last executing test programs:

51.664647007s ago: executing program 1 (id=924):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), r0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x2c, r1, 0xd2ead1c3bf63fd57, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xb}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4840}, 0x20040000)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[{0x3, 0x8e, 0x9, 0x4}, {0x8, 0x2, 0xbc, 0x9}, {0x2, 0x63, 0x91, 0x6}, {0x1c, 0x6, 0x7, 0x8}, {0x1000, 0x5, 0x0, 0xfffffffd}]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x3, 0x629, &(0x7f0000000300)={{0x12, 0x1, 0x250, 0xb5, 0x56, 0xe2, 0x20, 0x2357, 0x123, 0x52a6, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x617, 0x4, 0xe, 0x2, 0xb0, 0x81, [{{0x9, 0x4, 0xcc, 0xfa, 0x2, 0xf5, 0xbf, 0xa6, 0x1, [@generic={0x4a, 0x5, "ba082b783c5ed76921494d16acc06a037249c288fed647bd32db101d1b919d11f390751ebc55d2ea0f299b1879e1984e3f86c16f0ff041e4631019838ff165fb9b573eb8a461e588"}, @hid_hid={0x9, 0x21, 0x65f7, 0x80, 0x1, {0x22, 0xff6}}], [{{0x9, 0x5, 0x8, 0x3, 0x20, 0x80, 0x5, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x45, 0x1}]}}, {{0x9, 0x5, 0x7, 0x2, 0x40, 0x60, 0x6, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x81, 0x3}]}}]}}, {{0x9, 0x4, 0x7b, 0x2, 0x7, 0x86, 0x6d, 0x6f, 0x1, [@uac_control={{0xa, 0x24, 0x1, 0x1, 0x8}, [@feature_unit={0xb, 0x24, 0x6, 0x3, 0x2, 0x2, [0x1, 0x6], 0x7}, @extension_unit={0xa, 0x24, 0x8, 0x2, 0x8, 0xf3, "06b6c8"}]}, @uac_control={{0xa, 0x24, 0x1, 0x9, 0xf1}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x100, 0x6, 0x3, 0x9}]}], [{{0x9, 0x5, 0x5, 0x10, 0x3ff, 0xf, 0x5e, 0x0, [@generic={0x13, 0xd, "07c025e1a16907fbc770a8d8c27931f5f2"}, @generic={0x27, 0x31, "e6e196a0435995e0c60bea1927a2657bd88c75a364a9a79e0b9eaaf9e1239c7d819d35f1b1"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x20, 0x7f, 0x95, 0x6, [@generic={0x9e, 0x21, "a0baf147fc6301d62d74d3c439da7bffdbb0cb01f68c56159a531cb1afd523e3d9d93b7ee20612dda4cdb8db5c0c30ac299f6fcc7cc2558096469dc8f4b3b5c22361ce10d48db4107c0a78554ed72770e84e2ea62dd56f04b6cdefead3acb8708f5d09dd64ce35859e65c6b7290fbf105112d44d867791ec7b51dc1120224d5c307dfade5687056b67a45ccffe993fbc1a70047bc75164ec6190c58c"}]}}, {{0x9, 0x5, 0x990aa611c262278d, 0xc, 0x40, 0x5, 0x9, 0x10}}, {{0x9, 0x5, 0x5, 0x13, 0x20, 0x4, 0xb0, 0x8e, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x1, 0x7}]}}, {{0x9, 0x5, 0x3, 0x0, 0x20, 0xd, 0x0, 0x1f, [@uac_iso={0x7, 0x25, 0x1, 0x6, 0x5, 0x3}]}}, {{0x9, 0x5, 0x6, 0x1c, 0x200, 0x2, 0x2, 0xa5}}, {{0x9, 0x5, 0xa, 0x2, 0x10, 0x9, 0x4, 0x6}}]}}, {{0x9, 0x4, 0xd4, 0x34, 0xb, 0x38, 0x9f, 0x69, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0x5, 0xfb}}], [{{0x9, 0x5, 0x0, 0x10, 0x8, 0x7, 0xef, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x3, 0x401}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x1, 0x6}]}}, {{0x9, 0x5, 0x5, 0x10, 0x200, 0x2, 0x5, 0x2a, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xff, 0xfffc}]}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0x3a, 0x10, 0x4}}, {{0x9, 0x5, 0xf, 0x10, 0x3ff, 0x7, 0xf6, 0x6}}, {{0x9, 0x5, 0x5, 0x4, 0x0, 0x7, 0x7, 0x6}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x1, 0x5, 0x2}}, {{0x9, 0x5, 0xd, 0x0, 0x10, 0xe, 0xd, 0x0, [@generic={0x81, 0x7, "69019cc27c9d3d137eec491ae8b4af6c9eaabe85c56ad1bc7a45fc6252f36291386493461317506f7c8e3bfd4207b3dc85202e85f30e4513a81557911a0038e19f24b397b3bc70b39054c47ff24f647398d680355f3588cea8c17b141b19e2adbad5546bd9ac5bfb30bd36dfabeeebac90d302e1b97b683412a5a1473e7f8e"}]}}, {{0x9, 0x5, 0x0, 0x3, 0x40, 0x2, 0xb7, 0x1, [@generic={0xab, 0x8, "70eb7ced5df7c2a0db1afc715c54c76da84ff7a0a48024c011a1f026dbad7a4dd5bdb531cb97ff2bbed83202ced62cc0e9eba9917e16932f2fb8e4f82122ee789f6bdf986aeae55aaf41a522aed78d5788d088790b2ed4eef8cf16112c7f807e982db42f47aec8b6daed89c894b28c153eca0797d8f4466726fd72de9df6e0f8c02d2d999ffa4d97c897f99eda1587bc588b6119ab63846eccb4eebec72ed37836c06d42acb04cbec5"}, @generic={0xab, 0x23, "1ad943dbbf0b21991c56e102bd91373f446301af49296e3c14d437f037d73c852119575dc75a71a15f2cede9fe8fbeaf0d3131fd274def2bdcd03d23ebac71fbb9d6eddb2526960fc24e5c3b618f9b2363ec3de586e301bbe9ce86046d123efd768093ce886bc7fe39af5626c05eb76bef4662f8e5f658364d55c96a8075158f4cb644a8daa209b1e45b0055f661e37014e15773968ab419b5df8d6eaf081d6b2040c7005406779d16"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x3ff, 0x40, 0x9, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x7f}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x4}]}}, {{0x9, 0x5, 0x9, 0x0, 0x60, 0x0, 0x5, 0x44, [@generic={0xd6, 0x24, "99826f3bd0cc3530a8cc43e8ac9ea134a0c583b0ec35013f7610cf6247bdf6d176048ad024926d925e8fb67b5a8eb49dc1aff9651c58c322c5b42ea57dcf04e869b128e89268502defcab928fedde49d41d35032ba4da8c2cb2cf89bf97d8cd55740d3d315d2096462966e8fafac703590721ede4175d14fff393649494c849c57f6437908e80e9dbec2f4e2929a879025e4295db778a8c7c6a697655b4cc528c186904d1df82b8c61e195b1461952998519ff8c9885718e4a56e5104d3d8f2370468df9df338aee1246e5b616908de7a58e2aa8"}, @generic={0x7f, 0x1, "557318dacdb93b7c7ed2f40c29fda1cba6b963add0769fc0f34d6f6e6bc75664f5dd91a20171671c69235ea9c920038c06653c41de213ec8c731e6e0932d3b0f9c9a5d6863743eb9715977adefc2cf95e47b9bc0e99dad9feafed648516ab04f97b16fb75a53e739aa8059736cef236aba5206f51f40eeae09abc0adf4"}]}}, {{0x9, 0x5, 0xe, 0x4, 0x10, 0x5, 0x8, 0x10}}]}}, {{0x9, 0x4, 0xaf, 0xfd, 0x5, 0xd6, 0xaa, 0x1a, 0x3, [@uac_control={{0xa, 0x24, 0x1, 0x7618, 0xb}, [@input_terminal={0xc, 0x24, 0x2, 0x6, 0x202, 0x2, 0x0, 0x3, 0xff, 0x9}, @mixer_unit={0x8, 0x24, 0x4, 0x4, 0x3, "f81a20"}, @selector_unit={0x6, 0x24, 0x5, 0x1, 0x4, "c2"}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x301, 0x5, 0x6, 0xff}]}], [{{0x9, 0x5, 0x80, 0x2, 0x40, 0xe, 0x6}}, {{0x9, 0x5, 0x8a, 0x0, 0x8, 0x7, 0x0, 0xe}}, {{0x9, 0x5, 0xe, 0x10, 0x10, 0x3, 0xa5, 0x8c}}, {{0x9, 0x5, 0x2, 0x4, 0x8, 0x8, 0x8}}, {{0x9, 0x5, 0x5, 0x3, 0x400, 0x3, 0x2, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x4}]}}]}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x1, 0x0, 0x4, 0x8}, 0xf, &(0x7f0000000140)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x3, 0x6, 0x7}]}, 0x1, [{0xba, &(0x7f0000000180)=@string={0xba, 0x3, "cdb1a16e0bef6aed00bb001291cb88095da9ec8b1b9d304455c5ef99dc5e061a870d7f8526d8cc3ea7e9f1849268715f59080c2e24b65061c443307441feaa39ac23b993ab6bfbe92cb940e6f0e21e8df458f9953fbe718ed2f8015e5d174ce2bd65f44663f8c2b65843f1611f6f96b547cd825791c3e0d2d8f3d8adee1cb7854f60df7c2f85cf61eabfd43641cf88258f9b387abef51e42ca2eabf478bc688e6f4309c82d1f7c29e15d7369edaab4e33bdab49acd7a0414"}}]})
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)

48.642334588s ago: executing program 1 (id=951):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x30000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}, 0xfffffffffffffff0}], 0x0, 0x0, 0x0})

48.593112191s ago: executing program 1 (id=953):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000800}, 0x0, 0x3f0, 0x2000000, 0xd613, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3e000000, 0x4})

48.472764316s ago: executing program 1 (id=955):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0xffffffff}}, './file0\x00'})
sysfs$2(0x2, 0x2, &(0x7f0000000200)=""/143)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r2, 0xc02864c3, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0xff2c, 0x1, 0x2})
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000000)={0x86, 0x4, 0x4, 0x0, 0xd, 0x1, 0x7, 0x3, 0x3, 0x18, 0x7f, 0x4, 0xff, 0x2}, 0xe)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000180)=0x4, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x34, 0x1, 0x470bd2b, 0x25dbdbfe, {0x4}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x100000, @loopback}, 0x1c)

48.361096228s ago: executing program 1 (id=957):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

47.693081041s ago: executing program 1 (id=963):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x6000, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "966a82f2"}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0)

47.390713433s ago: executing program 32 (id=963):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x6000, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "966a82f2"}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0)

4.560380236s ago: executing program 2 (id=1407):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000480)={<r1=>0x0, "49ec54bb6bf95a5ef9b6a5c228d5179e"})
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r1, @ANYBLOB=':0000000000000000'])
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x1, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0x485b]})
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x20012, r0, 0x7b341000)

