last executing test programs:

1m24.698022076s ago: executing program 1 (id=191):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=<r0=>0x0)
r1 = getpgrp(r0)
syz_open_procfs$namespace(r1, &(0x7f0000000100)='ns/net\x00')

1m24.600342073s ago: executing program 1 (id=192):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r6, 0x1, 0x41020000, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

1m24.579475187s ago: executing program 1 (id=193):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0xf000000}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0)

1m24.53601318s ago: executing program 1 (id=194):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f00000010c0)) (async, rerun: 64)
sendfile(r0, r0, 0x0, 0x7ffff000) (rerun: 64)

1m23.488319394s ago: executing program 1 (id=200):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x9, 0x10381)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0xa, 0x3, 0xdf1c, 0x9, 0x18, 0x1})
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0xffffffffffffffff, 0x7, 0x1000000, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x800000]})
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="36d0e866b8970000000f23c80f2175f8f8350c00a0000f23f80f0179840f3295668d0004400f7e060c002e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0cb87ac88000666fda6509", 0x4c}], 0x1, 0x1a, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r4, 0x6f000)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000100)={{r4}, 0x9, 0x86, 0x5})

1m23.316193877s ago: executing program 1 (id=203):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x940, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, r3, 0x1, 0x10100, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008814}, 0x0)
recvmsg$qrtr(r1, &(0x7f0000003700)={&(0x7f0000000140), 0xc, &(0x7f0000003640)=[{&(0x7f0000000180)=""/83, 0x53}, {&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f0000000300)=""/197, 0xc5}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/90, 0x5a}, {&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f0000002480)=""/22, 0x16}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f00000034c0)=""/86, 0x56}, {&(0x7f0000003540)=""/208, 0xd0}], 0xa}, 0x38, 0x1)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0)
syz_usb_connect$cdc_ecm(0x6, 0x4d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x1, 0x30, 0x7, [{{0x9, 0x4, 0x0, 0x9f, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0xc, 0x6, 0x5, 0xf}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0xaf, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xf, 0x6, 0x2}}}}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000040)={0x5ec1f0fe, 0xe, 0x9}, 0xc)
ioctl$sock_qrtr_SIOCGIFADDR(r1, 0x8915, 0x0)
setreuid(0x0, 0xee00)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000fcff"], 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000)

1m7.625449792s ago: executing program 32 (id=203):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x940, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x30, r3, 0x1, 0x10100, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008814}, 0x0)
recvmsg$qrtr(r1, &(0x7f0000003700)={&(0x7f0000000140), 0xc, &(0x7f0000003640)=[{&(0x7f0000000180)=""/83, 0x53}, {&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f0000000300)=""/197, 0xc5}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/90, 0x5a}, {&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f0000002480)=""/22, 0x16}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f00000034c0)=""/86, 0x56}, {&(0x7f0000003540)=""/208, 0xd0}], 0xa}, 0x38, 0x1)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0)
syz_usb_connect$cdc_ecm(0x6, 0x4d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x1, 0x30, 0x7, [{{0x9, 0x4, 0x0, 0x9f, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0xc, 0x6, 0x5, 0xf}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x2, 0xaf, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xf, 0x6, 0x2}}}}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000040)={0x5ec1f0fe, 0xe, 0x9}, 0xc)
ioctl$sock_qrtr_SIOCGIFADDR(r1, 0x8915, 0x0)
setreuid(0x0, 0xee00)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000fcff"], 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000)

24.212457191s ago: executing program 0 (id=604):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x880fe, @loopback}, 0x1c)

24.165834067s ago: executing program 0 (id=605):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000010c0), 0x220a00, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="ad4308a803a93ae832cfe6d5ef23337e0f698efa258fa9d3bc1c9df29b8749c5ffd0074397d4b10c19ca158b9169fc747e0ce81800f6ab54701b60db0d358f0341b17544b7edabe88d90fc5a63b52a5eee75baf1278b9c106f3c728d86482d41a1b38f52ef3ad9e716e77953d785625a2279cf4fd6266ccaba213de2e35c65a01968cf04d00a1ca520baf750b816fafde164d33bfafb0fee4aae07b55527d4d61deda8a79a1be0238b8309d25f34019a61f0363bd8bdf6bae02edd9d34b01b8157e510898a6e7d7217224d331981b5c2bb14d88bdc317c7a88eb04c5ef7be4021f8dbbf25c65b82d0f787de0c0b87c2d51c21e948c9c8f8077e0341b04c4ff", 0xff}], 0x1}, 0x40)
r2 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xfffffffffffffddf, &(0x7f0000000340)=ANY=[@ANYBLOB="81"])
syz_usb_control_io(r2, 0x0, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000040)={0x3ff, 0x7, 0x6})
dup(r1)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x2)
read$char_usb(r4, &(0x7f00000000c0)=""/4096, 0x1000)
r5 = dup(r3)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r6, 0x80083314, 0x0)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)

23.337812968s ago: executing program 4 (id=607):
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x84800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, 0x0, 0x40)
close_range(r0, 0xffffffffffffffff, 0x0)

23.268409645s ago: executing program 4 (id=608):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)='btrfs\x00', 0x141042, &(0x7f0000001100)='\x0e\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg(r2, &(0x7f0000002540)={0x0, 0x0, &(0x7f00000023c0), 0x0, &(0x7f0000002400)=[{0x70, 0x112, 0x1000, "8e9d2713838450fb778e174c58b0029812581e4e09c4ba30bd2a1f5a181d3aac5fb455efc941481c06d3dce32cd801fcf69cce1cecf21b88670053f14d196ce8df976fce5c5d3f6aade672c84a69f02bad9ca2c3335029dbc9"}, {0x98, 0x115, 0x2, "1a43f8e02951f8274afa5cc08a90e502eb4c5d1bc9dc80c5ec68ffcbc244c16f74fd9b2aa86de27e3d07bdffbc990e353ac74023843bbac7f44bc7bf77457524f57bb49a5a5c0e2dd93472efdd94ccd48a19d0f66f5ec2ee92210da2c134fa3150b5c13823b1275607dc52e67d34facd67ab86e3bd7d8fda8a09ac255827057e595880bc56"}], 0x108}, 0x28004080)
ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0x7f, 0x80, 0x0, 0xb9ff, 0x9})
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x43, 0xa2, 0xb8, 0x10, 0x403, 0xda74, 0x4a7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xe7, 0x3, 0x0, 0xf0, 0x1b, 0x4b, 0x8}}]}}]}}, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=r3], 0x2)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0xff})
r4 = syz_open_pts(r1, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0x3, @private2, 0xffffffff}}, 0x0, 0x300}, 0x90)
r6 = dup3(r4, r1, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x97)
r7 = dup(r0)
write$UHID_INPUT(r7, &(0x7f0000000040)={0xf, {"a2e3ad214fc752f90b5e094f4bf70e0dd038e7ff7fc6e5539b1b4d078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d9b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d075d0736cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146680400416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb53682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e08d4db9d76864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251aec29b32f8210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ac015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67784f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a700d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r8 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0)
r9 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000002340), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r6, 0xc0189378, &(0x7f0000002380)={{0x1, 0x1, 0x18, r8, {r9}}, './file0\x00'})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000002280)={0x3, 0x0, [{0x6000, 0x1000, &(0x7f0000001140)=""/4096}, {0x0, 0xac, &(0x7f0000002140)=""/172}, {0xeeee0000, 0x68, &(0x7f0000002200)=""/104}]})

21.356606023s ago: executing program 0 (id=614):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d000110000000090400"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, 0x1000})
semget(0x1, 0x1, 0x4)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040))

20.16788491s ago: executing program 4 (id=620):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, 0xffffffffffffffff, 0x2000) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = syz_open_dev$vcsu(&(0x7f0000000080), 0x100000000, 0x8501)
r2 = socket$inet_sctp(0x2, 0x1, 0x84) (async)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r4 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) (async)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) (async)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) (async)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000bc4000/0x4000)=nil, &(0x7f00008d6000/0x3000)=nil, 0x4000}) (async)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000200)={0x2, [0x0, 0x0]}, &(0x7f0000000240)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, 0x9}]}, 0x0) (async)
setsockopt$inet_buf(r1, 0x0, 0x25, &(0x7f00000002c0)="fca798c8ea7a1044540bef2013f460d9d5de32008bef4d303eeccc964d399929448b781f2a30a20f7995fae188e234ec3e3a0f60cb70018ab8b7e3b16226687d1948d589681520d2e6ceccd22bce17dd01fd668d2a59d5f819c4fcd6573a08fad116343e2e5a8247d613562762c744f5a305885d8adc8e30f607c58ece4abd9b606b94c479833c41fa988c6c77c8ee572205c0a7ee4ced9321d85e9c72a660acc1426e7e7f83d69e0e2179a355b5cccff8942b10bff2fe52d8ecb84576a6e35ac6490c86c1c5da77f8c30a5fb4df7b94cd8a9bcca899b5e2ccd2957cfe6c495767956c572bb9f1cc9f49fab5941747", 0xef) (async)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f00000010c0)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000100)={r6, @in={{0x2, 0x4e20, @empty}}, 0x1, 0x2b}, 0x90) (async)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=r6, &(0x7f0000000140)=0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r7) (async)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000001840)=ANY=[@ANYBLOB="49000401", @ANYRES16=r8, @ANYBLOB="01002bbd7000fbdbdf250700000008000300", @ANYRES32=r9, @ANYBLOB="140004006361696630000000000000000000000008000500060000000800178004000500"], 0x40}, 0x1, 0x0, 0x0, 0xc804}, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth1_to_batadv\x00', &(0x7f0000000000)=@ethtool_ts_info})
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async)
socket$key(0xf, 0x3, 0x2)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f00000001c0)={0x1, 0x0, {0x9, 0x8, 0x1, 0x4}})

20.024216745s ago: executing program 4 (id=621):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a64000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000380004803400018009000100686173680000000024000280080002400000000f08000240000000170800044000000004080007400000000114000000110001"], 0x8c}, 0x1, 0x0, 0x0, 0x44810}, 0x4008006)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/kexec_crash_loaded', 0x4a002, 0xad)
madvise(&(0x7f000040d000/0x1000)=nil, 0x1000, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000001c0)={&(0x7f0000000240)=""/61, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x2408c0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r2, 0x3b87, &(0x7f0000000140)={0x18, 0x1, 0x0, 0x0, r3, 0x1})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r5 = dup(r4)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141042, 0x0)
write$sequencer(r6, &(0x7f0000000f00)=[@t={0x81, 0x8}], 0x8)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000180)={0x40, 0x3, 0x2, '#\t'}, 0x0, 0x0})
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace(0x4207, r9)
recvmmsg(r7, &(0x7f0000004d80)=[{{0x0, 0x0, 0x0}, 0xffff}], 0x1, 0x2000, &(0x7f0000004e40)={0x0, 0x989680})
connect$packet(r7, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
shutdown(r7, 0x1)
write$UHID_INPUT(r5, &(0x7f0000001040)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b098b9b711b5d52191b080d29428f0e1ac6e7049b3468959b189a242a9b43f3988f7ef319520100ffe8d178708c523c921b1b50380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c251556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a211d9e9d943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

18.971719335s ago: executing program 2 (id=629):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)

18.877870353s ago: executing program 2 (id=630):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES32=0x0], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000005000000bbbbaaaaaaaf43bb86dd6d002000001011ffe097bb74bcc0a7af3132906a421f314b61447d2362a0a0cf9775b2fc3c00000000000000000000000000000000ff020000000000000000000000000001"], 0x4a)
syz_usb_disconnect(r0)
close(r3)

18.244316234s ago: executing program 0 (id=631):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee69e30103010902240001000010000904b8070296d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000a40)={0x2c, &(0x7f0000000380)={0x0, 0x8, 0x2, {0x2, 0x10}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000380)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001100)={0x84, &(0x7f0000000c00)=ANY=[@ANYBLOB="203004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000040)={0x14, &(0x7f00000000c0)={0x40, 0x24, 0x8f, {0x8f, 0x24, "50cb26ace64c45967a97d508eb1c548d151950c6b8f464a60f4f577307e4eed862bbe91e2a06452ac664760c4ea4ba0fea5f3cfa1092dd4f68b08ca043841edd0ac9bedef01faa828ac706490be413d53c9ffedcbdaa3f69331cd68cd9815893a0a1e311565349241bf6fa638126b2405543ebc704966d598688ebd1519844815da4293ee4672eedb9b7a75075"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000340)={0x1c, &(0x7f00000001c0)={0x40, 0x3, 0xa3, "3ae5a1a9a5f8a29ab6f3402a0b030c2675cf3e62fa7f521fa22a53fdb23f7f80a86b7f47fb5a144638ac2c68d181aef7a0ef9b2a75472513f1fb2459368fb34bef3aba467a0de8df18b16899665e4b5fedc1ff042cfe5e9db2219bac3d4a4efd03c8eac3f4a8d2c373e7a50e1cb95dd640fda27ab0ca6e275e911d85cbd8636572ed67a06ee7dee9ac625ebcac1e764cd72837992bcf2e4ce2ca172cdeea19f06cc006"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xa}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x7}})
syz_usb_control_io$printer(r0, 0x0, 0x0)

16.932411097s ago: executing program 4 (id=636):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_RESP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4841)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r2, 0x2000)

16.743337149s ago: executing program 3 (id=638):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000000017c000038000480312c", @ANYRESDEC=0x0, @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e05f72920"], 0x8)

16.612289987s ago: executing program 3 (id=639):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (rerun: 32)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8894}, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x70, 0x0, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async, rerun: 32)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00007c7000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) (async)
r6 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r6, 0xc06864b8, &(0x7f00000008c0)={0x0, 0x15bd, 0xb6ca, 0x0, 0x0, [0x2]})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0) (async)
r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
setsockopt$inet_buf(r7, 0x0, 0x2b, &(0x7f00000000c0)="a8c6f24f548cf8234fc4858215dc77b2f535a766dbf8a25718662323c595e3523311e06ff22f84ba7a7a938bb9e4c1bd408acb", 0x33)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, 0xffffffffffffffff, 0x99b33000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil})

16.559668872s ago: executing program 4 (id=640):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYRES16=r2], 0x18}, 0x1, 0x0, 0x0, 0x240000d5}, 0x4000)
recvmmsg(r9, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}], 0x2, 0x22, 0x0)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000380)={0x30, r10, 0x9, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYRESOCT=r3, @ANYRES32=r3], 0xfd45}}, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_TIMEOUT(r11, 0x11, 0x48a, &(0x7f0000000040)={0x5, 0x1, 0x40}, 0xc)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="400403450101e0"], 0x7)

