM) = 3832384kB
[  633.373208][T16197] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  633.373229][T16197] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  633.373248][T16197] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  633.373266][T16197] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  633.373285][T16197] 82256 total pagecache pages
[  633.373311][T16197] 0 pages in swap cache
[  633.373321][T16197] Free swap  = 124996kB
[  633.373332][T16197] Total swap = 124996kB
[  633.373343][T16197] 2097051 pages RAM
[  633.373354][T16197] 0 pages HighMem/MovableOnly
[  633.373364][T16197] 426032 pages reserved
[  633.373374][T16197] 0 pages cma reserved
[  633.499558][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.602851][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.691185][    C0] vkms_vblank_simulate: vblank timer overrun
[  634.538240][T16218] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3745'.
[  634.757173][   T43] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  634.923234][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  634.935533][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.947318][   T13] team0 (unregistering): Port device team_slave_1 removed
[  634.999513][   T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  635.021188][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.031456][   T43] usb 3-1: Product: syz
[  635.035675][   T43] usb 3-1: Manufacturer: syz
[  635.059310][   T43] usb 3-1: SerialNumber: syz
[  635.151158][   T13] team0 (unregistering): Port device team_slave_0 removed
[  636.167597][T16239] /dev/rnullb0: Can't open blockdev
[  636.195520][   T43] cdc_ncm 3-1:1.0: bind() failure
[  636.237138][   T43] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  636.279535][   T43] cdc_ncm 3-1:1.1: bind() failure
[  636.402799][   T43] usb 3-1: USB disconnect, device number 42
[  636.454774][T16243] Invalid logical block size (218103808)
[  637.205731][T16082] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  637.249749][T16082] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  637.283689][T16082] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  637.319185][ T5896] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  637.377620][T16082] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  637.486626][ T5896] usb 3-1: Using ep0 maxpacket: 8
[  637.555023][ T5896] usb 3-1: config index 0 descriptor too short (expected 19730, got 18)
[  637.589159][ T5896] usb 3-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  637.597832][ T5896] usb 3-1: config 0 has an invalid interface number: 211 but max is 53
[  637.633485][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 54
[  637.658845][ T5896] usb 3-1: config 0 has no interface number 0
[  637.691840][ T5896] usb 3-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  637.757437][ T5896] usb 3-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  637.783966][T16082] 8021q: adding VLAN 0 to HW filter on device bond0
[  637.816820][ T5896] usb 3-1: config 0 interface 211 has no altsetting 0
[  637.844925][ T5896] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  637.863372][T16082] 8021q: adding VLAN 0 to HW filter on device team0
[  637.875732][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.888458][ T5896] usb 3-1: Product: syz
[  637.898405][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.905649][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  637.920403][ T5896] usb 3-1: Manufacturer: syz
[  637.925075][ T5896] usb 3-1: SerialNumber: syz
[  637.945918][ T5896] usb 3-1: config 0 descriptor??
[  637.975937][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.983196][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  638.042137][T16280] /dev/rnullb0: Can't open blockdev
[  638.224786][ T5896] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  638.244865][ T5896] gspca_sn9c2028: read1 error -71
[  638.267417][ T5896] gspca_sn9c2028: read1 error -71
[  638.283289][ T5896] gspca_sn9c2028: read1 error -71
[  638.297705][ T5896] sn9c2028 3-1:0.211: probe with driver sn9c2028 failed with error -71
[  638.327375][ T5896] usb 3-1: USB disconnect, device number 43
[  638.675574][T16082] 8021q: adding VLAN 0 to HW filter on device batadv0
[  640.097018][T16082] veth0_vlan: entered promiscuous mode
[  640.163666][T16082] veth1_vlan: entered promiscuous mode
[  640.298802][T16082] veth0_macvtap: entered promiscuous mode
[  640.342227][T16082] veth1_macvtap: entered promiscuous mode
[  640.421559][T16082] batman_adv: batadv0: Interface activated: batadv_slave_0
[  640.465777][T16082] batman_adv: batadv0: Interface activated: batadv_slave_1
[  640.570880][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  640.589400][   T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  640.598185][   T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  640.721090][   T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  640.927282][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  640.950570][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.111825][T16017] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  641.131875][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.168339][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.304230][T16017] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  641.323728][T16017] usb 2-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3
[  641.357419][T16017] usb 2-1: Product: syz
[  641.392451][T16017] usb 2-1: Manufacturer: syz
[  641.415302][T16017] usb 2-1: SerialNumber: syz
[  641.454879][T16017] r8152-cfgselector 2-1: Unknown version 0x0000
[  641.478144][T16017] r8152-cfgselector 2-1: config 0 descriptor??
[  641.501690][T16372] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  641.508303][T16372] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  641.549414][T16372] vhci_hcd vhci_hcd.0: Device attached
[  641.729194][ T2155] vhci_hcd: vhci_device speed not set
[  641.739448][T16383] netlink: 'syz.2.3775': attribute type 6 has an invalid length.
[  641.790721][ T2155] usb 41-1: new full-speed USB device number 6 using vhci_hcd
[  641.819550][ T5896] usb 5-1: new low-speed USB device number 90 using dummy_hcd
[  641.954059][T16389] /dev/rnullb0: Can't open blockdev
[  642.015872][ T5896] usb 5-1: config 0 has no interfaces?
[  642.037409][ T5896] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  642.068704][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.117498][ T5896] usb 5-1: config 0 descriptor??
[  642.339211][T16374] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 4
[  642.356032][   T24] usb 5-1: USB disconnect, device number 90
[  642.400955][   T49] vhci_hcd: stop threads
[  642.430870][   T49] vhci_hcd: release socket
[  642.449510][   T49] vhci_hcd: disconnect device
[  642.462921][T16017] r8152-cfgselector 2-1: Unknown version 0x0000
[  642.500344][T16017] r8152-cfgselector 2-1: bad CDC descriptors
[  642.547495][T16017] r8152-cfgselector 2-1: USB disconnect, device number 122
[  642.987948][T16403] netlink: 'syz.4.3780': attribute type 10 has an invalid length.
[  643.023837][T16403] team0: Port device netdevsim0 added
[  643.554206][T16418] loop6: detected capacity change from 0 to 2560
[  643.569225][T16418] buffer_io_error: 11 callbacks suppressed
[  643.569245][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.590955][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.603063][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.613342][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.632621][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.656633][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.686926][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.710802][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.734357][T16418] ldm_validate_partition_table(): Disk read failed.
[  643.743546][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.757142][T16418] Buffer I/O error on dev loop6, logical block 0, async page read
[  643.768056][T16418] Dev loop6: unable to read RDB block 0
[  643.799071][T16418]  loop6: unable to read partition table
[  643.805288][T16418] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  643.847938][ T5217] ldm_validate_partition_table(): Disk read failed.
[  643.866768][ T5217] Dev loop6: unable to read RDB block 0
[  643.881388][ T5217]  loop6: unable to read partition table
[  644.309041][T16017] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  644.435269][T16438] netlink: 'syz.4.3793': attribute type 20 has an invalid length.
[  644.509902][T16017] usb 3-1: Using ep0 maxpacket: 8
[  644.520814][T16017] usb 3-1: config index 0 descriptor too short (expected 19730, got 18)
[  644.540242][T16017] usb 3-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  644.553006][T16017] usb 3-1: config 0 has an invalid interface number: 211 but max is 53
[  644.561817][T16017] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 54
[  644.571193][T16017] usb 3-1: config 0 has no interface number 0
[  644.577448][T16017] usb 3-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  644.590772][T16017] usb 3-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  644.605712][T16017] usb 3-1: config 0 interface 211 has no altsetting 0
[  644.615725][T16017] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  644.625308][T16017] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.633768][T16017] usb 3-1: Product: syz
[  644.638133][T16017] usb 3-1: Manufacturer: syz
[  644.643221][T16017] usb 3-1: SerialNumber: syz
[  644.649062][   T24] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  644.669813][T16017] usb 3-1: config 0 descriptor??
[  644.779045][   T24] usb 2-1: device descriptor read/64, error -71
[  644.789205][   T43] usb 5-1: new full-speed USB device number 91 using dummy_hcd
[  644.916153][T16429] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3789'.
[  644.943518][T16017] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  644.961575][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  644.978033][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  644.988709][T16017] gspca_sn9c2028: read1 error -71
[  645.004456][   T43] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  645.016330][T16017] gspca_sn9c2028: read1 error -71
[  645.022913][   T24] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  645.033207][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.041742][T16017] gspca_sn9c2028: read1 error -71
[  645.046893][T16017] sn9c2028 3-1:0.211: probe with driver sn9c2028 failed with error -71
[  645.068711][T16017] usb 3-1: USB disconnect, device number 44
[  645.079749][   T43] usb 5-1: config 0 descriptor??
[  645.090929][   T43] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  645.110652][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  645.125754][   T43] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  645.136421][   T43] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  645.146661][   T43] usb 5-1: media controller created
[  645.155454][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  645.179444][   T24] usb 2-1: device descriptor read/64, error -71
[  645.189753][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  645.195642][   T43] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  645.227457][   T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input126
[  645.279755][   T43] dvb-usb: schedule remote query interval to 150 msecs.
[  645.300152][   T43] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  645.317577][   T24] usb usb2-port1: attempt power cycle
[  645.459431][   T43] dvb-usb: bulk message failed: -22 (1/0)
[  645.465344][   T43] dvb-usb: error while querying for an remote control event.
