last executing test programs:

2m14.520326317s ago: executing program 0 (id=339):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b04, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x64, 0x3e, 0x10, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @generic="0a3bceec9d9dc91b9b1acb8e13fb57bb39d57b826b90cfad0ec1c22a326dc9620dd3e318afc3ec90ca8ede1b217f1fdb0cff570cdd531a247157a7426cc6024a88801bc0059d4b", @typed={0x4, 0x4f}]}, 0x64}, 0x1, 0x0, 0x0, 0x20048000}, 0x44000)
pipe(&(0x7f00000000c0))
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0)

2m14.307643337s ago: executing program 0 (id=341):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
sendfile(r2, r2, 0x0, 0xee0c)
r3 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x22052, r0, 0x2000)

2m13.785838339s ago: executing program 0 (id=342):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000300)={0x90, r1, 0x5, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x49, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random=0x1a8, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x3, 0x7, 0x7f, 0xfc}}, @void, @void, @val={0x25, 0x3, {0x0, 0x24, 0x4}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x8}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x2]}]}]}]}, 0x90}}, 0x0)

2m13.432851493s ago: executing program 0 (id=344):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r3, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000140)='tracefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x0, [<r7=>0x0]})
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="380000002d000100000000000000000003"], 0x38}], 0x1}, 0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000340)=0x15)
ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000000)=0x13)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000180)={r7, 0x80000})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r7, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r10, 0xc06864ce, &(0x7f0000000280)={r6, 0x0, 0x0, 0x0, 0x0, [<r11=>0x0], [], [0xfffffffd], [0x0, 0x1, 0x400000006]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r11})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})

2m13.082417388s ago: executing program 0 (id=348):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000580), 0x0)
sendmsg$inet_sctp(r1, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x8000, 0x6, 0x8, 0xd4, 0x8}, &(0x7f00000000c0)=0x14)
stat(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x10000, &(0x7f0000000940)=ANY=[@ANYBLOB="7400000000000000001364137af1c1cf18f958232e74725902000000", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',msize=0x0000000000000007,uname=ntfs3\x00,cache=none,access=user,cache=fscache,access=client,loose,version=9p2000.L,access=any,euid>', @ANYRESDEC, @ANYBLOB=',smackfsroot=,dont_hash,nolazytime,fowner>', @ANYRESDEC, @ANYBLOB=',uid=', @ANYRESDEC=r2, @ANYBLOB=',\x00'])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b0400000000000000000200003d0900020073797a32000000000900010073797a30000000002800048024000180090001006d6574610000000014000280000002400000000c08000340881632fa140000001100020100000000000000000000000a"], 0x7c}}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
pwritev2(r4, &(0x7f00000003c0)=[{&(0x7f0000000080)="f1", 0x1}], 0x1, 0x0, 0x9, 0x1)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024})
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000140)={&(0x7f00000006c0)=""/250, 0x2000, 0x3000, 0x401, 0x2}, 0x20)
r5 = socket$alg(0x26, 0x5, 0x0)
unshare(0x2c060000)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x10}, 0x18)
bind$alg(r5, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'sha256\x00'}, 0xfffffffffffffde1)
r6 = accept4(r5, 0x0, 0x0, 0x0)
pipe(&(0x7f00000045c0)={<r7=>0xffffffffffffffff})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0406030ac900"], 0x6)
splice(r7, 0x0, r6, 0x0, 0x8000, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0)

2m12.870794984s ago: executing program 0 (id=349):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x14, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mkdirat(r3, &(0x7f0000000080)='./file0\x00', 0x11)
r6 = dup3(r3, r5, 0x80000)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r6, 0x40405515, &(0x7f00000001c0)={0x9, 0x0, 0x259a, 0x0, 'syz0\x00', 0xeb27})
write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r5)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
quotactl_fd$Q_SYNC(r3, 0x7fffffff40000380, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)

1m57.817452163s ago: executing program 32 (id=349):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x14, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mkdirat(r3, &(0x7f0000000080)='./file0\x00', 0x11)
r6 = dup3(r3, r5, 0x80000)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r6, 0x40405515, &(0x7f00000001c0)={0x9, 0x0, 0x259a, 0x0, 'syz0\x00', 0xeb27})
write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r5)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
quotactl_fd$Q_SYNC(r3, 0x7fffffff40000380, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)

8.01551829s ago: executing program 4 (id=1048):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, &(0x7f0000000000)=""/188, 0xbc)
syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000300)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x8, 0x0, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x4, 0x5, 0xfa}, {0x6, 0x24, 0x1a, 0x5}}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x1, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x6, 0x3, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x4, 0x3}}}}}}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x5, &(0x7f00000004c0)=@string={0x5, 0x3, "305594"}}]})
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)

4.803811399s ago: executing program 4 (id=1084):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0, 0x609})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xffffffffffffffff, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x8, 0x7d, 0x0, 0x0, 0x0, 0x2, 0x1, 0x6a, 0x8f], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.59025999s ago: executing program 4 (id=1087):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x31ce, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x90, 0x3, [{{0x9, 0x4, 0x0, 0xe, 0x2, 0x3, 0x1, 0x1, 0xff, {0x9, 0x21, 0x8, 0x1, 0x1, {0x22, 0xb8b}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0xf8, 0x1}}}}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000e00)={0xa, 0x6, 0x201, 0x6, 0x0, 0x8, 0x40, 0x2}, 0x55, &(0x7f0000000e40)={0x5, 0xf, 0x55, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "65222ea34c7c4b6c9e49009fc6d31252"}, @generic={0x2e, 0x10, 0x4, "0e2d711c831ce25a302c287a9016cd7a520f8af64917b16ebd360c15e9293d4f288801598410e45e49e681"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x25, 0x10, 0x9, 0x401, 0xab}, @ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f0000000ec0)=@lang_id={0x4, 0x3, 0x444}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0xc01}}, {0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x445}}]})
setsockopt$sock_int(r3, 0x1, 0x2b, &(0x7f0000000340)=0x5, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r4=>0x0})
sendto$packet(r3, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b000900000000090400"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d10402064d8c5"], 0x0)
syz_usb_disconnect(r5)
syz_usb_connect(0x0, 0x24, &(0x7f0000002480)={{0x12, 0x1, 0x0, 0x6, 0x38, 0x37, 0x40, 0x424, 0x9d00, 0xebc7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xc6, 0x1f, 0xe}}]}}]}}, 0x0)
sendmsg$inet(r2, &(0x7f0000000d80)={&(0x7f0000000100)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10, &(0x7f0000000940)=[{&(0x7f0000000900)="2375210436", 0x5}], 0x1, &(0x7f0000000c40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @rand_addr=0x64010100, @private=0xa010102}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x6f}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x93e6}}, @ip_retopts={{0x9c, 0x0, 0x7, {[@end, @noop, @cipso={0x86, 0xc, 0x0, [{0x0, 0x6, "70a9644e"}]}, @end, @cipso={0x86, 0x27, 0x3, [{0x5, 0x7, "58434413c2"}, {0x2, 0xb, "b7dbec6f5a8ba776fd"}, {0x7, 0xc, "8762f3716bf349f1787f"}, {0x0, 0x3, 'm'}]}, @generic={0x7, 0x3, "be"}, @timestamp={0x44, 0x24, 0xdb, 0x0, 0x1, [0x9, 0x5, 0x7fffffff, 0x8, 0x4, 0x3ff, 0x7, 0xb]}, @timestamp={0x44, 0x20, 0xc, 0x0, 0x5, [0x7, 0x5, 0x7, 0x6, 0x32, 0x1, 0x5]}, @noop, @generic={0x82, 0xe, "f3e747e4b182df2dbc8b7b0f"}]}}}], 0x108}, 0x4)
syz_usb_connect(0x2, 0x5a4, &(0x7f0000000280)={{0x12, 0x1, 0x310, 0x79, 0x9e, 0x43, 0x8, 0x413c, 0x8114, 0x65c3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x592, 0x2, 0x52, 0x0, 0x20, 0xb, [{{0x9, 0x4, 0x39, 0xd5, 0x5, 0x72, 0x4a, 0x9c, 0x4, [@hid_hid={0x9, 0x21, 0x6, 0x5, 0x1, {0x22, 0x5c2}}, @uac_control={{0xa, 0x24, 0x1, 0xfff, 0x3}, [@processing_unit={0xc, 0x24, 0x7, 0x3, 0x4, 0x71, "49307f64f2"}, @feature_unit={0x13, 0x24, 0x6, 0x5, 0x4, 0x6, [0x5, 0x2, 0x7, 0x4, 0x9, 0x9], 0xb}, @mixer_unit={0x7, 0x24, 0x4, 0x4, 0xf, "cffc"}, @extension_unit={0xb, 0x24, 0x8, 0x1, 0x0, 0x3, "81068e59"}]}], [{{0x9, 0x5, 0xb, 0x2, 0x200, 0xff, 0x2, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xb, 0x533}]}}, {{0x9, 0x5, 0xe, 0x6, 0x40, 0xff, 0x1, 0x7a}}, {{0x9, 0x5, 0x3, 0x10, 0x0, 0x9, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0x6}]}}, {{0x9, 0x5, 0xa, 0x12, 0x200, 0x0, 0xf2}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x9, 0x0, 0x5}}]}}, {{0x9, 0x4, 0x4d, 0x1, 0xe, 0xff, 0x4, 0x62, 0x4, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "3b08c2c153"}, {0x5, 0x24, 0x0, 0x7f}, {0xd, 0x24, 0xf, 0x1, 0x1, 0xfffd, 0x4, 0xf}}], [{{0x9, 0x5, 0x19, 0x3, 0x20, 0x7, 0x0, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0xd}]}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0x4, 0x7, 0x8, [@generic={0x8b, 0x30, "cf9a3ef04ae521857ca0cbeef5169adc20a0bed7bbd35d1cb89b2fe9df0ac3fa1c2f24a46b83ea51567f1560123ac49fa66bc7618152cdeec8f9f50896a5c434a7c85b757f7dd0600c1003e6421be563c67cd2901f844587c1dcbb0144d7b7a51ed79f64d30d5ebfcea6be15e8d7ace838843d72069ab8fad17401db5eb06466cc4ffe0e4db0653146"}, @generic={0xd4, 0x21, "6bfef83ca80aa409fffe2249a5ffa07dd2b29b012386d9c3b4d9413443dbd5566caaca2754a2fe3bb87f6b17316a8c93bd9b4840420b53968f635178beeaaa146d8b2342fc0390e877bf23364bca000ec1126a4cb3cf8724ba52ea55a1d51821ee5fc82d64f5f5e5fbcf48ee9b5b511f85da7da63d207ebc174505d9261c99164e4352e57cc93d10ae63581703ed51db593360fee1932d9aa7f9319e8161b3d24b19ec90e37efd883afbd88e4152f22662aef69de5076bd03b50969e6b34c330723938e94f256633dd952e3e99e003ff8dc6"}]}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0x88, 0x2, 0x64, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x40, 0xb65f}]}}, {{0x9, 0x5, 0x0, 0x8, 0x400, 0x5, 0x1, 0x5}}, {{0x9, 0x5, 0x2, 0x10, 0x400, 0x8, 0x36, 0xf9}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x9, 0x5, 0xf8}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x3, 0x1, 0x22, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x7f, 0xfbff}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x300}]}}, {{0x9, 0x5, 0x80, 0x4, 0x40, 0xe, 0xb8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x1, 0xc92}]}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x65, 0x6, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x8}]}}, {{0x9, 0x5, 0xe, 0x10, 0x250, 0xc, 0xdc, 0xcc, [@generic={0x70, 0x4, "1577cc6a39f17f2278968351747e9363736e3241417f7ceedcb6d963f0726f92bd08163425ba963ab8b445a4ca17df68fec1ec57d1f2b6d5a9693e071d03c1e03b508ba0553c9b1548c88697f4bf86377a4df31fcfca0a0bb572754eb3a457036f6bfa2670fb872e3b9eb9d3ce98"}, @generic={0x37, 0x21, "d453a2c14900e848e54f6a56e38d32295159d61f6363a863e2edada0d36cead05bc76d138b1735762010beadafd6e57ddb332004cb"}]}}, {{0x9, 0x5, 0x4, 0x1, 0x40, 0x4, 0x9, 0x9b, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x6e, 0xaa8}, @generic={0xd2, 0x3, "9ed4c461da3760f80cadf294709732f93b559fdf8bca7f5caf3bf6b8d12f9a8eabf682cfba01a9949d12d008b70cb5ed7c3e90d1286abd410745faf17dd15361b223cb924b64661caa691cf9ed0c4dd8d305f6e0513b7c1a1663008adca2a603959677b62a67a359b33678b39d4551fcf6bec4bfe9818de2f3037325272aed18f2329d5d7d1ca73377aba4ef5a87255e1a50acdcbbd950c412a5bfe11f1a8660af92ba449bc5258b448b2c9a85550827050e57d13a893d17421c48c2593e8edefb47b6b2e417ce823685b592358dd83a"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0xc, 0x1a, 0xea, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0xfffc}]}}, {{0x9, 0x5, 0x5, 0xa, 0x40, 0x3, 0x8, 0xc, [@generic={0x5d, 0xd, "bd225daeb17d12d3cc3b9d9a66b07f8568bda9044f2510ad98ee95dea57242ff127a57e83f4b3ad108dc5a90d5826a3e73a00168536da735bde871ec620978da308d2f6ac3ce21c97c2b19c92aa8fa07cd2169b9f51cc140d9ac98"}, @generic={0xe4, 0x24, "a84be2c027d1a778422895fb10313997fbc14d3efb08848eb4f9bf9a3100623160375cb69ba9771851395a4c5d05927f4c6a4f5f13dc7784a584dee04186ae176f3255c6bc199a0089807c1f068d3e989a4e75622cdc4c0c53a1e7deb1e08c0ddc6b2e77f1001a67014ba0e3008bf5eb3d54bb955adfe7c04e5d0da57d5a390fc9a5ed3c61dfc5c90c530261f420fb40423dbcce807dd3ddce21d9161553b02576409ee848a2d2739bad1918453e9cef0dc4ce2a4cd63c598b304067bde395a355629cd9e00997e361762621020fdd411f1c5920d8a5cc3e34c8367b77ec663472ff"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x8, 0x9, 0x7, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2c, 0x8001}]}}]}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xc7, 0x7, 0xc, 0xff}, 0x56, &(0x7f0000000a80)={0x5, 0xf, 0x56, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x90, 0x6, 0x7, 0x400, 0x9}, @generic={0x38, 0x10, 0xa, "04f9c1f16fbf11eddd3cd8b8ddab96b1122ebecef0e4d2a91ef92a442812d61371dceb3242d3a550222f63a6352fd84b7f535814c9"}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x6, 0x3, 0xfff8}, @ext_cap={0x7, 0x10, 0x2, 0x14}]}, 0x9, [{0x46, &(0x7f0000000140)=@string={0x46, 0x3, "3c298f1e502ab3824621d23c0958214f2da8137fc53871b10f4c1fa80cab4f6d3db92f193a234a73d5f77eac3129085d9962844959a555c2a27946d658a22c15482333d5"}}, {0x2, &(0x7f00000001c0)=@string={0x2}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x16}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x44e}}, {0x30, &(0x7f00000008c0)=@string={0x30, 0x3, "a6db774bea58ecb3e58120fd373b3853fc26026acae6ca183160d05ea11f2059473e6067f82014a039e1d0492eef"}}, {0x91, &(0x7f0000000b80)=@string={0x91, 0x3, "0e39f166da721fb52c294afe1f4a1efee642917b90812b5d53691195fbbef51bbd64cc92db992b9eb0c646b22f03cf35ff67726fdb66ec2d986376b8ac40960383e8fabf58cce0c576111363afff2796b50d474161485b044e998d22a46aefac4e2b87e09aca28c321d9dcdb4404079350c0afbf5dcd184e210f978cd046787745e73c4d835db709327da74d3bf3ba"}}, {0x76, &(0x7f0000000b00)=@string={0x76, 0x3, "7fc18363494c5994dcb120e5415cc2fdb51a372c2ca0fa01f3f33a60a7578f2bf0127026f3c583dda1bd862cfe1d4e822a9419e9972750ea07f0af7dc308ead2485e78bf39819ac6a9f9076661e8caa2eb073d3bf81804161fb6623a1076be4a54d77b8eb3da9f86028b15198cdaf445c287ba8c"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x240a}}]})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r6, 0x707, &(0x7f00000000c0)={&(0x7f0000000240)=[{0x3c, 0x801, 0x0, 0x0}], 0x1})

4.293658482s ago: executing program 2 (id=1093):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x22052, r0, 0x2000)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2)
ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x3)

4.072139597s ago: executing program 2 (id=1094):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0xffff1000, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x73, 0xee, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x53, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x9, '\x00', 0xd3}, {0x9, 0x0, 0x8, '\x00', 0x4}, {0x9, 0x9, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0x9, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6e, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0xf}, {0x1, 0x1, 0xb}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x58, 0xa, 0x0, "3258c546dacccfae1e008faa022c1e00f4bf40074000000200"})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])

3.843341267s ago: executing program 2 (id=1095):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0, 0x609})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xffffffffffffffff, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x8, 0x7d, 0x0, 0x0, 0x0, 0x2, 0x1, 0x6a, 0x8f], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.670365314s ago: executing program 2 (id=1096):
r0 = syz_usb_connect(0x2, 0x6f, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xf5, 0x3d, 0xe5, 0x20, 0x19d2, 0xffd3, 0xa4fa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5d, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x2d, 0xf3, 0x0, 0xff, 0xff, 0xff, 0x0, [@generic={0x4b, 0x30, "77824efc0aec3284491b18edfc8db2fb0cfab89bc0e1306d61137199aa97a2368d2b783568f72e67c2286d3cc2a814d0bcab8954554ed8efd14c0d1d8e776c9c1017b45f574ecbd080"}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000100)=ANY=[@ANYBLOB="0001f8000000"], 0x0, 0x0, 0x0, 0x0, 0x0})