16.491078557s ago: executing program 3 (id=641):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x36, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000009ac0)={{0x4, 0x0, 0x80, {0x10000, 0x4000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9fae702d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b9f802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963cd14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb193213f4bccab1c34c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f0d9ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d579531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a785d820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37dfd149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f2729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab21842da1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336343f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a99b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f8f4ed0b27cedd1c5e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

16.357579091s ago: executing program 3 (id=642):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, 0x0, r1, <r2=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r0, 0x3b8b, &(0x7f0000000080)={0x10, 0x1, r2})

16.317516914s ago: executing program 3 (id=643):
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x84800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x40)
close_range(r0, 0xffffffffffffffff, 0x0)

16.265246849s ago: executing program 3 (id=644):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r1 = socket$inet6(0xa, 0x800, 0x3)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x200, 0x4)
sendmmsg$inet6(r2, &(0x7f00000027c0)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x4, @mcast2, 0x41}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000a40)="e85eb3ad7a85f8ffbfeca731d6c8b8efffe715ca63a772ab76e7cffafb9d389706d2e3591336e025548a9a6dacd710c38203386303f61999708e2e086f02a597d35cb89496800f640fdc0d640b093b6048a305e8b1fe97a29fd305a32a525559ddd5ee389d8bc85b5c014a923f2633e07c9b1306f90aca263b0cbb80cd28e0d43c5e853eafd3471233aa29ffcbf71f5d41e6ac5cd9dd73d7d5a33ff36301367732b1d6d5c7bd74aa59bcbbeace3a5d25c319b37e9b5a1a2f49f5332b818ac6d3c9458fdbe1ac55b4c0560f22e891801c3c7ea9af178d90346e6bf66b6826d57dc05dcf8972c73b85085ebabef39bd87aed18f4de2d0caba6eb22132ee4e6c99097f54ca9742a3ae9bb80ab191d594d82418fadfa0cb593c22a452949e76978b77f7cd812009d64eaeeeb27224b6df92fbfeae6c94fb1c633246609466ac4d8fb1d890081d260b4c7acaf1b8a6f938205c462f4562e73d73546a47e3384abbd05de604e7d50d8053fb15a4ad2cc2d5a96c62fe5f4398362e4b098b6fd3b7fb03144c7a258b344de3fdb78ecb4237e53ae95ca31598a8102bd5990575fa6aff26ad340d7bbf1644ba6f1168d1d9a50aee8a9494c733f2c55dda98db0f23eff7df41a3354c3310c421703c0dad93182e4d10cf579215232e07cca2fa220d4a0751d2ededfd4924845baa5539fd6e666f3df3426afed1cd1c7c12bcf39eed1b848beee", 0x201}], 0x1}}], 0x1, 0x800)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @empty, 0x8}, 0x1c)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x5, 0x4)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x400, 0x0)

15.808234987s ago: executing program 2 (id=645):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000c40), r0)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d80)={0x24, r1, 0x1, 0x70bd2b, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x53}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20000800)
setresgid(0xee00, 0xee01, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000001100)={{}, {0x1, 0x6}, [], {0x4, 0x5}, [{0x8, 0x3}], {0x10, 0x3}, {0x20, 0x7}}, 0x2c, 0x1)
setreuid(0xffffffffffffffff, 0xee01)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000300)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)={0x118, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x101, 0x26}}}}, [@NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0x6, 0x1}, {0x5, 0x2}, {0x7a, 0x4}, {0x2}, {0x7, 0x3}, {0xcb, 0x5}, {0xf, 0x1}, {0x3, 0x6}, {0x4, 0x4}, {0x81, 0x7}, {0x3, 0x5}], "b80ad6e12e0a4318"}}, @NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0x8}, {0xe, 0x5}, {0x3, 0x3}, {0x1, 0x5}, {0xe5, 0x2}, {0x7}, {0x7, 0x5}, {0x59, 0x7}, {0x4, 0x7}, {0xc, 0x4}, {0x10, 0x1}], "a72b029b1626c05f"}}, @NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "7cb5df931f3b0094"}}, @NL80211_ATTR_QOS_MAP={0x30, 0xc7, {[{0x5, 0x2}, {0x5, 0x6}, {0x6, 0x3}, {0x6b, 0x1}, {0x2, 0x5}, {0x9d, 0x1}, {0x0, 0x3}, {0x4, 0x5}, {0x38, 0x5}, {0x4e, 0x3}, {0xf9, 0x6}, {0x8, 0x7}, {0x4, 0x6}, {0x4, 0x5}, {0x9, 0x5}, {0x49, 0x7}, {0x9, 0x7}, {0x9, 0x1}], "112f69b1040d9b89"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0x3, 0x3}, {0xfa, 0x6}, {0xff, 0x7}, {0x6, 0x7}, {0x2, 0x7}, {0x1}, {0x80, 0x1}, {0x60, 0x7}, {0xfa, 0x5}, {0x3, 0x2}, {0x9, 0x1}, {0x5, 0x2}, {0x0, 0x6}, {0xe6}, {0x5, 0x5}, {0x7, 0x6}, {0x5, 0x1}, {0x0, 0x2}, {0x9, 0x7}], "b043bc9d25f0d38e"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x3}, {0x7, 0x3}, {0x8, 0x3}, {0x8}, {0x1, 0x7}, {0x6, 0x2}, {0x3, 0x4}, {0x8}, {0xb}, {0xf7, 0x6}], "6bcb43daf33f639f"}}, @NL80211_ATTR_QOS_MAP={0x1e, 0xc7, {[{0x9, 0x6}, {}, {0xdf, 0x4}, {0x7, 0x5}, {0x9}, {0x0, 0x2}, {0x3, 0x6}, {0x6b, 0x5}, {0x6, 0x4}], "2d53bc73bf83b21b"}}]}, 0x118}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r5, 0x2, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x276}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000080)
r6 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)

15.780400328s ago: executing program 2 (id=646):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
getsockopt$ax25_int(r0, 0x101, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
fcntl$addseals(r1, 0x409, 0x9)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x8)
r3 = socket$caif_seqpacket(0x25, 0x5, 0x4)
ioctl$sock_ifreq(r3, 0x892c, &(0x7f0000000080)={'tunl0\x00', @ifru_hwaddr=@random="252212ef3adb"})
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\"'], 0xc4}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
syz_open_dev$vim2m(&(0x7f0000000000), 0xffffffffffffffff, 0x2)

15.747156673s ago: executing program 2 (id=647):
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0x10005, 0x4)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(0x0, 0x0, 0x0, 0x400, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="66643d8039ae128702a330cd2bcfafe6e91e79f6701c1e5048e2275de0a80f275e1b193713aa9a31e839a4be8ce298ac6cc2f9b75c9dbfab3d32434d91f94520da21421a9365a08d5a11f59e9eb1b2e570f5bcd07a072f959dfb7a7215745b25d56c5c88a6964461f3afa113226f053d3edf90fc2dac86175ba3829355b66f2b6005e416a351f1bbfe1d26abaa69b042b61f93d350ead406c26919f72fcfbf3a587d98da496aad27398feec6a38b49f0f5b087cc8eb5d63c54b8e7bb487d6abd7f55f293efdb7056fa270ce6ffe68d88afe497b01146063c04b8e22c4d85298cba36d2840f97970a56279d7300ed9f4ac4a7ec2adf5e0f435a56ea27610170f75c122a5d7a13a7", @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000002280)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x110002, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x5}, [], {0x4, 0x6}, [], {0x10, 0x4}, {0x20, 0x3}}, 0x24, 0x0)
recvmmsg(r0, &(0x7f0000000180), 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1048c, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x29)
syz_open_procfs(0x0, &(0x7f0000000180)='task\x00')
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
removexattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)=@known='system.posix_acl_access\x00')
setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000040)=0x9, 0x4)
syz_open_dev$vim2m(&(0x7f0000000100), 0x8, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
rmdir(&(0x7f0000000100)='./file0\x00')

15.520321262s ago: executing program 2 (id=648):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00007c7000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r3, 0x4010645e, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0xe0083, 0x0) (async)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0xe0083, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201) (async)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r5, 0x5201)
close(r5) (async)
close(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x12, r2, 0x99b33000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil})

15.21647948s ago: executing program 0 (id=649):
r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r0, 0x5452, &(0x7f0000001840)=0x5d4)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r1, 0x5608)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {<r2=>r1}}, './file0\x00'})
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x541c, &(0x7f0000000040))

15.115162135s ago: executing program 0 (id=650):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x36, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

1.084216659s ago: executing program 33 (id=640):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYRES16=r2], 0x18}, 0x1, 0x0, 0x0, 0x240000d5}, 0x4000)
recvmmsg(r9, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}], 0x2, 0x22, 0x0)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000380)={0x30, r10, 0x9, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYRESOCT=r3, @ANYRES32=r3], 0xfd45}}, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_TIMEOUT(r11, 0x11, 0x48a, &(0x7f0000000040)={0x5, 0x1, 0x40}, 0xc)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="400403450101e0"], 0x7)

1.039418379s ago: executing program 34 (id=644):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r1 = socket$inet6(0xa, 0x800, 0x3)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x200, 0x4)
sendmmsg$inet6(r2, &(0x7f00000027c0)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x4, @mcast2, 0x41}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000a40)="e85eb3ad7a85f8ffbfeca731d6c8b8efffe715ca63a772ab76e7cffafb9d389706d2e3591336e025548a9a6dacd710c38203386303f61999708e2e086f02a597d35cb89496800f640fdc0d640b093b6048a305e8b1fe97a29fd305a32a525559ddd5ee389d8bc85b5c014a923f2633e07c9b1306f90aca263b0cbb80cd28e0d43c5e853eafd3471233aa29ffcbf71f5d41e6ac5cd9dd73d7d5a33ff36301367732b1d6d5c7bd74aa59bcbbeace3a5d25c319b37e9b5a1a2f49f5332b818ac6d3c9458fdbe1ac55b4c0560f22e891801c3c7ea9af178d90346e6bf66b6826d57dc05dcf8972c73b85085ebabef39bd87aed18f4de2d0caba6eb22132ee4e6c99097f54ca9742a3ae9bb80ab191d594d82418fadfa0cb593c22a452949e76978b77f7cd812009d64eaeeeb27224b6df92fbfeae6c94fb1c633246609466ac4d8fb1d890081d260b4c7acaf1b8a6f938205c462f4562e73d73546a47e3384abbd05de604e7d50d8053fb15a4ad2cc2d5a96c62fe5f4398362e4b098b6fd3b7fb03144c7a258b344de3fdb78ecb4237e53ae95ca31598a8102bd5990575fa6aff26ad340d7bbf1644ba6f1168d1d9a50aee8a9494c733f2c55dda98db0f23eff7df41a3354c3310c421703c0dad93182e4d10cf579215232e07cca2fa220d4a0751d2ededfd4924845baa5539fd6e666f3df3426afed1cd1c7c12bcf39eed1b848beee", 0x201}], 0x1}}], 0x1, 0x800)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0x9, @empty, 0x8}, 0x1c)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x5, 0x4)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x400, 0x0)

27.158878ms ago: executing program 35 (id=650):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x36, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

0s ago: executing program 36 (id=648):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00007c7000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r3, 0x4010645e, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0xe0083, 0x0) (async)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0xe0083, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201) (async)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r5, 0x5201)
close(r5) (async)
close(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x12, r2, 0x99b33000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil})

kernel console output (not intermixed with test programs):