4.493862808s ago: executing program 2 (id=1409):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000004900)="fac4e7c21565f79b73d8d7dcc36944c7d36505ed55b2c535ba5bc78cc94f55e518d13a9f4dd794ecf1b09fe12f2893933931db285710f8c78793ddf30ff7dd86203ab0177f8aa062d6fe9529d65fab047ca34c6840b505eee9082e8ccf311bfb84ee46c0d0dd466ba326c6410b06b48ffc309ddd9fcdd816ded9830e41f8cce8d3bc31a817f29e3ecdd0329aadc8b022c55c70eff8905b9bf223ea44cbb290ffe098bb78fcc9e39f16f4f0e8d60e440abc192d530e146bdb59e9e522668bebec672a965ee7bdb300ab4314235dc0e62e94e398742cfeee3b92ce29e1a62fd8375d95ef502ebc1f04959d83a15ee9496198f0b3440b80cb9950324c9d4dfa69381c5c0920e307ab1528efe02739c2a49fc4cf09ff76c165d5005234b8f9378c74040d212eed9e7485cdd758bf4d34c2cf52b278eb3114b13b43214814ba2e2a357c028c737892d0e8ab1f1d009a00ad0dcdb9ffd0f4fa0b03d3b006fd66e8faa4fd44b64dcb92cbb5e9da64165ef01602538708e5dad3c0986a2b03d4d4276c9268af76d300b01ceef84e2a501e2c3d04e31875d1a81270409516d4272d73e9899c5a939c03be73352b61cf32ea1f6cc2d31847703843cd2e54de294b1c957ae618dddd7fdb018908dd7be379fb3db575b0859d9f2a190d8f7abc8400bbcfc866c8f8454102a5b0c215f140cb17677556241e33443aacb35073752aa65f450b2d03750ebbc07ed809f97b5a55a4f11b920cc9bf0a1db7fce63718f85c3326120c8b774ec22ff9c1b7e9114c0b931b6805fa672b53a6a617881fd73dc1b79fbeade0120e08c7abbba9bed82e9700bbf779328ce0a73f7e60459ecfc3f0daf26da8d1b57c1536ec967fdcab8cca66aab0ce0a02320c0090c78511b1672d65b3d62ed38e2655bc6ebfb2480a0c33fc68bba5c444d8cde3f977a382d6413947fcb25e3e9330f45b8874463e2a3fab87d877652de9c2d35208ad5d3e59ee9e63061af0b119d8174e7eaf71551b1f3551d0247717b5bb7d4db41767e2608a2472c7258932e22eb591c957da5fad5732c86cf18ec338e83ed25e41a2e500360c7ea86755efe0962f0d1d4cc945645e01b5a34fc74630c91cd02c5932f2df9ec1e090dd83bda328a7c8d1b8a8294c3c551c1954a7f024eb7ac01e35538612f2f23a6c52c59beab75910c5abad25a3789baa0001569e93561a8992450bdb0a757b916af413d63badc4aeeb9489357ff7fdb27e913278dbb5f2d69bc196d110638601f31fb4db2b301faa7516955d6971b562288328e14c7957696eaa03d3911ec661279e37a850b7515fb4e122c39fd6dc3af40980173e6324ee678b47f74428a593827d75aae3368e661dbe9738a2704d8f7a086e77b9ffb3eb0e16199c58eff45dbe628d268e88bb2d69a310b60db0a850afcb08a2a7b316c70209ecf034d484a6b1f68de857d4ebfd45936c04b532202bea6b3a6d3751cf73db4ca0a76faf7a972f8a68a523b0a51d593436aed65999fe96058e085b4352c0d5603365ae4cf724e5801da03665ee2071e04b45c6de0a59afc376e3ce2ef206c3161f235049d7e0b52e04ccac4f1699629b3f8736601a6dadfd00dd9545cb7cabd1cba12ddb2a23c58b1da9c69ee4ec9853aaa81e1cf7a169f91a1c077fd6c5c2fd366c9a2a285420d5633bf0544003251768db01281f8259a0d0c489f7f7cfc0fa7ff2878fb0cea89ddb3593539a1184e667f3840e8e5043508777dcef371e2ea3cf489fcfd60066a8dcfc9d0fbc21aac05f24a88ceb5c186326d1fe5b6cb4a40d25e6f847f7a4030d0a9cd29b0f9e3b49471730df5c5d1e172376ab2a27f3aaa3d1c5f354952745db1c54464e9f4d224ca1bcc7a4004bbba7a21d60a1fd5a35c1179738fbcb61241f38703610d51b18afc0e0bce11564167344568875374c6114c64b7cd25cb3c005b2577afe3c0f528d5c838152fe7b307d743596c91f43f3958e1f25f741aa4b30baa4063d0d9c3453fa18de83f744786c7b4294415e0222ecd9bd9a115663f32e9505d3618f9c716f23d9e536d429557774f7910aded24931f373507dba89766d760b714da6e264492ffee985422e60da15b7ea862935d21bb878560b0f8270f82cb3a8fc99ac35c30038b95532fe848f8a2876f5782acbad93f1426fee13fa4f0b778950bb2096c7d1c5bdd481ecae83254800f78a762983418c3fd673deda93c206ad399144b141db743640e3102fb453d553f939ad643ce9faabbb01bfad49cd30a61cce67fd46782447e14c7b2d2dc1df244cd7d72404a0f5b54187c75aa45b9b2a73727de0ce187b7e9cfd471efb73e9a84971185cf335cb33fce92e06992398e53be779782a436579bef6d7b0d93915e758fde3fd67b9a964d5a8ddc5950cb2a78262d0e36d329f9ba56b06266a126334c56852b290937423bc178a575a442046a8a4406e88b829d36bea6786774b0c513dc951b330eb5dd914a907b97e83db55cf73c2897dc3d6944dac797b8b1434327fc15caa6b309b62e1aa52d4e8ca7a7db6f99e423489951961f147b3cb14956e801f7b1a15b959546ea229898ab9b99c9a080f5d9176c59ace26b72e620b9ff6e558bfe7808a7b430c414ab90cb0f1e4101be46dc360928797171922d41bcc8c12d17375222c706b3f864f8937ca947b33eb13216b1cd1d4119fa6de7e1a07c652671d20b1930ccf14c443223a4fb93848969465feaffc703347a5d5a9b68339e3951d3b8fc17c6045201af7e84a7026bc741592bd47768a793abe5009eb9427dfcfc4e4a9b9ae71f8582b0cd9c28c6270d5bbdf0f1415c722384808cc8fdaea65eb97d5fda8dd2014163598411c51495fd9fea5ae48c9e0d158217335c0181db4d196af623b5de7ebb1a0a71090e896c11b33cccd4515d1370b00ca48df5b855b8942cf35a8da12d4eb68b52ad786e2146383c54a13a3de979d03039e42a440c6d0db2a1509ccd1aa5097af5b15b49b90928d82e7b944d0750ac6d9433526e65d3ae79201b4a20175aa12692e4ba41c4733673a47e8ea44ed2b34d3ae80ca8b05aa159662f75ba748ef793aa184c8405796185ffb25ca4cb324f4f77610a3b372f5fad04ef85ab771f2f5efa3d95ca0074b9363b3b4095dacc04d48b9c86ebdfd94981a33b2fdb712409462aca416079a5daf92fd24374b6f3f76277fc36bd6d38832ae14db4711b0503fe12b647516d1df64c11962219c17ecc60fd25704a94742d6655e57ac9f89ae1db77fe8679b7f84b403e101d70352f1d80bba74c4aefe14cec35f4168d2e9c2625a0e692504299cf8ca875e7b45fd3c71df003628c3ac6616b3b1a8edb7879e5781877a9873b3885958edec9d1a7d24cc22c49047335dec3cf9b2821c267ac8dfaea3bdb3dde0fc7d1c1c96ce04f3bd5ddd7ec3ba253cc34e7df4a03d58e716b5bf8d681c65931407a60c28922aceff1edb45417bae99167d99e97669d68efddd00a867f5b3ce5763be30e07ff2cf8b15c90a6f656f717bc1b590231f48e3fc4a85124d43a1a811b6043604870e56b81f127db36a686eb77d612609f44b0fb262b17739fbb36c67ed305e114b7b595626e897af9d59acee1af38295c366bc32e3af59427dc11d5cd594add4e226d947ff26a2140f476a43695ebc8f73cf5b7efeb2ce46d63484b9f3ded774088a0a31cb2eeae9538bf0c071f572657f905b33d4b3fb5280879cab0bc5fc7a89be10a9118c419f974c454a37bb934bd488cb1ecbdcb2ac26094f90b8093fc75454317b92278eff430f6622cbb2c4f6a8a2ef5c7388b504a6cf89bf889990977fd4f5ea1a530131a8e2356e3f1db0d9f93d7a65af79f1fadc0b40279965522d47dfe154d62036ce4e53eeb6e96473d3e2f59ce1f54414af8bada3d9b6089e7a670c7418d0f906ddd8494bbea718fb91acd0fdd0f2c19746f4c1ff87167987f056a86f03aad8c11aec6ea967383c29b9c8bc6d4f46c9c2f44fa5a43f52cda78cf36f270a7a9c77c7007a55b6770847aa8cf4676ea9abcbb91ca9a41ad56682f3dae20ed1a67d75391caabdb66808b91e86b9db4a13f7935fff256b54818a589402967c2242a70afffbc7ca73116a1ca81a126d2d609174a93b16d1fa4d18bd6a4e277aa42a8551765b241d1e54174ba7993d1694d5a191b3036cab5eed5311403ba6de613b73beddc753359f7339417e4f07724c6ba1ce99a55c6b8ec72c0a4df4776146877309382d3af87c204ce86f54c2a7c1027adee9ab2e4f6bd205fb41d7d6b2fabf7308ced5c870f156aaa9dbd24f232ad85d6123426c5e5264b4418ebc7acf1cac380212f48dd87c2000f0f0c7e4a54c04523fb7cebbc50c26691ca8ab9748831851392864c02166f5e2f0c7d5d76b71908de9ba69a88b0bbaad0dcfb9e3ad8680275e35218a60227bfb6f773fea9570831db671ec8912abe6c6190499e0100232aba631b9ab148547041f1bfabec860d19ce987c019249f07bf3effcff35a6c5402a584f0a55a3a580aa8303aa9a67856f8cc27abdfde11fd2b8c5432a46fe2c3c08ae53ff42d1c545fb890d097d9b31437c53f6563fe416570b4cb3d5fb084d9ad4165e6eaa6a24a5b77dfd6c0962d233a2030427dcab08660143dc3853d3ae8907a21f812501b1e96fca4e4c73226827477ae9e5e87f88be74228afc7393d7ed98f090577db9d70158e3acc36e07f959d32de1e34b471e2732e384d6cc6fa6d3a218d0abd71af71993cff9e47793dc72d00c5d5079ad76e935c58d349f03c6a976ac204b4663324b63fba9fb7b4a048186d53f72012779b02ecc61faeed40494538a2df95f14be70f80e2c1072f56ccf59ff5d75dea6652ef90138b22c943fd4863e90216cf9ba84e69cbf43661031720bbc22e94bf2fa1dbfe8313487b4cf6cb31e9d26995471ab64a120e0eef82d95620890aaa48afa7acf4ba274dba1b5a1e37c1062fd70fab8218ceddaa8d10154e567c7cb8e5f4bb07c6c6065164c0b374b17c555f9c1ec8d108ae7ada1913db7a447e8ea3713d6e2fd6384ac3286d9941523e01d3fefb32cd65922f2113a5de4c7334657106a2c97a6282b22d7d67f39fd6601916b0d5bdcbe382fa786a3cf74b24cdbb5a2843b56ddb14d5514139b1cffcd68d45f9f082186e2ea8f774c899cbbaac2e6207cbe86645fb346fd360d94a2b61e0cf9d33778cf3b3aac5fbf29288fc065ea5a218b404b82c79098b48a8051d03b6f8c4df4843b665eaf6935ad0e703cd928d228a48b51d23afa1bde22b7655dd4d8fb73b2b10533d6da9b9fe6aac3d1e73e5157c0e33bae4f31f10212d7f87d9341e3090b3c7c8ef79efae8bb744a5f8db2bcedeceea81e8c23716e113bbd24722d6f33dfe6438006fadc9bab9809c5c5b3371994a55263a52e9bcdcd3665f8472bbc0c59d27c0a7d023763ca55f80b7a20014636be698a2f1e0a5ed5320b1591e0c1350fe41593942495ba1a214cf18dee3c73635d208a60737b253cc716d1cdf0c7546dab111bfdc0777c4ae297e9a35153e84d7c5411df5e134f2a128d5c0240aff77e076a1113214ee68fe0c294996944180a7a5c4c35ce341682cb31607c3cf5514b1f1035673f3475376a8cbf20b50cf3272a49c8aafda33fef13aa90781f9c14741886fbdda634205fa98c94dfe5f06533d17d772ec5be90243a24f1db46530fc8b8e167cec2276dc16cd755e371f85827f44da53114333abd41b2ea70faac6762d38b5751e243b2e01ce7d00dce1069419fde74c49ebfabf86eb696fc6f07a8b4f95683449416c9633f3ef6a2eba6a687291e2e7f48a3fd15bdd2187e7790fbfe684b5764d7ef0bb3ba99c2e120300cf58c408608ba6090e15539024787a0290083d808380214a8ecd11effcc05149e476b1ea5b82047411050068806e331171513c57713f0987133e155d3b312aadc9f243f8533fb07ce208d46c42604669ff4b8a28be3bc71f38b45081d262ec130a818d05d8a8b52cf923727f59380441524be1d3448223a2cccaabe7d86a88c4a9ad8683a42cadc41b4f26faa91d9c927edf30cb8137e74d7c8b40a9adc2567de40144ba8f86776a1ee234d02c56fbfecdc636aac44aa59d0392d8e8c13531350f2c4b5b6417db0667a557acca8f931d31a56c3b55f603e9646cc409dd54db6d89be0a7a5b5459639915bacc24885e4a1e2f3a805cd7a315f71601d5fcb2b658deaa676d77ad646003770df1be040641ff3391c4770e5461c38eb2b0eb58e9134de52e78d36c3dfd1ef42d9561b78116e70b3658ba7ff9411a7085b80a8082977d57e9df4851e5f7da33f06f7c47447bab0b4c7d3b9c9a511ff6d8ed4a26287d9ed154302ff6ed1aecaa226d60ded733eebc924ce2df1f7ada22a10db46e768918178cffc926b61544f59f6b0be26900a5204e97b6b91b16c227796f903e5e1d3924a4f3286579507a30a1486d7d186a2fd5059b2e83cecae0c7ae26dc7c262e717263c1599e7da38f3e3ce06abaf77876979c0835c859e101ff6fa4ab2a96e65a497cdf27b1df052d07bbe1bd4284d8f817d586667dca367a668a1904430ee1ca62098d919f0a4eea1244a8e4a7792c86165fdd8b9be99262d2f40ecda00a9a5afc1bde0e630814e8aef82176dcd37463e34e63c115d9d33012e497c41c22e98978ee1e4d44becb9df7920d9f8490427d020d602cc741a03284d01e81804714d46f13ac08e2a6a8677286fd66c528b985dc51d7b150417ce8fe991e2db228bca99fa6eecfe654307fda8a227ce880e7da556ffd3ed3adca545953da9c369033f2e819a1d66636fd1e9794bbd0d7a75e68c44c632eef85b205cab173aa5a9023ecbcdbdd43e4afc7ee5346075ee1bd79795245a8437d41496d3a25144af27fa026fc1b4135e28c753127fa19c147bc14c68b15fe170fff5b916eb069a414c069da3dd2640ddde8e819ae37b670ff42dca8010cced7373d0ee0c2fb05de16dc8959d172c4f467a25038b97fbf9e60bd3c40c73871d4114d6d81acb7d57552495c336e5da9b71b7872e9ebdf082023674118c3f94af6f05ab5e19ecd8ec055dd6eece56f850e902745173f758e2387c1464866348bbb5d436937192371564fd9769eb4542444ef4e60701594fbd6afc80fc7e0f7616ec8286fa1059395a2ff7ffd3fc434b84f23ca88fe44c8cf21e1b13b3f3f66543e71b855f3f785dfe1f954462fbcf57b591c0a725d27381251828d7fdf7e09bdbd625e89e98f61fb76d56ad69106510ecefa93853f0da630f7b4f324c17494d1fa51f94e9daa978b572065f6396a7f3d649060798b32b61ee7bc7ff03fdfd800e8dba8c9b0c8d51433972db34e0cc2666d54dacc4c1da366bfd58f5321f6daa88d4e49a450a75e2ae935471886bda66022b4167a743d8e7518fa2b427408f5c3278152f3d97404e34c2e0531a322518bea013e44c82546b135398263854cc3fa21f72389170c4e422e2e221c43634442eec3712c172f3b9a4e29c43d59ed1715391dc27f7254ac5918f9985288b5ff44a52c93c5663312331a3341fdff4d24607f91c4fc0cce634a4f69f686ab52ec6e36e41a1fc87af4eba40ab2da228194a6cc9b98f271f74666c47a3e371e866dd8a41293dd6474b2dde3f6bc452b010490e17cc4e7df92e7436788e7e60dda166a38314f18e631656862ff7ecdbb85cdad2dea4365443da5617877df6bad1abc1be597a2961df6cf34f5f110a60694b406e4ae9e48077132ed583f76b54f3c37108b19c47acc4bc02072a64a0da39bbbbd6f2110a8e925a63389d963057f466d02a10f6a6ba2112b74e28e0aae33b0f028c2270f1f07c42b25c812c3dc34f811b862c3485b4396cceca3ec6a62e47bd519533c30f3d9cf05b0ec9886f8abb796ce31b290ab6b515dcc7d7f3ab11582fff535ffe2746333c1d288f7a22ee36ed232f1a7d6dc3c825d86d211af3eecdfdea7cb7a4e5139ebec4a3b7e81518e76a6d8951bfb090705f21d158d89061815e7dba1cc8134e2f80955dc63f3fc0a5fb953b4ab05c22ca761092418c32725732e54dcf086430f6b114761b745ae8ab00127ca375ca08d7c4ff7e306f7bfeab6d87a7e43218c267ef145095fc7a1ad58a283007734de55aea229a24c63372ae40e32618468612464d61840d79d837722d8204ed09b9bda9f438df009c9a2e4584755dd4ad91a3378255e0b104258baf6175e7d9df45c3caa2aebfb5866e4d20fa09e06ab689903a1c1b622ea04f1208adbf7cd6ab7a53068441eab17dafb00a07bbd5083a6691f6f34a9fa82b1ded4660deaf67343ab9aaae5f70c0b5a287ba669f32a1431ede98ac58bb4f42ef2a23122cd6a3da7658174853a7400bbda3ea58ce0f5589a6d5eb45e0a17aedf12bb175a8d083492e768f52b23881e61f3492fc039e478a712918ff2b1721b9e6e7911e16539f6104fbd0457b5521391672f1e57cdc2632ace97d4e21372213d1546578f7c8c12218600d85bd53cc6a5f2a2b1e88400c55f13703df10ab28a327112404f4663b19c4e938acd3917bfa5580845d0060a9136dfd88000bc05d07476bda0742ced80e1f61103ac1a501cb648ec6ffcfb0c1ce6fcce6e97832a720eb621091f2bb8ca2535e4c4c2335d6cf8a88cdc484b19dd12a0cad69bcef70f1c5a416ea21ccdbaef497a4ae417370531e48fc48fd01106934b6fc6cfae0acfe78f208d5ecbb773707484b57768781f57126d774a75099b308035862572d3fbf86692d474bd92850405bfbb80dc8a525ff594bb0d908ceaa9f51b2ac7b41a2b4c45621b62b1e1ba55e394ee15c4c222598b4e58b8addf87474a3aa94e9233d36520ded5f6ede8be6c32d38af2f8a0fb27562b2e3330490d46047e0a2d383830c2b0525c049d3005888bbbd247162275b157e440942b37eaf4abb9a4d22ef15d6d3009096d9b3d6732c35c2878e4c2fc905f2d961bf3700f0c08740249b57a18be63a18ff2fd7340fa3baa719839cf8eaa389a2f3b81af202c4a9abbdd030bfaef70cb65fc961bb579ed400e648cd8c1b100b289c38067a6d422c1a0a9f027795eecdaa7230d6e0662d0f59ab1cb0671b3b99ec12b65771f0c7416456b99537d10779d496f17e0c04160e879a5d089adf6f8060d92c44039ef2475f4647b5f3b30335ba2a50403d09644a00122d3bf7553c8eccb0e8dc612a83e6e5a7acab9f014fbbc712623ea86edc9bec0e4c392efaea3c56bb5ec45832ccbe6329509a6800ee36e85bb3b65dcf5aff9aa2db6569a230cdf1296e815d717191bad83ba31c1e42b69c6a5cd214739b1af105a244283c59c4f60d730fe6835ca983f3bea050012d6b6bc13a70591950de0d0d8857c200b61158a13f2c2d2536a379b7b4ac302ffbc78e9769e324c6ebfd567f5f4c2b053f7b59b6b07285194526d40ca6a5c4c376fa127b6b100489ce5266ebafa0cdec24b5bd7a22f295402303f8d1ddc3d1427d4c3beece3309d55f138d878c8054b259c53e59489f5f3610b3784489cdfa6083867a92a5f7e30826a6f590b9c809020c0f8eb73b70a971c050a70af2ca3a70573554b97c60037872df3e5c3f2e91103827306e72fbf1b072250e432b7bf8a5540783a2848724989eb86670e1f5b0675a39f7b1548260fd211d9c05e48e1a3df852842c477a36bbbac07317246dc8b4c3383227485556992735bfea38ef7a8a3a372464dc0ee6b9a09548a37dce62d563d04eaec5cb54c9614170e0811b53fd05dbd192744f74b5e0e3cc1b29dc0755ae4fc0c14ae8927f72864a796e65130e05d012336a96e5b15f17ae6258c67ecab6505bc1a26c00d5010e86f243412ca4264da4ed41670238faca1d7c7ed6ae74cc104ff3f9c045ce7efad15db83c3f5bbf001507caf3e6ee0a11a9c10205d91a7bbc12b2a91065352440a18493315df7dfa671bf8e1bd6d67119fbc3bb69d5661a43481b00ee60dab9d725f7f166ff989a0cbe21ec7f0007bf09cf5b5bc65b5835c4d0bfe6981616dffe0eae36d5b8c39d14645801919bc537212fb941ebe346bcb5037cf8b894ca92a0682fb2b37f08609a4a9465f0c423250343fc2367da64b690e273293431a36813cea94de5cf411c5c3c0265239aafb8fbe45c55fabd94baf7053023d1b0f647abcc07be35fa5a0c3aba2da35f6c2d8a739beccd96916cd30bdd8533411a425ae30b5d02b8d79c3622118641fb8551a31e1c1f4a0551d2b57eeee4097e9c48e09481c228bef6aa3c4aa7b9e72e8731cbc57a20a9e3417ec718c6d57a401d3c04ee2e4066d6d950149e277dc2bdaa23879b2c5135611d82ad8d20a4b2235c09da69fbd9878cbc52b25622165e0ab3bffe476eb2884629596dc865f6b13ba510cb375e59195636deeeb06786a7c9904ccdc58eb8664fe7b4d32bcb9fc8ab135c25ee2c22837c6c3a8c116e8fdcfc310799d0fc974e43d3a73fa0f8bd9057a1465823567f681c1d2e6c4a33770a4dccd06bce94b0af0e4d198b040d8094d610bbbd4501d8da6028b5e73f135cba6a8d7bb6cab2f06576eacd823e520282f9f883634a6dd4cc4810cba3f760b9842a0acae7a396892b658e3b6c84d0e75196b4e6a3240e9d2aadf257ae970153238e347d3cbcbfabae300494ea0d1bf292799e09b8064ed885cce1574ee94c216c50017c43b3407716e5919fa0706fc9e9c382bb321e8d6fa2520543d0427a620bb45c56d3f7e66aa025f17863024a2bd693d932bacfa516fec791e86982d020faa819bf2264f8606ef260a29af16300971d0ec49d6f5a21f9c437b75b44eb59bbaf71947621a1e78c68e2767dd42c7f6e3dd6faeebfc8fdfe4dec6db3fdd2d53c906f6040278ea235b37442f34cfa1a1f1064acce6a7cdb9657c1ea2def6c1f2220ab57ececfe53b4bdb6e57afaac1c055f25202c1efa65b3e48f5b57dcd2b7f3572d1d96a736813ca6acc75c967a89edc5dd62eea64cd46eeab6aa879887360aec466dd287705497e832bd4eb3d73524e4847c18f8b46de1a88a00dfa43acf51fe97288d53e30c6f2739b4532c6e8f7286a25c5f5f10532fee71d7c1c1f6a1c56f2535d94e2dd774f424cab2bf3673e097fd3cfb55ba1f29a6d03dc31abc214a6dc5950824f05f0a3036690120684a7117d42e9d40b56f3738428540c27f25ce4130966fc9b08f831756d5448be9ad7d07b95bfe61fb396438bba4ccaffa7a8a21edc5324d72514427a75a3619e48400e1b13a97ae7097f87c9253035ac3a1e3bf6d22725d22e31b7e0c9515f98f34ba357cc136190f81c010f83306d97a89184656bef128a648b9878bbefc508a631f949d8540ed16aead49d51911901d74d7aa9649317356ebd2ac0441be95291c1c2ba803b2e4604ac4b09e29fc6200819fb2603b46dbe929e4cc661c4f31a6cdc94a81fa62eb28bf447fe2ddbbb3d5f2b97d4189ffe5d83bc8be19ee5c92b958488a55c859d7eb5885674bd351c4125a02151529e9ab01685f2e4bba3aef0d5e9ad8678dab470d761beb8785424d51c4aa728417d1edc7cc44d8c7f2f5a09c68f940fc72a4ed2952e1985b2727befdf551d95e8d43e4dcab6f65b12ea706cbc10e5354a894e7646118e60", 0x2000, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x78, 0x0, 0xfffffffffffffffe, {0xfff, 0xc, 0x0, {0x5, 0x6, 0x1, 0x2c58c9da, 0x1e93, 0x4, 0x200, 0x8002, 0xe26, 0x8000, 0x4, 0x0, 0x0, 0xc8, 0x80000003}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(r3, 0x0, 0x2)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x26, &(0x7f0000000000)=0x3, 0x4)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x14080, &(0x7f0000000000))
r5 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f00000002c0))
futex(0x0, 0xb, 0x0, &(0x7f0000000080)={0x0, 0x989680}, 0x0, 0x2)
write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="563f00001800599c6d0e00009bd029ef8020ab"], 0xfe33)

1.797837208s ago: executing program 0 (id=1445):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000090a01030000000000000000010000010900010073797a310000000028000000000a05000000000000000000010000080900010073797a3100000000080002400000000140000000030a01040000000000000000010000000900030073797a31000000000900010073797a3100000000140004"], 0x2d70}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

1.75167609s ago: executing program 0 (id=1446):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000480)={<r1=>0x0, "49ec54bb6bf95a5ef9b6a5c228d5179e"})
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r1, @ANYBLOB=':0000000000000000119'])
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x1, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0x485b]})
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x20012, r0, 0x7b341000)

1.682576293s ago: executing program 0 (id=1448):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8042, 0x85)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
socket(0x1, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0xe4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65"})
dup(r0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs(0x0, &(0x7f0000000280)='net/netfilter\x00')
syz_open_dev$tty1(0xc, 0x4, 0x2)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30001300002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r2], 0xc4}}, 0x0)

1.541467952s ago: executing program 0 (id=1449):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x2c}, @flat=@weak_handle={0x77682a85, 0x1000, 0x3}, @fda={0x66646185, 0x9, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x1000}], 0x3800, 0x0, 0x0})

1.451517981s ago: executing program 0 (id=1451):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)=ANY=[@ANYBLOB="140000002e00010026bd37d9f212df2504"], 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000041)
close(0xffffffffffffffff)

907.3097ms ago: executing program 4 (id=1453):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
poll(&(0x7f00000002c0)=[{r1, 0x100}, {0xffffffffffffffff, 0x80b2}, {r3, 0x4}, {0xffffffffffffffff, 0x4000}, {r2, 0x8004}, {0xffffffffffffffff, 0x7293}, {0xffffffffffffffff, 0x40}], 0x7, 0x3)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

818.89401ms ago: executing program 4 (id=1454):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604006000000e000d000f00000002800000121f", 0x2e}], 0x1}, 0x0)

725.942876ms ago: executing program 2 (id=1455):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000680)=ANY=[@ANYBLOB="380000002e000100000000000000030008000000", @ANYRES32, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0xee00, @ANYBLOB="180000801400010098d4c0b8fd27f3a45e44e813022bd729"], 0x38}], 0x1}, 0x0)

725.749448ms ago: executing program 4 (id=1456):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000480)={<r1=>0x0, "49ec54bb6bf95a5ef9b6a5c228d5179e"})
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r1, @ANYBLOB="3a30303030303030303030303030303030313139aa"])
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x1, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0x485b]})
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x20012, r0, 0x7b341000)

725.620171ms ago: executing program 3 (id=1457):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000680)={0x13, 0x10, 0x10f, {0x0, r1, 0x2}}, 0x18)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r3 = dup(r2)
ioctl$FS_IOC_SETFLAGS(r3, 0x40081271, &(0x7f0000000040)=0x10000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r3, 0x2c93a000)
r4 = syz_open_dev$cec(&(0x7f0000000300), 0x0, 0x80)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000000c0)={"fbffffff", 0x3, 0x5, 0x4, 0x4000f, 0x803, "000000ffff0600fdff090000000c00", '\x00', "06030400", '\x00\b\x00', ['\x00', "8004000700", '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', "fdffffffff40000000a600"]})
ioctl$COMEDI_RANGEINFO(r3, 0x80106408, &(0x7f0000000180)={0x7fff, &(0x7f0000000140)=[{}, {}]})
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044091}, 0x48840)
sync()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

684.903233ms ago: executing program 4 (id=1458):
socket$kcm(0xa, 0x3, 0x87)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd120000000000140000006000000000058700fe88a43de1a400000000fffffff57d01ff020000000000000000000000000001"], 0xfdef)

576.595062ms ago: executing program 2 (id=1459):
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000001600000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e00000010500030000000000240001"], 0x21c}, 0x1, 0x0, 0x0, 0x200c4034}, 0x0)

445.083851ms ago: executing program 4 (id=1460):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8042, 0x85)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
socket(0x1, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0xe4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65"})
dup(r0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs(0x0, &(0x7f0000000280)='net/netfilter\x00')
syz_open_dev$tty1(0xc, 0x4, 0x2)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30002400002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r2], 0xc4}}, 0x0)

444.688711ms ago: executing program 2 (id=1461):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x50000)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xca)
getsockopt$ax25_int(r1, 0x101, 0x5, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000400)=['\x1a//@.(-,^$\xcd\\*-\x00', '/dev/snd/controlC#\x00'], 0xfffffffffffffe61})
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x10001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000600)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_VLAN(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="002fc4d383e489137296de1982612e5acb5a53060be95f6db0f1c74b091a3b960a1af7164080f7eb5e5ebe500a8aadef30313e7904c88f0f0728f7d7b688f83cda29e31069da551fca5124", @ANYRES32=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x8004)
r6 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendfile(r6, r6, &(0x7f0000000180)=0x7, 0xf)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r7, 0xc0d05604, &(0x7f0000000200)={0xa, @pix_mp={0xd, 0x401, 0x56544943, 0x8, 0xa, [{0x3, 0xca}, {0x5, 0x7}, {0x80000000, 0xd4}, {0x6, 0xfffffffa}, {0x39, 0x2}, {0x5, 0xa}, {0xd, 0x1}, {0x4, 0x3}], 0x1, 0x4, 0x8, 0x2, 0x2}})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100fdfffffffcde7edd340000000e0001"], 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a40)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r12 = pidfd_getfd(0xffffffffffffffff, r2, 0x0)
setsockopt$inet6_udp_int(r12, 0x11, 0x66, &(0x7f00000001c0)=0x3, 0x4)
dup3(r10, r11, 0x80000)
r13 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r13, 0x29, 0x40, &(0x7f0000000000)=ANY=[], 0xd0060)
utimes(&(0x7f0000000000)='./cgroup\x00', 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r3)