2.315920766s ago: executing program 4 (id=1105):
openat$tun(0xffffffffffffff9c, 0x0, 0xea341, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$kcm(0x29, 0xdafe66e8a9757d21, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

2.297931014s ago: executing program 4 (id=1106):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000880)={'wpan0\x00', <r3=>0x0})
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40)
fcntl$notify(r5, 0x402, 0x8000003d)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000180), 0xc06620, 0x4)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)={0x24, r2, 0x801, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x88c1}, 0x4000)

1.666832827s ago: executing program 3 (id=1111):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
socket$nl_generic(0x10, 0x3, 0x10)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRES16=r1, @ANYRES8], 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'pimreg1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc0000000000002c000000000000000000860090780000000000000000000000000000ee3f000000002b036f"], 0xfdef)

1.410657744s ago: executing program 4 (id=1113):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f00000007c0)=0x40000401, 0x4)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f000000c3c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000840)={0x44, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r5, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000740)={0x20, 0x18}, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0xffffffff980c0464, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6c, 0x4}}, 0x50)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x88101, 0x80)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r6, r3)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x10000000}, 0x1c)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x3}, 0x1c)

1.044168682s ago: executing program 3 (id=1116):
r0 = syz_usb_connect(0x6, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

760.08323ms ago: executing program 1 (id=1119):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001700)=""/213, 0xd5}, {0x0}, {&(0x7f0000003e00)=""/4098, 0x1002}], 0x3}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}], 0x4, 0x40000020, 0x0)

752.002515ms ago: executing program 1 (id=1120):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000240)={0x48, r3, 0x1, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x4d}, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}]]}, 0x48}, 0x1, 0x0, 0x0, 0x8050}, 0x240048c0)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, r1, 0x8, 0x70bd26, 0x7c6, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x401, 0x6b}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c800)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)={0x20, r5, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x800)

693.037936ms ago: executing program 1 (id=1121):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
gettid()
fstat(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
setreuid(0x0, r2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x11080})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
gettid() (async)
fstat(r1, &(0x7f0000000440)) (async)
socket$can_raw(0x1d, 0x3, 0x1) (async)
bind$can_raw(r3, &(0x7f0000000000), 0x10) (async)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00) (async)
setreuid(0x0, r2) (async)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x11080}) (async)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x8, 0x0) (async)

539.947339ms ago: executing program 2 (id=1122):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0xffff1000, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x73, 0xee, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x53, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x9, '\x00', 0xd3}, {0x9, 0x0, 0x8, '\x00', 0x4}, {0x9, 0x9, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0x9, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6e, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0xf}, {0x1, 0x1, 0xb}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])

520.90799ms ago: executing program 1 (id=1123):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xea341, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$kcm(0x29, 0xdafe66e8a9757d21, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

474.922378ms ago: executing program 3 (id=1124):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x4, @none, 0x0, 0x1}, 0xe)
r1 = socket$inet6(0xa, 0x80002, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004c00)=[{{0x0, 0x0, 0x0}, 0xa}], 0x1, 0x40000021, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xf, &(0x7f0000000000), &(0x7f0000000080)=0x2)

412.910603ms ago: executing program 1 (id=1125):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x110, r0, 0xf648e000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x2c}}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x33fe0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
accept$nfc_llcp(r3, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
syz_socket_connect_nvme_tcp()
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

300.178268ms ago: executing program 3 (id=1126):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x80)
fchdir(r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000499000/0x7000)=nil, 0x7000, 0x1000007, 0x12, r3, 0x81e7000)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, <r6=>0x0], &(0x7f0000000280), 0x2, r5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000280), &(0x7f0000000300)=[r6], &(0x7f0000000340)})

245.40506ms ago: executing program 2 (id=1127):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0x19, @remote, 'vlan1\x00'}}, 0x1e)
connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
io_setup(0x2, &(0x7f0000000200)=<r7=>0x0)
clock_gettime(0x3, &(0x7f00000000c0))
io_submit(r7, 0x1, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r6, 0x0}])
dup3(r0, r1, 0x6700000000000000)

227.271668ms ago: executing program 3 (id=1128):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}], 0x2}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}], 0x4, 0x40000020, 0x0)

128.837121ms ago: executing program 3 (id=1129):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x122)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4048aecb, &(0x7f0000001440)={{0x7, 0x0, 0x80, {0x8080000, 0xd000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
r3 = gettid()
clock_nanosleep(0xfffffff2, 0x0, &(0x7f0000000140)={0x77359400}, 0x0)
rt_sigqueueinfo(r3, 0x21, &(0x7f0000002d00)={0xfffffffe, 0x0, 0xffffffff})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='cpuset\x00', 0x9c0010, 0x0)

0s ago: executing program 1 (id=1130):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000f00), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan4\x00', <r4=>0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0xfb7f, 0x0, 0x2, 0x2000, &(0x7f000000b000/0x2000)=nil})
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r1, 0x0, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xd}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x24008800)
r7 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
shmat(r7, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ff7000/0x2000)=nil)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000ffdadf251d0000000c000600010000000100000030002f800c00020000000000000100070000001800038008000100020000000800010001000000040003800000000000"], 0x50}, 0x1, 0x0, 0x0, 0x880}, 0x40)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000240), r2)

kernel console output (not intermixed with test programs):