[  645.629196][   T43] dvb-usb: bulk message failed: -22 (1/0)
[  645.635046][   T43] dvb-usb: error while querying for an remote control event.
[  645.659170][   T24] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  645.690412][   T24] usb 2-1: device descriptor read/8, error -71
[  645.809328][ T5896] usb 5-1: USB disconnect, device number 91
[  645.819008][T16017] dvb-usb: bulk message failed: -22 (1/0)
[  645.824825][T16017] dvb-usb: error while querying for an remote control event.
[  645.827659][T16448] ieee802154 phy0 wpan0: encryption failed: -22
[  645.873664][ T5896] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  645.929054][   T24] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  645.974485][   T24] usb 2-1: device descriptor read/8, error -71
[  646.102594][   T24] usb usb2-port1: unable to enumerate USB device
[  646.383282][   T24] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  646.535941][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  646.568597][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  646.609197][   T24] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  646.626060][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.640583][   T24] usb 5-1: config 0 descriptor??
[  646.652497][   T24] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  646.669329][ T5939] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  646.844435][ T5939] usb 3-1: not running at top speed; connect to a high speed hub
[  646.857885][ T5939] usb 3-1: config 2 has an invalid interface descriptor of length 8, skipping
[  646.869375][ T5939] usb 3-1: config 2 descriptor has 1 excess byte, ignoring
[  646.876739][ T5939] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  646.893559][ T5939] usb 3-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=2c.d4
[  646.903927][ T2155] vhci_hcd: vhci_device speed not set
[  646.916182][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.925809][ T5939] usb 3-1: Product: syz
[  646.934666][ T5939] usb 3-1: Manufacturer: syz
[  646.939450][ T5939] usb 3-1: SerialNumber: syz
[  647.165734][ T5939] usb 3-1: USB disconnect, device number 45
[  647.749013][T16017] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  647.788475][T16472] /dev/rnullb0: Can't open blockdev
[  647.893789][T16475] overlayfs: statfs failed on './file0'
[  647.929585][T16017] usb 2-1: Using ep0 maxpacket: 32
[  647.937827][T16017] usb 2-1: unable to get BOS descriptor or descriptor too short
[  647.950676][T16017] usb 2-1: config 248 has an invalid interface number: 98 but max is 0
[  647.968340][T16017] usb 2-1: config 248 has no interface number 0
[  647.974861][T16017] usb 2-1: config 248 interface 98 has no altsetting 0
[  647.988105][T16017] usb 2-1: New USB device found, idVendor=0421, idProduct=04e6, bcdDevice=15.a7
[  648.003881][T16017] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.014267][T16017] usb 2-1: Product: syz
[  648.022407][T16017] usb 2-1: Manufacturer: syz
[  648.027060][T16017] usb 2-1: SerialNumber: syz
[  648.126396][   T30] audit: type=1326 audit(1753757284.443:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16477 comm="syz.2.3811" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe8e958e9a9 code=0x0
[  648.541399][T16017] usb 2-1: bad CDC descriptors
[  648.556085][T16017] cdc_acm 2-1:248.98: Zero length descriptor references
[  648.579322][T16017] cdc_acm 2-1:248.98: probe with driver cdc_acm failed with error -22
[  648.618553][T16017] usb 2-1: USB disconnect, device number 127
[  649.053001][T16505] /dev/rnullb0: Can't open blockdev
[  649.275039][T16510] Invalid logical block size (268435456)
[  649.417485][T16515] /dev/rnullb0: Can't open blockdev
[  649.679253][T16017] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  649.759155][   T24] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  649.852028][T16017] usb 2-1: Using ep0 maxpacket: 8
[  649.871988][T16017] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  649.905865][T16017] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  649.927209][T16017] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  649.940449][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  649.959321][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.973987][T16017] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  649.988483][T16529] loop3: detected capacity change from 0 to 7
[  649.994947][T16017] usb 2-1: config 0 has no interface number 0
[  650.004478][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.015616][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.024204][T16017] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  650.036097][T16529]  loop3: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
[  650.046218][   T24] usb 3-1: Product: syz
[  650.053703][   T24] usb 3-1: Manufacturer: syz
[  650.062606][T16017] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  650.079012][   T24] usb 3-1: SerialNumber: syz
[  650.081225][T16529] loop3: p1 start 1029989888 is beyond EOD, truncated
[  650.099511][T16017] usb 2-1: config 0 interface 211 has no altsetting 0
[  650.115070][T16017] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  650.142519][T16017] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.146374][ T5896] usb 5-1: USB disconnect, device number 92
[  650.170563][T16529] loop3: p2 start 2878989330 is beyond EOD, truncated
[  650.177570][T16529] loop3: p3 start 571092530 is beyond EOD, truncated
[  650.196581][T16017] usb 2-1: Product: syz
[  650.202020][T16529] loop3: p4 start 1864591932 is beyond EOD, truncated
[  650.218612][T16017] usb 2-1: Manufacturer: syz
[  650.223614][T16017] usb 2-1: SerialNumber: syz
[  650.237910][T16529] loop3: p5 start 4040747046 is beyond EOD, truncated
[  650.247144][T16017] usb 2-1: config 0 descriptor??
[  650.262810][T16529] loop3: p6 start 747796890 is beyond EOD, truncated
[  650.271198][T16529] loop3: p7 start 876033588 is beyond EOD, truncated
[  650.278297][T16529] loop3: p8 start 431590914 is beyond EOD, truncated
[  650.286157][T16529] loop3: p9 start 27938030 is beyond EOD, truncated
[  650.293069][T16529] loop3: p10 start 4133286817 is beyond EOD, truncated
[  650.476307][T16516] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3818'.
[  650.508088][T16017] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  650.537014][T16017] gspca_sn9c2028: read1 error -71
[  650.551891][T16017] gspca_sn9c2028: read1 error -71
[  650.563697][T16017] gspca_sn9c2028: read1 error -71
[  650.568889][T16017] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  650.617485][T16017] usb 2-1: USB disconnect, device number 2
[  650.759851][T16544] netlink: 'syz.5.3826': attribute type 10 has an invalid length.
[  650.767874][T16544] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3826'.
[  650.777683][T16544] bond0: entered promiscuous mode
[  650.783684][T16544] bond_slave_0: entered promiscuous mode
[  650.790134][T16544] bond_slave_1: entered promiscuous mode
[  650.797437][T16544] bridge0: port 3(bond0) entered blocking state
[  650.804681][T16544] bridge0: port 3(bond0) entered disabled state
[  650.811863][T16544] bond0: entered allmulticast mode
[  650.817051][T16544] bond_slave_0: entered allmulticast mode
[  650.828494][T16544] bond_slave_1: entered allmulticast mode
[  650.848474][T16544] bridge0: port 3(bond0) entered blocking state
[  650.855020][T16544] bridge0: port 3(bond0) entered forwarding state
[  650.925701][T16546] /dev/rnullb0: Can't open blockdev
[  651.194505][T16553] netlink: 'syz.1.3831': attribute type 6 has an invalid length.
[  651.305053][   T24] cdc_ncm 3-1:1.0: bind() failure
[  651.331987][   T24] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  651.347918][   T24] cdc_ncm 3-1:1.1: bind() failure
[  651.490985][T16566] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  651.518545][T16566] /dev/rnullb0: Can't open blockdev
[  651.808250][T16575] kvm: kvm [16574]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000079)
[  652.069021][ T5896] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  652.181242][   T43] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  652.208150][T16587] /dev/rnullb0: Can't open blockdev
[  652.231084][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  652.253874][ T5896] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  652.266038][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.287950][ T5896] usb 2-1: config 0 descriptor??
[  652.329049][   T43] usb 5-1: device descriptor read/64, error -71
[  652.604860][   T43] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  652.699663][ T5896] keytouch 0003:0926:3333.0053: fixing up Keytouch IEC report descriptor
[  652.750546][   T43] usb 5-1: device descriptor read/64, error -71
[  652.757624][ T5896] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0053/input/input127
[  652.891573][   T43] usb usb5-port1: attempt power cycle
[  652.944442][T16604] netlink: 'syz.2.3849': attribute type 28 has an invalid length.
[  652.976288][T16604] /dev/rnullb0: Can't open blockdev
[  653.023597][ T5896] keytouch 0003:0926:3333.0053: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  653.120311][T16608] netlink: set zone limit has 4 unknown bytes
[  653.244098][T16612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.262609][   T43] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  653.271849][ T5896] usb 2-1: USB disconnect, device number 3
[  653.305900][T16610] fido_id[16610]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  653.324517][T16612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.339909][   T43] usb 5-1: device descriptor read/8, error -71
[  653.429376][T16612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.469336][T16612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.503068][T16612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.529551][T16612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.549263][T16612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.575736][T16612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.589136][   T43] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  653.619873][   T43] usb 5-1: device descriptor read/8, error -71
[  653.729555][   T43] usb usb5-port1: unable to enumerate USB device
[  653.798836][T16612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.819627][T16612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.234994][T16628] netlink: 'syz.5.3858': attribute type 10 has an invalid length.
[  654.251471][T16628] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3858'.
[  654.267399][T16628] mac80211_hwsim hwsim20 wlan1: entered promiscuous mode
[  654.277824][T16628] mac80211_hwsim hwsim20 wlan1: entered allmulticast mode
[  654.293668][T16628] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  654.977501][T16638] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  654.984095][T16638] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  655.027036][T16638] vhci_hcd vhci_hcd.0: Device attached
[  655.107261][T16645] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3866'.