ialNumber: syz
[  110.174846][ T5924] r8152-cfgselector 4-1: Unknown version 0x0000
[  110.185195][ T5924] r8152-cfgselector 4-1: config 0 descriptor??
[  110.285281][ T2154] usb 3-1: Using ep0 maxpacket: 32
[  110.293571][ T2154] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  110.306542][ T2154] usb 3-1: config 0 has no interface number 0
[  110.312693][ T2154] usb 3-1: config 0 interface 184 has no altsetting 0
[  110.325825][ T2154] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  110.341029][ T2154] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  110.349816][ T2154] usb 3-1: Product: syz
[  110.354116][ T2154] usb 3-1: Manufacturer: syz
[  110.362541][ T2154] usb 3-1: SerialNumber: syz
[  110.375735][ T2154] usb 3-1: config 0 descriptor??
[  110.399445][ T2154] smsc75xx v1.0.0
[  110.400721][ T6591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.411944][ T6591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.652702][ T5873] r8152-cfgselector 4-1: USB disconnect, device number 14
[  110.803736][ T6609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'.
[  110.973871][ T6613] netlink: 'syz.0.214': attribute type 4 has an invalid length.
[  110.985947][ T6613] netlink: 116 bytes leftover after parsing attributes in process `syz.0.214'.
[  110.995196][ T6613] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  110.996699][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  111.054661][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  111.304494][ T6620] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  111.480392][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  111.503837][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  111.524409][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  111.537710][ T2154] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  111.547789][ T2154] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -32
[  111.556133][ T5924] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  111.729183][ T5924] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  111.734434][ T5873] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  111.741107][ T5924] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.760019][ T5924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  111.769377][ T5924] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.786731][ T5924] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  111.798990][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  111.807292][ T5924] usb 1-1: Product: syz
[  111.811588][ T5924] usb 1-1: Manufacturer: syz
[  111.835522][ T5924] cdc_wdm 1-1:1.0: skipping garbage
[  111.842821][ T5924] cdc_wdm 1-1:1.0: skipping garbage
[  111.855765][ T5924] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  111.861788][ T5924] cdc_wdm 1-1:1.0: Unknown control protocol
[  111.918048][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  111.934004][ T5873] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  111.945470][ T5873] usb 4-1: config 0 has no interface number 0
[  111.951629][ T5873] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  111.967652][ T5873] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  111.981739][ T5873] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  111.993996][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  112.002987][ T5873] usb 4-1: Product: syz
[  112.009826][ T5873] usb 4-1: SerialNumber: syz
[  112.018795][ T5873] usb 4-1: config 0 descriptor??
[  112.030337][ T5873] cm109 4-1:0.8: invalid payload size 0, expected 4
[  112.049206][ T5873] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input8
[  112.294435][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  112.297759][ T5924] usb 4-1: USB disconnect, device number 15
[  112.301450][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  112.316688][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE
[  112.326119][ T5873] usb 1-1: USB disconnect, device number 19
[  112.369863][ T5924] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  112.908366][ T2154] usb 3-1: USB disconnect, device number 20
[  112.987437][ T6633] netlink: 104 bytes leftover after parsing attributes in process `syz.3.221'.
[  113.035642][ T6638] netlink: 'syz.2.223': attribute type 4 has an invalid length.
[  113.043514][ T6638] netlink: 116 bytes leftover after parsing attributes in process `syz.2.223'.
[  113.089666][ T6638] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  113.374350][  T924] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  113.464598][ T2154] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  113.539627][  T924] usb 4-1: Using ep0 maxpacket: 8
[  113.548130][  T924] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  113.560593][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.569370][  T924] usb 4-1: Product: syz
[  113.573547][  T924] usb 4-1: Manufacturer: syz
[  113.583180][  T924] usb 4-1: SerialNumber: syz
[  113.590804][  T924] usb 4-1: config 0 descriptor??
[  113.615106][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  113.621259][ T2154] usb 1-1: too many configurations: 47, using maximum allowed: 8
[  113.651150][ T2154] usb 1-1: unable to read config index 0 descriptor/start: -61
[  113.660069][ T2154] usb 1-1: can't read configurations, error -61
[  113.806918][ T2154] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  113.808612][  T924] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  113.975213][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  113.985111][ T2154] usb 1-1: too many configurations: 47, using maximum allowed: 8
[  113.998608][ T2154] usb 1-1: unable to read config index 0 descriptor/start: -61
[  114.006765][ T2154] usb 1-1: can't read configurations, error -61
[  114.013604][ T2154] usb usb1-port1: attempt power cycle
[  114.137171][ T5872] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  114.294195][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  114.306870][ T5872] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  114.318633][ T5872] usb 3-1: config 0 has no interface number 0
[  114.325739][ T5872] usb 3-1: config 0 interface 184 has no altsetting 0
[  114.336361][ T5872] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  114.349666][ T5872] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  114.359294][ T5872] usb 3-1: Product: syz
[  114.363490][ T5872] usb 3-1: Manufacturer: syz
[  114.364057][ T2154] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  114.372155][ T5872] usb 3-1: SerialNumber: syz
[  114.386553][ T5872] usb 3-1: config 0 descriptor??
[  114.399963][ T5872] smsc75xx v1.0.0
[  114.405352][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  114.414121][ T2154] usb 1-1: too many configurations: 47, using maximum allowed: 8
[  114.423472][ T2154] usb 1-1: unable to read config index 0 descriptor/start: -61
[  114.431277][ T2154] usb 1-1: can't read configurations, error -61
[  114.564055][ T2154] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  114.609395][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  114.624104][ T2154] usb 1-1: too many configurations: 47, using maximum allowed: 8
[  114.637069][ T2154] usb 1-1: unable to read config index 0 descriptor/start: -61
[  114.644732][ T2154] usb 1-1: can't read configurations, error -61
[  114.652740][ T2154] usb usb1-port1: unable to enumerate USB device
[  115.000742][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  115.012282][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  115.181707][  T924] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  115.205110][  T924] usb 4-1: USB disconnect, device number 16
[  115.431894][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  115.442940][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  115.457356][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  115.468622][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  115.482430][ T5872] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -32
[  116.376961][ T6674] netlink: 'syz.0.234': attribute type 4 has an invalid length.
[  116.388058][ T6674] netlink: 116 bytes leftover after parsing attributes in process `syz.0.234'.
[  116.397304][ T6674] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  116.804192][  T924] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  116.899167][ T5872] usb 3-1: USB disconnect, device number 21
[  116.968499][  T924] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  116.979490][  T924] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  116.993071][  T924] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  117.002626][  T924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.017206][  T924] usb 1-1: Product: syz
[  117.021677][  T924] usb 1-1: Manufacturer: syz
[  117.029670][  T924] usb 1-1: SerialNumber: syz
[  117.040689][  T924] usb 1-1: config 0 descriptor??
[  117.050263][ T6678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  117.058392][ T6678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  117.270651][ T6678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  117.280883][ T6686] openvswitch: netlink: Key 0 has unexpected len 20 expected 0
[  117.289140][ T6678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  117.701235][  T924] Error reading MAC address
[  118.114040][  T924] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  118.275800][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.287100][  T924] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  118.296211][  T924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.307112][  T924] usb 3-1: config 0 descriptor??
[  118.608368][ T6694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.635477][ T6694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.396025][  T924] usbhid 3-1:0.0: can't add hid device: -71
[  119.407078][  T924] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  119.429964][  T924] usb 3-1: USB disconnect, device number 22
[  119.464399][ T2154] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  119.624227][ T2154] usb 4-1: Using ep0 maxpacket: 32
[  119.649464][ T2154] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  119.657754][ T2154] usb 4-1: config 0 has no interface number 0
[  119.663874][ T2154] usb 4-1: config 0 interface 184 has no altsetting 0
[  119.673314][ T2154] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  119.682578][ T2154] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  119.692562][ T2154] usb 4-1: Product: syz
[  119.700391][ T2154] usb 4-1: Manufacturer: syz
[  119.706552][ T2154] usb 4-1: SerialNumber: syz
[  119.714719][ T2154] usb 4-1: config 0 descriptor??
[  119.725571][ T2154] smsc75xx v1.0.0
[  119.737751][  T924] usb 1-1: USB disconnect, device number 24
[  120.217621][   T30] audit: type=1800 audit(1751548440.280:4): pid=6718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.248" name="memory.events" dev="tmpfs" ino=334 res=0 errno=0
[  120.337972][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  120.352082][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  120.534159][ T5873] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  120.544752][  T924] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  120.696037][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.707257][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.717874][ T5873] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  120.731579][ T5873] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  120.743858][  T924] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  120.755884][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  120.767846][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.767984][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  120.775994][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  120.776020][  T924] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  120.776063][  T924] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  120.776083][  T924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.781173][  T924] usb 3-1: config 0 descriptor??
[  120.816743][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  120.820278][ T5873] usb 1-1: config 0 descriptor??
[  120.843979][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  120.877971][ T2154] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  120.888095][ T2154] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[  121.097101][  T924] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max
[  121.134920][  T924] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  121.174382][  T924] usb 3-1: USB disconnect, device number 23
[  121.212376][ T6724] fido_id[6724]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  121.296822][ T5873] usbhid 1-1:0.0: can't add hid device: -71
[  121.313072][ T5873] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  121.337209][ T5873] usb 1-1: USB disconnect, device number 25
[  121.920918][ T6738] ieee802154 phy0 wpan0: encryption failed: -22
[  122.006583][ T6740] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  122.016173][ T6740] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  122.233769][ T5873] usb 4-1: USB disconnect, device number 17
[  122.344337][ T5924] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  122.505888][ T5924] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  122.517615][ T5924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  122.528382][ T5924] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  122.544121][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  122.552140][ T5924] usb 1-1: SerialNumber: syz
[  122.786621][ T5924] usb 1-1: 0:2 : does not exist
[  122.815114][ T5924] usb 1-1: USB disconnect, device number 26
[  123.136303][ T6762] netlink: 'syz.3.266': attribute type 10 has an invalid length.
[  123.634108][ T5924] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  123.767078][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'.
[  123.794176][ T5924] usb 1-1: Using ep0 maxpacket: 32
[  123.808048][ T5924] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  123.828101][ T5924] usb 1-1: config 0 has no interface number 0
[  123.844588][ T5924] usb 1-1: config 0 interface 184 has no altsetting 0
[  123.868499][ T5924] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  123.878863][ T5924] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  123.891944][ T5924] usb 1-1: Product: syz
[  123.899529][ T5924] usb 1-1: Manufacturer: syz
[  123.912258][ T5924] usb 1-1: SerialNumber: syz
[  123.932424][ T5924] usb 1-1: config 0 descriptor??
[  123.953228][ T5924] smsc75xx v1.0.0
[  124.572018][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  124.601546][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  125.604115][ T2154] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  125.784564][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  125.794615][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  125.796300][ T2154] usb 4-1: not running at top speed; connect to a high speed hub
[  125.803674][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  125.814140][ T2154] usb 4-1: config index 0 descriptor too short (expected 32914, got 146)
[  125.820004][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  125.829707][ T2154] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.842937][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  125.850755][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  125.857676][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  125.870647][ T2154] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  125.879796][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  125.884646][ T2154] usb 4-1: config 1 has no interface number 1
[  125.890246][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  125.892904][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  125.915793][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  125.917731][ T2154] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  125.939005][ T5924] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  125.939140][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  125.947728][ T2154] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  125.967168][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  125.970824][ T5924] usb 1-1: USB disconnect, device number 27
[  126.002135][ T2154] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.014275][ T5855] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  126.023049][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.043119][ T2154] usb 4-1: Product: syz
[  126.052209][ T2154] usb 4-1: Manufacturer: syz
[  126.059958][ T2154] usb 4-1: SerialNumber: syz
[  126.144071][ T5855] usb 3-1: device descriptor read/64, error -71
[  126.187078][ T6784] chnl_net:caif_netlink_parms(): no params data found
[  126.273331][ T6784] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.280933][ T6784] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.283343][ T6777] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  126.288261][ T6784] bridge_slave_0: entered allmulticast mode
[  126.306284][ T6784] bridge_slave_0: entered promiscuous mode
[  126.314985][ T6784] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.322188][ T6784] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.330438][ T6784] bridge_slave_1: entered allmulticast mode
[  126.338601][ T6784] bridge_slave_1: entered promiscuous mode