4.486619][ T1214] tipc: Node number set to 1207308462
[  144.703102][ T6925] FAULT_INJECTION: forcing a failure.
[  144.703102][ T6925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.720502][ T6925] CPU: 0 UID: 0 PID: 6925 Comm: syz.2.294 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  144.720536][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.720546][ T6925] Call Trace:
[  144.720555][ T6925]  <TASK>
[  144.720564][ T6925]  dump_stack_lvl+0x189/0x250
[  144.720593][ T6925]  ? __pfx____ratelimit+0x10/0x10
[  144.720617][ T6925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.720640][ T6925]  ? __pfx__printk+0x10/0x10
[  144.720681][ T6925]  should_fail_ex+0x414/0x560
[  144.720710][ T6925]  __kvm_read_guest_page+0x18d/0x240
[  144.720740][ T6925]  kvm_fetch_guest_virt+0x12b/0x170
[  144.720764][ T6925]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  144.720783][ T6925]  __do_insn_fetch_bytes+0x2f9/0x6d0
[  144.720813][ T6925]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  144.720842][ T6925]  ? x86_decode_insn+0x12d7/0x5310
[  144.720869][ T6925]  x86_decode_insn+0x33c/0x5310
[  144.720929][ T6925]  ? __pfx_x86_decode_insn+0x10/0x10
[  144.720951][ T6925]  ? do_raw_spin_unlock+0x122/0x240
[  144.720988][ T6925]  ? __asan_memset+0x22/0x50
[  144.721013][ T6925]  ? init_decode_cache+0x78/0x90
[  144.721035][ T6925]  ? init_emulate_ctxt+0x4d6/0x660
[  144.721060][ T6925]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  144.721084][ T6925]  ? trace_rcu_utilization+0x47/0x1d0
[  144.721107][ T6925]  ? rcu_note_context_switch+0xdc1/0x1140
[  144.721129][ T6925]  x86_emulate_instruction+0x60a/0x1ef0
[  144.721160][ T6925]  ? __pfx___kvm_io_bus_write+0x10/0x10
[  144.721187][ T6925]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  144.721208][ T6925]  ? __get_current_cr3_fast+0x90/0x150
[  144.721225][ T6925]  ? clear_bhb_loop+0x60/0xb0
[  144.721242][ T6925]  ? clear_bhb_loop+0x60/0xb0
[  144.721259][ T6925]  ? vmx_vcpu_run+0xe91/0x2900
[  144.721281][ T6925]  ? __vmx_complete_interrupts+0xe7/0x690
[  144.721317][ T6925]  handle_ud+0x142/0x590
[  144.721356][ T6925]  ? __pfx_handle_ud+0x10/0x10
[  144.721374][ T6925]  ? vmx_handle_exit_irqoff+0x6c9/0xad0
[  144.721395][ T6925]  ? __pfx_kvm_fast_pio+0x10/0x10
[  144.721425][ T6925]  ? __lock_acquire+0xab9/0xd20
[  144.721450][ T6925]  ? __pfx_handle_exception_nmi+0x10/0x10
[  144.721474][ T6925]  vmx_handle_exit+0x1090/0x18a0
[  144.721500][ T6925]  ? vcpu_run+0x35f2/0x6fa0
[  144.721533][ T6925]  vcpu_run+0x434f/0x6fa0
[  144.721574][ T6925]  ? vcpu_run+0x35f2/0x6fa0
[  144.721648][ T6925]  ? __pfx_vcpu_run+0x10/0x10
[  144.721673][ T6925]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  144.721707][ T6925]  ? rcu_is_watching+0x15/0xb0
[  144.721734][ T6925]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  144.721765][ T6925]  ? __mutex_trylock_common+0x153/0x260
[  144.721793][ T6925]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  144.721817][ T6925]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  144.721844][ T6925]  ? rcu_is_watching+0x15/0xb0
[  144.721865][ T6925]  ? trace_contention_end+0x39/0x120
[  144.721888][ T6925]  ? __mutex_lock+0x335/0x1360
[  144.721921][ T6925]  ? kasan_quarantine_put+0xdd/0x220
[  144.721943][ T6925]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  144.721971][ T6925]  ? __pfx___mutex_lock+0x10/0x10
[  144.721997][ T6925]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  144.722024][ T6925]  ? do_vfs_ioctl+0xbe8/0x1430
[  144.722048][ T6925]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  144.722073][ T6925]  kvm_vcpu_ioctl+0x95c/0xe90
[  144.722105][ T6925]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  144.722126][ T6925]  ? __lock_acquire+0xab9/0xd20
[  144.722170][ T6925]  ? __fget_files+0x2a/0x420
[  144.722198][ T6925]  ? __fget_files+0x2a/0x420
[  144.722220][ T6925]  ? __fget_files+0x3a0/0x420
[  144.722242][ T6925]  ? __fget_files+0x2a/0x420
[  144.722270][ T6925]  ? bpf_lsm_file_ioctl+0x9/0x20
[  144.722287][ T6925]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  144.722311][ T6925]  __se_sys_ioctl+0xf9/0x170
[  144.722344][ T6925]  do_syscall_64+0xfa/0x3b0
[  144.722370][ T6925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.722385][ T6925]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  144.722401][ T6925]  ? clear_bhb_loop+0x60/0xb0
[  144.722421][ T6925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.722437][ T6925] RIP: 0033:0x7f958d38e9a9
[  144.722454][ T6925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.722468][ T6925] RSP: 002b:00007f958e165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  144.722489][ T6925] RAX: ffffffffffffffda RBX: 00007f958d5b5fa0 RCX: 00007f958d38e9a9
[  144.722501][ T6925] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  144.722511][ T6925] RBP: 00007f958e165090 R08: 0000000000000000 R09: 0000000000000000
[  144.722522][ T6925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.722532][ T6925] R13: 0000000000000000 R14: 00007f958d5b5fa0 R15: 00007ffeddaa88c8
[  144.722563][ T6925]  </TASK>
[  145.285369][ T6926] XFS (rnullb0): Invalid superblock magic number
[  145.763770][ T6940] FAULT_INJECTION: forcing a failure.
[  145.763770][ T6940] name failslab, interval 1, probability 0, space 0, times 0
[  145.780679][ T6940] CPU: 1 UID: 0 PID: 6940 Comm: syz.2.297 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  145.780707][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.780718][ T6940] Call Trace:
[  145.780725][ T6940]  <TASK>
[  145.780734][ T6940]  dump_stack_lvl+0x189/0x250
[  145.780765][ T6940]  ? __pfx____ratelimit+0x10/0x10
[  145.780791][ T6940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.780814][ T6940]  ? __pfx__printk+0x10/0x10
[  145.780840][ T6940]  ? __pfx___might_resched+0x10/0x10
[  145.780861][ T6940]  ? fs_reclaim_acquire+0x7d/0x100
[  145.780890][ T6940]  should_fail_ex+0x414/0x560
[  145.780919][ T6940]  should_failslab+0xa8/0x100
[  145.780942][ T6940]  __kmalloc_noprof+0xcb/0x4f0
[  145.780960][ T6940]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  145.780991][ T6940]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  145.781021][ T6940]  genl_family_rcv_msg_doit+0xb8/0x300
[  145.781051][ T6940]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  145.781075][ T6940]  ? rcu_is_watching+0x15/0xb0
[  145.781102][ T6940]  ? apparmor_capable+0x137/0x1b0
[  145.781125][ T6940]  ? bpf_lsm_capable+0x9/0x20
[  145.781145][ T6940]  ? security_capable+0x7e/0x2e0
[  145.781177][ T6940]  genl_rcv_msg+0x60e/0x790
[  145.781206][ T6940]  ? __pfx_genl_rcv_msg+0x10/0x10
[  145.781224][ T6940]  ? ref_tracker_free+0x63a/0x7d0
[  145.781247][ T6940]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  145.781284][ T6940]  ? __pfx_ref_tracker_free+0x10/0x10
[  145.781321][ T6940]  netlink_rcv_skb+0x205/0x470
[  145.781345][ T6940]  ? __pfx_genl_rcv_msg+0x10/0x10
[  145.781364][ T6940]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  145.781405][ T6940]  ? down_read+0x1ad/0x2e0
[  145.781424][ T6940]  genl_rcv+0x28/0x40
[  145.781440][ T6940]  netlink_unicast+0x759/0x8e0
[  145.781474][ T6940]  netlink_sendmsg+0x805/0xb30
[  145.781508][ T6940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.781536][ T6940]  ? aa_sock_msg_perm+0xf1/0x1d0
[  145.781561][ T6940]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  145.781583][ T6940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  145.781607][ T6940]  __sock_sendmsg+0x219/0x270
[  145.781633][ T6940]  ____sys_sendmsg+0x505/0x830
[  145.781659][ T6940]  ? __pfx_____sys_sendmsg+0x10/0x10
[  145.781688][ T6940]  ? import_iovec+0x74/0xa0
[  145.781710][ T6940]  ___sys_sendmsg+0x21f/0x2a0
[  145.781731][ T6940]  ? __pfx____sys_sendmsg+0x10/0x10
[  145.781792][ T6940]  ? __fget_files+0x2a/0x420
[  145.781814][ T6940]  ? __fget_files+0x3a0/0x420
[  145.781849][ T6940]  __x64_sys_sendmsg+0x19b/0x260
[  145.781870][ T6940]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  145.781900][ T6940]  ? __pfx_ksys_write+0x10/0x10
[  145.781918][ T6940]  ? rcu_is_watching+0x15/0xb0
[  145.781944][ T6940]  ? do_syscall_64+0xbe/0x3b0
[  145.781972][ T6940]  do_syscall_64+0xfa/0x3b0
[  145.781993][ T6940]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.782015][ T6940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.782031][ T6940]  ? clear_bhb_loop+0x60/0xb0
[  145.782052][ T6940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.782068][ T6940] RIP: 0033:0x7f958d38e9a9
[  145.782084][ T6940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.782097][ T6940] RSP: 002b:00007f958e165038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  145.782116][ T6940] RAX: ffffffffffffffda RBX: 00007f958d5b5fa0 RCX: 00007f958d38e9a9
[  145.782129][ T6940] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  145.782139][ T6940] RBP: 00007f958e165090 R08: 0000000000000000 R09: 0000000000000000
[  145.782149][ T6940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.782159][ T6940] R13: 0000000000000000 R14: 00007f958d5b5fa0 R15: 00007ffeddaa88c8
[  145.782191][ T6940]  </TASK>
[  146.962390][ T6908] tipc: Disabling bearer <eth:syzkaller0>
[  146.991552][ T6921] netlink: 60 bytes leftover after parsing attributes in process `syz.0.293'.
[  147.059444][ T1869] STV06xx 2-1:0.0: probe with driver STV06xx failed with error -71
[  147.105481][ T1869] usb 2-1: USB disconnect, device number 18
[  147.252177][ T6945] netlink: 104 bytes leftover after parsing attributes in process `syz.3.299'.
[  147.712906][ T6964] qnx4: no qnx4 filesystem (no root dir).
[  148.989673][ T6975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.016553][ T6975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.508517][   T30] audit: type=1326 audit(1753116337.712:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6980 comm="syz.1.314" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff874b8e9a9 code=0x0
[  149.627237][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.3.316'.
[  149.712003][ T6990] /dev/rnullb0: Can't open blockdev
[  149.902925][ T6983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'.
[  150.617817][ T6993] overlayfs: statfs failed on './file0'
[  150.776739][ T7005] FAULT_INJECTION: forcing a failure.
[  150.776739][ T7005] name failslab, interval 1, probability 0, space 0, times 0
[  150.806011][ T7005] CPU: 1 UID: 0 PID: 7005 Comm: syz.1.322 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  150.806040][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.806050][ T7005] Call Trace:
[  150.806058][ T7005]  <TASK>
[  150.806066][ T7005]  dump_stack_lvl+0x189/0x250
[  150.806098][ T7005]  ? __pfx____ratelimit+0x10/0x10
[  150.806124][ T7005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.806149][ T7005]  ? __pfx__printk+0x10/0x10
[  150.806180][ T7005]  ? __pfx___might_resched+0x10/0x10
[  150.806204][ T7005]  ? fs_reclaim_acquire+0x7d/0x100
[  150.806232][ T7005]  should_fail_ex+0x414/0x560
[  150.806262][ T7005]  should_failslab+0xa8/0x100
[  150.806287][ T7005]  __kmalloc_noprof+0xcb/0x4f0
[  150.806306][ T7005]  ? tomoyo_mount_permission+0x27a/0x970
[  150.806331][ T7005]  ? tomoyo_encode+0x28b/0x550
[  150.806354][ T7005]  tomoyo_encode+0x28b/0x550
[  150.806375][ T7005]  ? tomoyo_mount_permission+0x27a/0x970
[  150.806403][ T7005]  tomoyo_mount_permission+0x331/0x970
[  150.806439][ T7005]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  150.806544][ T7005]  security_sb_mount+0xec/0x350
[  150.806578][ T7005]  path_mount+0xbc/0xfe0
[  150.806603][ T7005]  ? user_path_at+0x44/0x60
[  150.806621][ T7005]  ? kmem_cache_free+0x18f/0x400
[  150.806653][ T7005]  __se_sys_mount+0x317/0x410
[  150.806688][ T7005]  ? __pfx___se_sys_mount+0x10/0x10
[  150.806713][ T7005]  ? rcu_is_watching+0x15/0xb0
[  150.806743][ T7005]  ? do_syscall_64+0xbe/0x3b0
[  150.806768][ T7005]  ? __x64_sys_mount+0x20/0xc0
[  150.806797][ T7005]  do_syscall_64+0xfa/0x3b0
[  150.806822][ T7005]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.806848][ T7005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.806867][ T7005]  ? clear_bhb_loop+0x60/0xb0
[  150.806891][ T7005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.806909][ T7005] RIP: 0033:0x7ff874b8e9a9
[  150.806926][ T7005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.806941][ T7005] RSP: 002b:00007ff875986038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  150.806962][ T7005] RAX: ffffffffffffffda RBX: 00007ff874db6080 RCX: 00007ff874b8e9a9
[  150.806975][ T7005] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  150.806987][ T7005] RBP: 00007ff875986090 R08: 0000200000000440 R09: 0000000000000000
[  150.806999][ T7005] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  150.807010][ T7005] R13: 0000000000000000 R14: 00007ff874db6080 R15: 00007ffc1ed364c8
[  150.807043][ T7005]  </TASK>
[  151.063288][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.142928][ T7010] FAULT_INJECTION: forcing a failure.
[  151.142928][ T7010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.157930][ T7010] CPU: 1 UID: 0 PID: 7010 Comm: syz.3.325 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  151.157958][ T7010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.157968][ T7010] Call Trace:
[  151.157976][ T7010]  <TASK>
[  151.157984][ T7010]  dump_stack_lvl+0x189/0x250
[  151.158016][ T7010]  ? __pfx____ratelimit+0x10/0x10
[  151.158044][ T7010]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.158070][ T7010]  ? __pfx__printk+0x10/0x10
[  151.158112][ T7010]  should_fail_ex+0x414/0x560
[  151.158143][ T7010]  _copy_to_user+0x31/0xb0
[  151.158167][ T7010]  simple_read_from_buffer+0xe1/0x170
[  151.158200][ T7010]  proc_fail_nth_read+0x1b3/0x220
[  151.158224][ T7010]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.158247][ T7010]  ? rw_verify_area+0x2a6/0x4d0
[  151.158269][ T7010]  ? __lock_acquire+0xab9/0xd20
[  151.158288][ T7010]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.158310][ T7010]  vfs_read+0x1fd/0x980
[  151.158333][ T7010]  ? fdget_pos+0x247/0x320
[  151.158354][ T7010]  ? __pfx___mutex_lock+0x10/0x10
[  151.158383][ T7010]  ? __pfx_vfs_read+0x10/0x10
[  151.158409][ T7010]  ? __fget_files+0x2a/0x420
[  151.158443][ T7010]  ? __fget_files+0x3a0/0x420
[  151.158468][ T7010]  ? __fget_files+0x2a/0x420
[  151.158517][ T7010]  ksys_read+0x145/0x250
[  151.158538][ T7010]  ? __fget_files+0x3a0/0x420
[  151.158564][ T7010]  ? __pfx_ksys_read+0x10/0x10
[  151.158595][ T7010]  ? do_syscall_64+0xbe/0x3b0
[  151.158627][ T7010]  do_syscall_64+0xfa/0x3b0
[  151.158653][ T7010]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.158678][ T7010]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.158697][ T7010]  ? clear_bhb_loop+0x60/0xb0
[  151.158721][ T7010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.158738][ T7010] RIP: 0033:0x7fb33778d3bc
[  151.158755][ T7010] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  151.158770][ T7010] RSP: 002b:00007fb338551030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  151.158790][ T7010] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778d3bc
[  151.158803][ T7010] RDX: 000000000000000f RSI: 00007fb3385510a0 RDI: 0000000000000004
[  151.158814][ T7010] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  151.158825][ T7010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.158836][ T7010] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  151.158868][ T7010]  </TASK>
[  151.172002][ T7012] Mount JFS Failure: -22
[  151.263555][ T7017] FAULT_INJECTION: forcing a failure.
[  151.263555][ T7017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.444877][ T7017] CPU: 0 UID: 0 PID: 7017 Comm: syz.3.326 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  151.444907][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.444917][ T7017] Call Trace:
[  151.444925][ T7017]  <TASK>
[  151.444933][ T7017]  dump_stack_lvl+0x189/0x250
[  151.444967][ T7017]  ? __pfx____ratelimit+0x10/0x10
[  151.444994][ T7017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.445020][ T7017]  ? __pfx__printk+0x10/0x10
[  151.445061][ T7017]  should_fail_ex+0x414/0x560
[  151.445092][ T7017]  _copy_to_user+0x31/0xb0
[  151.445116][ T7017]  simple_read_from_buffer+0xe1/0x170
[  151.445149][ T7017]  proc_fail_nth_read+0x1b3/0x220
[  151.445174][ T7017]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.445204][ T7017]  ? rw_verify_area+0x2a6/0x4d0
[  151.445236][ T7017]  ? __lock_acquire+0xab9/0xd20
[  151.445255][ T7017]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.445277][ T7017]  vfs_read+0x1fd/0x980
[  151.445300][ T7017]  ? fdget_pos+0x247/0x320
[  151.445322][ T7017]  ? __pfx___mutex_lock+0x10/0x10
[  151.445351][ T7017]  ? __pfx_vfs_read+0x10/0x10
[  151.445377][ T7017]  ? __fget_files+0x2a/0x420
[  151.445410][ T7017]  ? __fget_files+0x3a0/0x420
[  151.445436][ T7017]  ? __fget_files+0x2a/0x420
[  151.445472][ T7017]  ksys_read+0x145/0x250
[  151.445494][ T7017]  ? __fget_files+0x3a0/0x420
[  151.445521][ T7017]  ? __pfx_ksys_read+0x10/0x10
[  151.445551][ T7017]  ? do_syscall_64+0xbe/0x3b0
[  151.445584][ T7017]  do_syscall_64+0xfa/0x3b0
[  151.445609][ T7017]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.445634][ T7017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.445652][ T7017]  ? clear_bhb_loop+0x60/0xb0
[  151.445676][ T7017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.445694][ T7017] RIP: 0033:0x7fb33778d3bc
[  151.445711][ T7017] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  151.445726][ T7017] RSP: 002b:00007fb338551030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  151.445747][ T7017] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778d3bc
[  151.445760][ T7017] RDX: 000000000000000f RSI: 00007fb3385510a0 RDI: 0000000000000004
[  151.445771][ T7017] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  151.445782][ T7017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.445793][ T7017] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  151.445826][ T7017]  </TASK>
[  151.702831][ T7003] overlayfs: statfs failed on './file0'
[  151.739897][ T7020] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  151.761209][ T7019] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  151.769721][ T7020] VFS: Can't find a romfs filesystem on dev rnullb0.
[  151.769721][ T7020] 
[  151.780220][ T7023] /dev/rnullb0: Can't open blockdev
[  151.790682][ T7023] /dev/rnullb0: Can't open blockdev
[  151.796714][ T7019] VFS: Can't find a romfs filesystem on dev rnullb0.
[  151.796714][ T7019] 
[  151.876320][ T7028] netlink: 'syz.1.330': attribute type 17 has an invalid length.
[  151.899666][ T7028] netlink: 'syz.1.330': attribute type 16 has an invalid length.
[  151.923080][ T7028] netlink: 152 bytes leftover after parsing attributes in process `syz.1.330'.
[  151.929848][ T7026] pim6reg1: entered promiscuous mode
[  151.943323][ T7026] pim6reg1: entered allmulticast mode
[  152.233157][ T7039] FAULT_INJECTION: forcing a failure.
[  152.233157][ T7039] name failslab, interval 1, probability 0, space 0, times 0
[  152.246814][ T7039] CPU: 1 UID: 0 PID: 7039 Comm: syz.3.334 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  152.246843][ T7039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.246855][ T7039] Call Trace:
[  152.246863][ T7039]  <TASK>
[  152.246872][ T7039]  dump_stack_lvl+0x189/0x250
[  152.246906][ T7039]  ? __pfx____ratelimit+0x10/0x10
[  152.246935][ T7039]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.246963][ T7039]  ? __pfx__printk+0x10/0x10
[  152.246995][ T7039]  ? __pfx___might_resched+0x10/0x10
[  152.247019][ T7039]  ? fs_reclaim_acquire+0x7d/0x100
[  152.247051][ T7039]  should_fail_ex+0x414/0x560
[  152.247083][ T7039]  should_failslab+0xa8/0x100
[  152.247109][ T7039]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  152.247132][ T7039]  ? dup_task_struct+0x52/0x860
[  152.247162][ T7039]  dup_task_struct+0x52/0x860
[  152.247185][ T7039]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.247211][ T7039]  copy_process+0x54b/0x3c00
[  152.247277][ T7039]  ? __pfx_copy_process+0x10/0x10
[  152.247316][ T7039]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  152.247346][ T7039]  vhost_task_create+0x1c4/0x290
[  152.247373][ T7039]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  152.247393][ T7039]  ? __pfx_vhost_task_create+0x10/0x10
[  152.247429][ T7039]  ? __pfx_vhost_task_fn+0x10/0x10
[  152.247482][ T7039]  kvm_mmu_post_init_vm+0x14c/0x300
[  152.247506][ T7039]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  152.247538][ T7039]  ? __mutex_trylock_common+0x153/0x260
[  152.247567][ T7039]  ? __pfx___mutex_trylock_common+0x10/0x10
[  152.247593][ T7039]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  152.247622][ T7039]  ? rcu_is_watching+0x15/0xb0
[  152.247646][ T7039]  ? trace_contention_end+0x39/0x120
[  152.247668][ T7039]  ? look_up_lock_class+0x74/0x170
[  152.247695][ T7039]  ? register_lock_class+0x51/0x320
[  152.247719][ T7039]  ? __lock_acquire+0xab9/0xd20
[  152.247773][ T7039]  kvm_vcpu_ioctl+0x95c/0xe90
[  152.247805][ T7039]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  152.247828][ T7039]  ? __lock_acquire+0xab9/0xd20
[  152.247871][ T7039]  ? __fget_files+0x2a/0x420
[  152.247899][ T7039]  ? __fget_files+0x2a/0x420
[  152.247922][ T7039]  ? __fget_files+0x3a0/0x420
[  152.247946][ T7039]  ? __fget_files+0x2a/0x420
[  152.247976][ T7039]  ? bpf_lsm_file_ioctl+0x9/0x20
[  152.247996][ T7039]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  152.248022][ T7039]  __se_sys_ioctl+0xf9/0x170
[  152.248047][ T7039]  do_syscall_64+0xfa/0x3b0
[  152.248073][ T7039]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.248098][ T7039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.248117][ T7039]  ? clear_bhb_loop+0x60/0xb0
[  152.248140][ T7039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.248157][ T7039] RIP: 0033:0x7fb33778e9a9