[  655.159061][T16645] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3866'.
[  655.201087][   T24] vhci_hcd: vhci_device speed not set
[  655.250442][T16650] : renamed from hsr_slave_0 (while UP)
[  655.272908][   T24] usb 35-1: new full-speed USB device number 11 using vhci_hcd
[  655.289085][   T43] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  655.483109][   T43] usb 2-1: config 0 has no interfaces?
[  655.488672][   T43] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  655.513890][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.562071][   T43] usb 2-1: config 0 descriptor??
[  655.787523][ T5939] usb 2-1: USB disconnect, device number 4
[  655.859342][T16639] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 10
[  655.889981][   T61] vhci_hcd: stop threads
[  655.905424][   T61] vhci_hcd: release socket
[  655.938438][   T61] vhci_hcd: disconnect device
[  657.278070][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.292224][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.317199][T16705] ieee802154 phy0 wpan0: encryption failed: -22
[  657.503598][T16711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3887'.
[  657.597057][T16696] overlayfs: statfs failed on './file0'
[  657.857349][T16722] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  657.888631][T16722] /dev/rnullb0: Can't open blockdev
[  657.907787][T16723] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  657.915175][T16723] /dev/rnullb0: Can't open blockdev
[  657.975484][T16727] x_tables: unsorted underflow at hook 2
[  658.145657][T16729] trusted_key: syz.5.3894 sent an empty control message without MSG_MORE.
[  658.364693][T16729] /dev/rnullb0: Can't open blockdev
[  658.778109][T16744] binder: 16743:16744 ioctl c018620c 200000000000 returned -1
[  659.053373][T16753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.080852][T16753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.174741][T16753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.221507][T16753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.265232][T16753] syzkaller1: entered promiscuous mode
[  659.288202][T16757] /dev/rnullb0: Can't open blockdev
[  659.290965][T16753] syzkaller1: entered allmulticast mode
[  659.505765][T16762] binder: BINDER_SET_CONTEXT_MGR already set
[  659.517746][T16762] binder: 16759:16762 ioctl 4018620d 200000004a80 returned -16
[  660.060202][T16776] /dev/rnullb0: Can't open blockdev
[  660.217692][T16779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.236842][T16779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.248002][T16781] /dev/rnullb0: Can't open blockdev
[  660.319106][ T5896] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  660.419109][   T24] vhci_hcd: vhci_device speed not set
[  660.499251][ T5896] usb 2-1: Using ep0 maxpacket: 16
[  660.512872][ T5896] usb 2-1: config 5 has an invalid interface number: 168 but max is 0
[  660.529054][ T5896] usb 2-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  660.562230][ T5896] usb 2-1: config 5 has no interface number 0
[  660.568415][ T5896] usb 2-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  660.602646][ T5896] usb 2-1: config 5 interface 168 altsetting 7 endpoint 0x8B has invalid wMaxPacketSize 0
[  660.605155][T16791] /dev/rnullb0: Can't open blockdev
[  660.623369][ T5896] usb 2-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  660.688829][ T5896] usb 2-1: config 5 interface 168 has no altsetting 0
[  660.698315][ T5896] usb 2-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  660.729019][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.739697][ T5896] usb 2-1: Product: syz
[  660.743925][ T5896] usb 2-1: Manufacturer: syz
[  660.759150][ T5896] usb 2-1: SerialNumber: syz
[  661.074189][T16797] binder: 16796:16797 ioctl c0306201 2000000003c0 returned -22
[  661.225720][T16801] overlayfs: missing 'lowerdir'
[  661.585064][T16807] loop3: detected capacity change from 0 to 7
[  661.594042][T16807]  loop3: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
[  661.601625][T16807] loop3: p1 start 1029989888 is beyond EOD, truncated
[  661.608653][T16807] loop3: p2 start 2878989330 is beyond EOD, truncated
[  661.616116][T16807] loop3: p3 start 571092530 is beyond EOD, truncated
[  661.623534][T16807] loop3: p4 start 1864591932 is beyond EOD, truncated
[  661.633391][T16807] loop3: p5 start 4040747046 is beyond EOD, truncated
[  661.643590][T16807] loop3: p6 start 747796890 is beyond EOD, truncated
[  661.654048][T16807] loop3: p7 start 876033588 is beyond EOD, truncated
[  661.666434][T16807] loop3: p8 start 431590914 is beyond EOD, truncated
[  661.676526][T16807] loop3: p9 start 27938030 is beyond EOD, truncated
[  661.684677][T16807] loop3: p10 start 4133286817 is beyond EOD, truncated
[  662.742225][T16832] /dev/rnullb0: Can't open blockdev
[  662.758133][T16834] /dev/rnullb0: Can't open blockdev
[  662.929989][ T5896] pn533_usb 2-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint
[  662.974908][ T5896] usb 2-1: USB disconnect, device number 5
[  662.985167][T16837] /dev/rnullb0: Can't open blockdev
[  663.004372][T16837] /dev/rnullb0: Can't open blockdev
[  663.024495][T16837] /dev/rnullb0: Can't open blockdev
[  663.040241][T16837] /dev/rnullb0: Can't open blockdev
[  663.050285][T16837] /dev/rnullb0: Can't open blockdev
[  663.070014][T16837] /dev/rnullb0: Can't open blockdev
[  663.081623][T16837] /dev/rnullb0: Can't open blockdev
[  663.097949][T16837] /dev/rnullb0: Can't open blockdev
[  663.104546][T16840] netlink: set zone limit has 4 unknown bytes
[  663.108301][T16837] /dev/rnullb0: Can't open blockdev
[  663.120134][T16837] /dev/rnullb0: Can't open blockdev
[  663.148682][T16837] /dev/rnullb0: Can't open blockdev
[  663.155076][T16837] /dev/rnullb0: Can't open blockdev
[  663.169942][T16837] /dev/rnullb0: Can't open blockdev
[  663.186332][T16837] /dev/rnullb0: Can't open blockdev
[  663.206207][T16837] /dev/rnullb0: Can't open blockdev
[  663.226184][T16837] /dev/rnullb0: Can't open blockdev
[  663.245417][T16837] /dev/rnullb0: Can't open blockdev
[  663.258288][T16837] /dev/rnullb0: Can't open blockdev
[  663.265217][T16844] /dev/rnullb0: Can't open blockdev
[  663.274941][T16837] /dev/rnullb0: Can't open blockdev
[  663.294660][T16837] /dev/rnullb0: Can't open blockdev
[  663.310187][T16837] /dev/rnullb0: Can't open blockdev
[  663.326827][T16837] /dev/rnullb0: Can't open blockdev
[  663.339941][T16837] /dev/rnullb0: Can't open blockdev
[  663.362625][T16837] /dev/rnullb0: Can't open blockdev
[  663.390888][T16837] /dev/rnullb0: Can't open blockdev
[  663.407914][T16837] /dev/rnullb0: Can't open blockdev
[  663.434696][T16837] /dev/rnullb0: Can't open blockdev
[  663.450112][T16837] /dev/rnullb0: Can't open blockdev
[  663.456184][T16837] /dev/rnullb0: Can't open blockdev
[  663.484731][T16837] /dev/rnullb0: Can't open blockdev
[  663.494654][T16837] /dev/rnullb0: Can't open blockdev
[  663.500858][T16837] /dev/rnullb0: Can't open blockdev
[  663.507002][T16837] /dev/rnullb0: Can't open blockdev
[  663.515695][T16837] /dev/rnullb0: Can't open blockdev
[  663.524435][T16837] /dev/rnullb0: Can't open blockdev
[  663.548181][T16837] /dev/rnullb0: Can't open blockdev
[  663.555097][T16837] /dev/rnullb0: Can't open blockdev
[  663.566098][T16837] /dev/rnullb0: Can't open blockdev
[  663.576492][T16837] /dev/rnullb0: Can't open blockdev
[  663.590181][T16837] /dev/rnullb0: Can't open blockdev
[  663.596760][T16837] /dev/rnullb0: Can't open blockdev
[  663.607550][T16837] /dev/rnullb0: Can't open blockdev
[  663.655469][T16837] /dev/rnullb0: Can't open blockdev
[  663.700814][T16837] /dev/rnullb0: Can't open blockdev
[  664.100381][T16865] input: syz0 as /devices/virtual/input/input128
[  664.251594][T16868] /dev/rnullb0: Can't open blockdev
[  664.452148][T16874] netlink: 'syz.2.3953': attribute type 21 has an invalid length.
[  664.487033][T16874] netlink: 'syz.2.3953': attribute type 6 has an invalid length.
[  664.501166][T16874] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3953'.
[  664.545474][T16876] /dev/rnullb0: Can't open blockdev
[  664.731073][T16881] input: syz0 as /devices/virtual/input/input129
[  665.327758][T16894] netlink: 'syz.5.3962': attribute type 33 has an invalid length.
[  665.347704][T16894] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3962'.
[  665.736917][T16907] netlink: 'syz.1.3965': attribute type 1 has an invalid length.
[  665.774362][T16907] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3965'.
[  665.995250][T16913] netlink: 'syz.1.3966': attribute type 20 has an invalid length.