397.844623ms ago: executing program 4 (id=1462):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0xc000, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f0000000040))
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000080)="a51250bad85c0afb8c2b36fd6c2d03f91061982a902f297345d0a3c0f98000b685958a9647a0c71768bf4581e36797a5ea5506f4eb951bad225e487463d094ec0b7753f31ecd99b2e136e090377c777022590a350c36629f7dbaadb62804400dd0aa250532eaf6e0d2be2f5e707a71fb93365025a58d4a31d651bee3502c39e6b61dc0b827dfd89d436c452d1389ae3de0cf8b0cbf76088852318ed92b1071673cd72ef751be4416d402f722fbae1d7ad31e91fbe9", 0xb5}, {&(0x7f0000000140)="3959f4420466532c6d3b218921e6c8c611552a408686535f8072e1b8fc1e6d98ec62999059ded5395b90a29b93a3167a6baa8b0f51f2699823d4034e4b0049346524b381ea4d8b12e6e293580a62e1ac322e4dc5efa779ed4859009df9b202119398d9c16ff75a19f7d2347e8c9b89fb85281cdb2448781f262cd2e0e23bbcdab545840177a8e67a2af8d1cb70e099107deb9071d149d08a6feda350b6985bf562848788ab337bd7112bfbcd0282cdafea23", 0xb2}, {&(0x7f0000000200)="013de20df7afce368f3bf4904a359147e127071ebafa2e3fe107e66062e5941a4e031f1038068661d2b578ce45ba71b70f334ed5a6721e9ff637bf5678c3eb7a5592980f0efd6932c42fd49d40b7e044190221df94ad845abacf1d5ab8bb0d34039e5abadee45c30a424c20865bf118e7111bce3d157bbe66588af40f13b03f9e2e55dbc9e4573dcd556369d40565fcd35bd0aae698fbda5735aeecdd2cbc2b6ebf7c497629302d83970e15af0382750b74c58ba6fab0bbc4a494596c85fcff11ba6808f390f200f88248adc28f80a2e332ea2e7c81479d316cebfc2ccd498e55b1b8289f309434b67ed19c424d90aa560ff769cc0a87bacc093e7219981f3b6ae2d8b38aa558bfd2bf6137f8ee4081725b8c278978ef66ffda7a3b3d5cb19f9de86125c24afe6c45b8e2945a9d64965af3b0e96632b2553fb8496aeafd6f2ed2f8055a8dfdc7f550196b57a042fecf0bb6263423514305429a40292cd9e285ab61595572fba5312a5eba66e189b0c3a6ee954777a970c3c0841682e4d92d39a3caef28c6ede1631eeeddbe1cecb66146a4a2234eb96973120ec2b389563510deab091283f657836e5269447c114cf2809186400b8ebb4e9a00082368531bfaea317cdca9b28a82a2ae235a82f59b8adc754011131d5a2c42503903568374afc98cc5276ea16607a1d4a34e3764dbfe6706d01651d4b14a52c141f4811e9c9b11f4d48d09d5ea12dafd2277ffa5af0ea11c8245d6d29e12787277b3b9c6908519044deef4b7871322bd85de937d743c1e059b10a2eef1fc65e6b0b15d51ba8933639abfb3ab4e1bdaef0e71a3638822569069280a3adde0222b081d9899b54ee2e9e705af2034abf8f1d344cc85ee50982bd3350525ef934198b4c0954adb65a3d8efa8c7e00f8def28110ade9be49e2cd8b8499fe8d7e0d69ad4453a5ba46bca7025a303154c85b61f58a6bf076a76a0f0b8f26d5c3c0330502804c03cf49d2c664d242e4151b590d6308e7f696bf30bf60fa9f22560e0db2da2227e433539b932411a056a5b2781a5ba1d18bc7047fbaa27abc06a8bbd4d50b1807ae3804aadd340464f91f234d150e6e0f80393a80fe7708b87ba81aeb76f468f0dfc94c0b9191575e6d8e38694c1204a334a6983c7f322ca704c44c8701ea9b29bed0bc9edd63e3a414713a87b4772f30efdfc10892acd56ba3b560a2519611809b29ee3152f53f3cd52fab0af936300fbd92b27aa6f11707e9e872486733d10a18e158c490951a57ff382355c243d0f6df9d1265954b255eb8a354f362892fc084dbac7863233364757ee280a41f28488291ab021f0a458f4462a9f1ff6487570919d15e80a462bfe029d5651fab7098e80f0ab7bb1adb4cd9f052249b75925579c930fbdfb2ec687d3988fcfa8dbbf1f24b48bde5b559fc36edd6d26546943634dcd4ee2f4bcbb9217fdea1fa6953da1b7d610ec24134bd4fae09c44d9744f34040e7de97cb42a3e024d245ceab9d984a9876136092a289330f525d6cdc476cdb7ea33008d1a917be643f69d235ce11777eb72d0cdec800ef2817679bd3c0411ab891e056db7c72c945e20f7479160cda8c1400f97753ac65b75732317472cd79c5e342be85e162805a1b9e20c51d09e15ca3381e41a048471eff81c0ce58a5118830489e40475f12996102e44aa465f80601157ff5a4d7115381053126f8b1e3d680daa08f6537928f22380f34b14fb6ef23541cb3f4b51dda5deff06bb4c5469f694746b6a75a4dd2cf44a5ab237b14c3acfe87634bebf6fc46f2a93fe160ab3907efc03fe68b51fe4838c7efb184addc47e4fabe72a17ce2b2e3a37bb656aa65502872958419d36a071627567e3b8a0070a63e926a64faee31851ff1d282cc9d330a377132f92ee5886db90dadd233dffd5dd3828eafbf7a381475ea3c7d4a7b2894621142c12013762c760ae3407a54398f585e93f81be4315904dd6af5d52697a59151d5c03b9e20a3443518a67412016375eb2de526cce21c88bbeedcd99efa809b01e5b4ba82a6b3f9f0ff4885d391c3f574abeb14733cb299f6ca408fe737540abe317a07bd5d7a3b6135b643965026cbb7974f2005d7896be03fca310eb4b3e9360bf3ee412f2032c16294625804fe936b145ffda1c632cdd56ba757c13c0f22bac8c06ad87ceb11d28763f2573b26f905cf2aedfaf0489d4f47bb9e7e3ac7885c7e52ca5247d18f14149f65b41d0b434ee25d0a258ea28cb9abf804bafc4f592afbe89d83ea2c13dbe3c5cd145b19bf916e69e605b8edb34d44e2af08ce2da99e3baf2e9d1b337ec9c558faab89ebd697ce927029d7c4c4bbfe24816133d15b9a02731cee2aff05a275b48d4c3af83834da09d08dfc8d7f8ca1f42517420a351e02eb4a6636b55257cc655a90cb075f6302d5ddd2ea4287b932190116b3e89e72e77530f783b02caf02a4cca4e731cb5d6b97315ef08fefae2faf7b27d80facad1917a93ba3f84f89e92026d446d2f4897f5312edc2f0ee8b66741d93a1a33fdaca27f95fa4aa7c713b64ae58d6bb04c692da14ebddad110a836a3a7231dcb65f3d61ba0f32ff7d4e9ffdabc1d3567b7d129c2d2741383d44d95a3ecffb63c2eaa82f30d969344eaf35c0bbb0b983b3a416f1e4e475946bf43c8effd5031b59a51cbf682f3e80dd65d2f2bef6ecc8ec1b3fb891e181beae351f6fbd4ad3fb805ab0a2fc7740ff1a43f68824f1087163c6fffd614e734af1d8244152c15672696b2e09ef58fbb59b2d5ed5d32375168cc3cec165827aab9f8ed417e182252d18a12523e853fe604d6afaac6e3aa60b46316b02596151888e96a5d8cb634a7982a11ea635520134c40854a3c17d8a4efad99240e38c582cb33d65c3be2154e1d4da3d39d5b9a0bbe0edd3eb47ae569718eac5df9a35123da046b1ca4be6ade179364099977165190f47c0c7008b99fd944dae5d6791999ee0bc19d00c5f74bc8c877100dd5d4774f9a0d83cb243ce8fced64aa5d1f60b3709ba578c81f7bfdc3d7c6580c960d08666f2582fe63afcfd2128d00ab95978dbcf24217071f9be75256a6e090bd9b310d2c2d58523db56164963b8bbc78b1accb9c63bfa432041619c5eaf9d804c7a8725d49ef255adda1603d7d5150fa846ae02df0f0ddea2501fb4c872fc5e80b5f87464e7cec26a6efcc5e734954dc018c31b4b8f7b0ea10b02a649a487f08461562a034b3225055b82ad5daaee3432df81c066fc79bb0487bf6cfcc4dda61941aa8380a3bf548a28b345d7af1b0cbffc27741307d401fb97f409ff60f6d61ee63eeda3eb7d6e3217783fe5cd72f7870055c73ef63befd99a46aaad6458990b89e827cadc3fa4523269450cda84ed9f4d36005f14f6cf54e60d6a99fd430475a188a9451e05e558b3c4a2d056796ba70ee190ea5d92a21717b25c5f8a8a19eb59f52a6e22cd31444f3af237069c314d11f154ac1d13541f3e1801f193e89531c0697cee86f7aafda4f505b2509482f5e1e67b62639dc759c933bc20973d444d282414d4d1ce04ca6a3c3bf48004dedf3f642e94d4a4199666ef567689300d8dc0320611d4b36d16136fc8a64606d563ce532e4f459df47c77c5eedc67994630e77bae1f3ccf9d311a14833abe2a5f21c5e138579784427ab841556bfa986f0a1f49926ebf750fa807de267501b95828a674d4927bb7e1b8ab9a195d8c03c4f9bcc55d1ce2b7b97a27951f3dee48e4f2373d268c8d9b61f93406438346b03d8e5b2e24d44b5ca425ebfef83078987917b342ce5b0f69ec92392dfae369eeebd1c01d2851b25e1d3b15abff0bbdf11cb28a39b1433f2e2da600dcc26438e4f979c10a912de8d05723ae0def4b9764dfa069ca23d37a08ef6ad9e2716b321af5527c48d9d49149d7c356ea5c8c2a5096bd29f849364542c7c33f90a6aafe8bdd91ef12270319f78070adb0520f3151bc285a79f8420b18d4ae78afce7843c75350eaf327cc419b4ace927b9dc3f176418ddfe95abe2d1a72ed51cfdcf6371caa151a3a4620265aefb0767d288901475987ce3a9521eacd171baaad27cafcf13db97ed07820c5a0bc3d3b59f8c44bc035a47a7d2c59969ebb413a9492e41a9561259cbabec94be12689ac7adef39e526f3ab6cf412ba94d583b1af5fd58264fb65f55a0e5b9d97e9c040a7912c8556175ec26885b1e8da137b881bf59646356fca69bb2038e83e3815f0f45e89ce8258347b0c16aa623b8243d3018a6ed8e9cda8129120f42d96060a22e7cb2c8e49ec103330d3336673361ef75b349e617443cefb353676b03778616fd32c7ad4630d8ef8244be44176e16be89afa2e5f8c6827c91d6677f3ab61579a47e611e0cc5bc353666568a6a08f513024e9b340136c46ab1f3be2c8c31e4dc298cc35dfa15fcea7948ce1ac540f155a0ccf3b2ba0fd519bad44c6ad557e42a8a73546ed1d2550c0cad1fbebdb91c34032a355f5e92f01d1f299d682933d0d556bdce500e7ab62706d512554e8d5bdfcb01e6d88c0e5d8f83493e01a1b8f55f19406aff127e775cd42a336170ba37489f24d69ecc1a5a32b184a43ed6461b5e4ea1fd47ac474834e4c13e902ae4dcb66652c82e4d26b4de75d495b503c7dd103c28481f8508b38ec3f76d1eacc5f29acf295f1bb6cf7082205c5ee594856f769a75be06d834f7c6286597a69a301d87f3bf96ff9140a99afa1371a7146e91c5cb79fa3a4ad767ec47b5aae2872921ef5b15e994380118387d0f3ae7d442cc4cfe5fdbc68597f3ee62fa2a036f54f4246cd036c2e9d8a7ecfca04be81145b19f06f2dc250476373093b2175782aa065cd959eb9835252340ff347a605a0888afb0a0ed26d6a01fcf067ae7ca829b2021a533b3066cb98fd0614cf538b03e3ed25cf38be720e5952bca196b28cfb8d39f0d410b67f05038f62d4d4af8012df872a197e8215f02bed5b0dddd3adc918855f3e08518dc0e6de5eea28b8a72516e893044466780bc606baeb7003f025b03f8053a806f6f3c67092ea9b1479d48cafc13e2f1b57d2cbb960a7c7beb87cc3df036f3d9225dd5db92792cf31b8a1c902cccdb5c7f2515875a5c65ba945f39abc2de726689d6245990fe56f78342e8cc4f6b0dddcd33fa054c45b146a11b353141ff4845f30ac187a642c9662d7af66bf256347e7df2c2c82930bae5625728033a4ea8d8d4eb86f3c806fb32510e9723aada3b78f85ef25a5aa756bfe4694f1c8bfe4cd5ee5c9b0ad1c3c4a674fb66784aad6990ad1c69a309193066ba79a293de9e50a645f6f6ff4f0016834080b3e35e1261afdd3a465c44a34c0c08b21e62fb9cd7f746b4501fdefe4d45076dac67de13c1309392933573ba01f8d918ce30398b171dd276dd4ce4b4edb8a1f7f7ba1d39703992ede6983c33620a2202d4906921ea80bdd0d75e6d1aaeba5232a32b8b92333a8569a609bf53b7bd1eff67d3f67f950aaaa5daf4fd2ff21abd5c3d49e8ea2792ec918ab31c886c75a34934839c78cb29949da37c25a8a497db268aaccbb7be4f1e280188af0bd970015e977d5eb2ed3410bd9c5cc23da261f9d1e9edcfb448e223ac53733a7db1ddb97b2f867fc0c4d0b1fa762ad86ae23d9326359b1aead9125a8650896dccedc816c9f08ae51be42b7a86c3559fa9641978ff2a419ad17a75aabc2e269302176e05eb8610bcb8fdf9e5025d865c791ead66103bce129c8afecde6d3202558e617c7a38dce0d11c6c89d4c226397c0b03aa81757a08d2d16fe3db80c0916fe1f16875acb97c75f44", 0x1000}, {&(0x7f0000001200)="25ddc58a7e5b0c4ffa4632000a0bdfbf8ead0e4af8e897e3baf91e6c174b1793d68cf862de42306f6ef0043bc5fd8b660645a2b42f311d1860354f236b960128f994e2c639b312eb1331967e6a80a6c0583a86a2248f1ea7647be2be90e0adf3039301dcfff4fa1deec44a3a0f6c592544f6b827f736c1327cabcc421ad2b94805e47291753420a2477ff28c9e9103abffc27089b08458c957779b6330cd1d1c0df7cb36321b420c34e2e11999611d3c4eed86598fc770a003658f42aa4f6131b0f62d8e34687c9d0f31ebf830f657d75db72db2380317b52cc7cc5f71795b69f1a5", 0xe2}], 0x4)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000001380)={0x6, &(0x7f0000001340)=[{0x2b, 0x0, 0x2, 0x8001}, {0x9, 0xd0, 0x1, 0x6d4a}, {0xe9d0, 0x8, 0xb}, {0x446, 0xf, 0x3, 0x761b888b}, {0x7, 0x0, 0x7, 0x8}, {0x5, 0xf4, 0x9, 0x5}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000013c0)={<r2=>0x0, <r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000001440)={r2, 0x1, r0, 0xfffffff7, 0x80000})
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_tcp_int(r4, 0x6, 0x6, &(0x7f0000001480), &(0x7f00000014c0)=0x4)
getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000001500), &(0x7f0000001540)=0xc)
mmap$dsp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0x80010, r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000001580)={{0x1, 0x1, 0x18, <r5=>r4, {0xfff, 0x1}}, './file0\x00'})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000001640)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_WOWLAN(r5, &(0x7f0000001700)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x30, r6, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x9, 0x4a}}}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x8, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xc4}, 0x8)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r5, 0x8008f511, &(0x7f0000001740))
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r5, 0x84, 0x65, &(0x7f0000001780)=[@in6={0xa, 0x4e22, 0x9f1b, @empty, 0x9}, @in6={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0xffff}, @in6={0xa, 0x4e21, 0x6e6940e6, @ipv4={'\x00', '\xff\xff', @loopback}, 0x91337f6}, @in6={0xa, 0x4e24, 0x4, @private1, 0xfffffffd}, @in6={0xa, 0x4e23, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, @in6={0xa, 0x4e21, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xb}], 0xa8)
ioctl$sock_inet_tcp_SIOCINQ(r5, 0x541b, &(0x7f0000001840))
syz_emit_vhci(&(0x7f0000001880)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x4b}, @l2cap_cid_signaling={{0x47}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0x4, 0x1000}}, @l2cap_move_chan_req={{0xe, 0xe, 0x3}, {0xe1f1, 0x1}}, @l2cap_conn_req={{0x2, 0x0, 0x4}, {0x5, 0x6}}, @l2cap_conf_req={{0x4, 0x90, 0x2c}, {0x9, 0x4, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x0, 0x5, 0x80, 0xd, 0x7}}, @l2cap_conf_ews={0x7, 0x2, 0x7fff}, @l2cap_conf_efs={0x6, 0x10, {0x1, 0x1, 0x63a9, 0x2, 0x3, 0x5}}]}}]}}, 0x50)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000001940), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001980)={<r10=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(r8, &(0x7f0000001ac0)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001a80)={&(0x7f00000019c0)={0xb8, r9, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r10}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x200}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x80000000}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x842d}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xff}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4}, @NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x40001)
r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000001b00), 0x181080, 0x0)
read$dsp(r11, &(0x7f0000001b40)=""/6, 0x6)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000001b80)={0x0, 0x0, r5})
r12 = socket$rxrpc(0x21, 0x2, 0x2)
ioctl$F2FS_IOC_GET_PIN_FILE(r12, 0x8004f50e, &(0x7f0000001bc0))
getsockopt$IP_SET_OP_GET_FNAME(r4, 0x1, 0x53, &(0x7f0000001c00)={0x8, 0x7, 0x0, 'syz1\x00'}, &(0x7f0000001c40)=0x2c)
fcntl$lock(r0, 0x7, &(0x7f0000001c80)={0x2, 0x3, 0x2, 0x6, r3})
ioctl$SG_BLKTRACESTOP(r5, 0x1275, 0x0)

354.646693ms ago: executing program 3 (id=1463):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x2c}, @flat=@weak_handle={0x77682a85, 0x1000, 0x3}, @fda={0x66646185, 0x9, 0x1}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x1000}], 0x4000, 0x0, 0x0})

229.078093ms ago: executing program 3 (id=1464):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r2 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf2514000000080001c30100000008001c00", @ANYRES32=r2, @ANYBLOB="2a997dee7022a69a668b5d91e4fc5efe77bcb02013af3a43884aa6fd8b38b1bc00000101000000db19717495fc"], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)

228.765945ms ago: executing program 2 (id=1465):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f00000007c0)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@rdma_map={0x24, 0x114, 0x3, {{0x0}, 0x0, 0xd}}], 0x30, 0x8004}, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xca03, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x81, 0x0, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$apparmor_current(r2, &(0x7f0000000100)=@hat={'permhat ', 0x2}, 0x1b)
syz_usb_control_io$hid(r1, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0}, 0x0)

192.070449ms ago: executing program 3 (id=1466):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000480)={<r1=>0x0, "49ec54bb6bf95a5ef9b6a5c228d5179e"})
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r1, @ANYBLOB="3a30303030303030303030303030303030313139aa"])
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x1, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0x485b]})
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x20012, r0, 0x7b341000)

125.276712ms ago: executing program 3 (id=1467):
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0xc) (async)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000000c0)=0x14)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000100)={r2, 0x1, 0x6}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'ip6gre0\x00', <r5=>r2, 0x2f, 0x8, 0x5, 0x9005, 0xd3766cdef3e768fe, @dev={0xfe, 0x80, '\x00', 0x35}, @mcast1, 0x9, 0x40, 0x7, 0x3}}) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r6=>r2, 0x6, 0x5, 0xa6, 0xc8, 0x22, @dev={0xfe, 0x80, '\x00', 0x32}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x700, 0x8000, 0x4, 0x5}})
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb4, r4, 0x200, 0x4, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x7fff}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x4}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x6}, @ETHTOOL_A_RINGS_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_RINGS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x1}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4040005}, 0x40000)
write(0xffffffffffffffff, &(0x7f0000000480)="8870c4da5a38b0aa32b8a53192ec7e08213c0aaa4bdcb846a23fde05410be496520c995e779f0230567a97166d58ba2bd3188f59550986e969ca08da4d359c153f3a61e2376268de5de3c1788f10f4d707", 0x51) (async)
mq_open(&(0x7f0000000500)='/\x00', 0x800, 0xbc, &(0x7f0000000540)={0x401, 0x8000, 0x10001, 0x716}) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000005c0), r3)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x30, r8, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x90}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4180)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000006c0), &(0x7f0000000700)=0x8)
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSCAUSE(r9, 0x89e1, &(0x7f0000000740)=0x3ff) (async)
getsockopt(r9, 0x0, 0x5, &(0x7f0000000780)=""/53, &(0x7f00000007c0)=0x35) (async)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000840)={0xd8, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xcd}, @NL80211_ATTR_REG_RULES={0x9c, 0x22, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xf7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8000}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xcd}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7fff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8000000}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xeb}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xc}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x9}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x10000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x22000000}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xfffffff9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfffeffff}]}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x68}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x20}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4040000}, 0x48000)
quotactl_fd$Q_GETFMT(r7, 0xffffffff80000400, r1, &(0x7f00000009c0))
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000a40), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a80)={0xe4, r10, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xd0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x53000}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd44}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) (async)
r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000c00), 0x12780, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(r11, 0x40045108, &(0x7f0000000c40)=0x9) (async)
r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000cc0), r3)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f0000000e80)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d00)={0x104, r12, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0xfffffffffffff800}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x8b36}, {0xc, 0x90, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x786}, {0xc, 0x90, 0x7fffffffffffffff}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x4a}, {0xc, 0x90, 0x7}}]}, 0x104}, 0x1, 0x0, 0x0, 0x24000080}, 0x20000000) (async)
r13 = open$dir(&(0x7f0000000ec0)='./file0\x00', 0x0, 0x20)
mkdirat(r13, &(0x7f0000000f00)='./file0\x00', 0x4) (async)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r9, 0x8983, &(0x7f0000000f40)={0x7, 'wg0\x00', {}, 0x951}) (async)
openat2(0xffffffffffffff9c, &(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0)={0x8901, 0x188, 0x4}, 0x18)

27.932387ms ago: executing program 0 (id=1468):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xf, r0, 0x88, &(0x7f0000000140)="41108b9dfd8fac030a93f848f7044f4b3d719657ca1c3da6bd36f0f763dc68e940852fd1617f3b39bd0aff7df99808316663dc2db10f2bf5afdb378155c335ffec673e4a7a98a71affe0b046ccd308efd2f08187c114eb825d2df1c6c2744f7f3a0c4cb508de44b3f6d92c40950e01e42d8400104a092a4ab506796cc3a6e0cd38a768f1fb6b37538610ace79822a237c6c25db84d30df76f98c567e8b288f8e98e81f278fa01761f63f80396d187a66be775641ab00d8c1571ce932012db486a6cbe57515c795c457d35b770621d3689e390d8f7c")