[  152.248175][ T7039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.248190][ T7039] RSP: 002b:00007fb338551038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.248211][ T7039] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778e9a9
[  152.248224][ T7039] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  152.248236][ T7039] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  152.248301][ T7039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.248311][ T7039] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  152.248343][ T7039]  </TASK>
[  152.583760][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.866571][ T7045] FAULT_INJECTION: forcing a failure.
[  152.866571][ T7045] name failslab, interval 1, probability 0, space 0, times 0
[  152.899774][ T7045] CPU: 1 UID: 0 PID: 7045 Comm: syz.2.335 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  152.899811][ T7045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.899822][ T7045] Call Trace:
[  152.899830][ T7045]  <TASK>
[  152.899839][ T7045]  dump_stack_lvl+0x189/0x250
[  152.899872][ T7045]  ? __pfx____ratelimit+0x10/0x10
[  152.899900][ T7045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.899926][ T7045]  ? __pfx__printk+0x10/0x10
[  152.899961][ T7045]  ? __pfx___might_resched+0x10/0x10
[  152.899984][ T7045]  ? fs_reclaim_acquire+0x7d/0x100
[  152.900015][ T7045]  should_fail_ex+0x414/0x560
[  152.900047][ T7045]  should_failslab+0xa8/0x100
[  152.900072][ T7045]  __kmalloc_cache_noprof+0x70/0x3d0
[  152.900093][ T7045]  ? drm_mode_setcrtc+0x796/0x1c50
[  152.900127][ T7045]  drm_mode_setcrtc+0x796/0x1c50
[  152.900165][ T7045]  ? kfree+0x18e/0x440
[  152.900180][ T7045]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  152.900237][ T7045]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  152.900305][ T7045]  ? do_raw_spin_unlock+0x122/0x240
[  152.900338][ T7045]  ? _raw_spin_unlock+0x28/0x50
[  152.900360][ T7045]  ? drm_is_current_master+0x19f/0x200
[  152.900387][ T7045]  drm_ioctl_kernel+0x2cc/0x390
[  152.900414][ T7045]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  152.900441][ T7045]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  152.900479][ T7045]  drm_ioctl+0x67f/0xb10
[  152.900508][ T7045]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  152.900542][ T7045]  ? __pfx_drm_ioctl+0x10/0x10
[  152.900584][ T7045]  ? __fget_files+0x2a/0x420
[  152.900617][ T7045]  ? bpf_lsm_file_ioctl+0x9/0x20
[  152.900636][ T7045]  ? __pfx_drm_ioctl+0x10/0x10
[  152.900661][ T7045]  __se_sys_ioctl+0xf9/0x170
[  152.900688][ T7045]  do_syscall_64+0xfa/0x3b0
[  152.900715][ T7045]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.900740][ T7045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.900759][ T7045]  ? clear_bhb_loop+0x60/0xb0
[  152.900792][ T7045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.900811][ T7045] RIP: 0033:0x7f958d38e9a9
[  152.900829][ T7045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.900844][ T7045] RSP: 002b:00007f958e165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.900865][ T7045] RAX: ffffffffffffffda RBX: 00007f958d5b5fa0 RCX: 00007f958d38e9a9
[  152.900879][ T7045] RDX: 0000200000000400 RSI: 00000000c06864a2 RDI: 0000000000000003
[  152.900892][ T7045] RBP: 00007f958e165090 R08: 0000000000000000 R09: 0000000000000000
[  152.900903][ T7045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.900914][ T7045] R13: 0000000000000000 R14: 00007f958d5b5fa0 R15: 00007ffeddaa88c8
[  152.900948][ T7045]  </TASK>
[  153.168788][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.263815][ T7047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.293684][ T7047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.538062][ T7050] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'.
[  153.581747][ T7052] netlink: 14 bytes leftover after parsing attributes in process `syz.1.338'.
[  153.633786][ T7050] /dev/rnullb0: Can't open blockdev
[  153.721321][ T7055] /dev/rnullb0: Can't open blockdev
[  153.875338][ T7057] FAULT_INJECTION: forcing a failure.
[  153.875338][ T7057] name failslab, interval 1, probability 0, space 0, times 0
[  153.927948][ T7057] CPU: 0 UID: 0 PID: 7057 Comm: syz.2.340 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  153.927980][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.927991][ T7057] Call Trace:
[  153.928000][ T7057]  <TASK>
[  153.928008][ T7057]  dump_stack_lvl+0x189/0x250
[  153.928041][ T7057]  ? __pfx____ratelimit+0x10/0x10
[  153.928068][ T7057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.928094][ T7057]  ? __pfx__printk+0x10/0x10
[  153.928127][ T7057]  ? __pfx___might_resched+0x10/0x10
[  153.928156][ T7057]  should_fail_ex+0x414/0x560
[  153.928187][ T7057]  should_failslab+0xa8/0x100
[  153.928212][ T7057]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  153.928245][ T7057]  ? __alloc_skb+0x112/0x2d0
[  153.928269][ T7057]  __alloc_skb+0x112/0x2d0
[  153.928293][ T7057]  netlink_sendmsg+0x5c6/0xb30
[  153.928333][ T7057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.928365][ T7057]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.928395][ T7057]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.928420][ T7057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.928446][ T7057]  __sock_sendmsg+0x219/0x270
[  153.928476][ T7057]  ____sys_sendmsg+0x505/0x830
[  153.928503][ T7057]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.928535][ T7057]  ? import_iovec+0x74/0xa0
[  153.928561][ T7057]  ___sys_sendmsg+0x21f/0x2a0
[  153.928584][ T7057]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.928645][ T7057]  ? __fget_files+0x2a/0x420
[  153.928672][ T7057]  ? __fget_files+0x3a0/0x420
[  153.928712][ T7057]  __x64_sys_sendmsg+0x19b/0x260
[  153.928736][ T7057]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  153.928768][ T7057]  ? __pfx_ksys_write+0x10/0x10
[  153.928790][ T7057]  ? rcu_is_watching+0x15/0xb0
[  153.928821][ T7057]  ? do_syscall_64+0xbe/0x3b0
[  153.928854][ T7057]  do_syscall_64+0xfa/0x3b0
[  153.928878][ T7057]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.928904][ T7057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.928923][ T7057]  ? clear_bhb_loop+0x60/0xb0
[  153.928947][ T7057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.928970][ T7057] RIP: 0033:0x7f958d38e9a9
[  153.928988][ T7057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.929004][ T7057] RSP: 002b:00007f958e165038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.929027][ T7057] RAX: ffffffffffffffda RBX: 00007f958d5b5fa0 RCX: 00007f958d38e9a9
[  153.929040][ T7057] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  153.929052][ T7057] RBP: 00007f958e165090 R08: 0000000000000000 R09: 0000000000000000
[  153.929064][ T7057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.929075][ T7057] R13: 0000000000000000 R14: 00007f958d5b5fa0 R15: 00007ffeddaa88c8
[  153.929106][ T7057]  </TASK>
[  154.447126][ T7052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.459701][ T7052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.473715][ T7052] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  154.489295][ T7052] bond0 (unregistering): Released all slaves
[  154.903273][ T7065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.344'.
[  155.144509][ T7073] netlink: 16 bytes leftover after parsing attributes in process `syz.0.348'.
[  155.211242][ T7073] /dev/rnullb0: Can't open blockdev
[  155.964424][ T7083] FAULT_INJECTION: forcing a failure.
[  155.964424][ T7083] name failslab, interval 1, probability 0, space 0, times 0
[  155.983261][ T7083] CPU: 1 UID: 0 PID: 7083 Comm: syz.2.350 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  155.983291][ T7083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.983303][ T7083] Call Trace:
[  155.983311][ T7083]  <TASK>
[  155.983320][ T7083]  dump_stack_lvl+0x189/0x250
[  155.983354][ T7083]  ? __pfx____ratelimit+0x10/0x10
[  155.983382][ T7083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.983409][ T7083]  ? __pfx__printk+0x10/0x10
[  155.983443][ T7083]  ? __pfx___might_resched+0x10/0x10
[  155.983466][ T7083]  ? fs_reclaim_acquire+0x7d/0x100
[  155.983496][ T7083]  should_fail_ex+0x414/0x560
[  155.983536][ T7083]  should_failslab+0xa8/0x100
[  155.983562][ T7083]  __kmalloc_cache_noprof+0x70/0x3d0
[  155.983583][ T7083]  ? dma_buf_dynamic_attach+0xac/0x3d0
[  155.983611][ T7083]  dma_buf_dynamic_attach+0xac/0x3d0
[  155.983633][ T7083]  ? __fget_files+0x3a0/0x420
[  155.983663][ T7083]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  155.983684][ T7083]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  155.983704][ T7083]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  155.983727][ T7083]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  155.983748][ T7083]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  155.983773][ T7083]  drm_ioctl_kernel+0x2cc/0x390
[  155.983801][ T7083]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  155.983822][ T7083]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  155.983861][ T7083]  drm_ioctl+0x67f/0xb10
[  155.983893][ T7083]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  155.983920][ T7083]  ? __pfx_drm_ioctl+0x10/0x10
[  155.983963][ T7083]  ? __fget_files+0x2a/0x420
[  155.983995][ T7083]  ? bpf_lsm_file_ioctl+0x9/0x20
[  155.984016][ T7083]  ? __pfx_drm_ioctl+0x10/0x10
[  155.984041][ T7083]  __se_sys_ioctl+0xf9/0x170
[  155.984068][ T7083]  do_syscall_64+0xfa/0x3b0
[  155.984095][ T7083]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.984120][ T7083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.984140][ T7083]  ? clear_bhb_loop+0x60/0xb0
[  155.984164][ T7083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.984182][ T7083] RIP: 0033:0x7f958d38e9a9
[  155.984201][ T7083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.984223][ T7083] RSP: 002b:00007f958e165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.984245][ T7083] RAX: ffffffffffffffda RBX: 00007f958d5b5fa0 RCX: 00007f958d38e9a9
[  155.984259][ T7083] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[  155.984271][ T7083] RBP: 00007f958e165090 R08: 0000000000000000 R09: 0000000000000000
[  155.984284][ T7083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.984295][ T7083] R13: 0000000000000000 R14: 00007f958d5b5fa0 R15: 00007ffeddaa88c8
[  155.984329][ T7083]  </TASK>
[  156.257420][    C1] vkms_vblank_simulate: vblank timer overrun
[  156.585373][ T7091] FAULT_INJECTION: forcing a failure.
[  156.585373][ T7091] name failslab, interval 1, probability 0, space 0, times 0
[  156.610048][ T7091] CPU: 0 UID: 0 PID: 7091 Comm: syz.3.351 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  156.610076][ T7091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.610088][ T7091] Call Trace:
[  156.610096][ T7091]  <TASK>
[  156.610104][ T7091]  dump_stack_lvl+0x189/0x250
[  156.610134][ T7091]  ? __pfx____ratelimit+0x10/0x10
[  156.610161][ T7091]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.610185][ T7091]  ? __pfx__printk+0x10/0x10
[  156.610216][ T7091]  ? __pfx___might_resched+0x10/0x10
[  156.610239][ T7091]  ? fs_reclaim_acquire+0x7d/0x100
[  156.610280][ T7091]  should_fail_ex+0x414/0x560
[  156.610310][ T7091]  should_failslab+0xa8/0x100
[  156.610334][ T7091]  __kmalloc_cache_noprof+0x70/0x3d0
[  156.610356][ T7091]  ? snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  156.610387][ T7091]  snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  156.610416][ T7091]  ? __pfx___mutex_trylock_common+0x10/0x10
[  156.610440][ T7091]  ? __mutex_trylock_common+0x153/0x260
[  156.610468][ T7091]  ? rcu_is_watching+0x15/0xb0
[  156.610492][ T7091]  ? trace_contention_end+0x39/0x120
[  156.610515][ T7091]  ? __mutex_lock+0x335/0x1360
[  156.610541][ T7091]  ? trace_contention_end+0x39/0x120
[  156.610575][ T7091]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  156.610601][ T7091]  ? __pfx___mutex_lock+0x10/0x10
[  156.610626][ T7091]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  156.610660][ T7091]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  156.610692][ T7091]  ? snd_pcm_oss_get_active_substream+0x16d/0x280
[  156.610723][ T7091]  snd_pcm_oss_get_active_substream+0x1e2/0x280
[  156.610753][ T7091]  snd_pcm_oss_set_format+0x10d/0x500
[  156.610782][ T7091]  snd_pcm_oss_ioctl+0xbe9/0xdd0
[  156.610806][ T7091]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  156.610829][ T7091]  __se_sys_ioctl+0xf9/0x170
[  156.610855][ T7091]  do_syscall_64+0xfa/0x3b0
[  156.610881][ T7091]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.610905][ T7091]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.610924][ T7091]  ? clear_bhb_loop+0x60/0xb0
[  156.610948][ T7091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.610966][ T7091] RIP: 0033:0x7fb33778e9a9
[  156.610984][ T7091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.611000][ T7091] RSP: 002b:00007fb338551038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.611022][ T7091] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778e9a9
[  156.611036][ T7091] RDX: 0000200000000040 RSI: 00000000c0045005 RDI: 0000000000000003
[  156.611048][ T7091] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  156.611060][ T7091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.611072][ T7091] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  156.611104][ T7091]  </TASK>
[  157.560639][ T7119] netlink: 16 bytes leftover after parsing attributes in process `syz.1.357'.
[  157.596131][ T7119] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  157.603276][ T7119] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  159.777234][ T7181] FAULT_INJECTION: forcing a failure.
[  159.777234][ T7181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.814787][ T7181] CPU: 1 UID: 0 PID: 7181 Comm: syz.3.364 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  159.814814][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.814824][ T7181] Call Trace:
[  159.814831][ T7181]  <TASK>
[  159.814839][ T7181]  dump_stack_lvl+0x189/0x250
[  159.814866][ T7181]  ? __pfx____ratelimit+0x10/0x10
[  159.814890][ T7181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.814911][ T7181]  ? __pfx__printk+0x10/0x10
[  159.814933][ T7181]  ? __might_fault+0xb0/0x130
[  159.814962][ T7181]  should_fail_ex+0x414/0x560
[  159.814997][ T7181]  _copy_from_iter+0x1db/0x16f0
[  159.815017][ T7181]  ? rcu_is_watching+0x15/0xb0
[  159.815040][ T7181]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  159.815059][ T7181]  ? __pfx__copy_from_iter+0x10/0x10
[  159.815085][ T7181]  ? __build_skb_around+0x257/0x3e0
[  159.815105][ T7181]  ? netlink_sendmsg+0x642/0xb30
[  159.815130][ T7181]  ? skb_put+0x11b/0x210
[  159.815152][ T7181]  netlink_sendmsg+0x6b2/0xb30
[  159.815195][ T7181]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.815222][ T7181]  ? aa_sock_msg_perm+0xf1/0x1d0
[  159.815252][ T7181]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  159.815276][ T7181]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.815301][ T7181]  __sock_sendmsg+0x219/0x270
[  159.815327][ T7181]  ____sys_sendmsg+0x505/0x830
[  159.815352][ T7181]  ? __pfx_____sys_sendmsg+0x10/0x10
[  159.815381][ T7181]  ? import_iovec+0x74/0xa0
[  159.815405][ T7181]  ___sys_sendmsg+0x21f/0x2a0
[  159.815427][ T7181]  ? __pfx____sys_sendmsg+0x10/0x10
[  159.815486][ T7181]  ? __fget_files+0x2a/0x420
[  159.815510][ T7181]  ? __fget_files+0x3a0/0x420
[  159.815548][ T7181]  __x64_sys_sendmsg+0x19b/0x260
[  159.815572][ T7181]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  159.815603][ T7181]  ? __pfx_ksys_write+0x10/0x10
[  159.815623][ T7181]  ? rcu_is_watching+0x15/0xb0
[  159.815650][ T7181]  ? do_syscall_64+0xbe/0x3b0
[  159.815681][ T7181]  do_syscall_64+0xfa/0x3b0
[  159.815707][ T7181]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.815732][ T7181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.815751][ T7181]  ? clear_bhb_loop+0x60/0xb0
[  159.815782][ T7181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.815799][ T7181] RIP: 0033:0x7fb33778e9a9
[  159.815815][ T7181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.815828][ T7181] RSP: 002b:00007fb338551038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.815847][ T7181] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778e9a9
[  159.815857][ T7181] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003
[  159.815867][ T7181] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  159.815876][ T7181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.815884][ T7181] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  159.815911][ T7181]  </TASK>
[  160.107376][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.260868][ T7187] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  160.268989][ T7187] UDF-fs: Scanning with blocksize 4096 failed
[  160.289629][ T7189] netlink: 16 bytes leftover after parsing attributes in process `syz.1.366'.
[  160.360490][ T7189] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  160.368385][ T7189] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  160.726731][ T1214] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  160.886716][ T1214] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  160.895184][ T1214] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  160.906272][ T1214] usb 2-1: config 0 interface 0 altsetting 191 has an invalid descriptor for endpoint zero, skipping
[  160.917247][ T1214] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  160.931140][ T1214] usb 2-1: config 0 interface 0 has no altsetting 0
[  160.940545][ T1214] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  160.949824][ T1214] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  160.958344][ T1214] usb 2-1: Product: syz
[  160.962538][ T1214] usb 2-1: Manufacturer: syz
[  160.967189][ T1214] usb 2-1: SerialNumber: syz
[  160.973739][ T1214] usb 2-1: config 0 descriptor??
[  160.984242][ T1214] ldusb 2-1:0.0: Interrupt in endpoint not found
[  161.191678][ T1214] usb 2-1: USB disconnect, device number 19
[  161.920484][ T7209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.935634][ T7211] sctp: [Deprecated]: syz.1.377 (pid 7211) Use of int in max_burst socket option.
[  161.935634][ T7211] Use struct sctp_assoc_value instead
[  161.953918][ T7211] netlink: 56 bytes leftover after parsing attributes in process `syz.1.377'.
[  161.988321][ T7209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.005074][ T7211] No control pipe specified
[  162.009990][ T7209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.068681][ T7209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.172668][ T7215] netlink: 16 bytes leftover after parsing attributes in process `syz.1.378'.
[  162.197337][ T7215] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  162.205598][ T7215] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  162.651020][ T7222] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  162.661200][ T6463] Bluetooth: hci4: Frame reassembly failed (-84)
[  164.654876][ T5169] Bluetooth: hci4: command 0x1003 tx timeout
[  164.654891][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  164.770619][ T7238] netlink: 16 bytes leftover after parsing attributes in process `syz.2.387'.
[  164.801516][ T7238] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  164.809498][ T7238] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  164.933797][ T7243] netlink: 128 bytes leftover after parsing attributes in process `syz.2.389'.
[  165.069937][ T7247] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  165.081963][ T7247] UDF-fs: Scanning with blocksize 4096 failed
[  165.793020][ T7260] openvswitch: netlink: ct_state flags 7fffffff unsupported
[  165.802796][ T7260] binder: 7259:7260 ioctl 4018f514 0 returned -22
[  165.986467][ T7262] netlink: 16 bytes leftover after parsing attributes in process `syz.2.397'.
[  166.013842][ T7262] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  166.021402][ T7262] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  166.614715][ T5915] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  166.744895][ T5915] usb 2-1: device descriptor read/64, error -71
[  166.984995][ T5915] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  167.021235][ T7282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.030222][ T7282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.124824][ T5915] usb 2-1: device descriptor read/64, error -71
[  167.237306][ T5915] usb usb2-port1: attempt power cycle
[  167.587519][ T5915] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  167.617119][ T5915] usb 2-1: device descriptor read/8, error -71
[  167.854747][ T5915] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  167.876862][ T5915] usb 2-1: device descriptor read/8, error -71
[  167.984981][ T5915] usb usb2-port1: unable to enumerate USB device
[  168.507699][ T7288] netlink: 16 bytes leftover after parsing attributes in process `syz.3.406'.
[  168.532098][ T7288] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  168.539397][ T7288] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  170.222305][ T7311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.232288][ T7311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.261182][ T7311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.284413][ T7311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.369014][ T7315] netlink: 1192 bytes leftover after parsing attributes in process `syz.2.417'.
[  170.563278][ T5169] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  170.572081][ T5169] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  170.581511][ T5169] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  170.591313][ T5169] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  170.599850][ T5169] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  170.781860][ T7316] chnl_net:caif_netlink_parms(): no params data found