[  126.384767][ T5855] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  126.399510][ T6784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.438508][ T6784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.441362][ T2154] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  126.467435][ T2154] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  126.534116][ T5855] usb 3-1: device descriptor read/64, error -71
[  126.553650][ T6784] team0: Port device team_slave_0 added
[  126.563037][ T6784] team0: Port device team_slave_1 added
[  126.571415][ T2154] usb 4-1: USB disconnect, device number 18
[  126.647647][ T5855] usb usb3-port1: attempt power cycle
[  126.669008][ T6784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.681142][ T6784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.707130][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.717645][ T6784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.730157][ T6784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.738484][ T6784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.765743][ T5873] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  126.767850][ T6784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.815558][ T6784] hsr_slave_0: entered promiscuous mode
[  126.821998][ T6784] hsr_slave_1: entered promiscuous mode
[  126.829622][ T6784] debugfs: 'hsr0' already exists in 'hsr'
[  126.835537][ T6784] Cannot create hsr debugfs directory
[  126.927991][ T5873] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  126.957235][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  126.984040][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  126.993804][ T5873] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  126.999449][ T6784] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  127.008553][ T5855] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  127.021427][ T5873] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  127.031432][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.057801][ T5855] usb 3-1: device descriptor read/8, error -71
[  127.061629][ T6784] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  127.083671][ T5873] usb 1-1: config 0 descriptor??
[  127.093295][ T6784] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  127.109765][ T6784] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  127.209693][ T6784] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.232807][ T6784] 8021q: adding VLAN 0 to HW filter on device team0
[  127.251718][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.258965][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.271481][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.278605][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.314246][ T5855] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  127.359480][ T5855] usb 3-1: device descriptor read/8, error -71
[  127.394244][ T5872] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  127.474490][ T5855] usb usb3-port1: unable to enumerate USB device
[  127.507249][ T6784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.546547][ T5872] usb 4-1: config index 0 descriptor too short (expected 44306, got 18)
[  127.555208][ T5872] usb 4-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  127.566001][ T5872] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 140
[  127.575209][ T5872] usb 4-1: config 0 has no interface number 0
[  127.581538][ T5872] usb 4-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  127.590839][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.609300][ T5872] usb 4-1: config 0 descriptor??
[  127.640577][ T5872] usb-storage 4-1:0.33: USB Mass Storage device detected
[  127.713551][ T5873] usbhid 1-1:0.0: can't add hid device: -71
[  127.738600][ T5873] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  127.763436][ T5873] usb 1-1: USB disconnect, device number 28
[  127.802934][ T6784] veth0_vlan: entered promiscuous mode
[  127.814338][ T6784] veth1_vlan: entered promiscuous mode
[  127.847192][ T6784] veth0_macvtap: entered promiscuous mode
[  127.862838][ T6784] veth1_macvtap: entered promiscuous mode
[  127.899153][ T6784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.920983][ T6784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.941282][   T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.966354][ T3513] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.988696][ T3513] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.010791][ T3513] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.024123][ T5154] Bluetooth: hci1: command tx timeout
[  128.070144][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.089263][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.123630][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.146880][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.320680][ T6820] C: renamed from team_slave_0 (while UP)
[  128.346064][ T6820] netlink: 'syz.4.270': attribute type 4 has an invalid length.
[  128.357056][ T6820] netlink: 116 bytes leftover after parsing attributes in process `syz.4.270'.
[  128.374652][ T6820] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  128.662619][ T6829] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  128.964135][ T5873] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  129.140995][ T5873] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  129.157207][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  129.168717][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  129.182616][ T5873] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  129.196282][ T5872] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  129.206569][ T5873] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  129.217267][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.228647][ T5873] usb 5-1: config 0 descriptor??
[  129.375763][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  129.385239][ T5872] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  129.393446][ T5872] usb 3-1: config 0 has no interface number 0
[  129.404175][ T5872] usb 3-1: config 0 interface 184 has no altsetting 0
[  129.413704][ T5872] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  129.423282][ T5872] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  129.441831][ T5872] usb 3-1: Product: syz
[  129.480923][ T5872] usb 3-1: Manufacturer: syz
[  129.492403][ T5872] usb 3-1: SerialNumber: syz
[  129.510852][ T5872] usb 3-1: config 0 descriptor??
[  129.523683][ T5872] smsc75xx v1.0.0
[  129.538703][ T6818] netlink: 44 bytes leftover after parsing attributes in process `syz.3.278'.
[  129.625127][ T6840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.285'.
[  129.654954][ T5873] usbhid 5-1:0.0: can't add hid device: -71
[  129.661023][ T5873] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  129.692839][ T5873] usb 5-1: USB disconnect, device number 2
[  129.737129][ T5855] usb 4-1: USB disconnect, device number 19
[  129.764765][ T6842] netlink: 'syz.0.286': attribute type 1 has an invalid length.
[  129.799949][ T6842] netlink: 'syz.0.286': attribute type 101 has an invalid length.
[  129.824107][ T6842] netlink: 808 bytes leftover after parsing attributes in process `syz.0.286'.
[  130.032870][ T6846] RDS: rds_bind could not find a transport for ::ffff:172.30.0.1, load rds_tcp or rds_rdma?
[  130.096595][ T5154] Bluetooth: hci1: command 0x041b tx timeout
[  130.129320][ T6848] netlink: 'syz.0.289': attribute type 4 has an invalid length.
[  130.138865][ T6848] netlink: 116 bytes leftover after parsing attributes in process `syz.0.289'.
[  130.148943][ T6848] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  130.154256][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  130.246009][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  130.500751][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  130.534026][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  130.543611][ T5872] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  130.575056][ T5872] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  130.666362][ T6865] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  130.736310][   T30] audit: type=1800 audit(1751548450.790:5): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.296" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  130.809103][ T6875] netlink: 'syz.0.298': attribute type 4 has an invalid length.
[  130.838082][ T6875] netlink: 116 bytes leftover after parsing attributes in process `syz.0.298'.
[  130.856904][ T6875] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  131.124106][ T5872] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  131.275998][ T5872] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  131.301362][ T5872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  131.336219][ T5872] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  131.360929][ T5872] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.398074][ T5872] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  131.410476][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  131.422709][ T5872] usb 4-1: Product: syz
[  131.427297][ T5872] usb 4-1: Manufacturer: syz
[  131.445089][ T5872] cdc_wdm 4-1:1.0: skipping garbage
[  131.450393][ T5872] cdc_wdm 4-1:1.0: skipping garbage
[  131.479137][ T5872] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  131.494315][ T5872] cdc_wdm 4-1:1.0: Unknown control protocol
[  131.532308][ T6902] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  131.601811][ T6904] netlink: 'syz.0.309': attribute type 4 has an invalid length.
[  131.609766][ T6904] netlink: 116 bytes leftover after parsing attributes in process `syz.0.309'.
[  131.618964][ T6904] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  131.872690][ T5872] usb 3-1: USB disconnect, device number 28
[  131.934767][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -EPIPE
[  131.989661][ T5873] usb 4-1: USB disconnect, device number 20
[  132.056601][ T6920] FAULT_INJECTION: forcing a failure.
[  132.056601][ T6920] name failslab, interval 1, probability 0, space 0, times 0
[  132.070367][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: syz.2.314 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  132.070390][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  132.070400][ T6920] Call Trace:
[  132.070407][ T6920]  <TASK>
[  132.070415][ T6920]  dump_stack_lvl+0x189/0x250
[  132.070446][ T6920]  ? __pfx____ratelimit+0x10/0x10
[  132.070468][ T6920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.070486][ T6920]  ? __pfx__printk+0x10/0x10
[  132.070510][ T6920]  ? __pfx___might_resched+0x10/0x10
[  132.070526][ T6920]  ? fs_reclaim_acquire+0x7d/0x100
[  132.070552][ T6920]  should_fail_ex+0x414/0x560
[  132.070582][ T6920]  should_failslab+0xa8/0x100
[  132.070604][ T6920]  __kmalloc_noprof+0xcb/0x4f0
[  132.070620][ T6920]  ? kfree+0x4d/0x440
[  132.070634][ T6920]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  132.070658][ T6920]  tomoyo_realpath_from_path+0xe3/0x5d0
[  132.070678][ T6920]  ? tomoyo_domain+0xd9/0x130
[  132.070704][ T6920]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  132.070727][ T6920]  tomoyo_path_number_perm+0x1e8/0x5a0
[  132.070755][ T6920]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  132.070803][ T6920]  ? __lock_acquire+0xab9/0xd20
[  132.070847][ T6920]  ? __fget_files+0x2a/0x420
[  132.070872][ T6920]  ? __fget_files+0x2a/0x420
[  132.070892][ T6920]  ? __fget_files+0x3a0/0x420
[  132.070911][ T6920]  ? __fget_files+0x2a/0x420
[  132.070936][ T6920]  security_file_ioctl+0xcb/0x2d0
[  132.070962][ T6920]  __se_sys_ioctl+0x47/0x170
[  132.070983][ T6920]  do_syscall_64+0xfa/0x3b0
[  132.071004][ T6920]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.071023][ T6920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.071039][ T6920]  ? clear_bhb_loop+0x60/0xb0
[  132.071059][ T6920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.071074][ T6920] RIP: 0033:0x7f715a78e929
[  132.071094][ T6920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.071107][ T6920] RSP: 002b:00007f715b562038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  132.071131][ T6920] RAX: ffffffffffffffda RBX: 00007f715a9b5fa0 RCX: 00007f715a78e929
[  132.071143][ T6920] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  132.071153][ T6920] RBP: 00007f715b562090 R08: 0000000000000000 R09: 0000000000000000
[  132.071163][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.071172][ T6920] R13: 0000000000000000 R14: 00007f715a9b5fa0 R15: 00007ffeefd3e418
[  132.071200][ T6920]  </TASK>
[  132.071208][ T6920] ERROR: Out of memory at tomoyo_realpath_from_path.
[  132.174806][   T51] Bluetooth: hci1: command 0x041b tx timeout
[  132.545762][ T6934] /dev/rnullb0: Can't open blockdev
[  132.632445][ T6937] netlink: 'syz.4.319': attribute type 4 has an invalid length.
[  132.641467][ T6937] netlink: 116 bytes leftover after parsing attributes in process `syz.4.319'.
[  132.654293][ T6937] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  132.741922][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  132.748351][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.034052][ T5873] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  133.170895][ T6957] warning: `syz.3.326' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  133.193562][ T6957] Mount JFS Failure: -22
[  133.207193][ T5873] usb 5-1: Using ep0 maxpacket: 32
[  133.220503][ T5873] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  133.242759][ T5873] usb 5-1: config 0 has no interface number 0
[  133.260021][ T5873] usb 5-1: config 0 interface 184 has no altsetting 0
[  133.277454][ T5873] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  133.288563][ T5873] usb 5-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  133.305767][ T5873] usb 5-1: Product: syz
[  133.310359][ T5873] usb 5-1: Manufacturer: syz
[  133.317606][ T5873] usb 5-1: SerialNumber: syz
[  133.326557][ T5873] usb 5-1: config 0 descriptor??
[  133.332281][   T30] audit: type=1326 audit(1751548453.390:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.3.328" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4957b8e929 code=0x0
[  133.358656][ T5873] smsc75xx v1.0.0
[  133.524473][ T5893] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  133.701239][ T5893] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  133.710025][ T5893] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.723057][ T5893] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  133.732417][ T5893] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.761149][ T5893] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  133.772105][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  133.786909][ T5893] usb 1-1: Product: syz
[  133.791484][ T5893] usb 1-1: Manufacturer: syz
[  133.800500][ T6966] No source specified
[  133.811029][ T5893] cdc_wdm 1-1:1.0: skipping garbage
[  133.821117][ T5893] cdc_wdm 1-1:1.0: skipping garbage
[  133.828987][ T5893] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  133.836576][ T5893] cdc_wdm 1-1:1.0: Unknown control protocol
[  133.882842][ T6968] netlink: 'syz.2.331': attribute type 4 has an invalid length.
[  133.891011][ T6968] netlink: 116 bytes leftover after parsing attributes in process `syz.2.331'.
[  133.900849][ T6968] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  133.972772][ T5873] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  133.993065][ T5873] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  134.017555][ T5872] usb 1-1: USB disconnect, device number 29
[  134.198866][   T30] audit: type=1800 audit(1751548454.260:7): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.334" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  134.220081][ T5873] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  134.232128][ T5873] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  134.252966][ T5873] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  134.273219][ T5873] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[  134.414694][   T51] Bluetooth: hci1: command 0x041b tx timeout
[  134.603130][ T6992] netlink: 'syz.0.340': attribute type 4 has an invalid length.
[  134.611172][ T6992] netlink: 116 bytes leftover after parsing attributes in process `syz.0.340'.
[  134.620228][ T6992] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  134.714037][ T5873] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  134.887567][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  134.896519][ T5873] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30
[  134.907519][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.918218][ T5873] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  134.931321][ T5873] usb 3-1: New USB device found, idVendor=1e71, idProduct=2006, bcdDevice= 0.00
[  134.940798][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.951287][ T5873] usb 3-1: config 0 descriptor??
[  134.984112][ T2154] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  135.061954][ T7004] netlink: 14 bytes leftover after parsing attributes in process `syz.0.345'.
[  135.098187][ T7004] hsr_slave_1 (unregistering): left promiscuous mode
[  135.134091][ T2154] usb 4-1: Using ep0 maxpacket: 16
[  135.140865][ T2154] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  135.150509][ T2154] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.164349][ T2154] usb 4-1: config 0 has no interface number 0
[  135.175781][ T2154] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  135.184908][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.192897][ T2154] usb 4-1: Product: syz