0s ago: executing program 3 (id=1469):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="4c0300002e000100000000000000400004001980380311803403cf802f034680f5ef56146c91147563276660e594de86923b901b9c31b512"], 0x34c}], 0x1, 0x0, 0x0, 0x84}, 0x300)

kernel console output (not intermixed with test programs):

link: 'syz.0.886': attribute type 13 has an invalid length.
[  179.128028][ T8388] binder: 8382:8388 ioctl c0189371 200000000240 returned -22
[  179.169116][ T8388] binder_alloc: 8382: binder_alloc_buf, no vma
[  179.377245][ T8402] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  179.394135][ T8402] CPU: 1 UID: 0 PID: 8402 Comm: syz.2.894 Not tainted syzkaller #0 PREEMPT(full) 
[  179.394166][ T8402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  179.394179][ T8402] Call Trace:
[  179.394187][ T8402]  <TASK>
[  179.394196][ T8402]  dump_stack_lvl+0x189/0x250
[  179.394230][ T8402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.394256][ T8402]  ? __pfx__printk+0x10/0x10
[  179.394287][ T8402]  ? kernfs_path_from_node+0x2f/0x290
[  179.394311][ T8402]  ? kernfs_path_from_node+0x250/0x290
[  179.394333][ T8402]  ? kernfs_path_from_node+0x2f/0x290
[  179.394360][ T8402]  sysfs_warn_dup+0x8e/0xa0
[  179.394382][ T8402]  sysfs_do_create_link_sd+0xc0/0x110
[  179.394408][ T8402]  device_add_class_symlinks+0x1cf/0x240
[  179.394440][ T8402]  device_add+0x475/0xb80
[  179.394472][ T8402]  wiphy_register+0x1d2e/0x2d20
[  179.394519][ T8402]  ? __pfx_wiphy_register+0x10/0x10
[  179.394549][ T8402]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  179.394579][ T8402]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  179.394616][ T8402]  ieee80211_register_hw+0x34a7/0x4110
[  179.394655][ T8402]  ? ieee80211_register_hw+0x1451/0x4110
[  179.394695][ T8402]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  179.394716][ T8402]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  179.394752][ T8402]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  179.394782][ T8402]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  179.394820][ T8402]  ? __hrtimer_setup+0x181/0x200
[  179.394846][ T8402]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  179.394874][ T8402]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  179.394930][ T8402]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  179.394961][ T8402]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  179.394985][ T8402]  ? kstrndup+0xbf/0x160
[  179.395020][ T8402]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  179.395049][ T8402]  ? __pfx___nla_validate_parse+0x10/0x10
[  179.395086][ T8402]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.395114][ T8402]  ? rcu_is_watching+0x15/0xb0
[  179.395145][ T8402]  ? __nla_parse+0x40/0x60
[  179.395170][ T8402]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  179.395211][ T8402]  genl_family_rcv_msg_doit+0x215/0x300
[  179.395251][ T8402]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  179.395295][ T8402]  ? bpf_lsm_capable+0x9/0x20
[  179.395319][ T8402]  ? security_capable+0x7e/0x2e0
[  179.395356][ T8402]  genl_rcv_msg+0x60e/0x790
[  179.395393][ T8402]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.395421][ T8402]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.395459][ T8402]  netlink_rcv_skb+0x208/0x470
[  179.395485][ T8402]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.395517][ T8402]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.395562][ T8402]  ? down_read+0x274/0x2e0
[  179.395581][ T8402]  ? genl_rcv+0xd/0x40
[  179.395612][ T8402]  genl_rcv+0x28/0x40
[  179.395639][ T8402]  netlink_unicast+0x82f/0x9e0
[  179.395676][ T8402]  ? __pfx_netlink_unicast+0x10/0x10
[  179.395700][ T8402]  ? netlink_sendmsg+0x642/0xb30
[  179.395722][ T8402]  ? skb_put+0x11b/0x210
[  179.395747][ T8402]  netlink_sendmsg+0x805/0xb30
[  179.395769][ T8402]  ? aa_sk_perm+0x15f/0x920
[  179.395809][ T8402]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.395836][ T8402]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  179.395869][ T8402]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.395892][ T8402]  sock_sendmsg_nosec+0x18f/0x1d0
[  179.395924][ T8402]  ____sys_sendmsg+0x577/0x880
[  179.395958][ T8402]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.395992][ T8402]  ? import_iovec+0x74/0xa0
[  179.396019][ T8402]  ___sys_sendmsg+0x21f/0x2a0
[  179.396045][ T8402]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.396076][ T8402]  ? futex_wait+0x285/0x360
[  179.396136][ T8402]  ? __fget_files+0x2a/0x420
[  179.396161][ T8402]  ? __fget_files+0x3a0/0x420
[  179.396200][ T8402]  __x64_sys_sendmsg+0x19b/0x260
[  179.396227][ T8402]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  179.396270][ T8402]  ? do_syscall_64+0xbe/0xf80
[  179.396294][ T8402]  do_syscall_64+0xfa/0xf80
[  179.396315][ T8402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.396336][ T8402]  ? clear_bhb_loop+0x60/0xb0
[  179.396360][ T8402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.396379][ T8402] RIP: 0033:0x7f47ec18f749
[  179.396409][ T8402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.396427][ T8402] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.396456][ T8402] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  179.396471][ T8402] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  179.396485][ T8402] RBP: 00007f47ec213f91 R08: 0000000000000000 R09: 0000000000000000
[  179.396498][ T8402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.396509][ T8402] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  179.396539][ T8402]  </TASK>
[  179.906939][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  179.944967][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  180.000116][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  180.055697][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  180.067768][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  180.079767][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  180.089251][ T8414] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.898'.
[  180.099123][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  180.109350][ T8407] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  180.119056][ T8407] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  180.125835][ T8416] hub 9-0:1.0: USB hub found
[  180.156971][ T8416] hub 9-0:1.0: 1 port detected
[  180.293063][ T8424] netlink: 'syz.3.904': attribute type 13 has an invalid length.
[  180.662972][ T8443] loop3: detected capacity change from 0 to 7
[  180.670188][ T8445] netlink: 'syz.2.911': attribute type 10 has an invalid length.
[  180.670894][ T8443] Dev loop3: unable to read RDB block 7
[  180.678411][ T8445] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.685511][ T8443]  loop3: unable to read partition table
[  180.699264][ T8443] loop3: partition table beyond EOD, truncated
[  180.706933][ T8443] loop_reread_partitions: partition scan of loop3 (�被x������ ������) failed (rc=-5)
[  180.924268][ T8452] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  180.935085][ T8452] CPU: 0 UID: 0 PID: 8452 Comm: syz.0.914 Not tainted syzkaller #0 PREEMPT(full) 
[  180.935113][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  180.935126][ T8452] Call Trace:
[  180.935134][ T8452]  <TASK>
[  180.935142][ T8452]  dump_stack_lvl+0x189/0x250
[  180.935177][ T8452]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.935204][ T8452]  ? __pfx__printk+0x10/0x10
[  180.935242][ T8452]  ? kernfs_path_from_node+0x2f/0x290
[  180.935266][ T8452]  ? kernfs_path_from_node+0x250/0x290
[  180.935286][ T8452]  ? kernfs_path_from_node+0x2f/0x290
[  180.935314][ T8452]  sysfs_warn_dup+0x8e/0xa0
[  180.935338][ T8452]  sysfs_do_create_link_sd+0xc0/0x110
[  180.935363][ T8452]  device_add_class_symlinks+0x1cf/0x240
[  180.935396][ T8452]  device_add+0x475/0xb80
[  180.935427][ T8452]  wiphy_register+0x1d2e/0x2d20
[  180.935472][ T8452]  ? __pfx_wiphy_register+0x10/0x10
[  180.935502][ T8452]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  180.935531][ T8452]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  180.935569][ T8452]  ieee80211_register_hw+0x34a7/0x4110
[  180.935608][ T8452]  ? ieee80211_register_hw+0x1451/0x4110
[  180.935640][ T8452]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  180.935660][ T8452]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  180.935693][ T8452]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  180.935722][ T8452]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  180.935758][ T8452]  ? __hrtimer_setup+0x181/0x200
[  180.935784][ T8452]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  180.935813][ T8452]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  180.935867][ T8452]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  180.935898][ T8452]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  180.935923][ T8452]  ? kstrndup+0xbf/0x160
[  180.935958][ T8452]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  180.935985][ T8452]  ? __pfx___nla_validate_parse+0x10/0x10
[  180.936022][ T8452]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  180.936050][ T8452]  ? rcu_is_watching+0x15/0xb0
[  180.936081][ T8452]  ? __nla_parse+0x40/0x60
[  180.936105][ T8452]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  180.936148][ T8452]  genl_family_rcv_msg_doit+0x215/0x300
[  180.936187][ T8452]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  180.936239][ T8452]  ? bpf_lsm_capable+0x9/0x20
[  180.936265][ T8452]  ? security_capable+0x7e/0x2e0
[  180.936302][ T8452]  genl_rcv_msg+0x60e/0x790
[  180.936340][ T8452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.936369][ T8452]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  180.936406][ T8452]  netlink_rcv_skb+0x208/0x470
[  180.936431][ T8452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.936463][ T8452]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  180.936511][ T8452]  ? down_read+0x274/0x2e0
[  180.936528][ T8452]  ? genl_rcv+0xd/0x40
[  180.936555][ T8452]  genl_rcv+0x28/0x40
[  180.936580][ T8452]  netlink_unicast+0x82f/0x9e0
[  180.936610][ T8452]  ? __pfx_netlink_unicast+0x10/0x10
[  180.936633][ T8452]  ? netlink_sendmsg+0x642/0xb30
[  180.936653][ T8452]  ? skb_put+0x11b/0x210
[  180.936677][ T8452]  netlink_sendmsg+0x805/0xb30
[  180.936700][ T8452]  ? aa_sk_perm+0x15f/0x920
[  180.936737][ T8452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.936763][ T8452]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  180.936792][ T8452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.936814][ T8452]  sock_sendmsg_nosec+0x18f/0x1d0
[  180.936844][ T8452]  ____sys_sendmsg+0x577/0x880
[  180.936873][ T8452]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.936906][ T8452]  ? import_iovec+0x74/0xa0
[  180.936929][ T8452]  ___sys_sendmsg+0x21f/0x2a0
[  180.936953][ T8452]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.936978][ T8452]  ? futex_wait+0x285/0x360
[  180.937032][ T8452]  ? __fget_files+0x2a/0x420
[  180.937057][ T8452]  ? __fget_files+0x3a0/0x420
[  180.937094][ T8452]  __x64_sys_sendmsg+0x19b/0x260
[  180.937121][ T8452]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  180.937164][ T8452]  ? do_syscall_64+0xbe/0xf80
[  180.937189][ T8452]  do_syscall_64+0xfa/0xf80
[  180.937209][ T8452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.937237][ T8452]  ? clear_bhb_loop+0x60/0xb0
[  180.937263][ T8452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.937283][ T8452] RIP: 0033:0x7f0bd5d8f749
[  180.937303][ T8452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.937322][ T8452] RSP: 002b:00007f0bd6bab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.937344][ T8452] RAX: ffffffffffffffda RBX: 00007f0bd5fe5fa0 RCX: 00007f0bd5d8f749
[  180.937359][ T8452] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  180.937372][ T8452] RBP: 00007f0bd5e13f91 R08: 0000000000000000 R09: 0000000000000000
[  180.937385][ T8452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  180.937397][ T8452] R13: 00007f0bd5fe6038 R14: 00007f0bd5fe5fa0 R15: 00007fff783e8848
[  180.937434][ T8452]  </TASK>
[  181.618747][ T8463] netlink: 'syz.1.919': attribute type 10 has an invalid length.
[  181.670463][ T8465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.707148][ T8465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.723822][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  181.743881][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  181.754557][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  181.766420][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  181.778506][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  181.788476][ T8467] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  181.798371][ T8467] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  181.862941][ T8463] team0 (unregistering): Port device team_slave_0 removed
[  181.866718][ T5867] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  181.887406][ T8467] hub 9-0:1.0: USB hub found
[  181.887973][ T8463] team0 (unregistering): Port device team_slave_1 removed
[  181.892665][ T8467] hub 9-0:1.0: 1 port detected
[  182.012810][ T8470] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.922'.
[  182.031126][ T5867] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  182.040782][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.057876][ T5867] usb 1-1: config 0 descriptor??
[  182.356638][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  182.506626][   T10] usb 2-1: Using ep0 maxpacket: 8
[  182.517916][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.530702][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  182.540322][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  182.553460][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  182.574757][   T10] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  182.584560][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.618028][   T10] hub 2-1:1.0: bad descriptor, ignoring hub
[  182.623990][   T10] hub 2-1:1.0: probe with driver hub failed with error -5
[  182.668661][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  182.673966][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  182.682217][   T10] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  182.694936][   T10] cdc_wdm 2-1:1.0: Unknown control protocol
[  182.743497][ T8492] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  182.755718][ T8492] CPU: 0 UID: 0 PID: 8492 Comm: syz.2.931 Not tainted syzkaller #0 PREEMPT(full) 
[  182.755746][ T8492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  182.755759][ T8492] Call Trace:
[  182.755766][ T8492]  <TASK>
[  182.755776][ T8492]  dump_stack_lvl+0x189/0x250
[  182.755811][ T8492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.755836][ T8492]  ? __pfx__printk+0x10/0x10
[  182.755866][ T8492]  ? kernfs_path_from_node+0x2f/0x290
[  182.755889][ T8492]  ? kernfs_path_from_node+0x250/0x290
[  182.755909][ T8492]  ? kernfs_path_from_node+0x2f/0x290
[  182.755935][ T8492]  sysfs_warn_dup+0x8e/0xa0
[  182.755956][ T8492]  sysfs_do_create_link_sd+0xc0/0x110
[  182.755982][ T8492]  device_add_class_symlinks+0x1cf/0x240
[  182.756013][ T8492]  device_add+0x475/0xb80
[  182.756054][ T8492]  wiphy_register+0x1d2e/0x2d20
[  182.756099][ T8492]  ? __pfx_wiphy_register+0x10/0x10
[  182.756129][ T8492]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  182.756159][ T8492]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  182.756196][ T8492]  ieee80211_register_hw+0x34a7/0x4110
[  182.756234][ T8492]  ? ieee80211_register_hw+0x1451/0x4110
[  182.756267][ T8492]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  182.756286][ T8492]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  182.756320][ T8492]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  182.756350][ T8492]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  182.756387][ T8492]  ? __hrtimer_setup+0x181/0x200
[  182.756411][ T8492]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  182.756435][ T8492]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  182.756485][ T8492]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  182.756516][ T8492]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  182.756540][ T8492]  ? kstrndup+0xbf/0x160
[  182.756571][ T8492]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  182.756597][ T8492]  ? __pfx___nla_validate_parse+0x10/0x10
[  182.756633][ T8492]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  182.756659][ T8492]  ? rcu_is_watching+0x15/0xb0
[  182.756690][ T8492]  ? __nla_parse+0x40/0x60
[  182.756714][ T8492]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  182.756752][ T8492]  genl_family_rcv_msg_doit+0x215/0x300
[  182.756789][ T8492]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  182.756833][ T8492]  ? bpf_lsm_capable+0x9/0x20
[  182.756857][ T8492]  ? security_capable+0x7e/0x2e0
[  182.756893][ T8492]  genl_rcv_msg+0x60e/0x790
[  182.756929][ T8492]  ? __pfx_genl_rcv_msg+0x10/0x10
[  182.756956][ T8492]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  182.756992][ T8492]  netlink_rcv_skb+0x208/0x470
[  182.757017][ T8492]  ? __pfx_genl_rcv_msg+0x10/0x10
[  182.757060][ T8492]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  182.757104][ T8492]  ? down_read+0x274/0x2e0
[  182.757122][ T8492]  ? genl_rcv+0xd/0x40
[  182.757145][ T8492]  genl_rcv+0x28/0x40
[  182.757165][ T8492]  netlink_unicast+0x82f/0x9e0
[  182.757190][ T8492]  ? __pfx_netlink_unicast+0x10/0x10
[  182.757210][ T8492]  ? netlink_sendmsg+0x642/0xb30
[  182.757229][ T8492]  ? skb_put+0x11b/0x210
[  182.757249][ T8492]  netlink_sendmsg+0x805/0xb30
[  182.757268][ T8492]  ? aa_sk_perm+0x15f/0x920
[  182.757302][ T8492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.757325][ T8492]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  182.757353][ T8492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.757381][ T8492]  sock_sendmsg_nosec+0x18f/0x1d0
[  182.757411][ T8492]  ____sys_sendmsg+0x577/0x880
[  182.757441][ T8492]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.757472][ T8492]  ? import_iovec+0x74/0xa0
[  182.757497][ T8492]  ___sys_sendmsg+0x21f/0x2a0
[  182.757520][ T8492]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.757549][ T8492]  ? futex_wait+0x285/0x360
[  182.757602][ T8492]  ? __fget_files+0x2a/0x420
[  182.757628][ T8492]  ? __fget_files+0x3a0/0x420
[  182.757670][ T8492]  __x64_sys_sendmsg+0x19b/0x260
[  182.757694][ T8492]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  182.757733][ T8492]  ? do_syscall_64+0xbe/0xf80
[  182.757758][ T8492]  do_syscall_64+0xfa/0xf80
[  182.757783][ T8492]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.757802][ T8492]  ? clear_bhb_loop+0x60/0xb0
[  182.757827][ T8492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.757846][ T8492] RIP: 0033:0x7f47ec18f749
[  182.757862][ T8492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.757879][ T8492] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.757900][ T8492] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  182.757916][ T8492] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  182.757930][ T8492] RBP: 00007f47ec213f91 R08: 0000000000000000 R09: 0000000000000000
[  182.757943][ T8492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  182.757956][ T8492] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  182.757993][ T8492]  </TASK>
[  183.282831][ T8495] libceph: resolve '400' (ret=-3): failed
[  183.290941][ T8495] netlink: 24 bytes leftover after parsing attributes in process `syz.2.932'.
[  183.302377][ T8495] netlink: 24 bytes leftover after parsing attributes in process `syz.2.932'.
[  183.349475][ T5813] usb write operation failed. (-110)
[  183.359496][ T5813] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  183.378060][ T8500] netlink: 1 bytes leftover after parsing attributes in process `syz.2.933'.
[  183.402083][ T5813] dvbdev: DVB: registering new adapter (Terratec H7)
[  183.410933][ T5813] usb 3-1: media controller created
[  183.420345][ T5813] usb read operation failed. (-32)
[  183.426391][ T5813] usb write operation failed. (-32)
[  183.445912][ T5813] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  183.581929][ T8507] netlink: 92 bytes leftover after parsing attributes in process `syz.3.936'.
[  183.592152][ T8507] netlink: 24 bytes leftover after parsing attributes in process `syz.3.936'.
[  183.647612][ T8474] usb 2-1: reset high-speed USB device number 41 using dummy_hcd
[  183.708402][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  183.718442][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  183.729106][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  183.740584][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  183.752944][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  183.764447][ T8511] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  183.774379][ T8511] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  183.818089][ T8474] usb 2-1: device firmware changed
[  183.825426][   T10] usb 2-1: USB disconnect, device number 41
[  183.834279][ T8474] cdc_wdm 2-1:1.0: Error autopm - -16
[  183.861631][ T8511] hub 9-0:1.0: USB hub found
[  183.866832][ T8511] hub 9-0:1.0: 1 port detected
[  183.908963][ T8521] ALSA: mixer_oss: invalid OSS volume ''
[  183.990259][   T10] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  184.088519][ T8525] netlink: 'syz.2.944': attribute type 10 has an invalid length.
[  184.146621][   T10] usb 2-1: Using ep0 maxpacket: 8
[  184.152538][ T8527] loop3: detected capacity change from 0 to 7
[  184.160109][ T8527] Dev loop3: unable to read RDB block 7
[  184.163185][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  184.167480][ T8527]  loop3: unable to read partition table
[  184.177870][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  184.183947][ T8527] loop3: partition table beyond EOD, 
[  184.191135][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  184.192115][ T8527] truncated
[  184.196716][   T10] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  184.210895][ T8527] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  184.226251][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.283779][   T10] hub 2-1:1.0: bad descriptor, ignoring hub
[  184.322208][   T10] hub 2-1:1.0: probe with driver hub failed with error -5
[  184.330194][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  184.335430][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  184.341119][   T10] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  184.495092][ T8474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.507340][ T8535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  184.516204][ T8535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.524552][ T8474] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.643761][ T5867] pegasus 1-1:0.0: setup Pegasus II specific registers
[  184.666876][ T5917] usb 2-1: USB disconnect, device number 42
[  185.106430][ T8540] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.950'.
[  185.531634][ T8554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.546201][ T8554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.831404][ T8562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.844002][ T8562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.361642][ T5867] pegasus 1-1:0.0: can't locate MII phy, using default
[  186.403535][ T5867] pegasus 1-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 96:44:97:6e:83:e9
[  186.436855][ T5867] usb 1-1: USB disconnect, device number 42
[  186.733850][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  186.748965][ T5830] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  186.758375][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  186.767453][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  186.775283][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  186.903858][ T8580] netlink: 'syz.3.969': attribute type 25 has an invalid length.
[  186.916118][ T8580] netlink: 'syz.3.969': attribute type 28 has an invalid length.
[  186.939412][ T8576] syzkaller0: entered promiscuous mode
[  186.944935][ T8576] syzkaller0: entered allmulticast mode
[  187.642490][ T8616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.687340][ T8616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.713809][ T8570] chnl_net:caif_netlink_parms(): no params data found
[  187.928941][ T8616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.973098][ T8616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.033115][ T8570] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.047429][ T8570] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.057365][ T8570] bridge_slave_0: entered allmulticast mode
[  188.070848][ T8570] bridge_slave_0: entered promiscuous mode