[  170.901293][ T7316] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.908634][ T7316] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.916518][ T7316] bridge_slave_0: entered allmulticast mode
[  170.923904][ T7316] bridge_slave_0: entered promiscuous mode
[  170.932065][ T7316] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.939342][ T7316] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.947575][ T7316] bridge_slave_1: entered allmulticast mode
[  170.956266][ T7316] bridge_slave_1: entered promiscuous mode
[  171.044063][ T7316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.067130][ T7316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.109480][ T7331] hfs: can't find a HFS filesystem on dev rnullb0
[  171.121234][ T7316] team0: Port device team_slave_0 added
[  171.133068][ T7316] team0: Port device team_slave_1 added
[  171.183847][ T7316] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.191124][ T7316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.217920][ T7316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.233175][ T7316] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.240428][ T7316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.268958][ T7316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.357545][ T7316] hsr_slave_0: entered promiscuous mode
[  171.365705][ T7316] hsr_slave_1: entered promiscuous mode
[  171.374345][ T7316] debugfs: 'hsr0' already exists in 'hsr'
[  171.381507][ T7316] Cannot create hsr debugfs directory
[  171.905911][ T7316] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  171.919039][ T7316] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  171.931213][ T7341] warning: `syz.3.424' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  172.008703][ T7316] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  172.049913][ T7316] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  172.098803][ T7346] hfs: can't find a HFS filesystem on dev rnullb0
[  172.279630][ T7316] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.308210][ T7316] 8021q: adding VLAN 0 to HW filter on device team0
[  172.342693][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.349982][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.375206][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.382490][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.660137][   T51] Bluetooth: hci4: command tx timeout
[  172.781615][ T7316] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.891283][ T7369] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  172.912350][ T7369] evm: overlay not supported
[  173.382852][ T7316] veth0_vlan: entered promiscuous mode
[  173.427693][ T7316] veth1_vlan: entered promiscuous mode
[  173.628844][ T7316] veth0_macvtap: entered promiscuous mode
[  173.678909][ T7316] veth1_macvtap: entered promiscuous mode
[  173.772347][ T7316] batman_adv: batadv0: Interface activated: batadv_slave_0
[  173.963268][ T7316] batman_adv: batadv0: Interface activated: batadv_slave_1
[  173.991208][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  174.044814][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  174.066498][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  174.098427][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.399911][ T6463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  174.431385][ T6463] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  174.489611][ T6463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  174.490094][ T7393] netlink: 'syz.1.437': attribute type 10 has an invalid length.
[  174.498782][ T6463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  174.523023][ T7393] lo: entered promiscuous mode
[  174.584968][   T30] audit: type=1326 audit(1753116362.772:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7392 comm="syz.1.437" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff874b8e9a9 code=0x0
[  174.743821][   T51] Bluetooth: hci4: command tx timeout
[  174.764890][ T7399] netlink: 16 bytes leftover after parsing attributes in process `syz.4.416'.
[  174.820003][ T7397] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  174.830971][ T7397] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  175.039385][ T7406] netlink: 44 bytes leftover after parsing attributes in process `syz.3.440'.
[  176.233740][ T7419] Can't find a SQUASHFS superblock on rnullb0
[  176.443413][ T7425] netlink: 16 bytes leftover after parsing attributes in process `syz.1.446'.
[  176.456386][ T1861] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  176.476205][ T7425] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  176.483664][ T7425] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  176.635111][ T1861] usb 5-1: Using ep0 maxpacket: 32
[  176.643714][ T1861] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  176.658827][ T1861] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  176.668059][ T1861] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  176.677339][ T1861] usb 5-1: config 1 has no interface number 0
[  176.683727][ T1861] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  176.700298][ T1861] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  176.713636][ T1861] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  176.722966][ T1861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.757808][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  176.815896][   T51] Bluetooth: hci4: command tx timeout
[  177.081522][ T1168] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0xfa
[  177.083990][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  177.528199][ T7447] @: renamed from vlan0 (while UP)
[  177.923304][ T7461] netlink: 32 bytes leftover after parsing attributes in process `syz.2.454'.
[  178.002306][ T7465] BFS-fs: bfs_fill_super(): No BFS filesystem on rnullb0 (magic=00000000)
[  178.109180][ T1869] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  178.213731][ T7469] netlink: 16 bytes leftover after parsing attributes in process `syz.2.457'.
[  178.246040][ T7469] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  178.253302][ T7469] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  178.733892][ T7477] qnx4: no qnx4 filesystem (no root dir).
[  178.905533][   T51] Bluetooth: hci4: command tx timeout
[  179.198264][ T7418] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  179.262897][ T1861] usb 5-1: USB disconnect, device number 2
[  179.316162][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  179.379758][ T7483] netlink: 32 bytes leftover after parsing attributes in process `syz.1.461'.
[  179.383968][ T7485] hpfs: Bad magic ... probably not HPFS
[  179.511084][ T7487] overlayfs: conflicting lowerdir path
[  179.650910][ T7492] netlink: 'syz.4.465': attribute type 27 has an invalid length.
[  179.706885][ T7492] binder: BINDER_SET_CONTEXT_MGR already set
[  179.721646][ T7492] binder: 7491:7492 ioctl 4018620d 200000000040 returned -16
[  179.809354][ T7500] netlink: 16 bytes leftover after parsing attributes in process `syz.3.466'.
[  179.854522][ T7500] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  179.865609][ T7500] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  180.224694][ T5847] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  180.374734][ T5847] usb 2-1: Using ep0 maxpacket: 32
[  180.383838][ T5847] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  180.397500][ T5847] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  180.406688][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  180.415535][ T5847] usb 2-1: Product: syz
[  180.419700][ T5847] usb 2-1: Manufacturer: syz
[  180.424296][ T5847] usb 2-1: SerialNumber: syz
[  180.431538][ T5847] usb 2-1: config 0 descriptor??
[  180.437591][ T7511] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  180.446839][ T5847] hub 2-1:0.0: bad descriptor, ignoring hub
[  180.452834][ T5847] hub 2-1:0.0: probe with driver hub failed with error -5
[  180.652283][ T7511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  180.680269][ T7511] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  180.789919][ T7519] hugetlbfs: Bad value for 'mode'
[  180.815223][ T5847] usb 2-1: USB disconnect, device number 24
[  180.975141][ T5169] Bluetooth: hci4: command 0x0406 tx timeout
[  181.113691][ T7522] program syz.4.474 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  181.291661][ T7524] netlink: 'syz.4.475': attribute type 10 has an invalid length.
[  181.320428][ T7524] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.331524][ T7524] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  181.374335][ T7526] netlink: 104 bytes leftover after parsing attributes in process `syz.1.476'.
[  181.634368][ T7534] qnx4: no qnx4 filesystem (no root dir).
[  181.662837][ T7538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.480'.
[  181.694089][ T7538] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  181.701515][ T7538] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  181.714545][ T7540] fuse: Bad value for 'fd'
[  181.792008][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.2.483'.
[  182.388325][ T7533] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  182.396013][ T7533] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  182.407130][ T7533] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  182.413266][ T7533] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  182.432320][ T7533] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  182.440272][ T7533] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  182.452545][ T7533] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  182.459482][ T7533] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  182.468233][ T7533] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  182.474230][ T7533] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  182.710481][ T7554] comedi comedi1: pcl711: I/O port conflict (0x2,16)
[  182.860115][ T7561] FAULT_INJECTION: forcing a failure.
[  182.860115][ T7561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.883918][ T7561] CPU: 0 UID: 0 PID: 7561 Comm: syz.1.489 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  182.883948][ T7561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.883960][ T7561] Call Trace:
[  182.883969][ T7561]  <TASK>
[  182.883978][ T7561]  dump_stack_lvl+0x189/0x250
[  182.884011][ T7561]  ? __pfx____ratelimit+0x10/0x10
[  182.884040][ T7561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.884066][ T7561]  ? __pfx__printk+0x10/0x10
[  182.884093][ T7561]  ? __might_fault+0xb0/0x130
[  182.884137][ T7561]  should_fail_ex+0x414/0x560
[  182.884168][ T7561]  _copy_from_user+0x2d/0xb0
[  182.884190][ T7561]  comedi_unlocked_ioctl+0x3a9/0xfc0
[  182.884224][ T7561]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  182.884282][ T7561]  ? __lock_acquire+0xab9/0xd20
[  182.884328][ T7561]  ? __fget_files+0x2a/0x420
[  182.884360][ T7561]  ? __fget_files+0x2a/0x420
[  182.884384][ T7561]  ? __fget_files+0x3a0/0x420
[  182.884410][ T7561]  ? __fget_files+0x2a/0x420
[  182.884443][ T7561]  ? bpf_lsm_file_ioctl+0x9/0x20
[  182.884462][ T7561]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  182.884481][ T7561]  __se_sys_ioctl+0xf9/0x170
[  182.884508][ T7561]  do_syscall_64+0xfa/0x3b0
[  182.884535][ T7561]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.884561][ T7561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.884585][ T7561]  ? clear_bhb_loop+0x60/0xb0
[  182.884607][ T7561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.884625][ T7561] RIP: 0033:0x7ff874b8e9a9
[  182.884643][ T7561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.884659][ T7561] RSP: 002b:00007ff8759a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  182.884680][ T7561] RAX: ffffffffffffffda RBX: 00007ff874db5fa0 RCX: 00007ff874b8e9a9
[  182.884694][ T7561] RDX: 0000200000000300 RSI: 0000000040946400 RDI: 0000000000000003
[  182.884707][ T7561] RBP: 00007ff8759a7090 R08: 0000000000000000 R09: 0000000000000000
[  182.884719][ T7561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.884731][ T7561] R13: 0000000000000000 R14: 00007ff874db5fa0 R15: 00007ffc1ed364c8
[  182.884764][ T7561]  </TASK>
[  183.218800][ T7565] comedi comedi1: pcl711: I/O port conflict (0x2,16)
[  183.368651][ T7571] netlink: 16 bytes leftover after parsing attributes in process `syz.1.491'.
[  183.415489][ T7571] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  183.422726][ T7571] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  183.614736][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  184.019981][ T7579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.495'.
[  184.415342][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  184.424978][ T5847] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  184.495117][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  184.495155][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  184.502412][ T5169] Bluetooth: hci2: command 0x0406 tx timeout
[  184.588257][ T5847] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  184.600235][ T5847] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  184.612711][ T5847] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  184.627830][ T5847] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  184.640397][ T5847] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  184.669364][ T5847] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  184.684436][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  184.695070][ T5847] usb 2-1: Product: syz
[  184.699315][ T5847] usb 2-1: Manufacturer: syz
[  184.716575][ T5847] cdc_wdm 2-1:1.0: skipping garbage
[  184.721840][ T5847] cdc_wdm 2-1:1.0: skipping garbage
[  184.732066][ T5847] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  184.738759][ T5847] cdc_wdm 2-1:1.0: Unknown control protocol
[  184.952366][ T1214] usb 2-1: USB disconnect, device number 25
[  185.236166][ T7591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.252394][ T7591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.550981][ T7600] netlink: 16 bytes leftover after parsing attributes in process `syz.1.504'.
[  185.574468][ T7600] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  185.581824][ T7600] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  185.614792][ T5847] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  185.695002][ T5169] Bluetooth: hci0: command 0x0406 tx timeout
[  185.764797][ T5847] usb 5-1: Using ep0 maxpacket: 32
[  185.780556][ T5847] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  185.799387][ T5847] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  185.838060][ T5847] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  185.859544][ T5847] usb 5-1: config 1 has no interface number 0
[  185.874492][ T5847] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  185.891712][ T5847] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  185.897334][ T7605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.506'.
[  185.919163][ T5847] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  185.928890][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.949342][ T5847] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  186.210473][   T79] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0xfa
[  186.213452][ T5847] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  186.494854][ T5169] Bluetooth: hci1: command 0x0406 tx timeout
[  186.575108][ T5169] Bluetooth: hci4: command 0x0406 tx timeout
[  186.575245][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  186.584841][ T5169] Bluetooth: hci2: command 0x0406 tx timeout
[  186.771799][ T7621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.781265][ T7621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.798595][ T7621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.807816][ T7621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.915614][ T5847] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  187.074928][ T5847] usb 2-1: Using ep0 maxpacket: 32
[  187.082997][ T5847] usb 2-1: config 0 has an invalid interface number: 239 but max is 0
[  187.091529][ T5847] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  187.101936][ T5847] usb 2-1: config 0 has no interface number 0
[  187.109516][ T5847] usb 2-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  187.119451][ T5847] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  187.130543][ T5847] usb 2-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  187.144166][ T5847] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  187.155777][ T5847] usb 2-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  187.166285][ T5847] usb 2-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  187.178060][ T5847] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid wMaxPacketSize 0
[  187.188064][ T5847] usb 2-1: config 0 interface 239 has no altsetting 0
[  187.197453][ T5847] usb 2-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  187.206764][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.215135][ T5934] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  187.224845][ T5847] usb 2-1: Product: syz
[  187.229042][ T5847] usb 2-1: Manufacturer: syz
[  187.233641][ T5847] usb 2-1: SerialNumber: syz
[  187.243452][ T5847] usb 2-1: config 0 descriptor??
[  187.249636][ T7619] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  187.258961][ T7619] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  187.417145][ T7627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.430806][ T7627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.462920][ T7627] gfs2: not a GFS2 filesystem
[  188.072862][ T7630] /dev/sg0: Can't lookup blockdev
[  188.251496][ T7636] netlink: 16 bytes leftover after parsing attributes in process `syz.3.515'.
[  188.290961][ T7636] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  188.298334][ T7636] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  188.374174][ T7597] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  188.388403][ T5847] usb 2-1: USB disconnect, device number 26
[  188.453712][ T1861] usb 5-1: USB disconnect, device number 3
[  188.478204][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  188.654981][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  189.117855][ T7659] netlink: 76 bytes leftover after parsing attributes in process `syz.3.523'.
[  189.138360][ T7660] netlink: 76 bytes leftover after parsing attributes in process `syz.3.523'.
[  189.184671][ T1861] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  189.350648][ T1861] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.363803][ T1861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  189.375820][ T1861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  189.387429][ T1861] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  189.401724][ T1861] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  189.410955][ T1861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.420838][ T1861] usb 5-1: config 0 descriptor??
[  189.427496][ T7653] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  189.847121][ T1861] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd
[  189.871361][ T1861] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  190.278518][ T7679] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  190.299851][ T7679] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  190.342119][ T7676] netlink: 'syz.1.529': attribute type 10 has an invalid length.
[  190.350080][ T7676] netlink: 40 bytes leftover after parsing attributes in process `syz.1.529'.
[  190.364532][ T7676] batman_adv: batadv0: Adding interface: wlan0
[  190.370850][ T7676] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.395974][    C1] vkms_vblank_simulate: vblank timer overrun
[  190.402195][ T7676] batman_adv: batadv0: Interface activated: wlan0
[  190.504478][ T7685] netlink: 16 bytes leftover after parsing attributes in process `syz.3.531'.
[  190.556830][ T7685] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  190.564169][ T7685] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  190.671063][ T1869] usb 5-1: USB disconnect, device number 4
[  190.867467][ T7693] netlink: 'syz.1.533': attribute type 10 has an invalid length.
[  190.875322][ T7693] netlink: 40 bytes leftover after parsing attributes in process `syz.1.533'.
[  190.924234][ T7695] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  191.013273][ T7695] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  191.184966][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  191.332117][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  191.418355][ T7704] netlink: 14 bytes leftover after parsing attributes in process `syz.3.537'.
[  191.462135][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  191.556746][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.537'.
[  191.575914][ T7706] netlink: 64 bytes leftover after parsing attributes in process `syz.3.537'.
[  191.612420][ T7704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.621827][ T1869] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  191.650717][ T7704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.665666][ T7704] bond0 (unregistering): Released all slaves
[  191.794644][ T1869] usb 2-1: Using ep0 maxpacket: 8
[  191.815444][ T1869] usb 2-1: config 0 interface 0 altsetting 250 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.835871][ T1869] usb 2-1: config 0 interface 0 altsetting 250 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.852940][ T1869] usb 2-1: config 0 interface 0 has no altsetting 0
[  191.862292][ T1869] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  191.863515][ T7711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.874073][ T1869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.886516][ T7711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.903816][ T1869] usb 2-1: config 0 descriptor??