[  135.197126][ T2154] usb 4-1: Manufacturer: syz
[  135.201748][ T2154] usb 4-1: SerialNumber: syz
[  135.209493][ T2154] usb 4-1: config 0 descriptor??
[  135.238466][ T2154] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  135.277325][ T2154] snd-usb-audio 4-1:0.1: probe with driver snd-usb-audio failed with error -2
[  135.282235][ T7008] FAULT_INJECTION: forcing a failure.
[  135.282235][ T7008] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  135.302348][ T7008] CPU: 0 UID: 0 PID: 7008 Comm: syz.0.346 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  135.302371][ T7008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.302381][ T7008] Call Trace:
[  135.302388][ T7008]  <TASK>
[  135.302395][ T7008]  dump_stack_lvl+0x189/0x250
[  135.302419][ T7008]  ? __pfx____ratelimit+0x10/0x10
[  135.302441][ T7008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.302462][ T7008]  ? __pfx__printk+0x10/0x10
[  135.302481][ T7008]  ? __might_fault+0xb0/0x130
[  135.302510][ T7008]  should_fail_ex+0x414/0x560
[  135.302541][ T7008]  _copy_from_iter+0x1db/0x16f0
[  135.302564][ T7008]  ? __lock_acquire+0xab9/0xd20
[  135.302595][ T7008]  ? __pfx__copy_from_iter+0x10/0x10
[  135.302622][ T7008]  ? __lock_acquire+0xab9/0xd20
[  135.302652][ T7008]  tun_get_user+0x20f/0x3ce0
[  135.302680][ T7008]  ? aa_file_perm+0x13e/0x11b0
[  135.302700][ T7008]  ? aa_file_perm+0x13e/0x11b0
[  135.302720][ T7008]  ? aa_file_perm+0x3ed/0x11b0
[  135.302741][ T7008]  ? __pfx_tun_get_user+0x10/0x10
[  135.302766][ T7008]  ? __lock_acquire+0xab9/0xd20
[  135.302794][ T7008]  ? ref_tracker_alloc+0x318/0x460
[  135.302809][ T7008]  ? __lock_acquire+0xab9/0xd20
[  135.302833][ T7008]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  135.302861][ T7008]  ? tun_get+0x1c/0x2f0
[  135.302883][ T7008]  ? tun_get+0x1c/0x2f0
[  135.302899][ T7008]  ? tun_get+0x1c/0x2f0
[  135.302920][ T7008]  tun_chr_write_iter+0x113/0x200
[  135.302940][ T7008]  vfs_write+0x54b/0xa90
[  135.302964][ T7008]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  135.302982][ T7008]  ? __pfx_vfs_write+0x10/0x10
[  135.303011][ T7008]  ? __fget_files+0x2a/0x420
[  135.303042][ T7008]  ksys_write+0x145/0x250
[  135.303064][ T7008]  ? __pfx_ksys_write+0x10/0x10
[  135.303080][ T7008]  ? rcu_is_watching+0x15/0xb0
[  135.303101][ T7008]  ? do_syscall_64+0xbe/0x3b0
[  135.303123][ T7008]  do_syscall_64+0xfa/0x3b0
[  135.303142][ T7008]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.303160][ T7008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.303174][ T7008]  ? clear_bhb_loop+0x60/0xb0
[  135.303194][ T7008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.303208][ T7008] RIP: 0033:0x7ffb2378e929
[  135.303222][ T7008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.303236][ T7008] RSP: 002b:00007ffb24649038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  135.303253][ T7008] RAX: ffffffffffffffda RBX: 00007ffb239b5fa0 RCX: 00007ffb2378e929
[  135.303265][ T7008] RDX: 000000000000006e RSI: 0000200000000240 RDI: 0000000000000004
[  135.303275][ T7008] RBP: 00007ffb24649090 R08: 0000000000000000 R09: 0000000000000000
[  135.303284][ T7008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.303293][ T7008] R13: 0000000000000000 R14: 00007ffb239b5fa0 R15: 00007fffd1cc1b68
[  135.303319][ T7008]  </TASK>
[  135.317355][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  135.373625][ T5873] nzxt-smart2 0003:1E71:2006.0005: item fetching failed at offset 10/11
[  135.611839][ T5873] nzxt-smart2 0003:1E71:2006.0005: probe with driver nzxt-smart2 failed with error -22
[  135.666567][ T5873] usb 3-1: USB disconnect, device number 29
[  135.827989][ T5893] usb 5-1: USB disconnect, device number 3
[  135.833257][ T7016] bridge0: port 3(hsr_slave_0) entered blocking state
[  135.851961][ T7016] bridge0: port 3(hsr_slave_0) entered disabled state
[  135.865434][ T7016] hsr_slave_0: entered allmulticast mode
[  135.889891][ T7016] hsr_slave_0: left allmulticast mode
[  135.899919][ T7018] netlink: 'syz.4.349': attribute type 4 has an invalid length.
[  135.907833][ T7018] netlink: 116 bytes leftover after parsing attributes in process `syz.4.349'.
[  135.917680][ T7018] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  135.933483][ T7016] tipc: New replicast peer: 255.255.255.255
[  135.942529][ T7016] tipc: Enabled bearer <udp:syz2>, priority 10
[  136.274260][ T5893] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  136.434049][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  136.446106][ T5893] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 67, using maximum allowed: 30
[  136.474034][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.486232][ T5893] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 67
[  136.504175][   T51] Bluetooth: hci1: command 0x041b tx timeout
[  136.524068][ T5893] usb 5-1: New USB device found, idVendor=17ef, idProduct=6004, bcdDevice= 0.00
[  136.533119][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.543975][ T5893] usb 5-1: config 0 descriptor??
[  136.684225][ T5873] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  136.701193][ T7042] netlink: 'syz.0.358': attribute type 4 has an invalid length.
[  136.709939][ T7042] netlink: 116 bytes leftover after parsing attributes in process `syz.0.358'.
[  136.723244][ T7042] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  136.844179][ T5873] usb 3-1: Using ep0 maxpacket: 32
[  136.857964][ T5873] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  136.873981][ T5873] usb 3-1: config 0 has no interface number 0
[  136.880134][ T5873] usb 3-1: config 0 interface 184 has no altsetting 0
[  136.897548][ T5873] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  136.910411][ T5873] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  136.928509][ T5873] usb 3-1: Product: syz
[  136.932693][ T5873] usb 3-1: Manufacturer: syz
[  136.950129][ T5873] usb 3-1: SerialNumber: syz
[  136.965307][ T5873] usb 3-1: config 0 descriptor??
[  136.971233][ T5893] hid_parser_main: 5 callbacks suppressed
[  136.971250][ T5893] wacom 0003:17EF:6004.0006: unknown main item tag 0x0
[  136.988898][ T5873] smsc75xx v1.0.0
[  136.989512][ T5893] wacom 0003:17EF:6004.0006: item fetching failed at offset 7/11
[  137.002540][ T5893] wacom 0003:17EF:6004.0006: parse failed
[  137.012552][ T5893] wacom 0003:17EF:6004.0006: probe with driver wacom failed with error -22
[  137.166075][ T7020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.190892][ T7020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.247995][  T924] usb 5-1: USB disconnect, device number 4
[  137.544011][ T5893] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  137.593506][ T5873] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  137.604881][ T5873] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  137.708423][ T5893] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  137.717926][ T5893] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  137.729126][ T5893] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  137.740356][ T5893] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  137.751360][ T5893] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  137.764680][ T5893] usb 1-1: config 0 interface 0 has no altsetting 0
[  137.787737][ T5893] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  137.796860][ T5893] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  137.811200][ T5893] usb 1-1: Product: syz
[  137.818850][ T5873] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  137.819233][ T2154] usb 4-1: USB disconnect, device number 21
[  137.836870][ T5893] usb 1-1: Manufacturer: syz
[  137.841477][ T5893] usb 1-1: SerialNumber: syz
[  137.860595][ T5873] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  137.866159][ T5893] usb 1-1: config 0 descriptor??
[  137.897959][ T5873] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  137.909911][ T7054] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  137.929760][ T5873] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  137.929970][ T5893] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  137.979793][ T5893] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  138.063623][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.366'.
[  138.087185][ T7063] netlink: 'syz.4.367': attribute type 4 has an invalid length.
[  138.098348][ T7063] netlink: 116 bytes leftover after parsing attributes in process `syz.4.367'.
[  138.108034][ T7063] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  138.139182][ T7054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.149406][ T7054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.257524][ T2154] usb 1-1: USB disconnect, device number 30
[  138.274406][ T2154] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  138.408471][ T7075] omfs: Invalid superblock (0)
[  138.534904][ T7079] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  138.546463][ T7081] NILFS (rnullb0): couldn't find nilfs on the device
[  138.586716][ T3513] Bluetooth: hci4: Frame reassembly failed (-84)
[  138.690037][ T7087] netlink: 'syz.0.376': attribute type 4 has an invalid length.
[  138.698080][ T7087] netlink: 116 bytes leftover after parsing attributes in process `syz.0.376'.
[  138.707445][ T7087] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  138.916205][ T7096] openvswitch: netlink: IP tunnel dst address not specified
[  139.044057][ T2154] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  139.204438][ T2154] usb 1-1: Using ep0 maxpacket: 8
[  139.218369][ T2154] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  139.230079][ T2154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.238362][ T2154] usb 1-1: Product: syz
[  139.242677][ T2154] usb 1-1: Manufacturer: syz
[  139.248639][ T2154] usb 1-1: SerialNumber: syz
[  139.264737][ T2154] usb 1-1: config 0 descriptor??
[  139.274413][ T2154] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  139.391562][ T7110] netlink: 'syz.3.385': attribute type 4 has an invalid length.
[  139.400769][ T7110] netlink: 116 bytes leftover after parsing attributes in process `syz.3.385'.
[  139.411025][ T7110] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  139.483182][ T5873] usb 3-1: USB disconnect, device number 30
[  139.517151][ T7112] FAT-fs (rnullb0): bogus number of reserved sectors
[  139.523869][ T7112] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  139.854105][  T924] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  139.964160][ T5873] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  140.003999][  T924] usb 4-1: Using ep0 maxpacket: 16
[  140.011255][  T924] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  140.022470][  T924] usb 4-1: config 0 has no interface number 0
[  140.028673][  T924] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  140.042856][  T924] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  140.052005][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.060049][  T924] usb 4-1: Product: syz
[  140.064300][  T924] usb 4-1: Manufacturer: syz
[  140.068917][  T924] usb 4-1: SerialNumber: syz
[  140.076002][  T924] usb 4-1: config 0 descriptor??
[  140.114020][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  140.121224][ T5873] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  140.130144][ T5873] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  140.139248][ T5873] usb 3-1: config 1 has no interface number 1
[  140.146038][ T5873] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  140.158965][ T5873] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7
[  140.172896][ T5873] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  140.182100][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.190171][ T5873] usb 3-1: Product: syz
[  140.194409][ T5873] usb 3-1: Manufacturer: syz
[  140.199023][ T5873] usb 3-1: SerialNumber: syz
[  140.285689][  T924] usbtouchscreen 4-1:0.214: Failed to read FW rev: -71
[  140.293090][  T924] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71
[  140.310878][  T924] usb 4-1: USB disconnect, device number 22
[  140.413488][ T7118] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  140.425974][ T7118] UDF-fs: Scanning with blocksize 4096 failed
[  140.437733][ T7118] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  140.444393][ T7118] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  140.455389][ T7118] vhci_hcd vhci_hcd.0: Device attached
[  140.463173][ T7118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.472365][ T7118] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.481955][ T7119] vhci_hcd: connection closed
[  140.491474][   T49] vhci_hcd: stop threads
[  140.495515][ T5873] usb 3-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  140.497671][   T49] vhci_hcd: release socket
[  140.500599][ T5873] usb 3-1: 2:1: All rates were zero
[  140.512952][   T49] vhci_hcd: disconnect device
[  140.536390][ T5873] usb 3-1: USB disconnect, device number 31
[  140.581584][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  140.654318][ T5154] Bluetooth: hci4: command 0x1003 tx timeout
[  140.658137][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  140.731525][   T30] audit: type=1326 audit(1751548460.790:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7121 comm="syz.4.390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f02d078e929 code=0x0
[  140.840716][ T7123] netlink: 'syz.4.390': attribute type 11 has an invalid length.
[  140.870958][ T7123] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.124031][ T5893] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  141.164024][   T43] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  141.274139][ T5924] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  141.285639][ T5893] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[  141.295060][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  141.295083][ T5893] usb 5-1: Product: syz
[  141.295097][ T5893] usb 5-1: SerialNumber: syz
[  141.299099][ T5893] usb 5-1: config 0 descriptor??
[  141.318141][   T43] usb 4-1: Using ep0 maxpacket: 16
[  141.324365][ T2154] gspca_sonixj: reg_w1 err -71
[  141.331268][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.341691][ T2154] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  141.358505][   T43] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  141.369048][ T2154] usb 1-1: USB disconnect, device number 31
[  141.377450][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.388128][   T43] usb 4-1: Product: syz
[  141.392321][   T43] usb 4-1: Manufacturer: syz
[  141.396996][   T43] usb 4-1: SerialNumber: syz
[  141.405053][   T43] usb 4-1: config 0 descriptor??
[  141.413830][   T43] dm9601 4-1:0.0: probe with driver dm9601 failed with error -22
[  141.422613][   T43] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22
[  141.433195][ T5924] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  141.443143][ T5924] usb 3-1: config 0 has no interface number 0
[  141.450199][ T5924] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  141.460340][ T5924] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  141.473522][ T5924] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  141.482645][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.490781][ T5924] usb 3-1: Product: syz
[  141.495108][ T5924] usb 3-1: Manufacturer: syz
[  141.499734][ T5924] usb 3-1: SerialNumber: syz
[  141.507378][ T5924] usb 3-1: config 0 descriptor??
[  141.513042][ T7130] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  141.522887][ T5924] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  141.535571][ T5924] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  141.553019][ T7123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.562460][ T7123] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.578005][ T5893] usb 5-1: USB disconnect, device number 5
[  141.637844][ T5873] usb 4-1: USB disconnect, device number 23
[  141.750319][ T5924] usb 3-1: USB disconnect, device number 32
[  141.766749][ T5924] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  141.778342][ T5924] cyberjack 3-1:0.69: device disconnected
[  141.890455][ T7133] netlink: 'syz.0.394': attribute type 4 has an invalid length.
[  141.899185][ T7133] netlink: 116 bytes leftover after parsing attributes in process `syz.0.394'.
[  141.911876][ T7133] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  142.251050][ T7147] sctp: [Deprecated]: syz.3.399 (pid 7147) Use of struct sctp_assoc_value in delayed_ack socket option.
[  142.251050][ T7147] Use struct sctp_sack_info instead
[  142.624082][ T5893] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  142.663989][ T5855] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  142.775858][ T5893] usb 3-1: config index 0 descriptor too short (expected 44306, got 18)
[  142.784365][ T5893] usb 3-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  142.793126][ T5893] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 140
[  142.802236][ T5893] usb 3-1: config 0 has no interface number 0
[  142.808442][ T5893] usb 3-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  142.818777][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.819282][ T5855] usb 4-1: config 0 has an invalid interface number: 45 but max is 0
[  142.836468][ T5855] usb 4-1: config 0 has no interface number 0
[  142.839267][ T5893] usb 3-1: config 0 descriptor??
[  142.842603][ T5855] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  142.856845][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.868005][ T5855] usb 4-1: config 0 descriptor??