[  666.689457][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  666.849598][   T24] usb 2-1: Using ep0 maxpacket: 8
[  666.864665][   T24] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  666.877908][   T24] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  666.913317][   T24] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  666.942607][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  666.949942][T16943] dlm: non-version read from control device 8192
[  666.964314][   T24] usb 2-1: config 0 has no interface number 0
[  666.971326][   T24] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  666.984054][   T24] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  666.998013][   T24] usb 2-1: config 0 interface 211 has no altsetting 0
[  667.026811][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  667.036554][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.060081][   T24] usb 2-1: Product: syz
[  667.064401][   T24] usb 2-1: Manufacturer: syz
[  667.069649][   T24] usb 2-1: SerialNumber: syz
[  667.102437][   T24] usb 2-1: config 0 descriptor??
[  667.179440][T16950] netlink: 596 bytes leftover after parsing attributes in process `syz.4.3980'.
[  667.210618][T16952] ieee802154 phy0 wpan0: encryption failed: -22
[  667.361669][   T24] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  667.386459][   T24] gspca_sn9c2028: read1 error -71
[  667.400088][   T24] gspca_sn9c2028: read1 error -71
[  667.409443][   T24] gspca_sn9c2028: read1 error -71
[  667.419144][   T24] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  667.447786][   T24] usb 2-1: USB disconnect, device number 6
[  667.753896][T16965] bridge0: port 3(syz_tun) entered blocking state
[  667.760819][T16965] bridge0: port 3(syz_tun) entered disabled state
[  667.767527][T16965] syz_tun: entered allmulticast mode
[  667.778701][T16965] syz_tun: entered promiscuous mode
[  667.786316][T16965] bridge0: port 3(syz_tun) entered blocking state
[  667.792941][T16965] bridge0: port 3(syz_tun) entered forwarding state
[  667.808367][T16965] netlink: 'syz.4.3984': attribute type 10 has an invalid length.
[  668.019201][T16970] x_tables: unsorted underflow at hook 2
[  668.040748][T16972] /dev/rnullb0: Can't open blockdev
[  668.384014][T16981] /dev/rnullb0: Can't open blockdev
[  668.437150][T16984] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3993'.
[  668.586809][T16988] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3995'.
[  668.630982][T16993] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3995'.
[  668.646838][T16991] x_tables: unsorted entry at hook 1
[  668.672880][T16992] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3995'.
[  668.718074][T16992] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3995'.
[  668.789846][T17007] delete_channel: no stack
[  668.794456][T17007] delete_channel: no stack
[  668.801688][T17008] delete_channel: no stack
[  668.855485][T17007] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3998'.
[  668.871043][T17008] delete_channel: no stack
[  669.151759][   T30] audit: type=1326 audit(1753757305.473:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.197744][T17018] overlayfs: statfs failed on './file0'
[  669.216735][   T30] audit: type=1326 audit(1753757305.493:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.245599][   T30] audit: type=1326 audit(1753757305.493:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.275376][   T30] audit: type=1326 audit(1753757305.493:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.303811][   T30] audit: type=1326 audit(1753757305.493:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.327593][   T30] audit: type=1326 audit(1753757305.493:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.351526][   T30] audit: type=1326 audit(1753757305.493:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.374256][   T30] audit: type=1326 audit(1753757305.493:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.406554][   T30] audit: type=1326 audit(1753757305.493:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.429322][   T30] audit: type=1326 audit(1753757305.493:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.2.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e958e9a9 code=0x50000
[  669.885609][T17028] binder_alloc: 17027: binder_alloc_buf size -16 failed, no address space
[  669.931464][T17028] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  670.442990][T17039] Invalid logical block size (570425344)
[  670.497483][T17040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.629334][T17040] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.649023][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  670.776879][T17046] /dev/rnullb0: Can't open blockdev
[  671.419194][    T9] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  671.609207][    T9] usb 5-1: Using ep0 maxpacket: 8
[  671.627150][    T9] usb 5-1: config index 0 descriptor too short (expected 19730, got 18)
[  671.669419][    T9] usb 5-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  671.712224][    T9] usb 5-1: config 0 has an invalid interface number: 211 but max is 53
[  671.757925][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 54
[  671.805569][    T9] usb 5-1: config 0 has no interface number 0
[  671.837410][    T9] usb 5-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  671.901247][    T9] usb 5-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  671.985197][    T9] usb 5-1: config 0 interface 211 has no altsetting 0
[  672.049564][    T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  672.085828][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.137997][    T9] usb 5-1: Product: syz
[  672.182363][    T9] usb 5-1: Manufacturer: syz
[  672.187037][    T9] usb 5-1: SerialNumber: syz
[  672.260250][    T9] usb 5-1: config 0 descriptor??
[  672.290502][T17067] netlink: 'syz.1.4023': attribute type 10 has an invalid length.
[  672.329683][T17067] __nla_validate_parse: 3 callbacks suppressed
[  672.329703][T17067] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4023'.
[  672.492113][    T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  672.528805][    T9] gspca_sn9c2028: read1 error -71
[  672.541498][    T9] gspca_sn9c2028: read1 error -71
[  672.549477][    T9] gspca_sn9c2028: read1 error -71
[  672.554638][    T9] sn9c2028 5-1:0.211: probe with driver sn9c2028 failed with error -71
[  672.554836][T17075] binder: 17073:17075 ioctl 4c06 4 returned -22
[  672.570667][    T9] usb 5-1: USB disconnect, device number 97
[  673.090803][T17074] /dev/rnullb0: Can't open blockdev
[  673.629315][   T24] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  673.829664][   T24] usb 2-1: config 3 has an invalid interface number: 179 but max is 0
[  673.838058][   T24] usb 2-1: config 3 has no interface number 0
[  673.863599][   T24] usb 2-1: config 3 interface 179 has no altsetting 0
[  673.873067][   T24] usb 2-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01
[  673.904901][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.932890][   T24] usb 2-1: Product: syz
[  673.955937][   T24] usb 2-1: Manufacturer: syz
[  673.965224][   T24] usb 2-1: SerialNumber: syz
[  674.206076][T17092] /dev/rnullb0: Can't open blockdev
[  674.225207][   T24] go7007 2-1:3.179: probe with driver go7007 failed with error -12
[  674.291749][   T24] usb 2-1: USB disconnect, device number 8
[  674.471467][T17105] netlink: set zone limit has 4 unknown bytes
[  674.634934][T17107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  674.664806][T17107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  674.875890][T17112] syzkaller1: entered promiscuous mode
[  674.893541][T17112] syzkaller1: entered allmulticast mode
[  675.610270][T17127] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4046'.
[  675.635014][T17127] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4046'.
[  675.677116][T17127] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4046'.
[  675.702977][T17129] ptrace attach of "./syz-executor exec"[16082] was attempted by ""[17129]
[  675.782059][ T5933] usb 6-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  675.841526][ T5933] dvb_usb_ec168 6-1:0.1: probe with driver dvb_usb_ec168 failed with error -110
[  676.009195][ T5939] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  676.085366][ T5933] usb 6-1: USB disconnect, device number 14
[  676.139827][ T5939] usb 2-1: device descriptor read/64, error -71
[  676.420163][ T5939] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  676.579228][ T5939] usb 2-1: device descriptor read/64, error -71
[  676.719302][T17139] AppArmor: change_hat: Invalid input ''
[  676.719795][ T5939] usb usb2-port1: attempt power cycle
[  676.738754][T17139] /dev/rnullb0: Can't open blockdev
[  676.889033][ T5933] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  677.002710][T17147] netlink: 'syz.5.4055': attribute type 20 has an invalid length.
[  677.039491][ T5933] usb 5-1: Using ep0 maxpacket: 32
[  677.048773][ T5933] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  677.068995][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.080951][ T5933] usb 5-1: Product: syz
[  677.085216][ T5933] usb 5-1: Manufacturer: syz
[  677.100129][ T5933] usb 5-1: SerialNumber: syz
[  677.100947][ T5939] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  677.122110][ T5933] usb 5-1: config 0 descriptor??
[  677.146787][ T5939] usb 2-1: device descriptor read/8, error -71
[  677.410790][ T5939] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  677.421020][ T5933] snd-usb-6fire 5-1:0.0: unknown device firmware state received from device:
[  677.442720][ T5939] usb 2-1: device descriptor read/8, error -71
[  677.451415][ T5933] 00 00 00 00 00 00 00 00 
[  677.466357][ T5933] snd-usb-6fire 5-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  677.560228][ T5939] usb usb2-port1: unable to enumerate USB device
[  678.270528][ T5939] usb 5-1: USB disconnect, device number 98
[  678.478692][T17182] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  678.485295][T17182] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  678.536409][T17186] netlink: 'syz.4.4064': attribute type 20 has an invalid length.
[  678.538342][T17182] vhci_hcd vhci_hcd.0: Device attached
[  678.561742][T17188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.583316][T17188] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.730050][ T5939] vhci_hcd: vhci_device speed not set
[  678.758876][T17190] ieee802154 phy0 wpan0: encryption failed: -22
[  678.819548][   T43] usb 5-1: new low-speed USB device number 99 using dummy_hcd
[  678.839623][ T5939] usb 41-1: new full-speed USB device number 7 using vhci_hcd
[  678.990973][   T43] usb 5-1: config 0 has no interfaces?
[  679.009197][   T43] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  679.018302][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.054816][T17195] /dev/rnullb0: Can't open blockdev
[  679.058868][   T43] usb 5-1: config 0 descriptor??