[  192.325752][ T1869] holtek_kbd 0003:04D9:A055.0002: bogus close delimiter
[  192.340674][ T1869] holtek_kbd 0003:04D9:A055.0002: item 0 0 2 10 parsing failed
[  192.352950][ T1869] holtek_kbd 0003:04D9:A055.0002: probe with driver holtek_kbd failed with error -22
[  192.532701][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.543841][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.551798][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.559768][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.574271][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.582917][ T7721] 9pnet_fd: Insufficient options for proto=fd
[  192.589935][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.595824][ T7721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.597811][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.614499][ T7721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.619258][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.631442][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.643751][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: unknown main item tag 0x0
[  192.643967][ T7722] openvswitch: netlink: IP tunnel dst address not specified
[  192.654670][ T7721] binder: 7701:7721 ioctl c0485619 200000000040 returned -22
[  192.698554][ T5934] hid-generic 0000:007F:FFFFFFFE.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  192.892401][ T7723] fido_id[7723]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  193.018359][ T7732] netlink: 16 bytes leftover after parsing attributes in process `syz.3.545'.
[  193.103861][ T7732] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  193.116996][ T7732] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  193.315469][   T48] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  193.444716][   T48] usb 5-1: device descriptor read/64, error -71
[  193.696806][   T48] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  193.834817][   T48] usb 5-1: device descriptor read/64, error -71
[  193.945183][   T48] usb usb5-port1: attempt power cycle
[  194.287094][   T48] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  194.315399][   T48] usb 5-1: device descriptor read/8, error -71
[  194.327038][ T1869] usb 2-1: USB disconnect, device number 27
[  194.378973][ T7747] netlink: 129704 bytes leftover after parsing attributes in process `syz.1.552'.
[  194.554783][   T48] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  194.586115][   T48] usb 5-1: device descriptor read/8, error -71
[  194.635347][ T7753] netlink: 'syz.1.555': attribute type 4 has an invalid length.
[  194.660124][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.666988][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  194.687869][ T7753] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  194.697641][   T48] usb usb5-port1: unable to enumerate USB device
[  194.699392][ T7753] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  194.729046][ T7756] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.556'.
[  194.941015][ T7765] netlink: 16 bytes leftover after parsing attributes in process `syz.1.559'.
[  194.969164][ T7765] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  194.977008][ T7765] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  195.881190][ T7780] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  196.184411][ T7788] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  196.192666][ T7788] syzkaller0: entered promiscuous mode
[  196.202709][ T7788] syzkaller0: entered allmulticast mode
[  196.223168][ T7787] tipc: Resetting bearer <eth:syzkaller0>
[  196.237519][ T7790] Invalid ELF header magic: != ELF
[  196.272810][ T7787] tipc: Disabling bearer <eth:syzkaller0>
[  196.521867][ T7801] netlink: 16 bytes leftover after parsing attributes in process `syz.2.569'.
[  196.548929][ T7801] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  196.556813][ T7801] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  196.617883][ T5934] IPVS: starting estimator thread 0...
[  196.704710][ T7805] IPVS: using max 29 ests per chain, 69600 per kthread
[  196.743573][ T7807] futex_wake_op: syz.2.571 tries to shift op by 32; fix this program
[  196.940853][ T7809] 9pnet_fd: Insufficient options for proto=fd
[  196.949485][ T7809] qnx4: no qnx4 filesystem (no root dir).
[  196.968524][ T7813] netlink: 'syz.1.574': attribute type 10 has an invalid length.
[  197.064105][ T7817] netlink: 'syz.2.576': attribute type 4 has an invalid length.
[  197.164744][ T1869] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  197.277211][ T1861] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  197.351590][ T7830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.578'.
[  197.364394][ T1869] usb 5-1: config 0 has an invalid interface number: 46 but max is 0
[  197.387666][ T1869] usb 5-1: config 0 has no interface number 0
[  197.393836][ T1869] usb 5-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  197.431323][ T1869] usb 5-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  197.433513][ T7830] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  197.451077][ T1869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.459811][ T7830] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  197.461428][ T1861] usb 2-1: Using ep0 maxpacket: 16
[  197.474202][ T1869] usb 5-1: Product: syz
[  197.479221][ T1869] usb 5-1: Manufacturer: syz
[  197.490247][ T1869] usb 5-1: SerialNumber: syz
[  197.495123][ T1861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.506290][ T1861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.519491][ T1869] usb 5-1: config 0 descriptor??
[  197.524667][ T1861] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  197.537753][ T1861] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  197.549352][ T7811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  197.556732][ T1861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.566681][ T1869] ums-karma 5-1:0.46: USB Mass Storage device detected
[  197.588796][ T1861] usb 2-1: config 0 descriptor??
[  197.659228][ T1869] ums-karma 5-1:0.46: probe with driver ums-karma failed with error -5
[  197.773053][ T7811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.782949][ T7811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.812225][ T5934] usb 5-1: USB disconnect, device number 9
[  198.013651][ T1861] HID 045e:07da: Invalid code 65791 type 1
[  198.025088][ T1861] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0004/input/input12
[  198.049888][ T1861] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  198.221973][ T5847] usb 2-1: USB disconnect, device number 28
[  198.226350][ T7844] syzkaller1: left promiscuous mode
[  198.233217][ T7844] syzkaller1: left allmulticast mode
[  198.860107][ T7867] netlink: 16 bytes leftover after parsing attributes in process `syz.2.591'.
[  198.918519][ T7867] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  198.928588][ T7867] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  199.114908][ T5934] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[  199.277416][ T5934] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  199.285725][ T5934] usb 2-1: config 0 has no interface number 0
[  199.291836][ T5934] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  199.302867][ T5934] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  199.313542][ T5934] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  199.327114][ T5934] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  199.338334][ T5934] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  199.350376][ T5934] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  199.363538][ T5934] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  199.372743][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.381779][ T1869] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  199.392432][ T5934] usb 2-1: config 0 descriptor??
[  199.404207][ T7871] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  199.411828][ T7871] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  199.424207][ T5934] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  199.544837][ T1869] usb 5-1: Using ep0 maxpacket: 16
[  199.552635][ T1869] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  199.563466][ T1869] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  199.577972][ T1869] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  199.587339][ T1869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.595921][ T1869] usb 5-1: Product: syz
[  199.600238][ T1869] usb 5-1: Manufacturer: syz
[  199.605350][ T1869] usb 5-1: SerialNumber: syz
[  199.644713][ T1861] usb 2-1: USB disconnect, device number 29
[  199.658586][ T1861] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  199.929115][ T1869] usb 5-1: 0:2 : does not exist
[  199.967149][ T1869] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  200.001091][ T5934] IPVS: starting estimator thread 0...
[  200.035725][ T1869] usb 5-1: USB disconnect, device number 10
[  200.100484][ T7377] udevd[7377]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  200.104902][ T7894] IPVS: using max 27 ests per chain, 64800 per kthread
[  200.413253][ T7904] netlink: 16 bytes leftover after parsing attributes in process `syz.4.601'.
[  200.463100][ T7904] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  200.475163][ T7904] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  200.823282][ T7919] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  200.831502][ T7919] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  201.041854][ T7926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.055614][ T7926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.323613][   T30] audit: type=1326 audit(1753116389.522:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7928 comm="syz.4.611" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba8fd8e9a9 code=0x0
[  201.457674][ T7935] FAULT_INJECTION: forcing a failure.
[  201.457674][ T7935] name failslab, interval 1, probability 0, space 0, times 0
[  201.470708][ T7935] CPU: 1 UID: 0 PID: 7935 Comm: syz.1.613 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  201.470735][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.470745][ T7935] Call Trace:
[  201.470754][ T7935]  <TASK>
[  201.470762][ T7935]  dump_stack_lvl+0x189/0x250
[  201.470793][ T7935]  ? __pfx____ratelimit+0x10/0x10
[  201.470831][ T7935]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.470857][ T7935]  ? __pfx__printk+0x10/0x10
[  201.470890][ T7935]  ? __pfx___might_resched+0x10/0x10
[  201.470911][ T7935]  ? fs_reclaim_acquire+0x7d/0x100
[  201.470939][ T7935]  should_fail_ex+0x414/0x560
[  201.470969][ T7935]  should_failslab+0xa8/0x100
[  201.470995][ T7935]  __kmalloc_cache_noprof+0x70/0x3d0
[  201.471014][ T7935]  ? vhost_task_create+0xf6/0x290
[  201.471042][ T7935]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  201.471071][ T7935]  vhost_task_create+0xf6/0x290
[  201.471096][ T7935]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  201.471115][ T7935]  ? __pfx_vhost_task_create+0x10/0x10
[  201.471141][ T7935]  ? __pfx_vhost_task_fn+0x10/0x10
[  201.471169][ T7935]  kvm_mmu_post_init_vm+0x14c/0x300
[  201.471185][ T7935]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  201.471205][ T7935]  ? __mutex_trylock_common+0x153/0x260
[  201.471223][ T7935]  ? __pfx___mutex_trylock_common+0x10/0x10
[  201.471239][ T7935]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  201.471257][ T7935]  ? rcu_is_watching+0x15/0xb0
[  201.471272][ T7935]  ? trace_contention_end+0x39/0x120
[  201.471287][ T7935]  ? look_up_lock_class+0x74/0x170
[  201.471305][ T7935]  ? register_lock_class+0x51/0x320
[  201.471321][ T7935]  ? __lock_acquire+0xab9/0xd20
[  201.471352][ T7935]  kvm_vcpu_ioctl+0x95c/0xe90
[  201.471387][ T7935]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  201.471410][ T7935]  ? __lock_acquire+0xab9/0xd20
[  201.471455][ T7935]  ? __fget_files+0x2a/0x420
[  201.471484][ T7935]  ? __fget_files+0x2a/0x420
[  201.471509][ T7935]  ? __fget_files+0x3a0/0x420
[  201.471533][ T7935]  ? __fget_files+0x2a/0x420
[  201.471565][ T7935]  ? bpf_lsm_file_ioctl+0x9/0x20
[  201.471585][ T7935]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  201.471612][ T7935]  __se_sys_ioctl+0xf9/0x170
[  201.471644][ T7935]  do_syscall_64+0xfa/0x3b0
[  201.471670][ T7935]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.471694][ T7935]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.471712][ T7935]  ? clear_bhb_loop+0x60/0xb0
[  201.471737][ T7935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.471755][ T7935] RIP: 0033:0x7ff874b8e9a9
[  201.471774][ T7935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.471790][ T7935] RSP: 002b:00007ff8759a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.471812][ T7935] RAX: ffffffffffffffda RBX: 00007ff874db5fa0 RCX: 00007ff874b8e9a9
[  201.471827][ T7935] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  201.471839][ T7935] RBP: 00007ff8759a7090 R08: 0000000000000000 R09: 0000000000000000
[  201.471850][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.471862][ T7935] R13: 0000000000000000 R14: 00007ff874db5fa0 R15: 00007ffc1ed364c8
[  201.471896][ T7935]  </TASK>
[  202.181551][ T7944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.225259][ T7944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.476789][ T5847] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  202.635198][ T5847] usb 5-1: Using ep0 maxpacket: 16
[  202.642989][ T5847] usb 5-1: config 1 has an invalid interface number: 20 but max is 1
[  202.651300][ T5847] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  202.660175][ T5847] usb 5-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config
[  202.670629][ T5847] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  202.679652][ T5847] usb 5-1: config 1 has no interface number 0
[  202.686679][ T5847] usb 5-1: config 1 interface 20 altsetting 200 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[  202.700029][ T5934] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  202.709166][ T5847] usb 5-1: config 1 interface 20 has no altsetting 0
[  202.720105][ T5847] usb 5-1: New USB device found, idVendor=1b3d, idProduct=01bb, bcdDevice=58.9d
[  202.729302][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.737525][ T5847] usb 5-1: Product: ೳ쒑鴅ꉥ☲㈊괧穕愭犊蓿ꤵ㸯ㆴ菰お՘ⶻᨠ悹쎉ⱒ鳎褭휿軘ᕚ죉驏繇퍞뗧לּ献孺잱谐㘃⻁ꩻ஧쇿䢝윝쫛胬몈ᘨޫﮦԉ酕骛잻覎腎뿆ፆᗥ⃽峑᚟묥艾ᡆ໵䧨䢮₩챲캱턫鉿︍觺鍂見܍ﾢ븥䆳䍡醰倫ｮ樣⸩衺ⴥㅑ
[  202.766448][ T5847] usb 5-1: Manufacturer: Ч
[  202.771068][ T5847] usb 5-1: SerialNumber: 隵覦窜闱훥ꢡᴅ⹾ꩥ䛬⮠
[  202.874751][ T5934] usb 2-1: Using ep0 maxpacket: 8
[  202.884180][ T5934] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  202.893472][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.901986][ T5934] usb 2-1: Product: syz
[  202.906318][ T5934] usb 2-1: Manufacturer: syz
[  202.912006][ T5934] usb 2-1: SerialNumber: syz
[  202.921110][ T5934] usb 2-1: config 0 descriptor??
[  202.977766][ T7951] syz.3.620 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  203.046840][ T5847] ftdi_sio 5-1:1.20: FTDI USB Serial Device converter detected
[  203.060154][ T5847] ftdi_sio ttyUSB0: unknown device type: 0x589d
[  203.071311][ T5847] usb 5-1: USB disconnect, device number 11
[  203.079973][ T5847] ftdi_sio 5-1:1.20: device disconnected
[  203.135029][ T5934] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  204.665449][ T7968] block device autoloading is deprecated and will be removed.
[  204.934249][ T5934] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  205.426363][ T1861] usb 2-1: USB disconnect, device number 30
[  205.876857][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  205.886287][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  205.894530][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  208.944701][ T1869] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  209.147131][ T1869] usb 5-1: Using ep0 maxpacket: 16
[  209.511028][ T1869] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.529843][ T1869] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  209.544804][ T1869] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  209.554119][ T1869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.591901][ T1869] usb 5-1: config 0 descriptor??
[  209.603830][ T1869] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  209.820551][ T1869] usb 5-1: USB disconnect, device number 12
[  211.632284][ T8035] netlink: 'syz.2.645': attribute type 1 has an invalid length.
[  211.653489][ T8035] netlink: 'syz.2.645': attribute type 2 has an invalid length.
[  211.942405][ T8041] netlink: 'syz.2.646': attribute type 1 has an invalid length.
[  211.953013][ T8041] netlink: 224 bytes leftover after parsing attributes in process `syz.2.646'.
[  212.636581][   T51] Bluetooth: hci1: unexpected subevent 0x0e length: 30 > 15
[  212.643957][   T51] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  212.731976][ T8052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  212.775107][ T8052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  213.792631][ T8055] mmap: syz.2.652 (8055) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  213.932318][   T51] Bluetooth: hci4: unexpected event for opcode 0x0c03
[  215.507689][ T8070] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  215.514382][ T8070] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  215.523404][ T8070] vhci_hcd vhci_hcd.0: Device attached
[  215.532154][ T8075] vhci_hcd: connection closed
[  215.535749][   T49] vhci_hcd: stop threads
[  215.571896][   T49] vhci_hcd: release socket
[  215.576774][   T49] vhci_hcd: disconnect device
[  217.088428][ T8104] netlink: 16 bytes leftover after parsing attributes in process `syz.3.665'.
[  219.257070][ T8125] overlayfs: failed to resolve './file0': -2
[  219.343491][ T8120] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  222.528142][ T8156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.577502][ T8156] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.625720][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'.
[  222.768323][ T8164] netlink: 68 bytes leftover after parsing attributes in process `syz.1.685'.
[  224.054263][ T8176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.067737][ T8176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.319290][ T8202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.698'.
[  231.771545][ T1869] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  232.627251][ T1869] usb 5-1: config 0 has an invalid interface number: 197 but max is 0
[  232.636282][ T1869] usb 5-1: config 0 has no interface number 0
[  232.642511][ T1869] usb 5-1: config 0 interface 197 has no altsetting 0
[  232.656908][ T1869] usb 5-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=86.12
[  232.666360][ T1869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.674466][ T1869] usb 5-1: Product: syz
[  232.684755][ T1869] usb 5-1: Manufacturer: syz
[  232.699651][ T1869] usb 5-1: SerialNumber: syz
[  232.710711][ T1869] usb 5-1: config 0 descriptor??
[  232.743660][ T8264] random: crng reseeded on system resumption
[  232.957666][ T1869] redrat3 5-1:0.197: Couldn't find all endpoints
[  232.975875][ T8264] Restarting kernel threads ...
[  232.984075][ T8264] Done restarting kernel threads.
[  233.018771][ T1869] usb 5-1: USB disconnect, device number 13
[  233.162675][ T8275] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  235.973614][ T8290] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  237.323682][ T1214] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  238.146294][ T1214] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  238.433439][ T1214] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  238.463456][ T8316] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  238.470063][ T8316] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  238.478223][ T8316] vhci_hcd vhci_hcd.0: Device attached
[  238.483233][ T1214] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  238.497359][ T1214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.504743][ T8317] vhci_hcd: connection closed
[  238.509440][   T79] vhci_hcd: stop threads
[  238.519307][   T79] vhci_hcd: release socket
[  238.523740][   T79] vhci_hcd: disconnect device
[  238.529738][ T1214] usb 2-1: Product: syz
[  238.533895][ T1214] usb 2-1: Manufacturer: syz
[  238.540037][ T1214] usb 2-1: SerialNumber: syz
[  238.772139][ T8303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.781561][ T8303] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.803476][ T1214] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  238.822521][ T1214] usb 2-1: USB disconnect, device number 31
[  239.324933][ T1214] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  239.592054][ T1214] usb 2-1: config index 0 descriptor too short (expected 301, got 72)
[  239.656934][ T1214] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  239.694749][ T1214] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  239.720576][ T1214] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[  239.751910][ T1214] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  239.784707][ T1214] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  239.804216][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.108679][ T1214] usb 2-1: usb_control_msg returned -71
[  240.149349][ T1214] usbtmc 2-1:16.0: can't read capabilities
[  240.900952][ T1214] usb 2-1: USB disconnect, device number 32
[  241.391959][ T8353] IPVS: set_ctl: invalid protocol: 1 224.0.0.1:20000
[  242.976377][ T8371] tracefs: Unknown parameter 'noswap'
[  243.345129][ T8387] netlink: 4 bytes leftover after parsing attributes in process `syz.4.763'.
[  245.943676][ T8435] netlink: 'syz.2.781': attribute type 36 has an invalid length.
[  248.612870][ T8466] netlink: 'syz.4.793': attribute type 36 has an invalid length.
[  248.726077][ T8469] netlink: 52 bytes leftover after parsing attributes in process `syz.2.795'.