[  142.876107][ T5855] cp210x 4-1:0.45: cp210x converter detected
[  142.890721][ T5893] usb-storage 3-1:0.33: USB Mass Storage device detected
[  143.297395][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.317309][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.338014][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.352194][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.406428][ T5855] cp210x 4-1:0.45: failed to get vendor val 0x000e size 3: -71
[  143.430283][ T5855] usb 4-1: cp210x converter now attached to ttyUSB0
[  143.443119][ T5855] usb 4-1: USB disconnect, device number 24
[  143.464924][ T5855] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  143.478470][ T5855] cp210x 4-1:0.45: device disconnected
[  143.585344][  T924] usb 3-1: USB disconnect, device number 33
[  143.710281][ T7159] netlink: 'syz.2.403': attribute type 4 has an invalid length.
[  143.718235][ T7159] netlink: 116 bytes leftover after parsing attributes in process `syz.2.403'.
[  143.727770][ T7159] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  143.924676][ T7168] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  143.938627][ T7168] netlink: 'syz.4.406': attribute type 29 has an invalid length.
[  143.949154][ T7168] netlink: 4 bytes leftover after parsing attributes in process `syz.4.406'.
[  144.007473][ T7170] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  144.201025][ T7184] program syz.2.411 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  144.329126][ T7189] netlink: 'syz.4.414': attribute type 4 has an invalid length.
[  144.337164][ T7189] netlink: 116 bytes leftover after parsing attributes in process `syz.4.414'.
[  144.348737][ T7189] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  144.908517][ T7218] FAULT_INJECTION: forcing a failure.
[  144.908517][ T7218] name failslab, interval 1, probability 0, space 0, times 0
[  144.925947][ T7218] CPU: 0 UID: 0 PID: 7218 Comm: syz.3.422 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  144.925971][ T7218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.925979][ T7218] Call Trace:
[  144.925985][ T7218]  <TASK>
[  144.925989][ T7218]  dump_stack_lvl+0x189/0x250
[  144.926006][ T7218]  ? __pfx____ratelimit+0x10/0x10
[  144.926019][ T7218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.926029][ T7218]  ? __pfx__printk+0x10/0x10
[  144.926043][ T7218]  ? ref_tracker_alloc+0x318/0x460
[  144.926056][ T7218]  should_fail_ex+0x414/0x560
[  144.926073][ T7218]  should_failslab+0xa8/0x100
[  144.926087][ T7218]  kmem_cache_alloc_noprof+0x73/0x3c0
[  144.926097][ T7218]  ? skb_clone+0x212/0x3a0
[  144.926116][ T7218]  skb_clone+0x212/0x3a0
[  144.926128][ T7218]  __netlink_deliver_tap+0x404/0x850
[  144.926148][ T7218]  ? netlink_deliver_tap+0x2e/0x1b0
[  144.926162][ T7218]  netlink_deliver_tap+0x19c/0x1b0
[  144.926175][ T7218]  netlink_unicast+0x72f/0x8d0
[  144.926193][ T7218]  netlink_sendmsg+0x805/0xb30
[  144.926211][ T7218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.926226][ T7218]  ? aa_sock_msg_perm+0xf1/0x1d0
[  144.926237][ T7218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  144.926251][ T7218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.926264][ T7218]  __sock_sendmsg+0x219/0x270
[  144.926278][ T7218]  ____sys_sendmsg+0x505/0x830
[  144.926290][ T7218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  144.926304][ T7218]  ? import_iovec+0x74/0xa0
[  144.926315][ T7218]  ___sys_sendmsg+0x21f/0x2a0
[  144.926325][ T7218]  ? __pfx____sys_sendmsg+0x10/0x10
[  144.926353][ T7218]  ? __fget_files+0x2a/0x420
[  144.926367][ T7218]  ? __fget_files+0x3a0/0x420
[  144.926385][ T7218]  __x64_sys_sendmsg+0x19b/0x260
[  144.926396][ T7218]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  144.926410][ T7218]  ? __pfx_ksys_write+0x10/0x10
[  144.926420][ T7218]  ? rcu_is_watching+0x15/0xb0
[  144.926432][ T7218]  ? do_syscall_64+0xbe/0x3b0
[  144.926447][ T7218]  do_syscall_64+0xfa/0x3b0
[  144.926459][ T7218]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.926470][ T7218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.926479][ T7218]  ? clear_bhb_loop+0x60/0xb0
[  144.926491][ T7218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.926499][ T7218] RIP: 0033:0x7f4957b8e929
[  144.926508][ T7218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.926516][ T7218] RSP: 002b:00007f49559f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  144.926526][ T7218] RAX: ffffffffffffffda RBX: 00007f4957db5fa0 RCX: 00007f4957b8e929
[  144.926533][ T7218] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  144.926539][ T7218] RBP: 00007f49559f6090 R08: 0000000000000000 R09: 0000000000000000
[  144.926545][ T7218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.926550][ T7218] R13: 0000000000000000 R14: 00007f4957db5fa0 R15: 00007fffa1728da8
[  144.926565][ T7218]  </TASK>
[  145.331697][ T7222] netlink: 'syz.3.425': attribute type 4 has an invalid length.
[  145.339582][ T7222] netlink: 116 bytes leftover after parsing attributes in process `syz.3.425'.
[  145.349134][ T7222] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  145.569274][ T7233] mmap: syz.3.427 (7233) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  145.746648][ T7240] netlink: 92 bytes leftover after parsing attributes in process `syz.2.431'.
[  145.788655][ T7240] /dev/rnullb0: Can't open blockdev
[  145.865485][ T7246] /dev/rnullb0: Can't open blockdev
[  145.908027][ T7248] netlink: 'syz.4.435': attribute type 4 has an invalid length.
[  145.916350][ T7248] netlink: 116 bytes leftover after parsing attributes in process `syz.4.435'.
[  145.926564][ T7248] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  146.014077][  T924] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  146.165989][  T924] usb 4-1: Using ep0 maxpacket: 16
[  146.179689][  T924] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  146.188349][  T924] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  146.197053][  T924] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  146.205808][  T924] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  146.214406][  T924] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  146.223378][  T924] usb 4-1: config 0 has no interface number 0
[  146.230493][  T924] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  146.252002][  T924] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  146.278272][  T924] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid maxpacket 65517, setting to 64
[  146.323990][  T924] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  146.373318][  T924] usb 4-1: config 0 interface 125 has no altsetting 0
[  146.403982][  T924] usb 4-1: config 0 interface 125 has no altsetting 2
[  146.458707][  T924] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  146.470025][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.513164][  T924] usb 4-1: Product: syz
[  146.517551][  T924] usb 4-1: Manufacturer: syz
[  146.522220][  T924] usb 4-1: SerialNumber: syz
[  146.529789][  T924] usb 4-1: config 0 descriptor??
[  146.545077][  T924] usb 4-1: selecting invalid altsetting 2
[  146.750921][    C0] usb 4-1: async_complete: urb error -71
[  146.756771][    C0] usb 4-1: async_complete: urb error -71
[  146.762530][    C0] usb 4-1: async_complete: urb error -71
[  146.768282][    C0] usb 4-1: async_complete: urb error -71
[  146.779201][  T924] get_1284_register: usb error -71
[  146.786088][  T924] uss720 4-1:0.125: probe with driver uss720 failed with error -71
[  146.799525][  T924] usb 4-1: USB disconnect, device number 25
[  147.003970][ T7269] process 'syz.4.442' launched './file2' with NULL argv: empty string added
[  147.433555][ T7274] netlink: 'syz.2.444': attribute type 4 has an invalid length.
[  147.444400][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  147.452521][ T7274] netlink: 116 bytes leftover after parsing attributes in process `syz.2.444'.
[  147.493396][ T7274] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  147.584230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  147.845825][  T924] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  147.944063][ T5855] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  148.004011][  T924] usb 4-1: Using ep0 maxpacket: 16
[  148.010811][  T924] usb 4-1: config 0 has no interfaces?
[  148.018652][  T924] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  148.028207][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.036266][  T924] usb 4-1: Product: syz
[  148.040431][  T924] usb 4-1: Manufacturer: syz
[  148.045059][  T924] usb 4-1: SerialNumber: syz
[  148.052085][  T924] usb 4-1: config 0 descriptor??
[  148.094343][ T5893] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  148.109001][ T5855] usb 5-1: config index 0 descriptor too short (expected 44306, got 18)
[  148.117628][ T5855] usb 5-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  148.126479][ T5855] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 140
[  148.135585][ T5855] usb 5-1: config 0 has no interface number 0
[  148.141710][ T5855] usb 5-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  148.150788][ T5855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.161383][ T5855] usb 5-1: config 0 descriptor??
[  148.173791][ T5855] usb-storage 5-1:0.33: USB Mass Storage device detected
[  148.255827][ T5893] usb 3-1: config 201 has an invalid interface number: 249 but max is 0
[  148.267902][ T5893] usb 3-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config
[  148.280011][ T5893] usb 3-1: config 201 has no interface number 0
[  148.290739][ T5893] usb 3-1: config 201 interface 249 altsetting 4 has an endpoint descriptor with address 0xF1, changing to 0x81
[  148.302872][ T5893] usb 3-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid wMaxPacketSize 0
[  148.313274][ T5893] usb 3-1: config 201 interface 249 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  148.326759][ T5893] usb 3-1: config 201 interface 249 has no altsetting 0
[  148.338043][ T5893] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  148.347528][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.356065][ T5893] usb 3-1: Product: syz
[  148.360262][ T5893] usb 3-1: Manufacturer: syz
[  148.365859][ T5893] usb 3-1: SerialNumber: syz
[  148.381500][ T5855] usb 5-1: USB disconnect, device number 6
[  148.466679][ T7277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.477205][ T7277] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.518577][  T924] usb 4-1: USB disconnect, device number 26
[  148.999460][ T5893] ath6kl: Failed to submit usb control message: -71
[  149.007127][ T5893] ath6kl: unable to send the bmi data to the device: -71
[  149.018700][ T5893] ath6kl: Unable to send get target info: -71
[  149.026985][ T5893] ath6kl: Failed to init ath6kl core: -71
[  149.050350][ T5893] ath6kl_usb 3-1:201.249: probe with driver ath6kl_usb failed with error -71
[  149.066473][ T5893] usb 3-1: USB disconnect, device number 34
[  149.345195][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  149.420315][ T7304] netlink: 'syz.4.455': attribute type 4 has an invalid length.
[  149.428238][ T7304] netlink: 116 bytes leftover after parsing attributes in process `syz.4.455'.
[  149.438852][ T7304] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  149.549746][ T7309] FAULT_INJECTION: forcing a failure.
[  149.549746][ T7309] name failslab, interval 1, probability 0, space 0, times 0
[  149.567049][ T7309] CPU: 0 UID: 0 PID: 7309 Comm: syz.4.456 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  149.567072][ T7309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.567083][ T7309] Call Trace:
[  149.567090][ T7309]  <TASK>
[  149.567098][ T7309]  dump_stack_lvl+0x189/0x250
[  149.567122][ T7309]  ? __pfx____ratelimit+0x10/0x10
[  149.567143][ T7309]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.567162][ T7309]  ? __pfx__printk+0x10/0x10
[  149.567187][ T7309]  ? __pfx___might_resched+0x10/0x10
[  149.567203][ T7309]  ? fs_reclaim_acquire+0x7d/0x100
[  149.567229][ T7309]  should_fail_ex+0x414/0x560
[  149.567259][ T7309]  should_failslab+0xa8/0x100
[  149.567281][ T7309]  __kmalloc_noprof+0xcb/0x4f0
[  149.567297][ T7309]  ? kfree+0x4d/0x440
[  149.567311][ T7309]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  149.567336][ T7309]  tomoyo_realpath_from_path+0xe3/0x5d0
[  149.567357][ T7309]  ? tomoyo_domain+0xd9/0x130
[  149.567385][ T7309]  tomoyo_path_perm+0x213/0x4b0
[  149.567409][ T7309]  ? tomoyo_path_perm+0x1e3/0x4b0
[  149.567431][ T7309]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  149.567461][ T7309]  ? __lock_acquire+0xab9/0xd20
[  149.567504][ T7309]  ? __pfx___up_read+0x10/0x10
[  149.567538][ T7309]  ? from_kgid+0x1b0/0x650
[  149.567566][ T7309]  security_inode_getattr+0x12f/0x330
[  149.567589][ T7309]  vfs_getattr+0x23/0x70
[  149.567615][ T7309]  ovl_copy_up_flags+0x85b/0x2ff0
[  149.567643][ T7309]  ? is_bpf_text_address+0x26/0x2b0
[  149.567676][ T7309]  ? unwind_get_return_address+0x4d/0x90
[  149.567706][ T7309]  ? __pfx_ovl_copy_up_flags+0x10/0x10
[  149.567731][ T7309]  ? stack_trace_save+0x9c/0xe0
[  149.567752][ T7309]  ? stack_depot_save_flags+0x40/0x900
[  149.567777][ T7309]  ? kasan_save_track+0x4f/0x80
[  149.567791][ T7309]  ? kasan_save_track+0x3e/0x80
[  149.567805][ T7309]  ? kasan_save_free_info+0x46/0x50
[  149.567825][ T7309]  ? __kasan_slab_free+0x62/0x70
[  149.567840][ T7309]  ? kfree+0x18e/0x440
[  149.567854][ T7309]  ? tomoyo_check_open_permission+0x2c2/0x3b0
[  149.567875][ T7309]  ? security_file_open+0xb1/0x270
[  149.567895][ T7309]  ? do_dentry_open+0x35e/0x1970
[  149.567916][ T7309]  ? vfs_open+0x3b/0x340
[  149.567935][ T7309]  ? path_openat+0x2ee5/0x3830
[  149.567951][ T7309]  ? do_filp_open+0x1fa/0x410
[  149.567969][ T7309]  ? do_sys_openat2+0x121/0x1c0
[  149.567982][ T7309]  ? __x64_sys_openat+0x138/0x170
[  149.567996][ T7309]  ? do_syscall_64+0xfa/0x3b0
[  149.568015][ T7309]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.568119][ T7309]  ? ovl_already_copied_up+0x181/0x310
[  149.568152][ T7309]  ovl_open+0x138/0x2f0
[  149.568169][ T7309]  ? __pfx_apparmor_file_open+0x10/0x10
[  149.568192][ T7309]  ? __pfx_ovl_open+0x10/0x10
[  149.568218][ T7309]  ? __pfx_ovl_open+0x10/0x10
[  149.568235][ T7309]  do_dentry_open+0xdf0/0x1970
[  149.568276][ T7309]  vfs_open+0x3b/0x340
[  149.568296][ T7309]  ? path_openat+0x2ecd/0x3830
[  149.568316][ T7309]  path_openat+0x2ee5/0x3830
[  149.568332][ T7309]  ? arch_stack_walk+0xfc/0x150
[  149.568386][ T7309]  ? __pfx_path_openat+0x10/0x10
[  149.568401][ T7309]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.568439][ T7309]  do_filp_open+0x1fa/0x410
[  149.568455][ T7309]  ? __lock_acquire+0xab9/0xd20
[  149.568479][ T7309]  ? __pfx_do_filp_open+0x10/0x10
[  149.568526][ T7309]  ? _raw_spin_unlock+0x28/0x50
[  149.568543][ T7309]  ? alloc_fd+0x64c/0x6c0
[  149.568576][ T7309]  do_sys_openat2+0x121/0x1c0
[  149.568595][ T7309]  ? __pfx_do_sys_openat2+0x10/0x10
[  149.568612][ T7309]  ? ksys_write+0x22a/0x250
[  149.568633][ T7309]  ? __pfx_ksys_write+0x10/0x10
[  149.568650][ T7309]  ? rcu_is_watching+0x15/0xb0
[  149.568670][ T7309]  __x64_sys_openat+0x138/0x170
[  149.568692][ T7309]  do_syscall_64+0xfa/0x3b0
[  149.568714][ T7309]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.568729][ T7309]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  149.568746][ T7309]  ? clear_bhb_loop+0x60/0xb0
[  149.568766][ T7309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.568782][ T7309] RIP: 0033:0x7f02d078e929
[  149.568796][ T7309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.568811][ T7309] RSP: 002b:00007f02d15b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  149.568828][ T7309] RAX: ffffffffffffffda RBX: 00007f02d09b5fa0 RCX: 00007f02d078e929
[  149.568840][ T7309] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c
[  149.568851][ T7309] RBP: 00007f02d15b9090 R08: 0000000000000000 R09: 0000000000000000
[  149.568862][ T7309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  149.568872][ T7309] R13: 0000000000000000 R14: 00007f02d09b5fa0 R15: 00007ffe298efa78
[  149.568901][ T7309]  </TASK>
[  149.569008][ T7309] ERROR: Out of memory at tomoyo_realpath_from_path.
[  150.198147][ T7319] netlink: 1300 bytes leftover after parsing attributes in process `syz.0.462'.
[  150.290607][ T7323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.463'.
[  150.320638][ T7323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.463'.
[  150.376034][ T7326] netlink: 'syz.3.464': attribute type 4 has an invalid length.
[  150.390103][ T7326] netlink: 116 bytes leftover after parsing attributes in process `syz.3.464'.
[  150.403644][ T7326] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  150.425612][ T7328] syz.2.465: attempt to access beyond end of device
[  150.425612][ T7328] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  150.442219][ T7328] exFAT-fs (nbd2): unable to read boot sector
[  150.452169][ T7328] exFAT-fs (nbd2): failed to read boot sector
[  150.458418][ T7328] exFAT-fs (nbd2): failed to recognize exfat type
[  150.504564][ T5893] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  150.518502][ T7334] netlink: 'syz.3.467': attribute type 29 has an invalid length.
[  150.528607][ T7334] netlink: 'syz.3.467': attribute type 29 has an invalid length.
[  150.547659][ T7335] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  150.555928][ T7335] UDF-fs: Scanning with blocksize 4096 failed