[  188.089752][ T8570] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.097200][ T8570] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.104451][ T8570] bridge_slave_1: entered allmulticast mode
[  188.128642][ T8570] bridge_slave_1: entered promiscuous mode
[  188.254297][ T8570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.267124][ T5887] usb 1-1: new low-speed USB device number 43 using dummy_hcd
[  188.292621][ T8570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.374955][ T8570] team0: Port device team_slave_0 added
[  188.383620][ T8570] team0: Port device team_slave_1 added
[  188.428925][ T8570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.435990][ T8570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.462147][ T8570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.478273][ T8570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.485272][ T8570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.512893][ T8570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.535388][ T5887] usb 1-1: unable to get BOS descriptor or descriptor too short
[  188.549810][ T5887] usb 1-1: unable to read config index 0 descriptor/start: -71
[  188.567875][ T5887] usb 1-1: can't read configurations, error -71
[  188.630138][ T8642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.642613][ T8642] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.653333][ T8570] hsr_slave_0: entered promiscuous mode
[  188.658303][ T8642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.662324][ T8570] hsr_slave_1: entered promiscuous mode
[  188.670091][ T8642] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.675114][ T8570] debugfs: 'hsr0' already exists in 'hsr'
[  188.687889][ T8570] Cannot create hsr debugfs directory
[  188.766694][ T8646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.804302][ T8646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.856695][ T5832] Bluetooth: hci3: command tx timeout
[  188.947696][ T8570] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  188.957818][ T8570] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  188.967923][ T8570] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  188.983873][ T8570] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  189.026284][ T8660] loop3: detected capacity change from 0 to 7
[  189.037219][ T8660] Dev loop3: unable to read RDB block 7
[  189.043652][ T8660]  loop3: unable to read partition table
[  189.051094][ T8660] loop3: partition table beyond EOD, truncated
[  189.066818][ T8660] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  189.156338][ T8570] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.209151][ T8570] 8021q: adding VLAN 0 to HW filter on device team0
[  189.221581][ T8662] loop3: detected capacity change from 0 to 7
[  189.228858][ T8662] Dev loop3: unable to read RDB block 7
[  189.234567][ T8662]  loop3: unable to read partition table
[  189.240535][ T8662] loop3: partition table beyond EOD, truncated
[  189.255485][ T8662] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  189.274354][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.281621][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.354400][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.362403][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  189.517328][ T8672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.526282][ T8672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.714577][ T8570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.789606][ T5887] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  189.874651][ T8691] netlink: 'syz.2.992': attribute type 10 has an invalid length.
[  189.937561][ T8694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.951644][ T8694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.970079][ T5887] usb 1-1: unable to get BOS descriptor or descriptor too short
[  189.981518][ T8694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.990886][ T5887] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  190.006373][ T8694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.017242][ T5887] usb 1-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  190.030503][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.041413][ T5887] usb 1-1: Product: syz
[  190.046113][ T5887] usb 1-1: Manufacturer: syz
[  190.059425][ T5887] usb 1-1: SerialNumber: syz
[  190.070646][ T8694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.080517][ T8570] veth0_vlan: entered promiscuous mode
[  190.099254][ T8570] veth1_vlan: entered promiscuous mode
[  190.109615][ T8694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.172021][ T8570] veth0_macvtap: entered promiscuous mode
[  190.188221][ T8570] veth1_macvtap: entered promiscuous mode
[  190.241629][ T8570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.272505][ T8570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.323797][   T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.333317][   T62] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.343423][   T62] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.352794][   T62] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  190.453665][ T2036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  190.475503][ T2036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.518832][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  190.530435][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.546025][ T8701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.557929][ T8701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.622160][ T8703] netlink: 'syz.4.964': attribute type 10 has an invalid length.
[  190.752372][ T8703] team0 (unregistering): Port device team_slave_0 removed
[  190.764756][ T8703] team0 (unregistering): Port device team_slave_1 removed
[  190.929827][ T8710] overlayfs: failed to resolve 'subj_user=': -2
[  190.936839][ T5832] Bluetooth: hci3: command tx timeout
[  190.943802][ T5887] usb 1-1: reset high-speed USB device number 45 using dummy_hcd
[  190.996396][ T8712] loop3: detected capacity change from 0 to 7
[  191.008496][ T8712] Dev loop3: unable to read RDB block 7
[  191.014907][ T8712]  loop3: unable to read partition table
[  191.021657][ T8712] loop3: partition table beyond EOD, truncated
[  191.029832][ T8712] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  191.114009][ T8714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.124849][ T8714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.352409][ T6679] usb 1-1: USB disconnect, device number 45
[  191.374313][ T8722] netlink: 'syz.3.1005': attribute type 10 has an invalid length.
[  191.387785][ T8714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.406880][ T8714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.805987][ T8732] netlink: 'syz.4.1009': attribute type 13 has an invalid length.
[  192.024738][ T8741] ./cgroup: Can't lookup blockdev
[  192.343867][ T8755] netlink: 'syz.0.1018': attribute type 10 has an invalid length.
[  192.437176][ T8758] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  192.455796][ T8758] CPU: 1 UID: 0 PID: 8758 Comm: syz.3.1020 Not tainted syzkaller #0 PREEMPT(full) 
[  192.455823][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  192.455836][ T8758] Call Trace:
[  192.455844][ T8758]  <TASK>
[  192.455852][ T8758]  dump_stack_lvl+0x189/0x250
[  192.455886][ T8758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.455913][ T8758]  ? __pfx__printk+0x10/0x10
[  192.455943][ T8758]  ? kernfs_path_from_node+0x2f/0x290
[  192.455966][ T8758]  ? kernfs_path_from_node+0x250/0x290
[  192.455987][ T8758]  ? kernfs_path_from_node+0x2f/0x290
[  192.456015][ T8758]  sysfs_warn_dup+0x8e/0xa0
[  192.456036][ T8758]  sysfs_do_create_link_sd+0xc0/0x110
[  192.456062][ T8758]  device_add_class_symlinks+0x1cf/0x240
[  192.456094][ T8758]  device_add+0x475/0xb80
[  192.456125][ T8758]  wiphy_register+0x1d2e/0x2d20
[  192.456184][ T8758]  ? __pfx_wiphy_register+0x10/0x10
[  192.456213][ T8758]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  192.456244][ T8758]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  192.456281][ T8758]  ieee80211_register_hw+0x34a7/0x4110
[  192.456317][ T8758]  ? ieee80211_register_hw+0x1451/0x4110
[  192.456350][ T8758]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  192.456370][ T8758]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  192.456404][ T8758]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  192.456432][ T8758]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  192.456469][ T8758]  ? __hrtimer_setup+0x181/0x200
[  192.456494][ T8758]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  192.456521][ T8758]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  192.456568][ T8758]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  192.456596][ T8758]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  192.456618][ T8758]  ? kstrndup+0xbf/0x160
[  192.456650][ T8758]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  192.456683][ T8758]  ? __pfx___nla_validate_parse+0x10/0x10
[  192.456719][ T8758]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  192.456746][ T8758]  ? rcu_is_watching+0x15/0xb0
[  192.456778][ T8758]  ? __nla_parse+0x40/0x60
[  192.456801][ T8758]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  192.456842][ T8758]  genl_family_rcv_msg_doit+0x215/0x300
[  192.456879][ T8758]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  192.456923][ T8758]  ? bpf_lsm_capable+0x9/0x20
[  192.456948][ T8758]  ? security_capable+0x7e/0x2e0
[  192.456984][ T8758]  genl_rcv_msg+0x60e/0x790
[  192.457021][ T8758]  ? __pfx_genl_rcv_msg+0x10/0x10
[  192.457050][ T8758]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  192.457086][ T8758]  netlink_rcv_skb+0x208/0x470
[  192.457111][ T8758]  ? __pfx_genl_rcv_msg+0x10/0x10
[  192.457149][ T8758]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  192.457195][ T8758]  ? down_read+0x274/0x2e0
[  192.457215][ T8758]  ? genl_rcv+0xd/0x40
[  192.457245][ T8758]  genl_rcv+0x28/0x40
[  192.457272][ T8758]  netlink_unicast+0x82f/0x9e0
[  192.457303][ T8758]  ? __pfx_netlink_unicast+0x10/0x10
[  192.457327][ T8758]  ? netlink_sendmsg+0x642/0xb30
[  192.457349][ T8758]  ? skb_put+0x11b/0x210
[  192.457374][ T8758]  netlink_sendmsg+0x805/0xb30
[  192.457397][ T8758]  ? aa_sk_perm+0x15f/0x920
[  192.457435][ T8758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.457462][ T8758]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  192.457494][ T8758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.457517][ T8758]  sock_sendmsg_nosec+0x18f/0x1d0
[  192.457548][ T8758]  ____sys_sendmsg+0x577/0x880
[  192.457580][ T8758]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.457613][ T8758]  ? import_iovec+0x74/0xa0
[  192.457640][ T8758]  ___sys_sendmsg+0x21f/0x2a0
[  192.457665][ T8758]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.457695][ T8758]  ? futex_wait+0x285/0x360
[  192.457754][ T8758]  ? __fget_files+0x2a/0x420
[  192.457779][ T8758]  ? __fget_files+0x3a0/0x420
[  192.457817][ T8758]  __x64_sys_sendmsg+0x19b/0x260
[  192.457842][ T8758]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  192.457878][ T8758]  ? do_syscall_64+0xbe/0xf80
[  192.457901][ T8758]  do_syscall_64+0xfa/0xf80
[  192.457921][ T8758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.457941][ T8758]  ? clear_bhb_loop+0x60/0xb0
[  192.457966][ T8758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.457985][ T8758] RIP: 0033:0x7f28da38f749
[  192.458025][ T8758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.458043][ T8758] RSP: 002b:00007f28db1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  192.458064][ T8758] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38f749
[  192.458080][ T8758] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  192.458093][ T8758] RBP: 00007f28da413f91 R08: 0000000000000000 R09: 0000000000000000
[  192.458106][ T8758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  192.458117][ T8758] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  192.458159][ T8758]  </TASK>
[  192.986632][ T5887] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  193.016747][ T5832] Bluetooth: hci3: command tx timeout
[  193.078290][ T8768] netlink: 'syz.3.1025': attribute type 13 has an invalid length.
[  193.080909][ T8767] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1024'.
[  193.179657][ T5887] usb 5-1: unable to get BOS descriptor or descriptor too short
[  193.189648][ T5887] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  193.207916][ T5887] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  193.227397][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.235432][ T5887] usb 5-1: Product: syz
[  193.268524][ T8774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  193.274689][ T5887] usb 5-1: Manufacturer: syz
[  193.284328][ T8774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  193.287755][ T5887] usb 5-1: SerialNumber: syz
[  193.496081][ T8774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  193.516089][ T8774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  193.649239][ T8787] loop3: detected capacity change from 0 to 7
[  193.658190][ T5961] Dev loop3: unable to read RDB block 7
[  193.663792][ T5961]  loop3: unable to read partition table
[  193.670387][ T5961] loop3: partition table beyond EOD, truncated
[  193.678544][ T8787] Dev loop3: unable to read RDB block 7
[  193.686781][ T8787]  loop3: unable to read partition table
[  193.693709][ T8787] loop3: partition table beyond EOD, truncated
[  193.700962][ T8787] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  194.138509][ T8800] netlink: 'syz.0.1039': attribute type 4 has an invalid length.
[  194.146402][ T8800] netlink: 'syz.0.1039': attribute type 2 has an invalid length.
[  194.150497][ T5887] usb 5-1: reset high-speed USB device number 2 using dummy_hcd
[  194.305962][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  194.446615][  T907] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  194.529273][ T5887] usb 5-1: USB disconnect, device number 2
[  194.606629][  T907] usb 1-1: Using ep0 maxpacket: 16
[  194.615075][  T907] usb 1-1: config 0 has an invalid interface number: 126 but max is 0
[  194.625457][  T907] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  194.642946][  T907] usb 1-1: config 0 has no interface number 0
[  194.651011][  T907] usb 1-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  194.662884][  T907] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  194.674685][  T907] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  194.685865][  T907] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  194.696117][  T907] usb 1-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  194.710145][  T907] usb 1-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  194.720374][  T907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.734529][  T907] usb 1-1: config 0 descriptor??
[  194.741165][ T8804] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  194.753624][  T907] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  194.898856][ T2036] Bluetooth: Error in BCSP hdr checksum
[  194.950522][   T58] usb 1-1: USB disconnect, device number 46
[  195.098390][ T5830] Bluetooth: hci3: command tx timeout
[  195.158635][   T76] Bluetooth: Error in BCSP hdr checksum
[  195.221970][ T8827] loop3: detected capacity change from 0 to 7
[  195.230178][ T8827] Dev loop3: unable to read RDB block 7
[  195.235885][ T8827]  loop3: unable to read partition table
[  195.242343][ T8827] loop3: partition table beyond EOD, truncated
[  195.249708][ T8827] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  195.417558][ T2036] Bluetooth: Error in BCSP hdr checksum
[  195.876156][ T8852] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1060'.
[  195.988770][ T8847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.011586][ T8847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.314357][ T8871] netlink: 'syz.0.1066': attribute type 4 has an invalid length.
[  196.328602][ T8871] netlink: 'syz.0.1066': attribute type 2 has an invalid length.
[  196.384044][ T8873] loop3: detected capacity change from 0 to 7
[  196.391025][ T8873] Dev loop3: unable to read RDB block 7
[  196.401165][ T8873]  loop3: unable to read partition table
[  196.407121][ T8873] loop3: partition table beyond EOD, truncated
[  196.413311][ T8873] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  196.485016][ T8875] netlink: 'syz.0.1068': attribute type 1 has an invalid length.
[  196.696687][ T5832] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  196.731022][ T8882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.788061][ T8410] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  196.790251][ T8884] netlink: 'syz.2.1072': attribute type 10 has an invalid length.
[  196.804319][ T8882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.838328][ T8882] netlink: 'syz.3.1071': attribute type 39 has an invalid length.
[  196.950829][ T8890] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1074'.
[  196.968320][ T8410] usb 1-1: Using ep0 maxpacket: 8
[  196.979220][ T8410] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.998722][ T8410] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  197.018733][ T8410] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  197.043487][ T8410] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  197.092422][ T8410] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  197.142350][ T8410] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.196340][ T8410] hub 1-1:1.0: bad descriptor, ignoring hub
[  197.231395][ T8410] hub 1-1:1.0: probe with driver hub failed with error -5
[  197.270558][ T8410] cdc_wdm 1-1:1.0: skipping garbage
[  197.285905][ T8410] cdc_wdm 1-1:1.0: skipping garbage
[  197.315614][ T8410] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  197.321930][ T8898] loop3: detected capacity change from 0 to 7
[  197.341968][ T8410] cdc_wdm 1-1:1.0: Unknown control protocol
[  197.350230][ T8898] Dev loop3: unable to read RDB block 7
[  197.373901][ T8898]  loop3: unable to read partition table
[  197.399635][ T8898] loop3: partition table beyond EOD, truncated
[  197.405941][ T8898] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  197.565309][ T8906] kvm: user requested TSC rate below hardware speed
[  197.703915][ T8904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.716672][ T8904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.928460][ T8911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.939171][ T8911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.089585][ T8877] usb 1-1: reset high-speed USB device number 47 using dummy_hcd
[  198.247970][ T8877] usb 1-1: device firmware changed
[  198.257293][ T5917] usb 1-1: USB disconnect, device number 47
[  198.263408][ T8877] cdc_wdm 1-1:1.0: Error autopm - -16
[  198.391073][ T8919] netlink: 'syz.2.1084': attribute type 13 has an invalid length.
[  198.417590][ T5917] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  198.443999][ T8921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.453372][ T8922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.453740][ T8921] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.466271][ T8922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.586605][ T5917] usb 1-1: Using ep0 maxpacket: 8
[  198.602912][ T5917] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.619997][ T5917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  198.631542][ T5917] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  198.647062][ T5917] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  198.656408][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.668385][ T8924] FAULT_INJECTION: forcing a failure.
[  198.668385][ T8924] name failslab, interval 1, probability 0, space 0, times 0
[  198.681651][ T8924] CPU: 0 UID: 0 PID: 8924 Comm: syz.4.1086 Not tainted syzkaller #0 PREEMPT(full) 
[  198.681675][ T8924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  198.681687][ T8924] Call Trace:
[  198.681694][ T8924]  <TASK>
[  198.681702][ T8924]  dump_stack_lvl+0x189/0x250
[  198.681727][ T8924]  ? __pfx____ratelimit+0x10/0x10
[  198.681755][ T8924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.681777][ T8924]  ? __pfx__printk+0x10/0x10
[  198.681805][ T8924]  ? __pfx___might_resched+0x10/0x10
[  198.681823][ T8924]  ? fs_reclaim_acquire+0x7d/0x100
[  198.681848][ T8924]  should_fail_ex+0x414/0x560
[  198.681877][ T8924]  should_failslab+0xa8/0x100
[  198.681902][ T8924]  __kmalloc_noprof+0xdf/0x800
[  198.681919][ T8924]  ? tomoyo_encode+0x28b/0x550
[  198.681943][ T8924]  tomoyo_encode+0x28b/0x550
[  198.681967][ T8924]  tomoyo_realpath_from_path+0x58d/0x5d0
[  198.681989][ T8924]  ? tomoyo_domain+0xd8/0x130
[  198.682015][ T8924]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  198.682042][ T8924]  tomoyo_path_number_perm+0x1e8/0x5a0
[  198.682071][ T8924]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  198.682116][ T8924]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  198.682156][ T8924]  ? __fget_files+0x2a/0x420
[  198.682186][ T8924]  ? __fget_files+0x3a0/0x420
[  198.682210][ T8924]  ? __fget_files+0x2a/0x420
[  198.682239][ T8924]  security_file_ioctl+0xcb/0x2d0
[  198.682266][ T8924]  __se_sys_ioctl+0x47/0x170
[  198.682287][ T8924]  do_syscall_64+0xfa/0xf80
[  198.682307][ T8924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.682325][ T8924]  ? clear_bhb_loop+0x60/0xb0
[  198.682348][ T8924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.682367][ T8924] RIP: 0033:0x7f9db1f8f749
[  198.682384][ T8924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.682400][ T8924] RSP: 002b:00007f9db2e66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.682420][ T8924] RAX: ffffffffffffffda RBX: 00007f9db21e5fa0 RCX: 00007f9db1f8f749
[  198.682433][ T8924] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  198.682444][ T8924] RBP: 00007f9db2e66090 R08: 0000000000000000 R09: 0000000000000000
[  198.682455][ T8924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  198.682466][ T8924] R13: 00007f9db21e6038 R14: 00007f9db21e5fa0 R15: 00007ffc5f33d228
[  198.682495][ T8924]  </TASK>
[  198.682515][ T8924] ERROR: Out of memory at tomoyo_realpath_from_path.
[  198.686987][ T5917] hub 1-1:1.0: bad descriptor, ignoring hub
[  198.934406][ T5917] hub 1-1:1.0: probe with driver hub failed with error -5
[  198.942451][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  198.947942][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  198.953202][ T5917] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  198.988396][ T5917] usb 1-1: USB disconnect, device number 48
[  199.483996][ T8936] loop3: detected capacity change from 0 to 7
[  199.491416][ T8936] Dev loop3: unable to read RDB block 7
[  199.497743][ T8936]  loop3: unable to read partition table
[  199.503539][ T8936] loop3: partition table beyond EOD, truncated
[  199.516675][ T8936] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  200.026611][ T5867] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  200.190835][ T8946] netlink: 'syz.4.1095': attribute type 13 has an invalid length.
[  200.198859][ T5867] usb 1-1: Using ep0 maxpacket: 8
[  200.206356][ T5867] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[  200.210933][ T8946] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.225654][ T5867] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  200.247597][ T5867] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  200.257052][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.265133][ T5867] usb 1-1: Product: syz
[  200.272236][ T5867] usb 1-1: Manufacturer: syz
[  200.281352][ T5867] usb 1-1: SerialNumber: syz
[  200.495516][ T5867] cdc_ncm 1-1:1.0: bind() failure
[  200.505526][ T5867] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  200.512873][ T5867] cdc_ncm 1-1:1.1: bind() failure
[  200.526901][ T5867] usb 1-1: USB disconnect, device number 49
[  200.869379][ T8961] loop3: detected capacity change from 0 to 7
[  200.876284][ T8961] Dev loop3: unable to read RDB block 7
[  200.883199][ T8961]  loop3: unable to read partition table
[  200.889072][ T8961] loop3: partition table beyond EOD, truncated
[  200.895251][ T8961] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  200.929857][ T8911] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  201.008981][ T8963] binder: BINDER_SET_CONTEXT_MGR already set
[  201.015012][ T8963] binder: 8962:8963 ioctl 4018620d 200000000040 returned -16
[  201.076058][ T8965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.118331][ T8965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.499464][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  201.499510][ T5823] Bluetooth: hci0: command 0x0406 tx timeout
[  201.505522][ T5146] Bluetooth: hci1: command 0x2016 tx timeout