[  248.895797][ T8477] netlink: 'syz.2.798': attribute type 29 has an invalid length.
[  248.913627][ T8477] netlink: 'syz.2.798': attribute type 29 has an invalid length.
[  249.729481][ T8485] input: syz0 as /devices/virtual/input/input13
[  249.736837][ T8485] input: failed to attach handler leds to device input13, error: -6
[  251.532809][ T8496] syzkaller0: entered promiscuous mode
[  251.579832][ T8496] syzkaller0: entered allmulticast mode
[  254.592966][ T8552] 9pnet_fd: Insufficient options for proto=fd
[  255.327724][ T8565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.826'.
[  255.576913][ T8571] usb usb8: usbfs: process 8571 (syz.3.830) did not claim interface 0 before use
[  256.099427][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  256.105885][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  259.650867][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f176c00: rx timeout, send abort
[  260.160256][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f176c00: abort rx timeout. Force session deactivation
[  260.301416][ T8624] serio: Serial port ptm0
[  260.424707][   T30] audit: type=1326 audit(1753116448.622:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8620 comm="syz.2.851" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f958d38e9a9 code=0x0
[  261.120907][ T8631] netlink: 'syz.3.854': attribute type 4 has an invalid length.
[  261.269557][ T8640] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  261.298854][ T8640] overlayfs: missing 'lowerdir'
[  261.468551][   T30] audit: type=1800 audit(1753116449.672:10): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.855" name="/" dev="fuse" ino=0 res=0 errno=0
[  262.054520][ T8658] qnx4: no qnx4 filesystem (no root dir).
[  262.157096][ T8662] netlink: 'syz.1.865': attribute type 4 has an invalid length.
[  262.545979][ T8671] gfs2: not a GFS2 filesystem
[  262.873005][   T30] audit: type=1800 audit(1753116451.072:11): pid=8679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.873" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  262.943506][ T8684] netlink: 'syz.3.874': attribute type 4 has an invalid length.
[  263.094855][ T1861] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  263.268256][ T1861] usb 5-1: Using ep0 maxpacket: 32
[  263.279496][ T1861] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  263.309487][ T1861] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  263.324957][ T1861] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  263.338445][ T1861] usb 5-1: config 1 has no interface number 0
[  263.345273][ T1861] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  263.358393][ T1861] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  263.371751][ T1861] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  263.381507][ T1861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.424181][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  263.580331][ T8701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.597906][ T8701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.711398][ T6467] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0xfa
[  263.809995][ T8711] netlink: 'syz.1.883': attribute type 4 has an invalid length.
[  263.830308][ T8701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.842326][ T8701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.603710][ T8724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  264.621297][ T8724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.648838][ T8724] raw_sendmsg: syz.3.888 forgot to set AF_INET. Fix it!
[  264.942241][ T8735] netlink: 'syz.1.892': attribute type 4 has an invalid length.
[  265.833761][ T8677] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  265.900050][ T1861] snd_usb_pod 5-1:1.1: set_interface failed
[  265.918865][   T48] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  265.925277][ T1861] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  265.963064][ T1861] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71
[  265.994968][ T1861] usb 5-1: USB disconnect, device number 14
[  266.009209][ T8755] netlink: 'syz.2.901': attribute type 4 has an invalid length.
[  266.107677][   T48] usb 2-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da
[  266.117745][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.136012][   T48] usb 2-1: config 0 descriptor??
[  266.153764][   T48] pwc: Philips SPC 900NC USB webcam detected.
[  266.302685][ T8760] FAULT_INJECTION: forcing a failure.
[  266.302685][ T8760] name failslab, interval 1, probability 0, space 0, times 0
[  266.321079][ T8760] CPU: 1 UID: 0 PID: 8760 Comm: syz.2.903 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  266.321114][ T8760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.321125][ T8760] Call Trace:
[  266.321133][ T8760]  <TASK>
[  266.321142][ T8760]  dump_stack_lvl+0x189/0x250
[  266.321174][ T8760]  ? __pfx____ratelimit+0x10/0x10
[  266.321199][ T8760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.321223][ T8760]  ? __pfx__printk+0x10/0x10
[  266.321254][ T8760]  ? __pfx___might_resched+0x10/0x10
[  266.321283][ T8760]  should_fail_ex+0x414/0x560
[  266.321312][ T8760]  should_failslab+0xa8/0x100
[  266.321336][ T8760]  kmem_cache_alloc_noprof+0x73/0x3c0
[  266.321355][ T8760]  ? mas_alloc_nodes+0x2e9/0x8e0
[  266.321386][ T8760]  mas_alloc_nodes+0x2e9/0x8e0
[  266.321419][ T8760]  mas_preallocate+0x3ad/0x6f0
[  266.321450][ T8760]  ? __pfx_mas_preallocate+0x10/0x10
[  266.321488][ T8760]  ? __mas_set_range+0x12f/0x3c0
[  266.321513][ T8760]  __split_vma+0x2fa/0xa00
[  266.321540][ T8760]  ? __pfx___split_vma+0x10/0x10
[  266.321569][ T8760]  ? mas_find+0xb0e/0xd30
[  266.321599][ T8760]  vms_gather_munmap_vmas+0x4ab/0x12b0
[  266.321646][ T8760]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  266.321682][ T8760]  ? mas_find+0xa7d/0xd30
[  266.321713][ T8760]  mmap_region+0x724/0x20c0
[  266.321754][ T8760]  ? __pfx_mmap_region+0x10/0x10
[  266.321860][ T8760]  ? mm_get_unmapped_area_vmflags+0xb3/0xe0
[  266.321887][ T8760]  ? hugetlb_get_unmapped_area+0x1f7/0x290
[  266.321911][ T8760]  ? cap_mmap_addr+0xb0/0x100
[  266.321936][ T8760]  ? bpf_lsm_mmap_addr+0x9/0x20
[  266.321954][ T8760]  ? security_mmap_addr+0x71/0x270
[  266.321979][ T8760]  ? shmem_mapping+0xd/0x50
[  266.322002][ T8760]  ? memfd_check_seals_mmap+0x165/0x200
[  266.322035][ T8760]  do_mmap+0xc45/0x10d0
[  266.322069][ T8760]  ? __pfx_do_mmap+0x10/0x10
[  266.322085][ T8760]  ? down_write_killable+0x178/0x230
[  266.322107][ T8760]  ? __pfx_down_write_killable+0x10/0x10
[  266.322125][ T8760]  ? common_file_perm+0x1b5/0x230
[  266.322161][ T8760]  vm_mmap_pgoff+0x2a6/0x4d0
[  266.322199][ T8760]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  266.322230][ T8760]  ? __fget_files+0x2a/0x420
[  266.322263][ T8760]  ? __fget_files+0x3a0/0x420
[  266.322289][ T8760]  ? __fget_files+0x2a/0x420
[  266.322321][ T8760]  ksys_mmap_pgoff+0x51f/0x760
[  266.322349][ T8760]  do_syscall_64+0xfa/0x3b0
[  266.322376][ T8760]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.322403][ T8760]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.322421][ T8760]  ? clear_bhb_loop+0x60/0xb0
[  266.322444][ T8760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.322462][ T8760] RIP: 0033:0x7f958d38e9a9
[  266.322481][ T8760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.322497][ T8760] RSP: 002b:00007f958e144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  266.322518][ T8760] RAX: ffffffffffffffda RBX: 00007f958d5b6080 RCX: 00007f958d38e9a9
[  266.322532][ T8760] RDX: 0000000003000002 RSI: 0000000000003000 RDI: 0000200000000000
[  266.322544][ T8760] RBP: 00007f958e144090 R08: 0000000000000004 R09: 0000000000000000
[  266.322555][ T8760] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000001
[  266.322565][ T8760] R13: 0000000000000000 R14: 00007f958d5b6080 R15: 00007ffeddaa88c8
[  266.322598][ T8760]  </TASK>
[  266.646038][    C1] vkms_vblank_simulate: vblank timer overrun
[  266.667345][ T8753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.732174][ T8753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.838376][   T48] pwc: Failed to set LED on/off time (-71)
[  266.849104][   T48] pwc: send_video_command error -71
[  266.854353][   T48] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  266.870068][   T48] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  266.891321][   T48] usb 2-1: USB disconnect, device number 33
[  267.152481][ T5169] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  267.174211][ T8776] netlink: 32 bytes leftover after parsing attributes in process `syz.4.910'.
[  267.290982][ T8778] netlink: 'syz.3.911': attribute type 4 has an invalid length.
[  267.801509][   T79] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x27
[  267.816673][ T8797] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  267.828007][ T8797] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  267.920545][ T8802] hfs: can't find a HFS filesystem on dev rnullb0
[  267.983167][ T8805] netlink: 'syz.1.921': attribute type 4 has an invalid length.
[  268.084341][   T30] audit: type=1326 audit(1753116456.282:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8806 comm="syz.1.922" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff874b8e9a9 code=0x0
[  268.267402][ T8811] input: syz1 as /devices/virtual/input/input14
[  269.117009][ T8826] netlink: 'syz.3.930': attribute type 4 has an invalid length.
[  269.220620][ T8830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.237192][ T8830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.324785][ T5915] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  269.501696][ T5915] usb 2-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=61.d7
[  269.514438][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.523573][ T5915] usb 2-1: Product: syz
[  269.528096][ T5915] usb 2-1: Manufacturer: syz
[  269.532751][ T5915] usb 2-1: SerialNumber: syz
[  269.542151][ T5915] usb 2-1: config 0 descriptor??
[  269.551934][ T5915] ldusb 2-1:0.0: Interrupt in endpoint not found
[  270.339268][ T8842] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  270.362830][ T8842] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  270.373343][ T8842] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  270.382697][ T8842] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[  270.392291][ T8842] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  270.400882][ T8842] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  270.410625][ T8842] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  270.419219][ T8842] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  270.427686][ T8842] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  270.436155][ T8842] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  270.722725][ T8851] netlink: 'syz.2.939': attribute type 4 has an invalid length.
[  270.891394][ T8858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.908536][ T8858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.066955][ T8863] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  271.074243][ T8863] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  271.341913][ T8869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.945'.
[  272.054424][ T8876] gfs2: not a GFS2 filesystem
[  272.104223][ T5847] usb 2-1: USB disconnect, device number 34
[  272.250128][ T8880] netlink: 'syz.4.950': attribute type 4 has an invalid length.
[  272.740898][ T8895] syz.4.957: attempt to access beyond end of device
[  272.740898][ T8895] loop4: rw=0, sector=64, nr_sectors = 8 limit=0
[  272.755431][ T8895] syz.4.957: attempt to access beyond end of device
[  272.755431][ T8895] loop4: rw=0, sector=120, nr_sectors = 8 limit=0
[  272.770435][ T8895] Mount JFS Failure: -5
[  272.941591][ T8903] netlink: 'syz.3.961': attribute type 4 has an invalid length.
[  273.786688][ T8939] netlink: 'syz.4.973': attribute type 4 has an invalid length.
[  274.244482][ T8950] FAULT_INJECTION: forcing a failure.
[  274.244482][ T8950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.260064][ T8950] CPU: 1 UID: 0 PID: 8950 Comm: syz.4.978 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  274.260093][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.260105][ T8950] Call Trace:
[  274.260113][ T8950]  <TASK>
[  274.260120][ T8950]  dump_stack_lvl+0x189/0x250
[  274.260153][ T8950]  ? __pfx____ratelimit+0x10/0x10
[  274.260180][ T8950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.260204][ T8950]  ? __pfx__printk+0x10/0x10
[  274.260235][ T8950]  should_fail_ex+0x414/0x560
[  274.260253][ T8950]  _copy_to_user+0x31/0xb0
[  274.260267][ T8950]  simple_read_from_buffer+0xe1/0x170
[  274.260286][ T8950]  proc_fail_nth_read+0x1b3/0x220
[  274.260301][ T8950]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.260316][ T8950]  ? rw_verify_area+0x2a6/0x4d0
[  274.260330][ T8950]  ? __lock_acquire+0xab9/0xd20
[  274.260341][ T8950]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.260355][ T8950]  vfs_read+0x1fd/0x980
[  274.260368][ T8950]  ? fdget_pos+0x247/0x320
[  274.260381][ T8950]  ? __pfx___mutex_lock+0x10/0x10
[  274.260398][ T8950]  ? __pfx_vfs_read+0x10/0x10
[  274.260413][ T8950]  ? __fget_files+0x2a/0x420
[  274.260432][ T8950]  ? __fget_files+0x3a0/0x420
[  274.260448][ T8950]  ? __fget_files+0x2a/0x420
[  274.260470][ T8950]  ksys_read+0x145/0x250
[  274.260486][ T8950]  ? __pfx_ksys_read+0x10/0x10
[  274.260498][ T8950]  ? rcu_is_watching+0x15/0xb0
[  274.260516][ T8950]  ? do_syscall_64+0xbe/0x3b0
[  274.260536][ T8950]  do_syscall_64+0xfa/0x3b0
[  274.260551][ T8950]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.260566][ T8950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.260578][ T8950]  ? clear_bhb_loop+0x60/0xb0
[  274.260592][ T8950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.260603][ T8950] RIP: 0033:0x7fba8fd8d3bc
[  274.260615][ T8950] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  274.260624][ T8950] RSP: 002b:00007fba90c6b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  274.260638][ T8950] RAX: ffffffffffffffda RBX: 00007fba8ffb5fa0 RCX: 00007fba8fd8d3bc
[  274.260647][ T8950] RDX: 000000000000000f RSI: 00007fba90c6b0a0 RDI: 0000000000000004
[  274.260654][ T8950] RBP: 00007fba90c6b090 R08: 0000000000000000 R09: 0000000000000000
[  274.260661][ T8950] R10: 000000000000fffc R11: 0000000000000246 R12: 0000000000000001
[  274.260668][ T8950] R13: 0000000000000000 R14: 00007fba8ffb5fa0 R15: 00007ffc27afa298
[  274.260686][ T8950]  </TASK>
[  274.611711][ T8952] netlink: 28 bytes leftover after parsing attributes in process `syz.3.980'.
[  274.760673][ T8958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.870717][ T8961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  275.114789][ T8967] netlink: 'syz.4.983': attribute type 4 has an invalid length.
[  275.530909][ T8980] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  275.538413][ T8980] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  276.011136][ T8991] netlink: 'syz.4.996': attribute type 4 has an invalid length.
[  276.028742][ T8997] exFAT-fs (rnullb0): invalid boot record signature
[  276.043268][ T8997] exFAT-fs (rnullb0): failed to read boot sector
[  276.061870][ T8997] exFAT-fs (rnullb0): failed to recognize exfat type
[  276.234272][ T9003] omfs: Invalid superblock (0)
[  276.441500][ T9010] netlink: 'syz.4.1001': attribute type 1 has an invalid length.
[  276.453185][ T9010] netlink: 'syz.4.1001': attribute type 4 has an invalid length.
[  276.461244][ T9010] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1001'.
[  276.827897][ T9025] netlink: 'syz.3.1006': attribute type 4 has an invalid length.
[  277.136883][ T9034] netlink: 'syz.1.1011': attribute type 10 has an invalid length.
[  277.219334][ T9042] hfs: can't find a HFS filesystem on dev rnullb0
[  277.809263][ T9067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1020'.
[  277.970855][ T9074] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  277.990680][ T9077] qnx4: no qnx4 filesystem (no root dir).
[  278.297610][ T9090] "syz.1.1028" (9090) uses obsolete ecb(arc4) skcipher
[  278.410267][ T9094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.420596][ T9094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.001830][ T9117] mkiss: ax0: crc mode is auto.
[  279.210956][ T9122] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  279.218404][ T9122] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  279.241649][ T9119] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  279.330624][ T9124] sctp: [Deprecated]: syz.3.1040 (pid 9124) Use of struct sctp_assoc_value in delayed_ack socket option.
[  279.330624][ T9124] Use struct sctp_sack_info instead
[  279.521947][ T9131] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1044'.
[  279.538767][ T9131] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  279.546139][ T9131] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  280.394679][ T5934] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  280.491147][ T9150] exFAT-fs (rnullb0): invalid boot record signature
[  280.497854][ T9150] exFAT-fs (rnullb0): failed to read boot sector
[  280.504200][ T9150] exFAT-fs (rnullb0): failed to recognize exfat type
[  280.554741][ T5934] usb 5-1: Using ep0 maxpacket: 32
[  280.563695][ T5934] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  280.580619][ T5934] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  280.587211][ T9153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.592767][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  280.601340][ T9153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.610818][ T5934] usb 5-1: Product: syz
[  280.619644][ T5934] usb 5-1: Manufacturer: syz
[  280.624321][ T5934] usb 5-1: SerialNumber: syz
[  280.633742][ T5934] usb 5-1: config 0 descriptor??
[  280.639915][ T9141] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.649200][ T5934] hub 5-1:0.0: bad descriptor, ignoring hub
[  280.655631][ T5934] hub 5-1:0.0: probe with driver hub failed with error -5
[  280.674689][ T5915] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  280.824690][ T5915] usb 2-1: Using ep0 maxpacket: 8
[  280.831644][ T5915] usb 2-1: descriptor type invalid, skip
[  280.840576][ T5915] usb 2-1: config 0 has no interfaces?
[  280.848092][ T5915] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  280.857456][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.865593][ T5915] usb 2-1: Product: syz
[  280.869878][ T5915] usb 2-1: Manufacturer: syz
[  280.874814][ T5915] usb 2-1: SerialNumber: syz
[  280.882891][ T5915] usb 2-1: config 0 descriptor??
[  280.932267][ T9155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.942553][ T9155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  281.097263][ T1214] usb 2-1: USB disconnect, device number 35
[  281.463383][ T9167] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1058'.
[  281.481105][ T9167] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  281.488296][ T9167] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  281.510805][ T9171] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.1059'.
[  281.631945][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  281.679577][   T30] audit: type=1800 audit(1753116469.882:13): pid=9177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1062" name="bus" dev="overlay" ino=1169 res=0 errno=0
[  281.705041][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  281.725981][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  281.795421][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  281.825846][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  281.915973][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  281.966589][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.044807][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.046394][ T9190] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1068'.
[  282.066170][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.079118][ T9190] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  282.087663][ T9190] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  282.147401][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.176092][ T1214] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.254998][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.306209][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.395132][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.446458][ T5915] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.480572][ T9202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.494122][ T9204] omfs: Invalid superblock (0)
[  282.495208][ T9202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.524793][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.547225][ T1214] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.629768][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.681609][ T1214] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.743320][ T9221] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1078'.
[  282.755224][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.760407][ T9220] netlink: 'syz.2.1080': attribute type 10 has an invalid length.
[  282.778203][ T9220] macvlan0: entered promiscuous mode
[  282.795917][ T9220] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  282.797698][ T9221] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  282.812811][ T9221] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  282.813685][ T5934] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.895016][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  282.915872][ T5934] raw-gadget.0 gadget.4: failed to queue suspend event
[  282.987199][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  283.015744][ T1214] raw-gadget.0 gadget.4: failed to queue suspend event
[  283.084826][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  283.116547][ T5934] raw-gadget.0 gadget.4: failed to queue suspend event