[  150.592604][ T7334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.467'.
[  150.668110][ T5893] usb 5-1: config index 0 descriptor too short (expected 44306, got 18)
[  150.676755][ T5893] usb 5-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  150.703979][ T5893] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 140
[  150.733376][ T5893] usb 5-1: config 0 has no interface number 0
[  150.753786][ T5893] usb 5-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  150.772268][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.807294][ T5893] usb 5-1: config 0 descriptor??
[  150.815804][ T5893] usb-storage 5-1:0.33: USB Mass Storage device detected
[  150.975179][ T7350] NILFS (rnullb0): couldn't find nilfs on the device
[  151.178159][ T7357] netlink: 'syz.3.475': attribute type 4 has an invalid length.
[  151.224863][ T7357] netlink: 116 bytes leftover after parsing attributes in process `syz.3.475'.
[  151.274746][ T7357] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  151.471552][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.0.476'.
[  151.480983][ T7362] bridge_slave_1: left allmulticast mode
[  151.486762][ T7362] bridge_slave_1: left promiscuous mode
[  151.493314][ T7362] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.565743][ T7362] bridge_slave_0: left allmulticast mode
[  151.571476][ T7362] bridge_slave_0: left promiscuous mode
[  151.578061][ T7362] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.054022][ T2154] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  152.100598][ T7367] openvswitch: netlink: Key type 303 is out of range max 32
[  152.142814][ T5893] usb 5-1: USB disconnect, device number 7
[  152.220151][ T2154] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.245197][ T2154] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  152.275876][ T2154] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  152.291746][ T2154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  152.301737][ T2154] usb 3-1: SerialNumber: syz
[  152.622521][ T7379] /dev/rnullb0: Can't open blockdev
[  152.627357][ T7383] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  152.628198][ T7383] /dev/rnullb0: Can't open blockdev
[  152.838110][ T7388] netlink: 'syz.3.486': attribute type 4 has an invalid length.
[  152.848078][ T7388] netlink: 116 bytes leftover after parsing attributes in process `syz.3.486'.
[  152.849842][ T2154] usb 3-1: 0:2 : does not exist
[  152.862302][ T7388] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  152.868089][ T2154] usb 3-1: unit 5: unexpected type 0x0e
[  152.902482][ T2154] usb 3-1: USB disconnect, device number 35
[  153.021577][ T7394] netlink: 12 bytes leftover after parsing attributes in process `syz.3.488'.
[  153.380888][   T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  153.524020][ T7413] netlink: 'syz.2.496': attribute type 4 has an invalid length.
[  153.524041][ T7413] netlink: 116 bytes leftover after parsing attributes in process `syz.2.496'.
[  153.524594][ T7413] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  153.534473][   T43] usb 4-1: Using ep0 maxpacket: 32
[  153.536127][   T43] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  153.536152][   T43] usb 4-1: config 0 has no interface number 0
[  153.536191][   T43] usb 4-1: config 0 interface 184 has no altsetting 0
[  153.538209][   T43] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  153.538243][   T43] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  153.538261][   T43] usb 4-1: Product: syz
[  153.538275][   T43] usb 4-1: Manufacturer: syz
[  153.538288][   T43] usb 4-1: SerialNumber: syz
[  153.541157][   T43] usb 4-1: config 0 descriptor??
[  153.557509][   T43] smsc75xx v1.0.0
[  154.074082][ T2154] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  154.154321][   T43] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  154.165831][   T43] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  154.228111][ T2154] usb 3-1: config index 0 descriptor too short (expected 44306, got 18)
[  154.244460][  T924] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  154.250204][ T2154] usb 3-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  154.271628][ T7436] netlink: 'syz.0.505': attribute type 4 has an invalid length.
[  154.275795][ T2154] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 140
[  154.279526][ T7436] netlink: 116 bytes leftover after parsing attributes in process `syz.0.505'.
[  154.290797][ T2154] usb 3-1: config 0 has no interface number 0
[  154.298004][ T7436] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  154.308821][ T2154] usb 3-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  154.333300][ T2154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.356456][ T2154] usb 3-1: config 0 descriptor??
[  154.371566][ T2154] usb-storage 3-1:0.33: USB Mass Storage device detected
[  154.384347][   T43] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  154.393615][ T7438] netlink: 'syz.0.506': attribute type 2 has an invalid length.
[  154.405243][   T43] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  154.412190][  T924] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  154.419503][   T43] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  154.428081][  T924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.443430][   T43] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  154.472775][  T924] usb 5-1: config 0 has no interface number 0
[  154.489500][  T924] usb 5-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  154.501848][  T924] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  154.519535][  T924] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  154.531807][  T924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.545869][  T924] usb 5-1: config 0 descriptor??
[  154.576717][  T924] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  154.738219][ T2154] usb 3-1: USB disconnect, device number 36
[  154.810425][  T924] usb 5-1: USB disconnect, device number 8
[  154.811434][ T3513] usb 5-1: Failed to submit usb control message: -71
[  154.834787][ T3513] usb 5-1: unable to send the bmi data to the device: -71
[  154.858766][ T3513] usb 5-1: unable to get target info from device
[  154.870651][ T3513] usb 5-1: could not get target info (-71)
[  154.890261][ T3513] usb 5-1: could not probe fw (-71)
[  156.133167][   T43] usb 4-1: USB disconnect, device number 27
[  156.191026][ T7485] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  156.218578][ T5855] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  156.388382][ T7494] /dev/rnullb0: Can't open blockdev
[  156.394709][ T5855] usb 3-1: config index 0 descriptor too short (expected 44306, got 18)
[  156.403078][ T5855] usb 3-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  156.426175][ T5855] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 140
[  156.436890][ T5855] usb 3-1: config 0 has no interface number 0
[  156.443388][ T5855] usb 3-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  156.457120][ T5855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.468825][ T5855] usb 3-1: config 0 descriptor??
[  156.502054][ T5855] usb-storage 3-1:0.33: USB Mass Storage device detected
[  156.738404][ T7506] input: syz0 as /devices/virtual/input/input11
[  156.749004][ T7487] fuse: Bad value for 'fd'
[  156.770651][   T43] usb 3-1: USB disconnect, device number 37
[  156.785644][ T7506] netlink: 60 bytes leftover after parsing attributes in process `syz.4.528'.
[  156.944222][ T5855] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  157.041234][ T7512] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  157.104807][ T5855] usb 4-1: Using ep0 maxpacket: 32
[  157.112762][ T5855] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  157.134238][ T5855] usb 4-1: config 0 has no interface number 0
[  157.140396][ T5855] usb 4-1: config 0 interface 184 has no altsetting 0
[  157.172772][ T5855] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  157.192417][ T5855] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  157.200987][ T5855] usb 4-1: Product: syz
[  157.205535][ T5855] usb 4-1: Manufacturer: syz
[  157.210132][ T5855] usb 4-1: SerialNumber: syz
[  157.224191][   T30] audit: type=1326 audit(1751548477.280:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.251921][   T30] audit: type=1326 audit(1751548477.280:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffb2378e52b code=0x7fc00000
[  157.275092][ T5855] usb 4-1: config 0 descriptor??
[  157.290893][   T30] audit: type=1326 audit(1751548477.280:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.314665][ T5855] smsc75xx v1.0.0
[  157.333432][   T30] audit: type=1326 audit(1751548477.280:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.357009][   T30] audit: type=1326 audit(1751548477.280:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.402516][   T30] audit: type=1326 audit(1751548477.280:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.434266][   T30] audit: type=1326 audit(1751548477.280:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.466599][   T30] audit: type=1326 audit(1751548477.280:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.518412][   T30] audit: type=1326 audit(1751548477.280:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.567477][   T30] audit: type=1326 audit(1751548477.280:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7486 comm="syz.0.522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2378e929 code=0x7fc00000
[  157.904666][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  157.915626][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  158.140747][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  158.183187][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  158.213977][ T5855] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  158.248949][ T5855] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  158.460757][ T7555] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  158.794141][ T2154] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  158.844108][ T5893] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  158.934140][ T2154] usb 3-1: device descriptor read/64, error -71
[  158.997703][ T5893] usb 5-1: config index 0 descriptor too short (expected 44306, got 18)
[  159.009982][ T5893] usb 5-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  159.020114][ T5893] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 140
[  159.040977][ T5893] usb 5-1: config 0 has no interface number 0
[  159.050413][ T5893] usb 5-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  159.066318][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.083524][ T5893] usb 5-1: config 0 descriptor??
[  159.102378][ T5893] usb-storage 5-1:0.33: USB Mass Storage device detected
[  159.175374][ T2154] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  159.316532][ T2154] usb 3-1: device descriptor read/64, error -71
[  159.378216][ T5924] usb 5-1: USB disconnect, device number 9
[  159.425576][ T2154] usb usb3-port1: attempt power cycle
[  159.534057][   T43] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  159.697720][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.709459][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.719688][   T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  159.733654][   T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  159.741791][ T5855] usb 4-1: USB disconnect, device number 28
[  159.743128][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.764044][ T2154] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  159.782270][   T43] usb 1-1: config 0 descriptor??
[  159.813059][ T2154] usb 3-1: device descriptor read/8, error -71
[  160.083860][ T2154] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  160.124768][ T2154] usb 3-1: device descriptor read/8, error -71
[  160.159004][ T7597] netlink: 104 bytes leftover after parsing attributes in process `syz.4.548'.
[  160.214468][   T43] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  160.234928][ T2154] usb usb3-port1: unable to enumerate USB device
[  160.458439][ T5855] usb 1-1: USB disconnect, device number 32
[  161.256532][ T5855] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  161.414000][ T5855] usb 1-1: Using ep0 maxpacket: 32
[  161.420601][ T5855] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  161.430988][ T5855] usb 1-1: config 0 has no interface number 0
[  161.437176][ T5872] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  161.447339][ T5855] usb 1-1: config 0 interface 184 has no altsetting 0
[  161.456969][ T5855] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  161.466316][ T5855] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  161.474597][ T5855] usb 1-1: Product: syz
[  161.478756][ T5855] usb 1-1: Manufacturer: syz
[  161.483469][ T5855] usb 1-1: SerialNumber: syz
[  161.490252][ T5855] usb 1-1: config 0 descriptor??
[  161.498303][ T5855] smsc75xx v1.0.0
[  161.598190][ T5872] usb 4-1: config index 0 descriptor too short (expected 44306, got 18)
[  161.608237][ T5872] usb 4-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  161.620231][ T5872] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 140
[  161.641634][ T7617] netlink: 24 bytes leftover after parsing attributes in process `syz.2.557'.
[  161.642746][ T5872] usb 4-1: config 0 has no interface number 0
[  161.652834][ T7617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.557'.
[  161.660749][ T5872] usb 4-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  161.679714][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.696933][ T5872] usb 4-1: config 0 descriptor??
[  161.722483][ T5872] usb-storage 4-1:0.33: USB Mass Storage device detected
[  162.008093][ T5872] usb 4-1: USB disconnect, device number 29
[  162.103741][ T5855] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  162.125398][ T5855] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  162.348933][ T5855] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  162.362960][ T5855] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  162.373413][ T5855] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  162.386972][ T5855] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  162.484023][ T5872] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  162.566364][ T7641] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  162.576813][ T7641] FAULT_INJECTION: forcing a failure.
[  162.576813][ T7641] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  162.591080][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.4.563 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  162.591104][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  162.591115][ T7641] Call Trace:
[  162.591122][ T7641]  <TASK>
[  162.591128][ T7641]  dump_stack_lvl+0x189/0x250
[  162.591153][ T7641]  ? __pfx____ratelimit+0x10/0x10
[  162.591176][ T7641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.591193][ T7641]  ? __pfx__printk+0x10/0x10
[  162.591214][ T7641]  ? fs_reclaim_acquire+0x7d/0x100
[  162.591246][ T7641]  should_fail_ex+0x414/0x560
[  162.591276][ T7641]  prepare_alloc_pages+0x213/0x610
[  162.591306][ T7641]  __alloc_frozen_pages_noprof+0x123/0x370
[  162.591333][ T7641]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  162.591376][ T7641]  alloc_pages_mpol+0x232/0x4a0
[  162.591402][ T7641]  alloc_pages_noprof+0xa9/0x190
[  162.591424][ T7641]  pte_alloc_one+0x21/0x170
[  162.591443][ T7641]  __pte_alloc+0x25/0x1a0
[  162.591470][ T7641]  __handle_mm_fault+0x49b3/0x5440
[  162.591505][ T7641]  ? __pfx___handle_mm_fault+0x10/0x10
[  162.591545][ T7641]  ? __pfx___might_resched+0x10/0x10
[  162.591568][ T7641]  handle_mm_fault+0x40a/0x8e0
[  162.591598][ T7641]  __get_user_pages+0x1699/0x2ce0
[  162.591612][ T7641]  ? __lock_acquire+0xab9/0xd20
[  162.591674][ T7641]  __gup_longterm_locked+0x3dc/0x1660
[  162.591712][ T7641]  ? gup_fast_fallback+0x195f/0x2010
[  162.591733][ T7641]  gup_fast_fallback+0x1e6a/0x2010
[  162.591785][ T7641]  ? __pfx_gup_fast_fallback+0x10/0x10
[  162.591811][ T7641]  ? rcu_is_watching+0x15/0xb0
[  162.591827][ T7641]  ? is_valid_gup_args+0x11f/0x200
[  162.591848][ T7641]  ? pin_user_pages_fast+0x4d/0xb0
[  162.591875][ T7641]  pfn_reader_user_pin+0xd9f/0x1180
[  162.591907][ T7641]  ? __pfx_pfn_reader_user_pin+0x10/0x10
[  162.591925][ T7641]  ? kasan_save_track+0x4f/0x80
[  162.591940][ T7641]  ? kasan_save_track+0x3e/0x80
[  162.591954][ T7641]  ? __kasan_kmalloc+0x93/0xb0
[  162.591970][ T7641]  ? __kmalloc_noprof+0x27a/0x4f0
[  162.591986][ T7641]  ? pfn_reader_first+0x2e7/0xa80
[  162.592002][ T7641]  ? iopt_map_pages+0xaa7/0xda0
[  162.592022][ T7641]  ? iopt_map_common+0x2bb/0x4f0
[  162.592041][ T7641]  ? iopt_map_user_pages+0xbc/0xd0
[  162.592060][ T7641]  ? iommufd_ioas_map+0x392/0x4c0
[  162.592079][ T7641]  pfn_reader_next+0x730/0x1f80
[  162.592137][ T7641]  ? __pfx_pfn_reader_next+0x10/0x10
[  162.592161][ T7641]  ? rcu_is_watching+0x15/0xb0
[  162.592176][ T7641]  ? interval_tree_span_iter_first+0xea/0xd70
[  162.592198][ T7641]  ? trace_kmalloc+0x1f/0xd0
[  162.592223][ T7641]  pfn_reader_first+0x6e1/0xa80
[  162.592249][ T7641]  iopt_area_fill_domains+0x20e/0x7e0
[  162.592269][ T7641]  ? iommufd_fops_ioctl+0x45e/0x580
[  162.592286][ T7641]  ? do_syscall_64+0xfa/0x3b0
[  162.592312][ T7641]  ? __pfx_iopt_area_fill_domains+0x10/0x10
[  162.592383][ T7641]  ? down_read+0x1ad/0x2e0
[  162.592422][ T7641]  iopt_map_pages+0xaa7/0xda0