[  201.541092][ T8983] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.1112'.
[  201.672037][ T8987] loop3: detected capacity change from 0 to 7
[  201.685211][ T8987] Dev loop3: unable to read RDB block 7
[  201.690941][ T8987]  loop3: unable to read partition table
[  201.697104][ T8987] loop3: partition table beyond EOD, truncated
[  201.703700][ T8987] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  201.773123][ T8991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.795871][ T8991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.895650][ T8995] binder: BINDER_SET_CONTEXT_MGR already set
[  201.914078][ T8995] binder: 8994:8995 ioctl 4018620d 200000000040 returned -16
[  201.989143][ T8997] orangefs_devreq_write_iter: total:8239: must be at least:8240:
[  202.027476][ T8999] loop3: detected capacity change from 0 to 7
[  202.034885][ T8991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.051509][ T8999] Dev loop3: unable to read RDB block 7
[  202.057343][ T8991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.071735][ T8999]  loop3: unable to read partition table
[  202.077768][ T8999] loop3: partition table beyond EOD, truncated
[  202.094195][ T8999] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  202.125375][ T5195] Dev loop3: unable to read RDB block 7
[  202.135703][ T5195]  loop3: unable to read partition table
[  202.158553][ T5195] loop3: partition table beyond EOD, truncated
[  202.194317][ T9006] netlink: 'syz.3.1121': attribute type 10 has an invalid length.
[  202.518443][ T9017] trusted_key: encrypted_key: key user:syz not found
[  202.708949][ T9024] binder: BINDER_SET_CONTEXT_MGR already set
[  202.738197][ T9024] binder: 9023:9024 ioctl 4018620d 200000000040 returned -16
[  203.030232][ T9039] loop3: detected capacity change from 0 to 7
[  203.047708][ T5825] Dev loop3: unable to read RDB block 7
[  203.063740][ T5825]  loop3: unable to read partition table
[  203.077175][ T5825] loop3: partition table beyond EOD, truncated
[  203.086974][ T9039] Dev loop3: unable to read RDB block 7
[  203.099223][ T9039]  loop3: unable to read partition table
[  203.124841][ T9039] loop3: partition table beyond EOD, truncated
[  203.146654][ T9039] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  203.176597][ T5917] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  203.209973][ T9043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.238720][ T9043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.353468][ T5917] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  203.366576][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.384637][ T5917] usb 5-1: Product: syz
[  203.404212][ T5917] usb 5-1: Manufacturer: syz
[  203.409411][ T5917] usb 5-1: SerialNumber: syz
[  203.461841][ T9050] netlink: 'syz.0.1140': attribute type 10 has an invalid length.
[  203.489017][ T9043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.510583][ T9043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.939058][ T9063] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1146'.
[  203.969009][ T9063] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  203.978306][ T2973] Bluetooth: hci4: Frame reassembly failed (-84)
[  203.985243][ T2973] Bluetooth: hci4: Frame reassembly failed (-84)
[  204.034636][ T5917] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  204.047329][ T5917] cdc_ncm 5-1:1.0: bind() failure
[  204.083926][ T5917] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  204.104620][ T5917] cdc_ncm 5-1:1.1: bind() failure
[  204.166816][ T5867] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  204.336583][ T5867] usb 1-1: Using ep0 maxpacket: 8
[  204.363803][ T5867] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.404529][ T5867] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  204.415172][ T5867] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  204.427610][ T5867] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  204.439816][ T5867] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  204.451228][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.478386][ T5867] hub 1-1:1.0: bad descriptor, ignoring hub
[  204.496786][ T5867] hub 1-1:1.0: probe with driver hub failed with error -5
[  204.507636][ T5867] cdc_wdm 1-1:1.0: skipping garbage
[  204.512899][ T5867] cdc_wdm 1-1:1.0: skipping garbage
[  204.522376][ T5867] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  204.568313][ T5867] cdc_wdm 1-1:1.0: Unknown control protocol
[  204.584533][ T9079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.602234][ T9079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.807359][ T6679] usb 1-1: USB disconnect, device number 50
[  205.136622][ T5917] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  205.310426][ T9087] netlink: 'syz.3.1153': attribute type 10 has an invalid length.
[  205.318396][ T5917] usb 1-1: Using ep0 maxpacket: 8
[  205.325571][ T5917] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.338301][ T5917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  205.347800][ T5917] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  205.360917][ T5917] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  205.371728][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.396190][ T5917] hub 1-1:1.0: bad descriptor, ignoring hub
[  205.413664][ T5917] hub 1-1:1.0: probe with driver hub failed with error -5
[  205.428699][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  205.434161][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  205.440192][ T5917] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  205.487320][ T9091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  205.496429][ T9091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.707716][ T5917] usb 1-1: USB disconnect, device number 51
[  205.716266][ T9091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  205.726783][ T9091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.892502][ T5917] usb 5-1: USB disconnect, device number 3
[  205.977558][ T5832] Bluetooth: hci4: command 0x1003 tx timeout
[  205.980005][ T5830] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  206.051427][ T9096] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1157'.
[  206.244113][ T9099] NFSD: Failed to start, no listeners configured.
[  206.252080][ T9104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.267017][ T9104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.467948][ T9114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.486952][ T9114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.968081][ T9136] FAULT_INJECTION: forcing a failure.
[  206.968081][ T9136] name failslab, interval 1, probability 0, space 0, times 0
[  206.981415][ T9136] CPU: 0 UID: 0 PID: 9136 Comm: syz.0.1171 Not tainted syzkaller #0 PREEMPT(full) 
[  206.981440][ T9136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  206.981453][ T9136] Call Trace:
[  206.981461][ T9136]  <TASK>
[  206.981469][ T9136]  dump_stack_lvl+0x189/0x250
[  206.981498][ T9136]  ? __pfx____ratelimit+0x10/0x10
[  206.981524][ T9136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.981548][ T9136]  ? __pfx__printk+0x10/0x10
[  206.981577][ T9136]  ? __pfx___might_resched+0x10/0x10
[  206.981596][ T9136]  ? fs_reclaim_acquire+0x7d/0x100
[  206.981622][ T9136]  should_fail_ex+0x414/0x560
[  206.981667][ T9136]  should_failslab+0xa8/0x100
[  206.981692][ T9136]  __kmalloc_noprof+0xdf/0x800
[  206.981709][ T9136]  ? debug_mutex_init+0x38/0x70
[  206.981725][ T9136]  ? security_task_alloc+0x4d/0x360
[  206.981753][ T9136]  security_task_alloc+0x4d/0x360
[  206.981781][ T9136]  copy_process+0x1493/0x3950
[  206.981902][ T9136]  ? copy_process+0x915/0x3950
[  206.981921][ T9136]  ? __pfx_copy_process+0x10/0x10
[  206.981940][ T9136]  vhost_task_create+0x1ce/0x320
[  206.981954][ T9136]  ? unwind_get_return_address+0x4d/0x90
[  206.981967][ T9136]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  206.981982][ T9136]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  206.981996][ T9136]  ? __pfx_vhost_task_create+0x10/0x10
[  206.982014][ T9136]  ? __pfx_vhost_task_fn+0x10/0x10
[  206.982031][ T9136]  ? __lock_acquire+0x6b6/0x2cf0
[  206.982048][ T9136]  kvm_mmu_post_init_vm+0x14c/0x300
[  206.982070][ T9136]  kvm_arch_vcpu_ioctl_run+0xdc/0x1c90
[  206.982087][ T9136]  ? register_lock_class+0x51/0x320
[  206.982098][ T9136]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  206.982110][ T9136]  ? __lock_acquire+0x6b6/0x2cf0
[  206.982122][ T9136]  ? __mutex_lock+0x335/0x1350
[  206.982137][ T9136]  ? kasan_quarantine_put+0xdd/0x220
[  206.982147][ T9136]  ? lockdep_hardirqs_on+0x98/0x140
[  206.982173][ T9136]  kvm_vcpu_ioctl+0x99a/0xed0
[  206.982190][ T9136]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  206.982204][ T9136]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  206.982226][ T9136]  ? __fget_files+0x2a/0x420
[  206.982241][ T9136]  ? __fget_files+0x3a0/0x420
[  206.982253][ T9136]  ? __fget_files+0x2a/0x420
[  206.982267][ T9136]  ? bpf_lsm_file_ioctl+0x9/0x20
[  206.982280][ T9136]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  206.982294][ T9136]  __se_sys_ioctl+0xfc/0x170
[  206.982305][ T9136]  do_syscall_64+0xfa/0xf80
[  206.982316][ T9136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.982327][ T9136]  ? clear_bhb_loop+0x60/0xb0
[  206.982339][ T9136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.982349][ T9136] RIP: 0033:0x7f0bd5d8f749
[  206.982360][ T9136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.982369][ T9136] RSP: 002b:00007f0bd6bab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.982381][ T9136] RAX: ffffffffffffffda RBX: 00007f0bd5fe5fa0 RCX: 00007f0bd5d8f749
[  206.982389][ T9136] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  206.982395][ T9136] RBP: 00007f0bd6bab090 R08: 0000000000000000 R09: 0000000000000000
[  206.982401][ T9136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.982407][ T9136] R13: 00007f0bd5fe6038 R14: 00007f0bd5fe5fa0 R15: 00007fff783e8848
[  206.982424][ T9136]  </TASK>
[  207.326105][ T9141] netlink: 'syz.3.1172': attribute type 13 has an invalid length.
[  207.366883][ T5917] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  207.421553][ T9145] netlink: 'syz.2.1174': attribute type 4 has an invalid length.
[  207.430156][ T9145] netlink: 'syz.2.1174': attribute type 2 has an invalid length.
[  207.441340][ T9143] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  207.490418][ T9143] CPU: 0 UID: 0 PID: 9143 Comm: syz.3.1173 Not tainted syzkaller #0 PREEMPT(full) 
[  207.490447][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  207.490461][ T9143] Call Trace:
[  207.490469][ T9143]  <TASK>
[  207.490478][ T9143]  dump_stack_lvl+0x189/0x250
[  207.490511][ T9143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.490538][ T9143]  ? __pfx__printk+0x10/0x10
[  207.490567][ T9143]  ? kernfs_path_from_node+0x2f/0x290
[  207.490590][ T9143]  ? kernfs_path_from_node+0x250/0x290
[  207.490610][ T9143]  ? kernfs_path_from_node+0x2f/0x290
[  207.490637][ T9143]  sysfs_warn_dup+0x8e/0xa0
[  207.490657][ T9143]  sysfs_do_create_link_sd+0xc0/0x110
[  207.490682][ T9143]  device_add_class_symlinks+0x1cf/0x240
[  207.490722][ T9143]  device_add+0x475/0xb80
[  207.490753][ T9143]  wiphy_register+0x1d2e/0x2d20
[  207.490797][ T9143]  ? __pfx_wiphy_register+0x10/0x10
[  207.490826][ T9143]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  207.490855][ T9143]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  207.490891][ T9143]  ieee80211_register_hw+0x34a7/0x4110
[  207.490929][ T9143]  ? ieee80211_register_hw+0x1451/0x4110
[  207.490960][ T9143]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  207.490979][ T9143]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  207.491013][ T9143]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  207.491042][ T9143]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  207.491079][ T9143]  ? __hrtimer_setup+0x181/0x200
[  207.491104][ T9143]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  207.491130][ T9143]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  207.491183][ T9143]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  207.491212][ T9143]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  207.491236][ T9143]  ? kstrndup+0xbf/0x160
[  207.491270][ T9143]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  207.491296][ T9143]  ? __pfx___nla_validate_parse+0x10/0x10
[  207.491332][ T9143]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  207.491359][ T9143]  ? rcu_is_watching+0x15/0xb0
[  207.491389][ T9143]  ? __nla_parse+0x40/0x60
[  207.491413][ T9143]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  207.491453][ T9143]  genl_family_rcv_msg_doit+0x215/0x300
[  207.491491][ T9143]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  207.491535][ T9143]  ? bpf_lsm_capable+0x9/0x20
[  207.491558][ T9143]  ? security_capable+0x7e/0x2e0
[  207.491593][ T9143]  genl_rcv_msg+0x60e/0x790
[  207.491630][ T9143]  ? __pfx_genl_rcv_msg+0x10/0x10
[  207.491657][ T9143]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  207.491693][ T9143]  netlink_rcv_skb+0x208/0x470
[  207.491724][ T9143]  ? __pfx_genl_rcv_msg+0x10/0x10
[  207.491754][ T9143]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  207.491797][ T9143]  ? down_read+0x274/0x2e0
[  207.491817][ T9143]  ? genl_rcv+0xd/0x40
[  207.491847][ T9143]  genl_rcv+0x28/0x40
[  207.491873][ T9143]  netlink_unicast+0x82f/0x9e0
[  207.491905][ T9143]  ? __pfx_netlink_unicast+0x10/0x10
[  207.491928][ T9143]  ? netlink_sendmsg+0x642/0xb30
[  207.491950][ T9143]  ? skb_put+0x11b/0x210
[  207.491975][ T9143]  netlink_sendmsg+0x805/0xb30
[  207.491997][ T9143]  ? aa_sk_perm+0x15f/0x920
[  207.492035][ T9143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.492061][ T9143]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  207.492093][ T9143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.492115][ T9143]  sock_sendmsg_nosec+0x18f/0x1d0
[  207.492146][ T9143]  ____sys_sendmsg+0x577/0x880
[  207.492178][ T9143]  ? __pfx_____sys_sendmsg+0x10/0x10
[  207.492210][ T9143]  ? import_iovec+0x74/0xa0
[  207.492236][ T9143]  ___sys_sendmsg+0x21f/0x2a0
[  207.492261][ T9143]  ? __pfx____sys_sendmsg+0x10/0x10
[  207.492291][ T9143]  ? futex_wait+0x285/0x360
[  207.492348][ T9143]  ? __fget_files+0x2a/0x420
[  207.492373][ T9143]  ? __fget_files+0x3a0/0x420
[  207.492411][ T9143]  __x64_sys_sendmsg+0x19b/0x260
[  207.492436][ T9143]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  207.492477][ T9143]  ? do_syscall_64+0xbe/0xf80
[  207.492501][ T9143]  do_syscall_64+0xfa/0xf80
[  207.492521][ T9143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.492540][ T9143]  ? clear_bhb_loop+0x60/0xb0
[  207.492564][ T9143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.492584][ T9143] RIP: 0033:0x7f28da38f749
[  207.492601][ T9143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.492619][ T9143] RSP: 002b:00007f28db1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  207.492640][ T9143] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38f749
[  207.492654][ T9143] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  207.492667][ T9143] RBP: 00007f28da413f91 R08: 0000000000000000 R09: 0000000000000000
[  207.492680][ T9143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  207.492691][ T9143] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  207.492732][ T9143]  </TASK>
[  207.956012][ T5917] usb 5-1: device descriptor read/64, error -71
[  208.047075][ T9151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.062275][ T9151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.079863][ T9151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.090435][ T9151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.101922][ T9151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.110874][ T9151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.121741][ T9152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.132520][ T9152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.206873][ T5917] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  208.305699][ T9162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.314534][ T9162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.329387][ T9164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.340844][ T5917] usb 5-1: device descriptor read/64, error -71
[  208.342016][ T9164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.457035][ T5917] usb usb5-port1: attempt power cycle
[  208.777445][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  208.816681][ T5917] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  208.841166][ T9174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.851446][ T5917] usb 5-1: device descriptor read/8, error -71
[  208.859842][ T9174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.873022][ T9174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.881906][ T9174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.106987][ T5917] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  209.148172][ T5917] usb 5-1: device descriptor read/8, error -71
[  209.266982][ T5917] usb usb5-port1: unable to enumerate USB device
[  209.449516][ T9189] FAULT_INJECTION: forcing a failure.
[  209.449516][ T9189] name failslab, interval 1, probability 0, space 0, times 0
[  209.479899][ T9192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.483941][ T9189] CPU: 1 UID: 0 PID: 9189 Comm: syz.2.1190 Not tainted syzkaller #0 PREEMPT(full) 
[  209.483966][ T9189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  209.483979][ T9189] Call Trace:
[  209.483986][ T9189]  <TASK>
[  209.483994][ T9189]  dump_stack_lvl+0x189/0x250
[  209.484023][ T9189]  ? __pfx____ratelimit+0x10/0x10
[  209.484051][ T9189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.484075][ T9189]  ? __pfx__printk+0x10/0x10
[  209.484102][ T9189]  ? __pfx___might_resched+0x10/0x10
[  209.484124][ T9189]  ? fs_reclaim_acquire+0x7d/0x100
[  209.484151][ T9189]  should_fail_ex+0x414/0x560
[  209.484181][ T9189]  should_failslab+0xa8/0x100
[  209.484207][ T9189]  __kmalloc_noprof+0xdf/0x800
[  209.484224][ T9189]  ? debug_mutex_init+0x38/0x70
[  209.484240][ T9189]  ? security_task_alloc+0x4d/0x360
[  209.484270][ T9189]  security_task_alloc+0x4d/0x360
[  209.484298][ T9189]  copy_process+0x1493/0x3950
[  209.484332][ T9189]  ? copy_process+0x915/0x3950
[  209.484363][ T9189]  ? __pfx_copy_process+0x10/0x10
[  209.484398][ T9189]  vhost_task_create+0x1ce/0x320
[  209.484424][ T9189]  ? unwind_get_return_address+0x4d/0x90
[  209.484447][ T9189]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  209.484473][ T9189]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  209.484499][ T9189]  ? __pfx_vhost_task_create+0x10/0x10
[  209.484532][ T9189]  ? __pfx_vhost_task_fn+0x10/0x10
[  209.484563][ T9189]  ? __lock_acquire+0x6b6/0x2cf0
[  209.484594][ T9189]  kvm_mmu_post_init_vm+0x14c/0x300
[  209.484625][ T9189]  kvm_arch_vcpu_ioctl_run+0xdc/0x1c90
[  209.484657][ T9189]  ? register_lock_class+0x51/0x320
[  209.484677][ T9189]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  209.484698][ T9189]  ? __lock_acquire+0x6b6/0x2cf0
[  209.484721][ T9189]  ? __mutex_lock+0x335/0x1350
[  209.484747][ T9189]  ? kasan_quarantine_put+0xdd/0x220
[  209.484772][ T9189]  ? lockdep_hardirqs_on+0x98/0x140
[  209.484818][ T9189]  kvm_vcpu_ioctl+0x99a/0xed0
[  209.484852][ T9189]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  209.484879][ T9189]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  209.484918][ T9189]  ? __fget_files+0x2a/0x420
[  209.484947][ T9189]  ? __fget_files+0x3a0/0x420
[  209.484970][ T9189]  ? __fget_files+0x2a/0x420
[  209.484997][ T9189]  ? bpf_lsm_file_ioctl+0x9/0x20
[  209.485019][ T9189]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  209.485045][ T9189]  __se_sys_ioctl+0xfc/0x170
[  209.485066][ T9189]  do_syscall_64+0xfa/0xf80
[  209.485085][ T9189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.485103][ T9189]  ? clear_bhb_loop+0x60/0xb0
[  209.485126][ T9189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.485152][ T9189] RIP: 0033:0x7f47ec18f749
[  209.485169][ T9189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.485185][ T9189] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  209.485205][ T9189] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  209.485220][ T9189] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  209.485231][ T9189] RBP: 00007f47ea3ee090 R08: 0000000000000000 R09: 0000000000000000
[  209.485243][ T9189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.485254][ T9189] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  209.485286][ T9189]  </TASK>
[  209.843412][ T9192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.896077][ T9192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.917123][ T9192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.947660][ T9197] overlayfs: failed to resolve './file0': -2
[  209.959962][ T9198] loop3: detected capacity change from 0 to 7
[  209.979369][ T5825] Dev loop3: unable to read RDB block 7
[  209.986189][ T5825]  loop3: unable to read partition table
[  210.006406][ T5825] loop3: partition table beyond EOD, truncated
[  210.042715][ T9198] Dev loop3: unable to read RDB block 7
[  210.065856][ T9198]  loop3: unable to read partition table
[  210.083658][ T9198] loop3: partition table beyond EOD, truncated
[  210.093588][ T9198] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  210.598669][ T9223] netlink: 'syz.0.1203': attribute type 13 has an invalid length.
[  210.726937][ T9229] overlayfs: failed to resolve './file0': -2
[  210.798252][  T907] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  210.858203][ T5832] Bluetooth: hci0: command 0x0406 tx timeout
[  210.956909][  T907] usb 5-1: device descriptor read/64, error -71
[  211.050331][ T9243] loop3: detected capacity change from 0 to 7
[  211.058538][ T9243] Dev loop3: unable to read RDB block 7
[  211.068043][ T9243]  loop3: unable to read partition table
[  211.073939][ T9243] loop3: partition table beyond EOD, truncated
[  211.080278][ T9243] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  211.217096][  T907] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  211.229736][ T9249] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1214'.
[  211.239093][ T9250] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1214'.
[  211.262732][ T9252] overlayfs: failed to resolve './file0': -2
[  211.377229][  T907] usb 5-1: device descriptor read/64, error -71
[  211.402659][ T9256] NFSD: Failed to start, no listeners configured.
[  211.488035][  T907] usb usb5-port1: attempt power cycle
[  211.716728][ T8410] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  211.791783][ T9267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1222'.
[  211.826702][  T907] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  211.847428][  T907] usb 5-1: device descriptor read/8, error -71
[  211.876601][ T8410] usb 1-1: Using ep0 maxpacket: 8
[  211.883213][ T8410] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.893523][ T8410] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  211.903430][ T8410] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  211.914953][ T8410] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  211.929438][ T8410] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  211.943169][ T8410] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.957320][ T8410] hub 1-1:1.0: bad descriptor, ignoring hub
[  211.963388][ T8410] hub 1-1:1.0: probe with driver hub failed with error -5
[  211.971120][ T8410] cdc_wdm 1-1:1.0: skipping garbage
[  211.976484][ T8410] cdc_wdm 1-1:1.0: skipping garbage
[  211.982875][ T8410] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  211.989443][ T8410] cdc_wdm 1-1:1.0: Unknown control protocol
[  212.072373][ T9274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.081255][ T9274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.089845][  T907] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  212.117134][  T907] usb 5-1: device descriptor read/8, error -71
[  212.227271][  T907] usb usb5-port1: unable to enumerate USB device
[  212.269038][  T907] usb 1-1: USB disconnect, device number 52
[  212.597602][  T907] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  212.634720][ T9276] overlayfs: failed to resolve './file1': -2
[  212.690105][ T9278] loop3: detected capacity change from 0 to 7
[  212.699697][ T5826] Dev loop3: unable to read RDB block 7
[  212.705293][ T5826]  loop3: unable to read partition table
[  212.712924][ T5826] loop3: partition table beyond EOD, truncated
[  212.719853][ T9278] Dev loop3: unable to read RDB block 7
[  212.725671][ T9278]  loop3: unable to read partition table
[  212.731678][ T9278] loop3: partition table beyond EOD, truncated