[  679.277794][T17183] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 5
[  679.291246][    T9] usb 5-1: USB disconnect, device number 99
[  679.303572][   T61] vhci_hcd: stop threads
[  679.322146][   T61] vhci_hcd: release socket
[  679.338329][   T61] vhci_hcd: disconnect device
[  679.346770][T17204] /dev/rnullb0: Can't open blockdev
[  679.540337][T17207] bridge0: port 4(syz_tun) entered blocking state
[  679.547128][T17207] bridge0: port 4(syz_tun) entered disabled state
[  679.555477][T17207] syz_tun: entered allmulticast mode
[  679.564928][T17207] syz_tun: entered promiscuous mode
[  679.572856][T17207] bridge0: port 4(syz_tun) entered blocking state
[  679.579492][T17207] bridge0: port 4(syz_tun) entered forwarding state
[  679.599865][T17207] netlink: 'syz.5.4073': attribute type 10 has an invalid length.
[  680.015642][T17224] /dev/rnullb0: Can't open blockdev
[  680.319233][ T5896] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  680.479140][ T5896] usb 5-1: Using ep0 maxpacket: 8
[  680.489390][ T5896] usb 5-1: config index 0 descriptor too short (expected 19730, got 18)
[  680.512299][ T5896] usb 5-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  680.528989][ T5896] usb 5-1: config 0 has an invalid interface number: 211 but max is 53
[  680.548989][ T5896] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 54
[  680.583619][T17244] x_tables: unsorted entry at hook 1
[  680.584718][ T5896] usb 5-1: config 0 has no interface number 0
[  680.609115][ T5896] usb 5-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  680.638981][ T5896] usb 5-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  680.658998][ T5896] usb 5-1: config 0 interface 211 has no altsetting 0
[  680.678652][ T5896] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  680.698044][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.718292][ T5896] usb 5-1: Product: syz
[  680.728412][ T5896] usb 5-1: Manufacturer: syz
[  680.759210][ T5896] usb 5-1: SerialNumber: syz
[  680.767943][ T5896] usb 5-1: config 0 descriptor??
[  681.076283][ T5896] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  681.092966][ T5896] gspca_sn9c2028: read1 error -71
[  681.115374][ T5896] gspca_sn9c2028: read1 error -71
[  681.121132][ T5896] gspca_sn9c2028: read1 error -71
[  681.132107][ T5896] sn9c2028 5-1:0.211: probe with driver sn9c2028 failed with error -71
[  681.162530][ T5896] usb 5-1: USB disconnect, device number 100
[  681.418462][T17259] IPVS: set_ctl: invalid protocol: 92 100.1.1.0:20000
[  681.969271][    T9] usb 5-1: new full-speed USB device number 101 using dummy_hcd
[  682.040324][T17275] Invalid logical block size (1101653259)
[  682.161380][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  682.191884][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  682.229105][    T9] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  682.258644][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.313625][    T9] usb 5-1: config 0 descriptor??
[  682.332555][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  682.351749][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  682.380198][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  682.408786][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  682.444091][    T9] usb 5-1: media controller created
[  682.459973][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  682.488120][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  682.505365][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  682.534695][T17268] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4098'.
[  682.549164][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input130
[  682.630622][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  682.649019][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  682.669646][ T5896] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  682.690406][T17291] tmpfs: Unknown parameter 'nosw'
[  682.692708][    T9] usb 5-1: USB disconnect, device number 101
[  682.836449][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  682.855179][ T5896] usb 6-1: Using ep0 maxpacket: 8
[  682.869595][ T5896] usb 6-1: config index 0 descriptor too short (expected 19730, got 18)
[  682.889389][ T5896] usb 6-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  682.898068][ T5896] usb 6-1: config 0 has an invalid interface number: 211 but max is 53
[  682.918520][ T5896] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 54
[  682.928094][ T5896] usb 6-1: config 0 has no interface number 0
[  682.938800][ T5896] usb 6-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  682.955323][ T5896] usb 6-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  682.974029][ T5896] usb 6-1: config 0 interface 211 has no altsetting 0
[  682.984605][ T5896] usb 6-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  683.009109][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.017217][ T5896] usb 6-1: Product: syz
[  683.029295][ T5896] usb 6-1: Manufacturer: syz
[  683.033964][ T5896] usb 6-1: SerialNumber: syz
[  683.060148][ T5896] usb 6-1: config 0 descriptor??
[  683.077390][T17296] /dev/rnullb0: Can't open blockdev
[  683.304043][T17304] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  683.326374][ T5896] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  683.349899][ T5896] gspca_sn9c2028: read1 error -71
[  683.355351][ T5896] gspca_sn9c2028: read1 error -71
[  683.365609][ T5896] gspca_sn9c2028: read1 error -71
[  683.389937][ T5896] sn9c2028 6-1:0.211: probe with driver sn9c2028 failed with error -71
[  683.429361][ T5896] usb 6-1: USB disconnect, device number 15
[  683.510940][T17307] netlink: 'syz.2.4115': attribute type 6 has an invalid length.
[  683.869138][   T43] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  683.929225][ T5939] vhci_hcd: vhci_device speed not set
[  684.080026][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[  684.099602][   T43] usb 5-1: not running at top speed; connect to a high speed hub
[  684.131889][   T43] usb 5-1: config 9 has an invalid interface number: 47 but max is 0
[  684.169101][   T43] usb 5-1: config 9 has no interface number 0
[  684.169166][   T43] usb 5-1: config 9 interface 47 altsetting 206 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  684.169196][   T43] usb 5-1: config 9 interface 47 has no altsetting 0
[  684.181665][   T43] usb 5-1: New USB device found, idVendor=0bfd, idProduct=010b, bcdDevice=7f.32
[  684.237632][T17311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.243748][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.255901][T17311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.277313][   T43] usb 5-1: Product: syz
[  684.289034][   T43] usb 5-1: Manufacturer: syz
[  684.293738][   T43] usb 5-1: SerialNumber: syz
[  684.318108][T17311] /dev/rnullb0: Can't open blockdev
[  684.333426][T17309] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  684.442398][T17322] /dev/rnullb0: Can't open blockdev
[  684.565824][T17309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.575169][T17309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.587443][T17309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.611957][T17309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.642852][T17309] /dev/rnullb0: Can't open blockdev
[  684.672668][   T43] kvaser_usb 5-1:9.47: error -ENODEV: Cannot get usb endpoint(s)
[  684.736385][   T43] usb 5-1: USB disconnect, device number 102
[  685.152097][T17336] overlay: ./file0 is not a directory
[  685.166807][T17336] /dev/rnullb0: Can't open blockdev
[  685.187076][ T5896] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  685.379455][ T5896] usb 2-1: Using ep0 maxpacket: 8
[  685.411258][ T5896] usb 2-1: config index 0 descriptor too short (expected 19730, got 18)
[  685.435774][ T5896] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32
[  685.499184][ T5896] usb 2-1: config 0 has an invalid interface number: 211 but max is 53
[  685.507516][ T5896] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 54
[  685.525376][ T5896] usb 2-1: config 0 has no interface number 0
[  685.555334][ T5896] usb 2-1: too many endpoints for config 0 interface 211 altsetting 165: 148, using maximum allowed: 30
[  685.597252][ T5896] usb 2-1: config 0 interface 211 altsetting 165 has 0 endpoint descriptors, different from the interface descriptor's value: 148
[  685.602022][T17349] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4132'.
[  685.627295][ T5896] usb 2-1: config 0 interface 211 has no altsetting 0
[  685.641966][T17351] FAULT_INJECTION: forcing a failure.