[  283.194927][ T9141] raw-gadget.0 gadget.4: failed to queue resume event
[  283.217402][ T5934] raw-gadget.0 gadget.4: failed to queue suspend event
[  283.253934][ T9141] raw-gadget.0 gadget.4: failed to queue disconnect event
[  283.268453][ T5847] usb 5-1: USB disconnect, device number 15
[  283.712099][ T9242] XFS (rnullb0): Invalid superblock magic number
[  283.722737][ T9250] 9pnet_fd: p9_fd_create_unix (9250): problem connecting socket: ./cgroup: -111
[  283.734012][ T9249] binder: 9247:9249 ioctl c0306201 2000000003c0 returned -14
[  283.915062][ T5934] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  283.985151][ T1861] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  284.084739][ T5934] usb 5-1: Using ep0 maxpacket: 8
[  284.092045][ T5934] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  284.101795][ T5934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.124781][ T5934] pvrusb2: Hardware description: Terratec Grabster AV400
[  284.133130][ T5934] pvrusb2: **********
[  284.137285][ T5934] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  284.148142][ T5934] pvrusb2: Important functionality might not be entirely working.
[  284.155822][ T1861] usb 2-1: not running at top speed; connect to a high speed hub
[  284.156330][ T5934] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  284.175907][ T1861] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  284.176037][ T5934] pvrusb2: **********
[  284.193825][ T1861] usb 2-1: config 1 has no interface number 1
[  284.200369][ T1861] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  284.219074][ T1861] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  284.228604][ T1861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.237186][ T1861] usb 2-1: Product: syz
[  284.241568][ T1861] usb 2-1: Manufacturer: syz
[  284.246957][ T1861] usb 2-1: SerialNumber: syz
[  284.400785][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.412462][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.429216][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.461291][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.479353][ T9249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.490050][ T9249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.502823][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.514481][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.535355][ T1861] usb 2-1: failed to enable PITCH for EP 0x82
[  284.608770][ T1861] usb 2-1: USB disconnect, device number 36
[  284.719047][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  284.750870][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.780779][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.792021][ T9241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.801475][ T9241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.824723][ T2351] pvrusb2: Invalid write control endpoint
[  284.923016][ T2351] pvrusb2: Invalid write control endpoint
[  284.934409][ T2351] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  284.947905][ T2351] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  284.955888][ T2351] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  284.967604][ T2351] pvrusb2: Device being rendered inoperable
[  284.977646][ T2351] cx25840 3-0044: Unable to detect h/w, assuming cx23887
[  284.990636][ T2351] cx25840 3-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c)
[  285.002391][ T2351] pvrusb2: Attached sub-driver cx25840
[  285.010751][ T2351] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  285.033238][ T2351] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  285.050281][ T5915] usb 5-1: USB disconnect, device number 16
[  285.374498][ T9280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  285.390998][ T9280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  285.406905][ T9280] FAULT_INJECTION: forcing a failure.
[  285.406905][ T9280] name failslab, interval 1, probability 0, space 0, times 0
[  285.421507][ T9280] CPU: 1 UID: 0 PID: 9280 Comm: syz.3.1102 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  285.421535][ T9280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  285.421546][ T9280] Call Trace:
[  285.421553][ T9280]  <TASK>
[  285.421562][ T9280]  dump_stack_lvl+0x189/0x250
[  285.421596][ T9280]  ? __pfx____ratelimit+0x10/0x10
[  285.421624][ T9280]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.421650][ T9280]  ? __pfx__printk+0x10/0x10
[  285.421687][ T9280]  ? __lock_acquire+0xab9/0xd20
[  285.421712][ T9280]  should_fail_ex+0x414/0x560
[  285.421742][ T9280]  should_failslab+0xa8/0x100
[  285.421766][ T9280]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  285.421790][ T9280]  ? alloc_io_context+0x27/0x290
[  285.421821][ T9280]  alloc_io_context+0x27/0x290
[  285.421849][ T9280]  set_task_ioprio+0x462/0x5e0
[  285.421872][ T9280]  ? set_task_ioprio+0x60/0x5e0
[  285.421900][ T9280]  __se_sys_ioprio_set+0x519/0xa30
[  285.421921][ T9280]  ? __se_sys_ioprio_set+0xd0/0xa30
[  285.421950][ T9280]  do_syscall_64+0xfa/0x3b0
[  285.421975][ T9280]  ? lockdep_hardirqs_on+0x9c/0x150
[  285.422011][ T9280]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.422029][ T9280]  ? clear_bhb_loop+0x60/0xb0
[  285.422053][ T9280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.422071][ T9280] RIP: 0033:0x7fb33778e9a9
[  285.422090][ T9280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.422106][ T9280] RSP: 002b:00007fb338551038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb
[  285.422128][ T9280] RAX: ffffffffffffffda RBX: 00007fb3379b5fa0 RCX: 00007fb33778e9a9
[  285.422142][ T9280] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  285.422153][ T9280] RBP: 00007fb338551090 R08: 0000000000000000 R09: 0000000000000000
[  285.422165][ T9280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.422176][ T9280] R13: 0000000000000000 R14: 00007fb3379b5fa0 R15: 00007ffdff3de658
[  285.422210][ T9280]  </TASK>
[  285.623318][    C1] vkms_vblank_simulate: vblank timer overrun
[  286.480341][ T9306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.489909][ T9306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.014661][ T5915] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  287.063701][ T9315] qnx4: no qnx4 filesystem (no root dir).
[  287.187403][ T5915] usb 5-1: Using ep0 maxpacket: 32
[  287.200807][ T5915] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  287.210098][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.218725][ T5915] usb 5-1: Product: syz
[  287.223100][ T5915] usb 5-1: Manufacturer: syz
[  287.228170][ T5915] usb 5-1: SerialNumber: syz
[  287.238520][ T5915] usb 5-1: config 0 descriptor??
[  287.656666][ T5915] airspy 5-1:0.0: Board ID: 00
[  287.661544][ T5915] airspy 5-1:0.0: Firmware version: 
[  288.094848][   T31] INFO: task kworker/0:6:5936 blocked for more than 144 seconds.
[  288.102916][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  288.124007][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.138838][   T31] task:kworker/0:6     state:D stack:22760 pid:5936  tgid:5936  ppid:2      task_flags:0x4288060 flags:0x00004000
[  288.167339][   T31] Workqueue: usb_hub_wq hub_event
[  288.172579][   T31] Call Trace:
[  288.191629][   T31]  <TASK>
[  288.195469][   T31]  __schedule+0x1737/0x4d30
[  288.200085][   T31]  ? schedule+0x165/0x360
[  288.205626][   T31]  ? preempt_schedule+0xae/0xc0
[  288.214711][   T31]  ? __pfx___schedule+0x10/0x10
[  288.219978][   T31]  ? preempt_schedule_common+0x83/0xd0
[  288.234669][   T31]  ? __pfx_preempt_schedule+0x10/0x10
[  288.244708][   T31]  ? schedule+0x91/0x360
[  288.249222][   T31]  schedule+0x165/0x360
[  288.262614][   T31]  schedule_timeout+0x9a/0x270
[  288.274710][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  288.283571][ T9350] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1130'.
[  288.284828][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.298606][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.303917][   T31]  ? wait_for_completion+0x267/0x5d0
[  288.311143][   T31]  wait_for_completion+0x2bf/0x5d0
[  288.316470][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  288.322545][   T31]  i2c_del_adapter+0x581/0x6e0
[  288.329517][   T31]  ? rcu_is_watching+0x15/0xb0
[  288.334469][   T31]  ? pvr2_hdw_disconnect+0x6d/0x500
[  288.340312][   T31]  ? rpm_resume+0xbde/0x15f0
[  288.346454][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  288.351941][   T31]  pvr2_i2c_core_done+0x58/0xb0
[  288.357391][   T31]  pvr2_hdw_disconnect+0x9f/0x500
[  288.362599][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  288.368954][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  288.376167][   T31]  pvr2_context_disconnect+0x42/0x210
[  288.381830][   T31]  pvr_disconnect+0x78/0xe0
[  288.386850][   T31]  usb_unbind_interface+0x26b/0x910
[  288.392251][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  288.402322][   T31]  device_release_driver_internal+0x4d6/0x800
[  288.409814][   T31]  bus_remove_device+0x34d/0x410
[  288.415782][   T31]  device_del+0x511/0x8e0
[  288.420368][   T31]  ? __pm_runtime_barrier+0x212/0x460
[  288.426240][   T31]  ? __pfx_device_del+0x10/0x10
[  288.431149][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  288.436449][   T31]  usb_disable_device+0x3e9/0x8a0
[  288.441536][   T31]  usb_disconnect+0x330/0x950
[  288.446382][   T31]  hub_event+0x1cf5/0x4a20
[  288.450863][   T31]  ? save_fpregs_to_fpstate+0xa3/0x210
[  288.456490][   T31]  ? do_raw_spin_lock+0x121/0x290
[  288.461540][   T31]  ? register_lock_class+0x51/0x320
[  288.466870][   T31]  ? __pfx_hub_event+0x10/0x10
[  288.471661][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  288.477536][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.482765][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  288.488586][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  288.494337][   T31]  process_scheduled_works+0xade/0x17b0
[  288.500078][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  288.506849][   T31]  worker_thread+0x8a0/0xda0
[  288.511573][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  288.518704][   T31]  ? __kthread_parkme+0x7b/0x200
[  288.523719][   T31]  kthread+0x70e/0x8a0
[  288.528478][   T31]  ? __pfx_worker_thread+0x10/0x10
[  288.533738][   T31]  ? __pfx_kthread+0x10/0x10
[  288.538493][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.543807][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.549222][   T31]  ? __pfx_kthread+0x10/0x10
[  288.553846][   T31]  ret_from_fork+0x3f9/0x770
[  288.558522][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  288.563679][   T31]  ? __switch_to_asm+0x39/0x70
[  288.568515][   T31]  ? __switch_to_asm+0x33/0x70
[  288.573302][   T31]  ? __pfx_kthread+0x10/0x10
[  288.577983][   T31]  ret_from_fork_asm+0x1a/0x30
[  288.582791][   T31]  </TASK>
[  288.585929][   T31] 
[  288.585929][   T31] Showing all locks held in the system:
[  288.593661][   T31] 1 lock held by khungtaskd/31:
[  288.599359][   T31]  #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  288.609366][   T31] 2 locks held by getty/5607:
[  288.614052][   T31]  #0: ffff8880339de0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  288.626168][   T31]  #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  288.637816][   T31] 6 locks held by kworker/1:4/5915:
[  288.643073][   T31]  #0: ffff888021ec9d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  288.656069][   T31]  #1: ffffc90004337bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  288.668104][   T31]  #2: ffff8880288bb198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  288.677186][   T31]  #3: ffff888031fd6198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  288.686646][   T31]  #4: ffff888024835160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  288.696055][   T31]  #5: ffff88807ad70c00 (airspy:1039:(&s->hdl)->_lock){+.+.}-{4:4}, at: v4l2_ctrl_handler_setup+0x53/0x90
[  288.707552][   T31] 6 locks held by kworker/0:6/5936:
[  288.712774][   T31]  #0: ffff888021ec9d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  288.724967][   T31]  #1: ffffc900043e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  288.739164][   T31]  #2: ffff888028827198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  288.748335][   T31]  #3: ffff888057f2a198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[  288.757742][   T31]  #4: ffff888024d27160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800
[  288.768544][   T31]  #5: ffff88805ec00188 (&hdw->big_lock_mutex){+.+.}-{4:4}, at: pvr2_hdw_disconnect+0x6d/0x500
[  288.772029][ T5915] airspy 5-1:0.0: usb_control_msg() failed -71 request 10
[  288.779101][   T31] 3 locks held by kworker/u8:11/6467:
[  288.779127][   T31] 4 locks held by udevd/7377:
[  288.779140][   T31]  #0: ffff888020f279e0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  288.809897][   T31]  #1: ffff88805f8f0088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[  288.810305][ T5915] airspy 5-1:0.0: Registered as swradio24
[  288.819609][   T31]  #2: ffff88805917e0f8 (kn->active#30){.+.+}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[  288.831748][ T5915] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  288.836767][   T31]  #3: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: sysfs_file_kobj+0x1a/0x230
[  288.856837][ T5915] usb 5-1: USB disconnect, device number 17
[  288.862334][   T31] 1 lock held by syz.1.1130/9348:
[  288.872262][   T31]  #0: ffffffff8e543200 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  288.883891][   T31] 
[  288.890816][   T31] =============================================
[  288.890816][   T31] 
[  288.901678][   T31] NMI backtrace for cpu 0
[  288.901698][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  288.901727][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  288.901738][   T31] Call Trace:
[  288.901747][   T31]  <TASK>
[  288.901755][   T31]  dump_stack_lvl+0x189/0x250
[  288.901790][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.901817][   T31]  ? __pfx__printk+0x10/0x10
[  288.901858][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  288.901886][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  288.901920][   T31]  ? __pfx__printk+0x10/0x10
[  288.901952][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  288.901976][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  288.902003][   T31]  watchdog+0xf93/0xfe0
[  288.902029][   T31]  ? watchdog+0x1de/0xfe0
[  288.902056][   T31]  kthread+0x70e/0x8a0
[  288.902087][   T31]  ? __pfx_watchdog+0x10/0x10
[  288.902107][   T31]  ? __pfx_kthread+0x10/0x10
[  288.902137][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.902162][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.902186][   T31]  ? __pfx_kthread+0x10/0x10
[  288.902215][   T31]  ret_from_fork+0x3f9/0x770
[  288.902242][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  288.902273][   T31]  ? __switch_to_asm+0x39/0x70
[  288.902289][   T31]  ? __switch_to_asm+0x33/0x70
[  288.902304][   T31]  ? __pfx_kthread+0x10/0x10
[  288.902332][   T31]  ret_from_fork_asm+0x1a/0x30
[  288.902366][   T31]  </TASK>
[  288.902399][   T31] Sending NMI from CPU 0 to CPUs 1:
[  289.056746][    C1] NMI backtrace for cpu 1
[  289.056764][    C1] CPU: 1 UID: 0 PID: 5201 Comm: syslogd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  289.056784][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  289.056793][    C1] RIP: 0010:rcu_is_watching+0x5a/0xb0
[  289.056817][    C1] Code: f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 dc 99 7c 00 48 c7 c3 58 7f e8 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 34 8b 03 65 ff 0d c9 98 40 11 74 11 83 e0 04 c1 e8 02 5b
[  289.056831][    C1] RSP: 0018:ffffc900030d7390 EFLAGS: 00000a06
[  289.056846][    C1] RAX: 0000000000000000 RBX: ffff8880b8732f58 RCX: 8db6101a3f853000
[  289.056857][    C1] RDX: ffffffff906b7900 RSI: ffffffff8c04d3e0 RDI: ffffffff8c04d3a0
[  289.056874][    C1] RBP: dffffc0000000000 R08: 0000000000000022 R09: ffffffff81730195
[  289.056884][    C1] R10: ffffc900030d7538 R11: ffffffff81ac9660 R12: 00007ffe4dbe98e0
[  289.056895][    C1] R13: ffffffff81730195 R14: ffffffff8de93d18 R15: dffffc0000000000
[  289.056906][    C1] FS:  00007f738c400c80(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000
[  289.056920][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  289.056930][    C1] CR2: 00007ffccfd9cf80 CR3: 000000007eff6000 CR4: 00000000003526f0
[  289.056946][    C1] Call Trace:
[  289.056952][    C1]  <TASK>
[  289.056960][    C1]  ? unwind_next_frame+0xa5/0x2390
[  289.056979][    C1]  lock_release+0x4b/0x3e0
[  289.056999][    C1]  ? unwind_next_frame+0xa5/0x2390
[  289.057016][    C1]  unwind_next_frame+0x19a9/0x2390
[  289.057037][    C1]  ? unwind_next_frame+0xa5/0x2390
[  289.057055][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.057073][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  289.057094][    C1]  arch_stack_walk+0x11c/0x150
[  289.057119][    C1]  stack_trace_save+0x9c/0xe0
[  289.057139][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  289.057163][    C1]  ? __lock_acquire+0xab9/0xd20
[  289.057179][    C1]  kasan_save_track+0x3e/0x80
[  289.057193][    C1]  ? kasan_save_track+0x3e/0x80
[  289.057206][    C1]  ? kasan_save_free_info+0x46/0x50
[  289.057223][    C1]  ? __kasan_slab_free+0x62/0x70
[  289.057237][    C1]  ? kfree+0x18e/0x440
[  289.057251][    C1]  ? skb_release_data+0x62d/0x7c0
[  289.057267][    C1]  ? consume_skb+0x9e/0xf0
[  289.057280][    C1]  ? __unix_dgram_recvmsg+0x9f9/0xd60
[  289.057299][    C1]  ? sock_recvmsg+0x229/0x270
[  289.057317][    C1]  ? sock_read_iter+0x231/0x2f0
[  289.057333][    C1]  ? vfs_read+0x4d0/0x980
[  289.057350][    C1]  ? ksys_read+0x145/0x250
[  289.057365][    C1]  ? do_syscall_64+0xfa/0x3b0
[  289.057385][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.057419][    C1]  kasan_save_free_info+0x46/0x50
[  289.057438][    C1]  __kasan_slab_free+0x62/0x70
[  289.057452][    C1]  ? skb_release_data+0x62d/0x7c0
[  289.057466][    C1]  kfree+0x18e/0x440
[  289.057482][    C1]  skb_release_data+0x62d/0x7c0
[  289.057502][    C1]  consume_skb+0x9e/0xf0
[  289.057516][    C1]  __unix_dgram_recvmsg+0x9f9/0xd60
[  289.057541][    C1]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  289.057567][    C1]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  289.057588][    C1]  ? unix_dgram_recvmsg+0xb1/0xd0
[  289.057602][    C1]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  289.057617][    C1]  sock_recvmsg+0x229/0x270
[  289.057637][    C1]  sock_read_iter+0x231/0x2f0
[  289.057656][    C1]  ? __pfx_sock_read_iter+0x10/0x10
[  289.057686][    C1]  ? bpf_lsm_file_permission+0x9/0x20
[  289.057700][    C1]  ? security_file_permission+0x75/0x290
[  289.057722][    C1]  vfs_read+0x4d0/0x980
[  289.057744][    C1]  ? __pfx_vfs_read+0x10/0x10
[  289.057765][    C1]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[  289.057792][    C1]  ksys_read+0x145/0x250
[  289.057810][    C1]  ? __pfx_ksys_read+0x10/0x10
[  289.057826][    C1]  ? rcu_is_watching+0x15/0xb0
[  289.057845][    C1]  ? do_syscall_64+0xbe/0x3b0
[  289.057867][    C1]  do_syscall_64+0xfa/0x3b0
[  289.057887][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.057901][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  289.057916][    C1]  ? clear_bhb_loop+0x60/0xb0
[  289.057932][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.057946][    C1] RIP: 0033:0x7f738c550407
[  289.057959][    C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  289.057971][    C1] RSP: 002b:00007ffe4dbe98e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  289.057986][    C1] RAX: ffffffffffffffda RBX: 00007f738c400c80 RCX: 00007f738c550407
[  289.057996][    C1] RDX: 00000000000000ff RSI: 0000556a0e7ef950 RDI: 0000000000000000
[  289.058006][    C1] RBP: 0000556a0e7ef910 R08: 0000000000000000 R09: 0000000000000000
[  289.058015][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556a0e7ef9a0
[  289.058025][    C1] R13: 0000000000000000 R14: 0000556a0e7ef950 R15: 0000556a03475d98
[  289.058043][    C1]  </TASK>
[  289.543885][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  289.550800][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  289.562093][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  289.572151][   T31] Call Trace:
[  289.575434][   T31]  <TASK>
[  289.578366][   T31]  dump_stack_lvl+0x99/0x250
[  289.582970][   T31]  ? __asan_memcpy+0x40/0x70
[  289.587590][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.592797][   T31]  ? __pfx__printk+0x10/0x10
[  289.597409][   T31]  vpanic+0x281/0x750
[  289.601398][   T31]  ? __pfx_vpanic+0x10/0x10
[  289.605904][   T31]  ? preempt_schedule+0xae/0xc0
[  289.610775][   T31]  ? preempt_schedule_common+0x83/0xd0
[  289.616337][   T31]  panic+0xb9/0xc0
[  289.620061][   T31]  ? __pfx_panic+0x10/0x10
[  289.624480][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  289.629862][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  289.636023][   T31]  watchdog+0xfd2/0xfe0
[  289.640195][   T31]  ? watchdog+0x1de/0xfe0
[  289.644546][   T31]  kthread+0x70e/0x8a0
[  289.648641][   T31]  ? __pfx_watchdog+0x10/0x10
[  289.653318][   T31]  ? __pfx_kthread+0x10/0x10
[  289.657920][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  289.663148][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.668354][   T31]  ? __pfx_kthread+0x10/0x10
[  289.672954][   T31]  ret_from_fork+0x3f9/0x770
[  289.677549][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  289.682673][   T31]  ? __switch_to_asm+0x39/0x70
[  289.687435][   T31]  ? __switch_to_asm+0x33/0x70
[  289.692201][   T31]  ? __pfx_kthread+0x10/0x10
[  289.696800][   T31]  ret_from_fork_asm+0x1a/0x30
[  289.701584][   T31]  </TASK>
[  289.704918][   T31] Kernel Offset: disabled
[  289.709262][   T31] Rebooting in 86400 seconds..