[  212.740052][ T9278] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  212.750599][ T5195] Dev loop3: unable to read RDB block 7
[  212.756763][  T907] usb 1-1: Using ep0 maxpacket: 8
[  212.757638][ T5195]  loop3: unable to read partition table
[  212.764572][  T907] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.768265][ T5195] loop3: partition table beyond EOD, truncated
[  212.784811][  T907] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  212.794987][  T907] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  212.808598][  T907] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  212.820011][  T907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.868136][  T907] hub 1-1:1.0: bad descriptor, ignoring hub
[  212.868166][  T907] hub 1-1:1.0: probe with driver hub failed with error -5
[  212.872793][  T907] cdc_wdm 1-1:1.0: skipping garbage
[  212.872816][  T907] cdc_wdm 1-1:1.0: skipping garbage
[  212.872840][  T907] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  213.168037][ T8410] usb 1-1: USB disconnect, device number 53
[  213.256117][ T9295] overlayfs: failed to resolve './file1': -2
[  213.292254][ T9293] FAULT_INJECTION: forcing a failure.
[  213.292254][ T9293] name failslab, interval 1, probability 0, space 0, times 0
[  213.318931][ T9293] CPU: 1 UID: 0 PID: 9293 Comm: syz.2.1234 Not tainted syzkaller #0 PREEMPT(full) 
[  213.318959][ T9293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  213.318970][ T9293] Call Trace:
[  213.318978][ T9293]  <TASK>
[  213.318986][ T9293]  dump_stack_lvl+0x189/0x250
[  213.319015][ T9293]  ? __pfx____ratelimit+0x10/0x10
[  213.319045][ T9293]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.319069][ T9293]  ? __pfx__printk+0x10/0x10
[  213.319093][ T9293]  ? __pfx___might_resched+0x10/0x10
[  213.319116][ T9293]  ? fs_reclaim_acquire+0x7d/0x100
[  213.319144][ T9293]  should_fail_ex+0x414/0x560
[  213.319184][ T9293]  should_failslab+0xa8/0x100
[  213.319210][ T9293]  kmem_cache_alloc_noprof+0x88/0x710
[  213.319240][ T9293]  ? __kvm_mmu_topup_memory_cache+0x463/0x610
[  213.319263][ T9293]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  213.319291][ T9293]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  213.319328][ T9293]  mmu_topup_memory_caches+0x21/0x170
[  213.319355][ T9293]  kvm_mmu_load+0x9d/0x22d0
[  213.319379][ T9293]  ? kvm_msr_allowed+0x9a/0x490
[  213.319405][ T9293]  ? kvm_msr_allowed+0x9a/0x490
[  213.319432][ T9293]  ? kvm_msr_allowed+0x9a/0x490
[  213.319458][ T9293]  ? kvm_msr_allowed+0x9a/0x490
[  213.319484][ T9293]  ? kvm_apic_has_interrupt+0x744/0x770
[  213.319525][ T9293]  vcpu_run+0x54d7/0x76b0
[  213.319542][ T9293]  ? rcu_is_watching+0x15/0xb0
[  213.319584][ T9293]  ? __lock_acquire+0x6b6/0x2cf0
[  213.319656][ T9293]  ? __pfx_vcpu_run+0x10/0x10
[  213.319684][ T9293]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  213.319708][ T9293]  ? rcu_is_watching+0x15/0xb0
[  213.319736][ T9293]  kvm_arch_vcpu_ioctl_run+0x1148/0x1c90
[  213.319767][ T9293]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  213.319785][ T9293]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  213.319804][ T9293]  ? __lock_acquire+0x6b6/0x2cf0
[  213.319827][ T9293]  ? __mutex_lock+0x335/0x1350
[  213.319853][ T9293]  ? kasan_quarantine_put+0xdd/0x220
[  213.319872][ T9293]  ? lockdep_hardirqs_on+0x98/0x140
[  213.319919][ T9293]  kvm_vcpu_ioctl+0x99a/0xed0
[  213.319952][ T9293]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  213.319979][ T9293]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  213.320021][ T9293]  ? __fget_files+0x2a/0x420
[  213.320051][ T9293]  ? __fget_files+0x3a0/0x420
[  213.320074][ T9293]  ? __fget_files+0x2a/0x420
[  213.320102][ T9293]  ? bpf_lsm_file_ioctl+0x9/0x20
[  213.320125][ T9293]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  213.320151][ T9293]  __se_sys_ioctl+0xfc/0x170
[  213.320181][ T9293]  do_syscall_64+0xfa/0xf80
[  213.320201][ T9293]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.320221][ T9293]  ? clear_bhb_loop+0x60/0xb0
[  213.320244][ T9293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.320263][ T9293] RIP: 0033:0x7f47ec18f749
[  213.320281][ T9293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.320297][ T9293] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  213.320317][ T9293] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  213.320331][ T9293] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  213.320343][ T9293] RBP: 00007f47ea3ee090 R08: 0000000000000000 R09: 0000000000000000
[  213.320355][ T9293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.320366][ T9293] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  213.320399][ T9293]  </TASK>
[  213.800462][ T9303] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1238'.
[  213.882125][ T9307] netlink: 'syz.2.1240': attribute type 10 has an invalid length.
[  214.068521][ T9313] overlayfs: failed to resolve './file1': -2
[  214.179404][ T9307] team0 (unregistering): Port device team_slave_0 removed
[  214.190927][ T9307] team0 (unregistering): Port device team_slave_1 removed
[  214.406134][ T9323] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1247'.
[  214.415355][ T5917] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  214.516237][ T9327] netlink: 'syz.3.1249': attribute type 4 has an invalid length.
[  214.529248][ T9327] netlink: 'syz.3.1249': attribute type 2 has an invalid length.
[  214.556704][ T8410] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  214.564504][ T5917] usb 5-1: device descriptor read/64, error -71
[  214.649422][ T9329] binder: 9328:9329 ioctl c0306201 2000000001c0 returned -22
[  214.731140][ T8410] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.763953][ T8410] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  214.808886][ T5917] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  214.816618][ T8410] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.832531][ T8410] usb 1-1: config 0 descriptor??
[  214.841921][ T8410] pwc: Askey VC010 type 2 USB webcam detected.
[  214.966848][ T5917] usb 5-1: device descriptor read/64, error -71
[  215.087197][ T5917] usb usb5-port1: attempt power cycle
[  215.240733][ T8410] pwc: recv_control_msg error -32 req 02 val 2b00
[  215.255920][ T8410] pwc: recv_control_msg error -32 req 02 val 2700
[  215.282319][ T8410] pwc: recv_control_msg error -32 req 02 val 2c00
[  215.287392][ T9344] loop3: detected capacity change from 0 to 7
[  215.298533][ T5825] Dev loop3: unable to read RDB block 7
[  215.304151][ T5825]  loop3: unable to read partition table
[  215.314488][ T8410] pwc: recv_control_msg error -32 req 04 val 1000
[  215.314804][ T5825] loop3: partition table beyond EOD, truncated
[  215.331203][ T8410] pwc: recv_control_msg error -32 req 04 val 1300
[  215.351825][ T9344] Dev loop3: unable to read RDB block 7
[  215.361692][ T8410] pwc: recv_control_msg error -32 req 04 val 1400
[  215.378329][ T8410] pwc: recv_control_msg error -32 req 02 val 2000
[  215.386166][ T8410] pwc: recv_control_msg error -32 req 02 val 2100
[  215.393116][ T9319] netlink: 'syz.0.1243': attribute type 39 has an invalid length.
[  215.393848][ T9344]  loop3: unable to read partition table
[  215.413658][ T9344] loop3: partition table beyond EOD, truncated
[  215.426699][ T9344] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  215.457077][ T5917] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  215.494949][ T9346] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.1258'.
[  215.509705][ T5917] usb 5-1: device descriptor read/8, error -71
[  215.579894][ T8410] pwc: recv_control_msg error -71 req 04 val 1500
[  215.600251][ T8410] pwc: recv_control_msg error -71 req 02 val 2500
[  215.618191][ T8410] pwc: recv_control_msg error -71 req 02 val 2400
[  215.637498][ T8410] pwc: recv_control_msg error -71 req 02 val 2600
[  215.644471][ T8410] pwc: recv_control_msg error -71 req 02 val 2900
[  215.653924][ T8410] pwc: recv_control_msg error -71 req 02 val 2800
[  215.663128][ T8410] pwc: recv_control_msg error -71 req 04 val 1100
[  215.670350][ T8410] pwc: recv_control_msg error -71 req 04 val 1200
[  215.683032][ T8410] pwc: Registered as video103.
[  215.691575][ T8410] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18
[  215.733436][ T8410] usb 1-1: USB disconnect, device number 54
[  215.767032][ T5917] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  215.809788][ T5917] usb 5-1: device descriptor read/8, error -71
[  215.939403][ T5917] usb usb5-port1: unable to enumerate USB device
[  215.992570][ T9363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.002823][ T9363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.781368][ T9382] can0: slcan on ptm1.
[  216.878759][ T9382] can0 (unregistered): slcan off ptm1.
[  217.201477][ T9412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.218193][ T9413] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.1280'.
[  217.239786][ T9412] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.398000][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.430690][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.451196][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.465238][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.699460][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.719811][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.961362][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.987655][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.157095][   T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  218.203444][ T9448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.287116][ T9448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.353951][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.398111][   T10] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  218.427147][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.457669][   T10] usb 5-1: config 0 descriptor??
[  218.482502][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  218.489468][ T9456] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1291'.
[  218.527155][ T9448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.568604][ T9448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.874007][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[  218.889761][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[  218.909794][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[  218.928173][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[  218.945589][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[  218.954708][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[  218.968604][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[  218.976025][   T10] pwc: recv_control_msg error -32 req 02 val 2100
[  218.984480][ T9441] netlink: 'syz.4.1286': attribute type 39 has an invalid length.
[  219.116636][ T6679] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  219.158074][   T10] pwc: recv_control_msg error -71 req 04 val 1500
[  219.173168][   T10] pwc: recv_control_msg error -71 req 02 val 2500
[  219.182077][ T9474] netlink: 'syz.3.1298': attribute type 13 has an invalid length.
[  219.192024][   T10] pwc: recv_control_msg error -71 req 02 val 2400
[  219.199759][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[  219.208213][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  219.220845][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  219.237171][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  219.246023][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  219.259579][   T10] pwc: Registered as video103.
[  219.269483][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input19
[  219.297673][ T6679] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  219.330166][ T6679] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  219.349176][   T10] usb 5-1: USB disconnect, device number 16
[  219.375745][ T6679] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  219.395616][ T6679] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.445124][ T6679] usb 1-1: Product: syz
[  219.459581][ T6679] usb 1-1: Manufacturer: syz
[  219.464233][ T6679] usb 1-1: SerialNumber: syz
[  219.542226][ T9483] netlink: 'syz.2.1302': attribute type 10 has an invalid length.
[  219.714115][ T9491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.723294][ T9491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  219.940757][ T9491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.949824][ T9491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.086759][ T5813] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  220.260874][ T5813] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  220.271929][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.280343][ T5813] usb 5-1: Product: syz
[  220.281951][ T9505] NFSD: Failed to start, no listeners configured.
[  220.284519][ T5813] usb 5-1: Manufacturer: syz
[  220.284537][ T5813] usb 5-1: SerialNumber: syz
[  220.310503][ T6679] cdc_ncm 1-1:1.0: bind() failure
[  220.324201][ T6679] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  220.331320][ T6679] cdc_ncm 1-1:1.1: bind() failure
[  220.341715][ T6679] usb 1-1: USB disconnect, device number 55
[  220.625849][ T9514] binder: 9511:9514 ioctl 4018620d 0 returned -22
[  220.766993][ T9518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.777620][ T9518] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.811168][ T9518] netlink: 'syz.2.1317': attribute type 10 has an invalid length.
[  220.819819][ T9518] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1317'.
[  220.831938][ T9518] bond0: entered promiscuous mode
[  220.840476][ T9518] bond_slave_0: entered promiscuous mode
[  220.846624][ T9518] bond_slave_1: entered promiscuous mode
[  220.852880][ T9518] bridge0: entered promiscuous mode
[  220.859861][ T9518] bridge0: port 3(bond0) entered blocking state
[  220.866665][ T9518] bridge0: port 3(bond0) entered disabled state
[  220.873303][ T9518] bond0: entered allmulticast mode
[  220.878845][ T9518] bond_slave_0: entered allmulticast mode
[  220.916877][ T9518] bond_slave_1: entered allmulticast mode
[  220.927228][ T9518] bridge0: entered allmulticast mode
[  220.948215][ T9518] bond0: left allmulticast mode
[  220.955073][ T9518] bond_slave_0: left allmulticast mode
[  220.956778][ T9523] netlink: 'syz.0.1319': attribute type 4 has an invalid length.
[  220.960912][ T9518] bond_slave_1: left allmulticast mode
[  220.974913][ T9518] bridge0: left allmulticast mode
[  220.977159][ T9523] netlink: 'syz.0.1319': attribute type 2 has an invalid length.
[  221.251252][ T9533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.262924][ T9533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.272831][ T9533] netlink: 'syz.3.1323': attribute type 39 has an invalid length.
[  221.296668][ T6679] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  221.308569][ T5813] cdc_ncm 5-1:1.0: failed to get mac address
[  221.325426][ T5813] cdc_ncm 5-1:1.0: bind() failure
[  221.340687][ T5813] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  221.350130][ T5813] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  221.359586][ T5813] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  221.378090][ T5813] usb 5-1: USB disconnect, device number 17
[  221.459265][ T6679] usb 1-1: unable to get BOS descriptor or descriptor too short
[  221.467963][ T6679] usb 1-1: no configurations
[  221.472707][ T6679] usb 1-1: can't read configurations, error -22
[  221.582029][ T9535] binder: 9534:9535 ioctl 4018620d 0 returned -22
[  221.616697][ T6679] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  221.788572][ T6679] usb 1-1: unable to get BOS descriptor or descriptor too short
[  221.796304][ T6679] usb 1-1: no configurations
[  221.801507][ T6679] usb 1-1: can't read configurations, error -22
[  221.808731][ T6679] usb usb1-port1: attempt power cycle
[  222.063124][ T9549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.074115][ T9549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.147007][ T6679] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  222.170429][ T6679] usb 1-1: unable to get BOS descriptor or descriptor too short
[  222.178535][ T6679] usb 1-1: no configurations
[  222.183880][ T6679] usb 1-1: can't read configurations, error -22
[  222.234845][ T9554] binder: 9553:9554 ioctl 4018620d 0 returned -22
[  222.316918][ T6679] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  222.366767][ T6679] usb 1-1: unable to get BOS descriptor or descriptor too short
[  222.378824][ T6679] usb 1-1: no configurations
[  222.383805][ T6679] usb 1-1: can't read configurations, error -22
[  222.413821][ T6679] usb usb1-port1: unable to enumerate USB device
[  222.523964][ T9562] overlayfs: missing 'lowerdir'
[  222.618359][ T8410] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  222.730081][ T9571] binder_alloc: 9570: binder_alloc_buf size -4294942736 failed, no address space
[  222.741751][ T9571] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  222.800012][ T8410] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  222.810805][ T8410] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.822873][ T8410] usb 5-1: Product: syz
[  222.828876][ T8410] usb 5-1: Manufacturer: syz
[  222.833566][ T8410] usb 5-1: SerialNumber: syz
[  222.841373][ T8410] usb 5-1: config 0 descriptor??
[  222.910249][ T9575] netlink: 'syz.2.1342': attribute type 13 has an invalid length.
[  223.055440][ T9583] overlayfs: missing 'lowerdir'
[  223.069910][ T8410] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  223.479772][ T9597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.520340][ T9597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.530750][ T9597] netlink: 'syz.2.1352': attribute type 39 has an invalid length.
[  224.167989][ T9604] overlayfs: missing 'lowerdir'
[  224.477834][ T9616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.492094][ T9616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.494652][ T9617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.515145][ T9617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.533769][ T9616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.553920][ T9616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.580531][ T9620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.591842][ T9620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.707837][   T48] usb 1-1: new low-speed USB device number 60 using dummy_hcd
[  224.730024][ T8410] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  224.804285][ T9620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.814284][ T9620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.868308][   T48] usb 1-1: config index 0 descriptor too short (expected 7195, got 27)
[  224.876961][   T48] usb 1-1: config 180 has too many interfaces: 241, using maximum allowed: 32
[  224.885807][   T48] usb 1-1: config 180 has an invalid descriptor of length 172, skipping remainder of the config
[  224.896375][   T48] usb 1-1: config 180 has 0 interfaces, different from the descriptor's value: 241
[  224.909223][   T48] usb 1-1: string descriptor 0 read error: -22
[  224.915465][   T48] usb 1-1: New USB device found, idVendor=1d19, idProduct=0100, bcdDevice=7a.e9
[  224.925931][   T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.135531][ T9624] overlayfs: missing 'lowerdir'
[  225.142333][ T8410] usb 1-1: USB disconnect, device number 60
[  225.230561][ T9628] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  225.241660][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.2.1366 Not tainted syzkaller #0 PREEMPT(full) 
[  225.241676][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.241684][ T9628] Call Trace:
[  225.241689][ T9628]  <TASK>
[  225.241694][ T9628]  dump_stack_lvl+0x189/0x250
[  225.241714][ T9628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.241728][ T9628]  ? __pfx__printk+0x10/0x10
[  225.241745][ T9628]  ? kernfs_path_from_node+0x2f/0x290
[  225.241756][ T9628]  ? kernfs_path_from_node+0x250/0x290
[  225.241767][ T9628]  ? kernfs_path_from_node+0x2f/0x290
[  225.241780][ T9628]  sysfs_warn_dup+0x8e/0xa0
[  225.241791][ T9628]  sysfs_do_create_link_sd+0xc0/0x110
[  225.241804][ T9628]  device_add_class_symlinks+0x1cf/0x240
[  225.241834][ T9628]  device_add+0x475/0xb80
[  225.241864][ T9628]  wiphy_register+0x1d2e/0x2d20
[  225.241902][ T9628]  ? __pfx_wiphy_register+0x10/0x10
[  225.241918][ T9628]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  225.241934][ T9628]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  225.241954][ T9628]  ieee80211_register_hw+0x34a7/0x4110
[  225.241974][ T9628]  ? ieee80211_register_hw+0x1451/0x4110
[  225.241990][ T9628]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  225.242000][ T9628]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  225.242018][ T9628]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  225.242043][ T9628]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  225.242062][ T9628]  ? __hrtimer_setup+0x181/0x200
[  225.242076][ T9628]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  225.242091][ T9628]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  225.242120][ T9628]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  225.242135][ T9628]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  225.242148][ T9628]  ? kstrndup+0xbf/0x160
[  225.242165][ T9628]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  225.242181][ T9628]  ? __pfx___nla_validate_parse+0x10/0x10
[  225.242202][ T9628]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  225.242216][ T9628]  ? rcu_is_watching+0x15/0xb0
[  225.242232][ T9628]  ? __nla_parse+0x40/0x60
[  225.242244][ T9628]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  225.242266][ T9628]  genl_family_rcv_msg_doit+0x215/0x300
[  225.242289][ T9628]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  225.242312][ T9628]  ? bpf_lsm_capable+0x9/0x20
[  225.242326][ T9628]  ? security_capable+0x7e/0x2e0
[  225.242346][ T9628]  genl_rcv_msg+0x60e/0x790
[  225.242365][ T9628]  ? __pfx_genl_rcv_msg+0x10/0x10
[  225.242379][ T9628]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  225.242398][ T9628]  netlink_rcv_skb+0x208/0x470
[  225.242411][ T9628]  ? __pfx_genl_rcv_msg+0x10/0x10
[  225.242426][ T9628]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  225.242449][ T9628]  ? down_read+0x274/0x2e0
[  225.242458][ T9628]  ? genl_rcv+0xd/0x40
[  225.242473][ T9628]  genl_rcv+0x28/0x40
[  225.242486][ T9628]  netlink_unicast+0x82f/0x9e0
[  225.242502][ T9628]  ? __pfx_netlink_unicast+0x10/0x10
[  225.242514][ T9628]  ? netlink_sendmsg+0x642/0xb30
[  225.242525][ T9628]  ? skb_put+0x11b/0x210
[  225.242538][ T9628]  netlink_sendmsg+0x805/0xb30
[  225.242549][ T9628]  ? aa_sk_perm+0x15f/0x920
[  225.242569][ T9628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.242582][ T9628]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  225.242598][ T9628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.242609][ T9628]  sock_sendmsg_nosec+0x18f/0x1d0
[  225.242625][ T9628]  ____sys_sendmsg+0x577/0x880
[  225.242642][ T9628]  ? __pfx_____sys_sendmsg+0x10/0x10
[  225.242658][ T9628]  ? import_iovec+0x74/0xa0
[  225.242672][ T9628]  ___sys_sendmsg+0x21f/0x2a0
[  225.242685][ T9628]  ? __pfx____sys_sendmsg+0x10/0x10
[  225.242700][ T9628]  ? futex_wait+0x285/0x360
[  225.242730][ T9628]  ? __fget_files+0x2a/0x420
[  225.242743][ T9628]  ? __fget_files+0x3a0/0x420
[  225.242762][ T9628]  __x64_sys_sendmsg+0x19b/0x260
[  225.242775][ T9628]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  225.242796][ T9628]  ? do_syscall_64+0xbe/0xf80
[  225.242809][ T9628]  do_syscall_64+0xfa/0xf80
[  225.242819][ T9628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.242830][ T9628]  ? clear_bhb_loop+0x60/0xb0
[  225.242842][ T9628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.242852][ T9628] RIP: 0033:0x7f47ec18f749
[  225.242863][ T9628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.242872][ T9628] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.242884][ T9628] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  225.242892][ T9628] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  225.242900][ T9628] RBP: 00007f47ec213f91 R08: 0000000000000000 R09: 0000000000000000
[  225.242906][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.242912][ T9628] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  225.242940][ T9628]  </TASK>
[  225.794078][  T907] usb 5-1: USB disconnect, device number 18
[  226.077100][ T9645] binder: 9643:9645 ioctl c0306201 2000000001c0 returned -14
[  226.109570][ T9646] Invalid source name
[  226.113599][ T9646] UBIFS error (pid: 9646): cannot open "/dev/loop2", error -22
[  226.143242][ T9649] overlayfs: missing 'lowerdir'