[  685.641966][T17351] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  685.657455][ T5896] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d
[  685.673727][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.681075][T17351] CPU: 1 UID: 0 PID: 17351 Comm: syz.5.4133 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  685.681113][T17351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  685.681141][T17351] Call Trace:
[  685.681152][T17351]  <TASK>
[  685.681162][T17351]  dump_stack_lvl+0x189/0x250
[  685.681202][T17351]  ? __pfx____ratelimit+0x10/0x10
[  685.681236][T17351]  ? __pfx_dump_stack_lvl+0x10/0x10
[  685.681268][T17351]  ? __pfx__printk+0x10/0x10
[  685.681303][T17351]  ? fs_reclaim_acquire+0x7d/0x100
[  685.681344][T17351]  should_fail_ex+0x414/0x560
[  685.681379][T17351]  prepare_alloc_pages+0x213/0x610
[  685.681419][T17351]  __alloc_frozen_pages_noprof+0x123/0x370
[  685.681456][T17351]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  685.681500][T17351]  ? policy_nodemask+0x27c/0x720
[  685.681533][T17351]  alloc_pages_mpol+0x232/0x4a0
[  685.681567][T17351]  alloc_pages_noprof+0xa9/0x190
[  685.681595][T17351]  pte_alloc_one+0x21/0x170
[  685.681628][T17351]  __handle_mm_fault+0x2795/0x5440
[  685.681673][T17351]  ? __pfx___handle_mm_fault+0x10/0x10
[  685.681714][T17351]  ? follow_page_pte+0xd03/0x13e0
[  685.681742][T17351]  ? __pfx___might_resched+0x10/0x10
[  685.681776][T17351]  handle_mm_fault+0x40a/0x8e0
[  685.681812][T17351]  __get_user_pages+0x1699/0x2ce0
[  685.681875][T17351]  populate_vma_page_range+0x29f/0x3a0
[  685.681898][T17351]  ? __pfx_populate_vma_page_range+0x10/0x10
[  685.681915][T17351]  ? apply_vma_lock_flags+0x344/0x3c0
[  685.681950][T17351]  ? down_read+0x1ad/0x2e0
[  685.681970][T17351]  __mm_populate+0x24c/0x380
[  685.681992][T17351]  ? __pfx___mm_populate+0x10/0x10
[  685.682014][T17351]  ? up_write+0x1c4/0x420
[  685.682047][T17351]  do_mlock+0x625/0x740
[  685.682087][T17351]  ? __pfx_do_mlock+0x10/0x10
[  685.682122][T17351]  ? fput+0xa0/0xd0
[  685.682146][T17351]  ? ksys_write+0x22a/0x250
[  685.682181][T17351]  ? __pfx_ksys_write+0x10/0x10
[  685.682208][T17351]  ? rcu_is_watching+0x15/0xb0
[  685.682248][T17351]  __x64_sys_mlock+0x60/0x70
[  685.682281][T17351]  do_syscall_64+0xfa/0x3b0
[  685.682312][T17351]  ? lockdep_hardirqs_on+0x9c/0x150
[  685.682345][T17351]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.682369][T17351]  ? clear_bhb_loop+0x60/0xb0
[  685.682396][T17351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.682418][T17351] RIP: 0033:0x7f8f7598e9a9
[  685.682440][T17351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.682460][T17351] RSP: 002b:00007f8f7689d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  685.682485][T17351] RAX: ffffffffffffffda RBX: 00007f8f75bb5fa0 RCX: 00007f8f7598e9a9
[  685.682502][T17351] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[  685.682516][T17351] RBP: 00007f8f7689d090 R08: 0000000000000000 R09: 0000000000000000
[  685.682531][T17351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  685.682545][T17351] R13: 0000000000000000 R14: 00007f8f75bb5fa0 R15: 00007ffdc4e739c8
[  685.682581][T17351]  </TASK>
[  685.690090][T17349] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4132'.
[  685.728982][ T5896] usb 2-1: Product: syz
[  685.998339][ T5896] usb 2-1: Manufacturer: syz
[  686.004042][ T5896] usb 2-1: SerialNumber: syz
[  686.073228][ T5896] usb 2-1: config 0 descriptor??
[  686.250161][T17356] syzkaller1: entered promiscuous mode
[  686.258955][T17356] syzkaller1: entered allmulticast mode
[  686.353473][ T5896] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  686.363544][ T5896] gspca_sn9c2028: read1 error -71
[  686.393899][ T5896] gspca_sn9c2028: read1 error -71
[  686.407301][T17364] netlink: 'syz.2.4138': attribute type 10 has an invalid length.
[  686.409046][ T5896] gspca_sn9c2028: read1 error -71
[  686.426199][T17364] bond0: (slave wlan1): Opening slave failed
[  686.446735][ T5896] sn9c2028 2-1:0.211: probe with driver sn9c2028 failed with error -71
[  686.477058][ T5896] usb 2-1: USB disconnect, device number 13
[  686.809416][ T5939] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  687.014336][ T5939] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  687.037851][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.079563][ T5939] usb 5-1: Product: syz
[  687.089495][ T5939] usb 5-1: Manufacturer: syz
[  687.094159][ T5939] usb 5-1: SerialNumber: syz
[  687.129558][ T5939] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  687.156435][ T5896] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  687.213106][T17382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.314938][T17382] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.596222][ T5939] usb 5-1: USB disconnect, device number 103
[  688.144278][ T5167] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  688.161801][ T5167] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  688.179223][ T5167] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  688.187587][ T5167] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  688.195885][ T5167] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  688.259644][ T5896] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  688.272133][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  688.274537][ T5896] ath9k_htc: Failed to initialize the device
[  688.286635][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  688.296224][ T5939] usb 5-1: ath9k_htc: USB layer deinitialized
[  688.298119][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  688.314006][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  688.322043][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  688.369759][   T43] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  688.432401][   T61] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.509062][   T43] usb 6-1: device descriptor read/64, error -71
[  688.552760][   T61] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.714725][   T61] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.759034][   T43] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  688.840559][   T61] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.909113][   T43] usb 6-1: device descriptor read/64, error -71
[  689.040141][   T43] usb usb6-port1: attempt power cycle
[  689.390442][   T43] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  689.448737][   T43] usb 6-1: device descriptor read/8, error -71
[  689.705963][   T43] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  689.740967][   T43] usb 6-1: device descriptor read/8, error -71
[  689.857940][   T43] usb usb6-port1: unable to enumerate USB device
[  689.983484][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  689.999661][   T61] bond_slave_0: left promiscuous mode
[  690.016587][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  690.033907][   T61] bond_slave_1: left promiscuous mode
[  690.050397][   T61] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  690.070622][   T61] bond0 (unregistering): Released all slaves
[  690.135009][T17389] chnl_net:caif_netlink_parms(): no params data found
[  690.339469][ T5845] Bluetooth: hci1: command tx timeout
[  690.768343][T17389] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.797054][T17389] bridge0: port 1(bridge_slave_0) entered disabled state
[  690.827314][T17389] bridge_slave_0: entered allmulticast mode
[  690.857708][T17434] ieee802154 phy0 wpan0: encryption failed: -22
[  690.861329][T17389] bridge_slave_0: entered promiscuous mode
[  690.886527][T17389] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.904188][T17389] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.918215][T17389] bridge_slave_1: entered allmulticast mode
[  690.936818][T17389] bridge_slave_1: entered promiscuous mode
[  691.072829][   T61] hsr_slave_0: left promiscuous mode
[  691.098218][   T61] hsr_slave_1: left promiscuous mode
[  691.124060][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  691.148104][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  691.154739][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  691.222547][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  691.315627][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  691.336509][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  691.382039][   T61] veth1_macvtap: left promiscuous mode
[  691.387735][   T61] veth0_macvtap: left promiscuous mode
[  691.405422][T17446] netlink: 'syz.5.4163': attribute type 10 has an invalid length.
[  691.414779][   T61] veth1_vlan: left promiscuous mode
[  691.424856][   T61] veth0_vlan: left promiscuous mode
[  691.624089][T17448] netlink: 'syz.2.4164': attribute type 19 has an invalid length.
[  692.202536][T17455] kvm_intel: kvm [17452]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1
[  692.419453][ T5845] Bluetooth: hci1: command tx timeout
[  692.836911][   T61] team0 (unregistering): Port device team_slave_1 removed
[  692.978399][   T61] team0 (unregistering): Port device team_slave_0 removed
[  694.208046][T17389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  694.273819][T17389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  694.465134][T17389] team0: Port device team_slave_0 added
[  694.499249][ T5845] Bluetooth: hci1: command tx timeout
[  694.525042][T17389] team0: Port device team_slave_1 added
[  694.571461][ T5889] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  694.669336][T17389] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.669358][T17389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.669386][T17389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.672858][T17389] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.672878][T17389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.672906][T17389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.735128][    C0] vkms_vblank_simulate: vblank timer overrun
[  694.799102][ T5889] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  694.799158][ T5889] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  694.799184][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.802085][ T5889] usb 6-1: config 0 descriptor??
[  694.806071][T17389] hsr_slave_0: entered promiscuous mode
[  694.821235][T17389] hsr_slave_1: entered promiscuous mode
[  694.821935][T17389] debugfs: 'hsr0' already exists in 'hsr'
[  694.821957][T17389] Cannot create hsr debugfs directory
[  694.902264][    C0] vkms_vblank_simulate: vblank timer overrun
[  695.127138][T17480] /dev/rnullb0: Can't open blockdev
[  695.281658][ T5889] keytouch 0003:0926:3333.0054: fixing up Keytouch IEC report descriptor
[  695.389210][ T5889] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0054/input/input131
[  695.514375][T17469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.535678][T17469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.579552][T17487] Invalid logical block size (1163001856)
[  695.592149][T17490] /dev/rnullb0: Can't open blockdev
[  695.661637][ T5889] keytouch 0003:0926:3333.0054: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  696.013455][T17500] /dev/rnullb0: Can't open blockdev
[  696.034482][ T5933] usb 6-1: USB disconnect, device number 20
[  696.242099][T17500] lo speed is unknown, defaulting to 1000
[  696.313144][T17500] lo speed is unknown, defaulting to 1000
[  696.337889][T17500] lo speed is unknown, defaulting to 1000
[  696.404948][T17500] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  696.474261][T17500] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  696.579055][ T5845] Bluetooth: hci1: command tx timeout
[  696.588309][T17389] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  696.692951][T17389] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  696.721732][T17500] lo speed is unknown, defaulting to 1000
[  696.740854][T17512] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4180'.
[  696.750512][T17389] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  696.774100][T17389] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  696.804417][T17500] lo speed is unknown, defaulting to 1000
[  696.890262][T17500] lo speed is unknown, defaulting to 1000
[  696.922862][T17500] lo speed is unknown, defaulting to 1000
[  696.959517][T17500] lo speed is unknown, defaulting to 1000
[  696.998752][T17500] lo speed is unknown, defaulting to 1000
[  697.133269][T17389] 8021q: adding VLAN 0 to HW filter on device bond0
[  697.193984][T17389] 8021q: adding VLAN 0 to HW filter on device team0
[  697.231931][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.239208][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  697.284173][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.291409][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  697.413656][ T5896] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  697.539330][   T31] INFO: task syz.0.3166:14542 blocked for more than 143 seconds.