[  226.261178][ T9653] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  226.280814][  T907] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  226.316292][ T9653] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1376'.
[  226.443431][  T907] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.489744][  T907] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.528058][  T907] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.545127][  T907] usb 5-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  226.569497][  T907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.595350][  T907] usb 5-1: config 0 descriptor??
[  226.618512][ T9663] FAULT_INJECTION: forcing a failure.
[  226.618512][ T9663] name failslab, interval 1, probability 0, space 0, times 0
[  226.638479][ T9663] CPU: 1 UID: 0 PID: 9663 Comm: syz.3.1380 Not tainted syzkaller #0 PREEMPT(full) 
[  226.638506][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  226.638518][ T9663] Call Trace:
[  226.638526][ T9663]  <TASK>
[  226.638534][ T9663]  dump_stack_lvl+0x189/0x250
[  226.638560][ T9663]  ? __pfx____ratelimit+0x10/0x10
[  226.638586][ T9663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.638608][ T9663]  ? __pfx__printk+0x10/0x10
[  226.638632][ T9663]  ? __pfx___might_resched+0x10/0x10
[  226.638653][ T9663]  ? fs_reclaim_acquire+0x7d/0x100
[  226.638679][ T9663]  should_fail_ex+0x414/0x560
[  226.638710][ T9663]  should_failslab+0xa8/0x100
[  226.638734][ T9663]  kmem_cache_alloc_noprof+0x88/0x710
[  226.638762][ T9663]  ? vfs_write+0x956/0xb30
[  226.638779][ T9663]  ? getname_flags+0xb8/0x540
[  226.638804][ T9663]  getname_flags+0xb8/0x540
[  226.638830][ T9663]  user_path_at+0x24/0x60
[  226.638858][ T9663]  do_utimes+0x131/0x2a0
[  226.638880][ T9663]  ? __pfx_do_utimes+0x10/0x10
[  226.638897][ T9663]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  226.638925][ T9663]  __x64_sys_utimes+0x142/0x220
[  226.638944][ T9663]  ? __pfx___x64_sys_utimes+0x10/0x10
[  226.638975][ T9663]  ? do_syscall_64+0xbe/0xf80
[  226.638995][ T9663]  do_syscall_64+0xfa/0xf80
[  226.639013][ T9663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.639032][ T9663]  ? clear_bhb_loop+0x60/0xb0
[  226.639055][ T9663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.639073][ T9663] RIP: 0033:0x7f28da38f749
[  226.639103][ T9663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.639120][ T9663] RSP: 002b:00007f28db1fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000eb
[  226.639141][ T9663] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38f749
[  226.639156][ T9663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  226.639168][ T9663] RBP: 00007f28db1fe090 R08: 0000000000000000 R09: 0000000000000000
[  226.639180][ T9663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.639198][ T9663] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  226.639228][ T9663]  </TASK>
[  226.943008][ T9637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  226.966384][ T9637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.015624][ T9674] loop3: detected capacity change from 0 to 7
[  227.022643][ T9674] Dev loop3: unable to read RDB block 7
[  227.029157][ T9674]  loop3: unable to read partition table
[  227.035142][ T9674] loop3: partition table beyond EOD, truncated
[  227.041448][ T9674] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  227.087049][  T907] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  227.106069][ T9677] overlayfs: missing 'lowerdir'
[  227.131673][ T6679] usb 5-1: USB disconnect, device number 19
[  227.267258][  T907] usb 1-1: device descriptor read/64, error -71
[  227.516998][  T907] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  227.669226][  T907] usb 1-1: device descriptor read/64, error -71
[  227.807653][  T907] usb usb1-port1: attempt power cycle
[  227.830686][ T9695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.847412][ T9695] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.921776][ T9697] binder: 9696:9697 ioctl c0306201 2000000001c0 returned -14
[  227.995686][ T9701] overlayfs: missing 'workdir'
[  228.067371][ T9703] 9p: Could not find request transport: �B"Bunix
[  228.163327][ T9709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.172099][  T907] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  228.180750][ T9709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.187373][ T5917] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  228.207580][  T907] usb 1-1: device descriptor read/8, error -71
[  228.346588][ T5917] usb 5-1: Using ep0 maxpacket: 16
[  228.353954][ T5917] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  228.362367][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  228.372593][ T5917] usb 5-1: config 0 has no interface number 0
[  228.381454][ T5917] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  228.390789][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.398863][ T5917] usb 5-1: Product: syz
[  228.404648][ T5917] usb 5-1: Manufacturer: syz
[  228.410136][ T5917] usb 5-1: SerialNumber: syz
[  228.419590][ T5917] usb 5-1: config 0 descriptor??
[  228.435309][ T5917] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  228.435701][ T9711] FAULT_INJECTION: forcing a failure.
[  228.435701][ T9711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  228.442779][ T5917] uvcvideo 5-1:0.105: No valid video chain found.
[  228.458591][  T907] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  228.470329][ T9711] CPU: 0 UID: 0 PID: 9711 Comm: syz.2.1398 Not tainted syzkaller #0 PREEMPT(full) 
[  228.470353][ T9711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  228.470365][ T9711] Call Trace:
[  228.470373][ T9711]  <TASK>
[  228.470381][ T9711]  dump_stack_lvl+0x189/0x250
[  228.470414][ T9711]  ? __pfx____ratelimit+0x10/0x10
[  228.470443][ T9711]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.470466][ T9711]  ? __pfx__printk+0x10/0x10
[  228.470506][ T9711]  should_fail_ex+0x414/0x560
[  228.470538][ T9711]  strncpy_from_user+0x36/0x2c0
[  228.470568][ T9711]  getname_flags+0xf3/0x540
[  228.470595][ T9711]  user_path_at+0x24/0x60
[  228.470623][ T9711]  do_utimes+0x131/0x2a0
[  228.470643][ T9711]  ? __pfx_do_utimes+0x10/0x10
[  228.470661][ T9711]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  228.470686][ T9711]  __x64_sys_utimes+0x142/0x220
[  228.470705][ T9711]  ? __pfx___x64_sys_utimes+0x10/0x10
[  228.470734][ T9711]  ? do_syscall_64+0xbe/0xf80
[  228.470754][ T9711]  do_syscall_64+0xfa/0xf80
[  228.470773][ T9711]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.470789][ T9711]  ? clear_bhb_loop+0x60/0xb0
[  228.470812][ T9711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.470829][ T9711] RIP: 0033:0x7f47ec18f749
[  228.470847][ T9711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.470861][ T9711] RSP: 002b:00007f47ea3ee038 EFLAGS: 00000246 ORIG_RAX: 00000000000000eb
[  228.470880][ T9711] RAX: ffffffffffffffda RBX: 00007f47ec3e5fa0 RCX: 00007f47ec18f749
[  228.470894][ T9711] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  228.470904][ T9711] RBP: 00007f47ea3ee090 R08: 0000000000000000 R09: 0000000000000000
[  228.470914][ T9711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.470923][ T9711] R13: 00007f47ec3e6038 R14: 00007f47ec3e5fa0 R15: 00007ffd256b6ee8
[  228.470953][ T9711]  </TASK>
[  228.671561][  T907] usb 1-1: device descriptor read/8, error -71
[  228.679970][ T5917] usb 5-1: USB disconnect, device number 20
[  228.718599][ T9713] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.1399'.
[  228.761065][ T9715] netlink: 'syz.2.1400': attribute type 13 has an invalid length.
[  228.789014][  T907] usb usb1-port1: unable to enumerate USB device
[  228.850458][ T9718] netlink: 'syz.2.1401': attribute type 10 has an invalid length.
[  228.863957][ T9719] loop3: detected capacity change from 0 to 7
[  228.872124][ T6011] Dev loop3: unable to read RDB block 7
[  228.877831][ T6011]  loop3: unable to read partition table
[  228.883793][ T6011] loop3: partition table beyond EOD, truncated
[  228.896077][ T9719] Dev loop3: unable to read RDB block 7
[  228.902052][ T9719]  loop3: unable to read partition table
[  228.908229][ T9719] loop3: partition table beyond EOD, truncated
[  228.915527][ T9719] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  228.965537][ T9721] overlayfs: missing 'workdir'
[  229.164342][ T9727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.176041][ T9727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.465990][ T9733] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1409'.
[  229.627439][ T5917] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  229.652925][ T9742] raw_sendmsg: syz.0.1412 forgot to set AF_INET. Fix it!
[  229.715171][ T9744] overlayfs: missing 'workdir'
[  229.796610][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  229.811376][ T5917] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  229.856580][ T5917] usb 5-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  229.869644][ T5917] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  229.879074][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.982886][ T9755] FAULT_INJECTION: forcing a failure.
[  229.982886][ T9755] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.016662][ T9755] CPU: 0 UID: 0 PID: 9755 Comm: syz.3.1418 Not tainted syzkaller #0 PREEMPT(full) 
[  230.016696][ T9755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  230.016708][ T9755] Call Trace:
[  230.016716][ T9755]  <TASK>
[  230.016723][ T9755]  dump_stack_lvl+0x189/0x250
[  230.016752][ T9755]  ? __pfx____ratelimit+0x10/0x10
[  230.016781][ T9755]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.016805][ T9755]  ? __pfx__printk+0x10/0x10
[  230.016840][ T9755]  should_fail_ex+0x414/0x560
[  230.016873][ T9755]  _copy_to_user+0x31/0xb0
[  230.016896][ T9755]  simple_read_from_buffer+0xe1/0x170
[  230.016925][ T9755]  proc_fail_nth_read+0x1b3/0x220
[  230.016949][ T9755]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.016974][ T9755]  ? rw_verify_area+0x2a6/0x4d0
[  230.016993][ T9755]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  230.017016][ T9755]  vfs_read+0x200/0xa30
[  230.017033][ T9755]  ? fdget_pos+0x247/0x320
[  230.017062][ T9755]  ? __pfx___mutex_lock+0x10/0x10
[  230.017082][ T9755]  ? __pfx_vfs_read+0x10/0x10
[  230.017102][ T9755]  ? __fget_files+0x2a/0x420
[  230.017130][ T9755]  ? __fget_files+0x3a0/0x420
[  230.017154][ T9755]  ? __fget_files+0x2a/0x420
[  230.017187][ T9755]  ksys_read+0x145/0x250
[  230.017209][ T9755]  ? __pfx_ksys_read+0x10/0x10
[  230.017232][ T9755]  ? do_syscall_64+0xbe/0xf80
[  230.017255][ T9755]  do_syscall_64+0xfa/0xf80
[  230.017274][ T9755]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.017293][ T9755]  ? clear_bhb_loop+0x60/0xb0
[  230.017316][ T9755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.017335][ T9755] RIP: 0033:0x7f28da38e15c
[  230.017352][ T9755] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  230.017369][ T9755] RSP: 002b:00007f28db1fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  230.017390][ T9755] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38e15c
[  230.017404][ T9755] RDX: 000000000000000f RSI: 00007f28db1fe0a0 RDI: 0000000000000003
[  230.017416][ T9755] RBP: 00007f28db1fe090 R08: 0000000000000000 R09: 0000000000000000
[  230.017428][ T9755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.017439][ T9755] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  230.017472][ T9755]  </TASK>
[  230.356949][ T9763] netlink: 'syz.3.1421': attribute type 10 has an invalid length.
[  230.483094][ T9767] loop3: detected capacity change from 0 to 7
[  230.497616][ T9767] Dev loop3: unable to read RDB block 7
[  230.503393][ T9767]  loop3: unable to read partition table
[  230.509325][ T9767] loop3: partition table beyond EOD, truncated
[  230.517733][ T9767] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  230.641183][ T9771] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  230.650763][ T9771] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  230.794693][ T9778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1428'.
[  230.823316][ T9778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.833025][ T9778] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.876013][ T9780] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1429'.
[  230.928429][ T9782] netlink: 'syz.0.1430': attribute type 1 has an invalid length.
[  231.131779][ T9786] binder: 9785:9786 ioctl c0306201 2000000001c0 returned -14
[  231.420276][ T9792] netlink: 'syz.0.1434': attribute type 10 has an invalid length.
[  231.429415][ T9794] openvswitch: netlink: IP tunnel dst address not specified
[  231.553329][ T9800] netlink: 'syz.0.1438': attribute type 13 has an invalid length.
[  231.563818][ T9801] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  231.573540][ T9801] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  231.975695][ T9818] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1445'.
[  232.150963][ T9824] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  232.161910][ T9824] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  232.231487][ T9826] binder: 9825:9826 ioctl c0306201 2000000001c0 returned -14
[  232.274635][ T9828] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  232.320887][ T9828] CPU: 1 UID: 0 PID: 9828 Comm: syz.3.1450 Not tainted syzkaller #0 PREEMPT(full) 
[  232.320915][ T9828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  232.320928][ T9828] Call Trace:
[  232.320936][ T9828]  <TASK>
[  232.320945][ T9828]  dump_stack_lvl+0x189/0x250
[  232.320978][ T9828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.321003][ T9828]  ? __pfx__printk+0x10/0x10
[  232.321032][ T9828]  ? kernfs_path_from_node+0x2f/0x290
[  232.321051][ T9828]  ? kernfs_path_from_node+0x250/0x290
[  232.321071][ T9828]  ? kernfs_path_from_node+0x2f/0x290
[  232.321095][ T9828]  sysfs_warn_dup+0x8e/0xa0
[  232.321115][ T9828]  sysfs_do_create_link_sd+0xc0/0x110
[  232.321140][ T9828]  device_add_class_symlinks+0x1cf/0x240
[  232.321171][ T9828]  device_add+0x475/0xb80
[  232.321200][ T9828]  wiphy_register+0x1d2e/0x2d20
[  232.321241][ T9828]  ? __pfx_wiphy_register+0x10/0x10
[  232.321268][ T9828]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  232.321308][ T9828]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  232.321343][ T9828]  ieee80211_register_hw+0x34a7/0x4110
[  232.321379][ T9828]  ? ieee80211_register_hw+0x1451/0x4110
[  232.321422][ T9828]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  232.321442][ T9828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  232.321475][ T9828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  232.321503][ T9828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  232.321540][ T9828]  ? __hrtimer_setup+0x181/0x200
[  232.321563][ T9828]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  232.321586][ T9828]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  232.321616][ T9828]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  232.321638][ T9828]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  232.321652][ T9828]  ? kstrndup+0xbf/0x160
[  232.321670][ T9828]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  232.321685][ T9828]  ? __pfx___nla_validate_parse+0x10/0x10
[  232.321705][ T9828]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  232.321719][ T9828]  ? rcu_is_watching+0x15/0xb0
[  232.321735][ T9828]  ? __nla_parse+0x40/0x60
[  232.321748][ T9828]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  232.321770][ T9828]  genl_family_rcv_msg_doit+0x215/0x300
[  232.321790][ T9828]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  232.321828][ T9828]  ? bpf_lsm_capable+0x9/0x20
[  232.321850][ T9828]  ? security_capable+0x7e/0x2e0
[  232.321883][ T9828]  genl_rcv_msg+0x60e/0x790
[  232.321903][ T9828]  ? __pfx_genl_rcv_msg+0x10/0x10
[  232.321921][ T9828]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  232.321943][ T9828]  netlink_rcv_skb+0x208/0x470
[  232.321959][ T9828]  ? __pfx_genl_rcv_msg+0x10/0x10
[  232.321989][ T9828]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  232.322026][ T9828]  ? down_read+0x274/0x2e0
[  232.322046][ T9828]  ? genl_rcv+0xd/0x40
[  232.322071][ T9828]  genl_rcv+0x28/0x40
[  232.322097][ T9828]  netlink_unicast+0x82f/0x9e0
[  232.322129][ T9828]  ? __pfx_netlink_unicast+0x10/0x10
[  232.322152][ T9828]  ? netlink_sendmsg+0x642/0xb30
[  232.322172][ T9828]  ? skb_put+0x11b/0x210
[  232.322196][ T9828]  netlink_sendmsg+0x805/0xb30
[  232.322219][ T9828]  ? aa_sk_perm+0x15f/0x920
[  232.322256][ T9828]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.322283][ T9828]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  232.322314][ T9828]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.322337][ T9828]  sock_sendmsg_nosec+0x18f/0x1d0
[  232.322367][ T9828]  ____sys_sendmsg+0x577/0x880
[  232.322401][ T9828]  ? __pfx_____sys_sendmsg+0x10/0x10
[  232.322433][ T9828]  ? import_iovec+0x74/0xa0
[  232.322459][ T9828]  ___sys_sendmsg+0x21f/0x2a0
[  232.322484][ T9828]  ? __pfx____sys_sendmsg+0x10/0x10
[  232.322514][ T9828]  ? futex_wait+0x285/0x360
[  232.322571][ T9828]  ? __fget_files+0x2a/0x420
[  232.322700][ T9828]  ? __fget_files+0x3a0/0x420
[  232.322726][ T9828]  __x64_sys_sendmsg+0x19b/0x260
[  232.322743][ T9828]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  232.322766][ T9828]  ? do_syscall_64+0xbe/0xf80
[  232.322779][ T9828]  do_syscall_64+0xfa/0xf80
[  232.322789][ T9828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.322800][ T9828]  ? clear_bhb_loop+0x60/0xb0
[  232.322813][ T9828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.322823][ T9828] RIP: 0033:0x7f28da38f749
[  232.322834][ T9828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.322843][ T9828] RSP: 002b:00007f28db1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.322855][ T9828] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38f749
[  232.322863][ T9828] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  232.322870][ T9828] RBP: 00007f28da413f91 R08: 0000000000000000 R09: 0000000000000000
[  232.322877][ T9828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.322883][ T9828] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  232.322908][ T9828]  </TASK>
[  232.835687][   T48] usb 5-1: USB disconnect, device number 21
[  232.964714][ T9837] netlink: 'syz.4.1454': attribute type 13 has an invalid length.
[  233.407065][ T9852] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1461'.
[  233.437793][ T9856] binder: 9855:9856 ioctl c0306201 2000000001c0 returned -14
[  233.539842][ T9860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.554324][ T9860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.566417][   T30] audit: type=1400 audit(1764190570.602:904): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=9858 comm="syz.2.1465"
[  233.679361][ T9866] 
[  233.681722][ T9866] ================================================
[  233.688221][ T9866] WARNING: lock held when returning to user space!
[  233.694734][ T9866] syzkaller #0 Not tainted
[  233.699150][ T9866] ------------------------------------------------
[  233.705645][ T9866] syz.3.1467/9866 is leaving the kernel with locks still held!
[  233.713184][ T9866] 1 lock held by syz.3.1467/9866:
[  233.718197][ T9866]  #0: ffff888033b2c420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  233.790938][ T9872] ieee80211 4π!F���Vl�uc'f`�ކ�;��1�: Selected rate control algorithm 'minstrel_ht'
[  233.802355][ T9872] sysfs: cannot create duplicate filename '/class/ieee80211/4π!F���Vl�uc'f`�ކ�;��1�'
[  233.813683][ T9872] CPU: 1 UID: 0 PID: 9872 Comm: syz.3.1469 Not tainted syzkaller #0 PREEMPT(full) 
[  233.813700][ T9872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  233.813707][ T9872] Call Trace:
[  233.813711][ T9872]  <TASK>
[  233.813716][ T9872]  dump_stack_lvl+0x189/0x250
[  233.813735][ T9872]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.813747][ T9872]  ? __pfx__printk+0x10/0x10
[  233.813758][ T9872]  ? kernfs_root+0x1c/0x230
[  233.813770][ T9872]  ? kernfs_path_from_node+0x2f/0x290
[  233.813781][ T9872]  ? kernfs_path_from_node+0x250/0x290
[  233.813791][ T9872]  ? kernfs_path_from_node+0x2f/0x290
[  233.813802][ T9872]  sysfs_warn_dup+0x8e/0xa0
[  233.813813][ T9872]  sysfs_do_create_link_sd+0xc0/0x110
[  233.813824][ T9872]  device_add_class_symlinks+0x1cf/0x240
[  233.813839][ T9872]  device_add+0x475/0xb80
[  233.813852][ T9872]  wiphy_register+0x1d2e/0x2d20
[  233.813868][ T9872]  ? __pfx_wiphy_register+0x10/0x10
[  233.813881][ T9872]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  233.813893][ T9872]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  233.813910][ T9872]  ieee80211_register_hw+0x34a7/0x4110
[  233.813925][ T9872]  ? ieee80211_register_hw+0x1451/0x4110
[  233.813936][ T9872]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  233.813946][ T9872]  ? rcu_is_watching+0x15/0xb0
[  233.813960][ T9872]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  233.813975][ T9872]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  233.813991][ T9872]  ? __hrtimer_setup+0x181/0x200
[  233.814003][ T9872]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  233.814016][ T9872]  mac80211_hwsim_new_radio+0x2f76/0x5320
[  233.814031][ T9872]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  233.814046][ T9872]  ? __kmalloc_node_track_caller_noprof+0x594/0x820
[  233.814058][ T9872]  ? kstrndup+0xbf/0x160
[  233.814071][ T9872]  hwsim_new_radio_nl+0xf5b/0x1bd0
[  233.814081][ T9872]  ? __pfx___nla_validate_parse+0x10/0x10
[  233.814112][ T9872]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  233.814123][ T9872]  ? rcu_is_watching+0x15/0xb0
[  233.814137][ T9872]  ? __nla_parse+0x40/0x60
[  233.814147][ T9872]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  233.814165][ T9872]  genl_family_rcv_msg_doit+0x215/0x300
[  233.814181][ T9872]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  233.814198][ T9872]  ? bpf_lsm_capable+0x9/0x20
[  233.814210][ T9872]  ? security_capable+0x7e/0x2e0
[  233.814225][ T9872]  genl_rcv_msg+0x60e/0x790
[  233.814240][ T9872]  ? __pfx_genl_rcv_msg+0x10/0x10
[  233.814253][ T9872]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  233.814263][ T9872]  ? __netlink_lookup+0xbd/0x8a0
[  233.814288][ T9872]  ? rcu_is_watching+0x15/0xb0
[  233.814303][ T9872]  netlink_rcv_skb+0x208/0x470
[  233.814314][ T9872]  ? __pfx_genl_rcv_msg+0x10/0x10
[  233.814328][ T9872]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  233.814343][ T9872]  ? down_read+0x274/0x2e0
[  233.814353][ T9872]  ? genl_rcv+0xd/0x40
[  233.814367][ T9872]  genl_rcv+0x28/0x40
[  233.814380][ T9872]  netlink_unicast+0x82f/0x9e0
[  233.814392][ T9872]  ? __pfx_netlink_unicast+0x10/0x10
[  233.814402][ T9872]  ? netlink_sendmsg+0x642/0xb30
[  233.814413][ T9872]  ? skb_put+0x11b/0x210
[  233.814423][ T9872]  netlink_sendmsg+0x805/0xb30
[  233.814435][ T9872]  ? aa_sk_perm+0x15f/0x920
[  233.814461][ T9872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  233.814481][ T9872]  ? futex_unqueue+0x22/0x240
[  233.814498][ T9872]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  233.814520][ T9872]  ? lock_release+0x4b/0x3b0
[  233.814539][ T9872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  233.814553][ T9872]  sock_sendmsg_nosec+0x18f/0x1d0
[  233.814567][ T9872]  ____sys_sendmsg+0x577/0x880
[  233.814579][ T9872]  ? __pfx_____sys_sendmsg+0x10/0x10
[  233.814591][ T9872]  ? import_iovec+0x74/0xa0
[  233.814602][ T9872]  ___sys_sendmsg+0x21f/0x2a0
[  233.814612][ T9872]  ? __pfx____sys_sendmsg+0x10/0x10
[  233.814624][ T9872]  ? futex_wait+0x285/0x360
[  233.814648][ T9872]  ? __fget_files+0x2a/0x420
[  233.814670][ T9872]  ? __fget_files+0x3a0/0x420
[  233.814694][ T9872]  __x64_sys_sendmsg+0x19b/0x260
[  233.814713][ T9872]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  233.814740][ T9872]  ? rcu_is_watching+0x15/0xb0
[  233.814756][ T9872]  do_syscall_64+0xfa/0xf80
[  233.814766][ T9872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.814776][ T9872]  ? clear_bhb_loop+0x60/0xb0
[  233.814787][ T9872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.814797][ T9872] RIP: 0033:0x7f28da38f749
[  233.814807][ T9872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.814816][ T9872] RSP: 002b:00007f28db1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  233.814829][ T9872] RAX: ffffffffffffffda RBX: 00007f28da5e5fa0 RCX: 00007f28da38f749
[  233.814837][ T9872] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  233.814843][ T9872] RBP: 00007f28da413f91 R08: 0000000000000000 R09: 0000000000000000
[  233.814850][ T9872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.814855][ T9872] R13: 00007f28da5e6038 R14: 00007f28da5e5fa0 R15: 00007ffef6c571a8
[  233.814866][ T9872]  </TASK>