[  697.547128][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  697.559211][ T5896] usb 6-1: device descriptor read/64, error -71
[  697.605175][   T31]       Blocked by coredump.
[  697.613667][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  697.642884][   T31] task:syz.0.3166      state:D stack:26920 pid:14542 tgid:14542 ppid:10964  task_flags:0x40044c flags:0x00004004
[  697.678971][   T31] Call Trace:
[  697.682467][   T31]  <TASK>
[  697.685436][   T31]  __schedule+0x1737/0x4d30
[  697.725199][   T31]  ? __lock_acquire+0xab9/0xd20
[  697.743194][   T31]  ? schedule+0x165/0x360
[  697.747742][   T31]  ? __lock_acquire+0xab9/0xd20
[  697.773316][   T31]  ? __pfx___schedule+0x10/0x10
[  697.778276][   T31]  ? schedule+0x91/0x360
[  697.808068][   T31]  schedule+0x165/0x360
[  697.821420][   T31]  schedule_preempt_disabled+0x13/0x30
[  697.829591][ T5896] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  697.839259][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  697.867261][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  697.882002][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  697.903905][   T31]  ? exit_mm+0xcc/0x2c0
[  697.909438][   T31]  ? __pfx_mm_release+0x10/0x10
[  697.923635][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  697.935825][   T31]  down_read+0x98/0x2e0
[  697.949885][   T31]  exit_mm+0xcc/0x2c0
[  697.954009][   T31]  ? __pfx_exit_mm+0x10/0x10
[  697.958661][   T31]  ? rcu_is_watching+0x15/0xb0
[  697.979078][ T5896] usb 6-1: device descriptor read/64, error -71
[  697.994700][   T31]  do_exit+0x648/0x2300
[  698.007684][   T31]  ? do_raw_spin_lock+0x121/0x290
[  698.019816][   T31]  ? __pfx_do_exit+0x10/0x10
[  698.026921][T17389] 8021q: adding VLAN 0 to HW filter on device batadv0
[  698.034050][   T31]  do_group_exit+0x21c/0x2d0
[  698.039455][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.044763][   T31]  get_signal+0x1286/0x1340
[  698.069105][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  698.082420][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  698.109159][ T5896] usb usb6-port1: attempt power cycle
[  698.114937][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  698.128990][   T31]  exit_to_user_mode_loop+0x75/0x110
[  698.154149][   T31]  do_syscall_64+0x2bd/0x3b0
[  698.158835][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.168979][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  698.175218][   T31]  ? clear_bhb_loop+0x60/0xb0
[  698.193419][T17389] veth0_vlan: entered promiscuous mode
[  698.208973][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.214995][   T31] RIP: 0033:0x7f2915d8e9e3
[  698.229329][   T31] RSP: 002b:00007ffdb82629d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  698.250777][   T31] RAX: fffffffffffffffc RBX: 00007f29143f76c0 RCX: 00007f2915d8e9e3
[  698.258828][   T31] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[  698.277621][T17389] veth1_vlan: entered promiscuous mode
[  698.299220][   T31] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[  698.307281][   T31] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffdb8262b30
[  698.354258][   T31] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  698.369071][   T31]  </TASK>
[  698.386960][T17389] veth0_macvtap: entered promiscuous mode
[  698.398009][   T31] INFO: task syz.0.3166:14543 blocked for more than 144 seconds.
[  698.459122][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  698.474096][   T31]       Blocked by coredump.
[  698.478754][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  698.517740][ T5896] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  698.529391][T17389] veth1_macvtap: entered promiscuous mode
[  698.549050][   T31] task:syz.0.3166      state:D stack:26024 pid:14543 tgid:14542 ppid:10964  task_flags:0x40054c flags:0x00004004
[  698.579139][ T5896] usb 6-1: device descriptor read/8, error -71
[  698.586477][   T31] Call Trace:
[  698.589982][   T31]  <TASK>
[  698.592955][   T31]  __schedule+0x1737/0x4d30
[  698.594063][T17389] batman_adv: batadv0: Interface activated: batadv_slave_0
[  698.597512][   T31]  ? __lock_acquire+0xab9/0xd20
[  698.597552][   T31]  ? schedule+0x165/0x360
[  698.628198][T17389] batman_adv: batadv0: Interface activated: batadv_slave_1
[  698.662903][   T31]  ? __lock_acquire+0xab9/0xd20
[  698.666276][   T61] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  698.668537][   T31]  ? __pfx___schedule+0x10/0x10
[  698.698663][   T61] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  698.698972][   T31]  ? schedule+0x91/0x360
[  698.720793][   T61] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  698.735397][   T31]  schedule+0x165/0x360
[  698.742041][   T31]  schedule_preempt_disabled+0x13/0x30
[  698.747737][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  698.757804][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  698.764819][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  698.771802][   T31]  ? exit_mm+0xcc/0x2c0
[  698.776237][   T31]  ? __pfx_mm_release+0x10/0x10
[  698.781497][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.786898][   T31]  down_read+0x98/0x2e0
[  698.792327][   T31]  exit_mm+0xcc/0x2c0
[  698.796449][   T31]  ? __pfx_exit_mm+0x10/0x10
[  698.801492][   T31]  ? rcu_is_watching+0x15/0xb0
[  698.806406][   T31]  do_exit+0x648/0x2300
[  698.811057][   T31]  ? do_raw_spin_lock+0x121/0x290
[  698.816267][   T31]  ? __pfx_do_exit+0x10/0x10
[  698.830197][ T5896] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  698.833536][   T31]  ? common_file_perm+0x1b5/0x230
[  698.856745][   T31]  do_group_exit+0x21c/0x2d0
[  698.862697][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.869311][   T31]  get_signal+0x1286/0x1340
[  698.879056][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  698.881215][ T5896] usb 6-1: device descriptor read/8, error -71
[  698.896545][   T31]  ? __fget_files+0x3a0/0x420
[  698.907743][   T31]  ? __fget_files+0x2a/0x420
[  698.913465][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  698.924424][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  698.932501][   T31]  exit_to_user_mode_loop+0x75/0x110
[  698.937955][   T31]  do_syscall_64+0x2bd/0x3b0
[  698.948210][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.956842][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  698.967238][   T31]  ? clear_bhb_loop+0x60/0xb0
[  698.974137][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.986022][   T31] RIP: 0033:0x7f2915d8e9a9
[  698.991758][   T31] RSP: 002b:00007f2916b16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  699.002119][ T5896] usb usb6-port1: unable to enumerate USB device
[  699.017270][   T31] RAX: fffffffffffffe00 RBX: 00007f2915fb5fa0 RCX: 00007f2915d8e9a9
[  699.029174][   T31] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000007
[  699.042493][   T31] RBP: 00007f2915e10d69 R08: 0000000000000000 R09: 0000000000000000
[  699.050972][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  699.061625][   T31] R13: 0000000000000000 R14: 00007f2915fb5fa0 R15: 00007ffdb8262a38
[  699.069956][   T31]  </TASK>
[  699.073245][   T31] INFO: task vhost-14543:14544 blocked for more than 144 seconds.
[  699.093079][   T61] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  699.128336][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  699.135994][   T31]       Blocked by coredump.
[  699.146128][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  699.155224][   T31] task:vhost-14543     state:D stack:28696 pid:14544 tgid:14542 ppid:10964  task_flags:0x40444c flags:0x00004004
[  699.167735][   T31] Call Trace:
[  699.172170][   T31]  <TASK>
[  699.175237][   T31]  __schedule+0x1737/0x4d30
[  699.181337][   T31]  ? __lock_acquire+0xab9/0xd20
[  699.186315][   T31]  ? schedule+0x165/0x360
[  699.191591][   T31]  ? __lock_acquire+0xab9/0xd20
[  699.196583][   T31]  ? __pfx___schedule+0x10/0x10
[  699.206407][   T31]  ? schedule+0x91/0x360
[  699.215457][   T31]  schedule+0x165/0x360
[  699.227345][   T31]  schedule_preempt_disabled+0x13/0x30
[  699.236313][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  699.249023][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  699.255010][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  699.265994][   T31]  ? exit_mm+0xcc/0x2c0
[  699.275012][   T31]  ? __pfx_mm_release+0x10/0x10
[  699.285307][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  699.296556][   T31]  down_read+0x98/0x2e0
[  699.305517][   T31]  exit_mm+0xcc/0x2c0
[  699.314355][   T31]  ? __pfx_exit_mm+0x10/0x10
[  699.329023][   T31]  ? rcu_is_watching+0x15/0xb0
[  699.333893][   T31]  do_exit+0x648/0x2300
[  699.338104][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  699.359027][   T31]  ? __pfx_do_exit+0x10/0x10
[  699.363721][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  699.376275][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  699.383639][   T31]  ? __pfx_vhost_worker_killed+0x10/0x10
[  699.390708][   T31]  ? complete+0x28/0x1b0
[  699.395013][   T31]  ? __pfx_vhost_worker_killed+0x10/0x10
[  699.400988][   T31]  vhost_task_fn+0x3fd/0x430
[  699.405632][   T31]  ? __pfx_vhost_task_fn+0x10/0x10
[  699.422751][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  699.431967][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  699.437382][   T31]  ? __pfx_vhost_task_fn+0x10/0x10
[  699.446772][   T31]  ret_from_fork+0x3f9/0x770
[  699.453263][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  699.458544][   T31]  ? __switch_to_asm+0x39/0x70
[  699.474052][   T31]  ? __switch_to_asm+0x33/0x70
[  699.483006][   T31]  ? __pfx_vhost_task_fn+0x10/0x10
[  699.488302][   T31]  ret_from_fork_asm+0x1a/0x30
[  699.494490][   T31]  </TASK>
[  699.547205][   T31] 
[  699.547205][   T31] Showing all locks held in the system:
[  699.563485][   T31] 1 lock held by khungtaskd/31:
[  699.568699][T17389] ieee80211 phy27: Selected rate control algorithm 'minstrel_ht'
[  699.581433][   T31]  #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  699.619114][   T31] 2 locks held by getty/5611:
[  699.623877][   T31]  #0: ffff88814d0160a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  699.659024][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  699.686140][   T31] 1 lock held by syz.0.3166/14542:
[  699.694639][   T31]  #0: ffff88807c2e37a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  699.707399][   T31] 1 lock held by syz.0.3166/14543:
[  699.712978][   T31]  #0: ffff88807c2e37a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  699.722451][   T31] 1 lock held by vhost-14543/14544:
[  699.727763][   T31]  #0: ffff88807c2e37a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  699.737154][   T31] 1 lock held by syz.0.3166/14545:
[  699.742725][   T31] 2 locks held by syz-executor/17389:
[  699.748210][   T31]  #0: ffffffff8f99d770 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  699.759882][   T31]  #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930
[  699.779156][   T31] 3 locks held by dhcpcd-run-hook/17562:
[  699.792452][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.807799][   T31] 
[  699.820368][T17389] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht'
[  699.827659][   T31] =============================================
[  699.827659][   T31] 
[  699.837360][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.849598][   T31] NMI backtrace for cpu 1
[  699.849621][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  699.849656][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  699.849669][   T31] Call Trace:
[  699.849678][   T31]  <TASK>
[  699.849687][   T31]  dump_stack_lvl+0x189/0x250
[  699.849722][   T31]  ? vprintk_emit+0x444/0x7a0
[  699.849753][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  699.849783][   T31]  ? __pfx__printk+0x10/0x10
[  699.849825][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  699.849855][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  699.849883][   T31]  ? __pfx__printk+0x10/0x10
[  699.849917][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  699.849944][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  699.849974][   T31]  watchdog+0xf93/0xfe0
[  699.850002][   T31]  ? watchdog+0x1de/0xfe0
[  699.850030][   T31]  kthread+0x70e/0x8a0
[  699.850064][   T31]  ? __pfx_watchdog+0x10/0x10
[  699.850085][   T31]  ? __pfx_kthread+0x10/0x10
[  699.850118][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  699.850146][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  699.850173][   T31]  ? __pfx_kthread+0x10/0x10
[  699.850203][   T31]  ret_from_fork+0x3f9/0x770
[  699.850233][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  699.850265][   T31]  ? __switch_to_asm+0x39/0x70
[  699.850282][   T31]  ? __switch_to_asm+0x33/0x70
[  699.850300][   T31]  ? __pfx_kthread+0x10/0x10
[  699.850331][   T31]  ret_from_fork_asm+0x1a/0x30
[  699.850366][   T31]  </TASK>
[  699.850375][   T31] Sending NMI from CPU 1 to CPUs 0:
[  700.005741][    C0] NMI backtrace for cpu 0
[  700.005759][    C0] CPU: 0 UID: 0 PID: 5939 Comm: kworker/0:7 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  700.005781][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.005793][    C0] Workqueue: mld mld_dad_work
[  700.005823][    C0] RIP: 0010:lock_is_held_type+0x6c/0x190
[  700.005852][    C0] Code: 8b 2c 25 08 50 e7 92 41 83 bd ec 0a 00 00 00 0f 85 d8 00 00 00 89 f5 49 89 fe 48 c7 04 24 00 00 00 00 9c 8f 04 24 4c 8b 24 24 <fa> 48 c7 c7 e5 dd c7 8d e8 17 17 00 00 65 ff 05 80 17 68 07 41 83
[  700.005868][    C0] RSP: 0018:ffffc9000aaaf598 EFLAGS: 00000246
[  700.005888][    C0] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 60983a4ca28ff500
[  700.005901][    C0] RDX: ffff888026028000 RSI: 00000000ffffffff RDI: ffffffff8e53d8a0
[  700.005914][    C0] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffffff8a3c071e
[  700.005926][    C0] R10: 00000000fffffff5 R11: 0000000000000000 R12: 0000000000000246
[  700.005937][    C0] R13: ffff888026028000 R14: ffffffff8e53d8a0 R15: ffff88805f0ba400
[  700.005951][    C0] FS:  0000000000000000(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
[  700.005966][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  700.005978][    C0] CR2: 00007fbd7a38fe9c CR3: 000000006414c000 CR4: 00000000003526f0
[  700.005994][    C0] Call Trace:
[  700.006001][    C0]  <TASK>
[  700.006013][    C0]  ipv6_chk_mcast_addr+0x2a2/0x860
[  700.006039][    C0]  ? ipv6_chk_mcast_addr+0x2e/0x860
[  700.006067][    C0]  ip6_finish_output2+0x3c6/0x16a0
[  700.006092][    C0]  ? ip6_mtu+0x7d/0x3f0
[  700.006116][    C0]  ? __pfx_ip6_finish_output2+0x10/0x10
[  700.006135][    C0]  ? ip6_mtu+0x7d/0x3f0
[  700.006159][    C0]  ? ip6_mtu+0x321/0x3f0
[  700.006184][    C0]  ? ip6_finish_output+0x2ef/0x4e0
[  700.006213][    C0]  NF_HOOK+0x9e/0x380
[  700.006228][    C0]  ? NF_HOOK+0x101/0x380
[  700.006244][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  700.006259][    C0]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  700.006285][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  700.006312][    C0]  ? icmp6_dst_alloc+0x3a5/0x420
[  700.006338][    C0]  ? icmp6_dst_alloc+0x3a5/0x420
[  700.006366][    C0]  mld_sendpack+0x800/0xd80
[  700.006391][    C0]  ? mld_sendpack+0x1de/0xd80
[  700.006408][    C0]  ? __pfx_mld_sendpack+0x10/0x10
[  700.006432][    C0]  ? mld_send_initial_cr+0x352/0x550
[  700.006457][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  700.006479][    C0]  mld_dad_work+0x46/0x490
[  700.006503][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  700.006523][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  700.006544][    C0]  process_scheduled_works+0xade/0x17b0
[  700.006580][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  700.006610][    C0]  worker_thread+0x8a0/0xda0
[  700.006637][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  700.006665][    C0]  ? __kthread_parkme+0x7b/0x200
[  700.006693][    C0]  kthread+0x70e/0x8a0
[  700.006719][    C0]  ? __pfx_worker_thread+0x10/0x10
[  700.006740][    C0]  ? __pfx_kthread+0x10/0x10
[  700.006765][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  700.006787][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.006809][    C0]  ? __pfx_kthread+0x10/0x10
[  700.006834][    C0]  ret_from_fork+0x3f9/0x770
[  700.006857][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  700.006888][    C0]  ? __switch_to_asm+0x39/0x70
[  700.006904][    C0]  ? __switch_to_asm+0x33/0x70
[  700.006919][    C0]  ? __pfx_kthread+0x10/0x10
[  700.006944][    C0]  ret_from_fork_asm+0x1a/0x30
[  700.006969][    C0]  </TASK>
[  700.158998][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  700.159026][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  700.159055][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.159072][   T31] Call Trace:
[  700.159085][   T31]  <TASK>
[  700.159097][   T31]  dump_stack_lvl+0x99/0x250
[  700.159137][   T31]  ? __asan_memcpy+0x40/0x70
[  700.159174][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.159208][   T31]  ? __pfx__printk+0x10/0x10
[  700.159256][   T31]  vpanic+0x281/0x750
[  700.159287][   T31]  ? __pfx_vpanic+0x10/0x10
[  700.159312][   T31]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  700.159349][   T31]  ? preempt_schedule+0xae/0xc0
[  700.159384][   T31]  ? preempt_schedule_common+0x83/0xd0
[  700.159424][   T31]  panic+0xb9/0xc0
[  700.159450][   T31]  ? __pfx_panic+0x10/0x10
[  700.159479][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  700.159512][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  700.159544][   T31]  watchdog+0xfd2/0xfe0
[  700.159576][   T31]  ? watchdog+0x1de/0xfe0
[  700.159608][   T31]  kthread+0x70e/0x8a0
[  700.159645][   T31]  ? __pfx_watchdog+0x10/0x10
[  700.159669][   T31]  ? __pfx_kthread+0x10/0x10
[  700.159704][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  700.159734][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.159766][   T31]  ? __pfx_kthread+0x10/0x10
[  700.159800][   T31]  ret_from_fork+0x3f9/0x770
[  700.159834][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  700.159876][   T31]  ? __switch_to_asm+0x39/0x70
[  700.159896][   T31]  ? __switch_to_asm+0x33/0x70
[  700.159916][   T31]  ? __pfx_kthread+0x10/0x10
[  700.159952][   T31]  ret_from_fork_asm+0x1a/0x30
[  700.159991][   T31]  </TASK>
[  700.506495][   T31] Kernel Offset: disabled
[  700.510823][   T31] Rebooting in 86400 seconds..