[  162.592458][ T7641]  ? __pfx_iopt_map_pages+0x10/0x10
[  162.592477][ T7641]  ? iopt_map_user_pages+0x4e/0xd0
[  162.592526][ T7641]  ? aa_get_newest_label+0xf7/0x5d0
[  162.592557][ T7641]  iopt_map_common+0x2bb/0x4f0
[  162.592584][ T7641]  ? __pfx_iopt_map_common+0x10/0x10
[  162.592628][ T7641]  iopt_map_user_pages+0xbc/0xd0
[  162.592657][ T7641]  iommufd_ioas_map+0x392/0x4c0
[  162.592685][ T7641]  ? __pfx_iommufd_ioas_map+0x10/0x10
[  162.592713][ T7641]  iommufd_fops_ioctl+0x45e/0x580
[  162.592738][ T7641]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  162.592761][ T7641]  ? __fget_files+0x2a/0x420
[  162.592790][ T7641]  ? __fget_files+0x2a/0x420
[  162.592815][ T7641]  ? bpf_lsm_file_ioctl+0x9/0x20
[  162.592832][ T7641]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  162.592850][ T7641]  __se_sys_ioctl+0xf9/0x170
[  162.592879][ T7641]  do_syscall_64+0xfa/0x3b0
[  162.592899][ T7641]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.592918][ T7641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.592935][ T7641]  ? clear_bhb_loop+0x60/0xb0
[  162.592955][ T7641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.592971][ T7641] RIP: 0033:0x7f02d078e929
[  162.592987][ T7641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.593001][ T7641] RSP: 002b:00007f02d15b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  162.593019][ T7641] RAX: ffffffffffffffda RBX: 00007f02d09b5fa0 RCX: 00007f02d078e929
[  162.593031][ T7641] RDX: 0000200000000280 RSI: 0000000000003b85 RDI: 0000000000000003
[  162.593042][ T7641] RBP: 00007f02d15b9090 R08: 0000000000000000 R09: 0000000000000000
[  162.593052][ T7641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  162.593062][ T7641] R13: 0000000000000000 R14: 00007f02d09b5fa0 R15: 00007ffe298efa78
[  162.593092][ T7641]  </TASK>
[  163.043793][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.106668][ T5872] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  163.119127][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.151270][ T5872] usb 3-1: Product: syz
[  163.168114][ T5872] usb 3-1: Manufacturer: syz
[  163.200100][ T5872] usb 3-1: SerialNumber: syz
[  163.230231][ T5872] usb 3-1: config 0 descriptor??
[  163.245972][ T7646] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/rnullb0": -EINTR
[  163.398883][ T7660] random: crng reseeded on system resumption
[  163.670711][ T5872] usb 3-1: Firmware: major: 220, minor: 80, hardware type: UNKNOWN (174)
[  163.784043][  T924] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  163.880684][ T5872] usb 3-1: no permanent extended address found, random address set
[  163.889018][ T5872] usb 3-1: atusb_probe: initialization failed, error = -524
[  163.896561][ T5872] atusb 3-1:0.0: probe with driver atusb failed with error -524
[  163.908471][ T7666] Restarting kernel threads ...
[  163.917709][ T7666] Done restarting kernel threads.
[  163.940995][  T924] usb 4-1: config index 0 descriptor too short (expected 44306, got 18)
[  163.949639][  T924] usb 4-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  163.958733][  T924] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 140
[  163.968332][  T924] usb 4-1: config 0 has no interface number 0
[  163.974720][  T924] usb 4-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  163.986919][  T924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.998454][  T924] usb 4-1: config 0 descriptor??
[  164.012373][ T7671] NILFS (rnullb0): couldn't find nilfs on the device
[  164.013234][  T924] usb-storage 4-1:0.33: USB Mass Storage device detected
[  164.048093][ T5872] usb 1-1: USB disconnect, device number 33
[  164.103808][ T5855] usb 3-1: USB disconnect, device number 42
[  164.324054][ T2154] usb 4-1: USB disconnect, device number 30
[  165.254050][ T5855] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  165.324070][ T2154] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  165.415675][ T5855] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  165.425035][ T5855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.435021][ T5855] usb 5-1: config 0 descriptor??
[  165.498029][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.507921][ T2154] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  165.520780][ T2154] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  165.529875][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.543508][ T2154] usb 4-1: config 0 descriptor??
[  165.594115][ T5924] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  165.736306][ T7700] overlayfs: conflicting options: nfs_export=on,index=off
[  165.758508][ T5924] usb 1-1: Using ep0 maxpacket: 32
[  165.765960][ T5924] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  165.779594][ T5924] usb 1-1: config 0 has no interface number 0
[  165.786044][ T5924] usb 1-1: config 0 interface 184 has no altsetting 0
[  165.801109][ T5924] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  165.810583][ T5924] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  165.826584][ T5924] usb 1-1: Product: syz
[  165.831106][ T5924] usb 1-1: Manufacturer: syz
[  165.839254][ T5924] usb 1-1: SerialNumber: syz
[  165.849484][ T5924] usb 1-1: config 0 descriptor??
[  165.865735][ T5924] smsc75xx v1.0.0
[  166.215093][ T7691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  166.227998][ T2154] usbhid 4-1:0.0: can't add hid device: -71
[  166.234673][ T2154] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  166.239676][ T2154] usb 4-1: USB disconnect, device number 31
[  166.254189][   T51] Bluetooth: hci1: command 0x041b tx timeout
[  166.374016][  T924] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  166.470691][ T5855] ath6kl: Failed to submit usb control message: -71
[  166.477903][ T5855] ath6kl: unable to send the bmi data to the device: -71
[  166.485617][ T5855] ath6kl: Unable to send get target info: -71
[  166.486403][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  166.492714][ T5855] ath6kl: Failed to init ath6kl core: -71
[  166.510208][ T5855] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  166.524234][  T924] usb 3-1: Using ep0 maxpacket: 32
[  166.529370][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  166.541243][ T5855] usb 5-1: USB disconnect, device number 10
[  166.553115][  T924] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  166.563273][  T924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.576361][  T924] usb 3-1: config 0 descriptor??
[  166.739120][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  166.750262][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  166.759874][ T5924] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  166.770786][ T5924] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  166.793565][  T924] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  166.807314][  T924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  166.819942][  T924] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  166.827652][  T924] usb 3-1: media controller created
[  166.852613][  T924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  167.000640][  T924] az6027: usb out operation failed. (-71)
[  167.021183][  T924] az6027: usb out operation failed. (-71)
[  167.028219][  T924] stb0899_attach: Driver disabled by Kconfig
[  167.047432][  T924] az6027: no front-end attached
[  167.047432][  T924] 
[  167.073020][  T924] az6027: usb out operation failed. (-71)
[  167.084201][  T924] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  167.108012][  T924] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13
[  167.145637][  T924] dvb-usb: schedule remote query interval to 400 msecs.
[  167.162815][  T924] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  167.199503][  T924] usb 3-1: USB disconnect, device number 43
[  167.307560][ T7718] netlink: 'syz.3.592': attribute type 7 has an invalid length.
[  167.315496][ T7718] netlink: 'syz.3.592': attribute type 1 has an invalid length.
[  167.316870][  T924] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  167.323164][ T7718] netlink: 216 bytes leftover after parsing attributes in process `syz.3.592'.
[  167.474288][ T2154] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  167.636221][ T2154] usb 5-1: config index 0 descriptor too short (expected 44306, got 18)
[  167.645672][ T2154] usb 5-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  167.654605][ T2154] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 140
[  167.664101][ T2154] usb 5-1: config 0 has no interface number 0
[  167.672876][ T2154] usb 5-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  167.698379][ T2154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.719493][ T2154] usb 5-1: config 0 descriptor??
[  167.738100][ T2154] usb-storage 5-1:0.33: USB Mass Storage device detected
[  167.781746][ T7739] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  167.874819][ T7741] netlink: 28 bytes leftover after parsing attributes in process `syz.3.600'.
[  167.895151][ T7741] overlayfs: conflicting lowerdir path
[  167.977326][   T10] usb 5-1: USB disconnect, device number 11
[  168.145666][ T2154] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  168.298048][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 133, changing to 11
[  168.309373][ T2154] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.319247][ T2154] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  168.328372][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.345197][ T2154] usb 4-1: config 0 descriptor??
[  168.366410][  T924] usb 1-1: USB disconnect, device number 34
[  168.410305][   T10] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  168.583048][   T10] usb 3-1: Using ep0 maxpacket: 16
[  168.602344][   T10] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  168.620382][   T10] usb 3-1: config 0 has no interface number 0
[  168.653781][   T10] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  168.674417][   T10] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  168.694587][   T10] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  168.713855][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.724000][   T10] usb 3-1: Product: syz
[  168.732280][   T10] usb 3-1: Manufacturer: syz
[  168.750953][   T10] usb 3-1: SerialNumber: syz
[  168.767746][   T10] usb 3-1: config 0 descriptor??
[  168.773495][ T7744] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  168.784246][ T7741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.799216][ T7744] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  168.808169][ T7741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.029938][ T7744] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  169.043557][ T2154] usbhid 4-1:0.0: can't add hid device: -71
[  169.054239][ T7744] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  169.055141][ T2154] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  169.064873][  T924] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  169.080754][ T2154] usb 4-1: USB disconnect, device number 32
[  169.246002][  T924] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  169.263973][  T924] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  169.272620][  T924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  169.285288][  T924] usb 1-1: config 1 has no interface number 0
[  169.291444][  T924] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  169.311314][  T924] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  169.328434][  T924] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  169.337583][  T924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.359271][  T924] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  169.489772][ T7758] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  169.676183][ T7763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.609'.
[  169.803090][   T10] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  169.841031][   T10] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  169.875403][   T10] asix 3-1:0.251: probe with driver asix failed with error -5
[  169.914708][   T10] usb 3-1: USB disconnect, device number 44
[  169.921331][  T924] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[  169.964295][ T5893] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  169.980646][ T7772] hfs: can't find a HFS filesystem on dev rnullb0
[  170.115483][ T7770] random: crng reseeded on system resumption
[  170.144061][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  170.152893][ T5893] usb 5-1: config 0 has an invalid interface number: 231 but max is 0
[  170.163857][ T5893] usb 5-1: config 0 has no interface number 0
[  170.171714][ T5893] usb 5-1: config 0 interface 231 has no altsetting 0
[  170.187456][ T5893] usb 5-1: New USB device found, idVendor=0403, idProduct=da74, bcdDevice=4a.7b
[  170.199144][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.209787][ T5893] usb 5-1: Product: syz
[  170.216524][ T5893] usb 5-1: Manufacturer: syz
[  170.221393][ T5893] usb 5-1: SerialNumber: syz
[  170.231284][ T5893] usb 5-1: config 0 descriptor??
[  170.244007][   T10] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  170.314125][ T5924] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  170.404071][   T10] usb 3-1: Using ep0 maxpacket: 32
[  170.427722][   T10] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  170.435974][   T10] usb 3-1: config 0 has no interface number 0
[  170.442104][   T10] usb 3-1: config 0 interface 184 has no altsetting 0
[  170.451896][   T10] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  170.473969][   T10] usb 3-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  170.482366][   T10] usb 3-1: Product: syz
[  170.486995][   T10] usb 3-1: Manufacturer: syz
[  170.491607][   T10] usb 3-1: SerialNumber: syz
[  170.498575][ T5924] usb 4-1: config index 0 descriptor too short (expected 44306, got 18)
[  170.504714][   T10] usb 3-1: config 0 descriptor??
[  170.543288][ T5924] usb 4-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  170.543313][ T5924] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 140
[  170.543332][ T5924] usb 4-1: config 0 has no interface number 0
[  170.544277][ T5924] usb 4-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  170.544300][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.559180][ T5924] usb 4-1: config 0 descriptor??
[  170.559328][   T10] smsc75xx v1.0.0
[  170.562104][ T5924] usb-storage 4-1:0.33: USB Mass Storage device detected
[  170.859563][  T924] usb 4-1: USB disconnect, device number 33
[  170.941229][ T5872] usb 1-1: USB disconnect, device number 35
[  170.950862][ T5872] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  171.171872][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  171.182728][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  171.395431][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  171.408137][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  171.418455][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  171.428487][   T10] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  171.603710][ T7786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  171.814090][   T43] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  171.974250][   T43] usb 1-1: Using ep0 maxpacket: 8
[  171.985892][   T43] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  171.997820][   T43] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  172.007544][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.225725][ T2154] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  172.364044][ T2154] usb 4-1: device descriptor read/64, error -71
[  172.624128][ T2154] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  172.679157][ T5893] usb 5-1: NDI device with a latency value of 1
[  172.692275][ T5893] ftdi_sio 5-1:0.231: FTDI USB Serial Device converter detected
[  172.711276][ T5893] ftdi_sio ttyUSB0: unknown device type: 0x4a7b
[  172.733402][ T5893] usb 5-1: USB disconnect, device number 12
[  172.749258][ T5893] ftdi_sio 5-1:0.231: device disconnected
[  172.773986][ T2154] usb 4-1: device descriptor read/64, error -71
[  172.884234][ T2154] usb usb4-port1: attempt power cycle
[  172.911915][  T924] usb 3-1: USB disconnect, device number 45
[  173.184107][ T5893] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  173.224084][ T2154] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  173.264416][ T2154] usb 4-1: device descriptor read/8, error -71
[  173.322675][ T7812] FAULT_INJECTION: forcing a failure.
[  173.322675][ T7812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.338428][ T7812] CPU: 0 UID: 0 PID: 7812 Comm: syz.2.623 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  173.338444][ T7812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.338450][ T7812] Call Trace:
[  173.338455][ T7812]  <TASK>
[  173.338460][ T7812]  dump_stack_lvl+0x189/0x250
[  173.338475][ T7812]  ? __pfx____ratelimit+0x10/0x10
[  173.338488][ T7812]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.338499][ T7812]  ? __pfx__printk+0x10/0x10
[  173.338509][ T7812]  ? __might_fault+0xb0/0x130
[  173.338526][ T7812]  should_fail_ex+0x414/0x560
[  173.338545][ T7812]  _copy_from_user+0x2d/0xb0
[  173.338555][ T7812]  video_usercopy+0x354/0x14f0
[  173.338573][ T7812]  ? __pfx___video_do_ioctl+0x10/0x10
[  173.338585][ T7812]  ? __pfx_video_usercopy+0x10/0x10
[  173.338602][ T7812]  ? __fget_files+0x2a/0x420
[  173.338617][ T7812]  ? __fget_files+0x2a/0x420
[  173.338629][ T7812]  ? __fget_files+0x3a0/0x420
[  173.338643][ T7812]  v4l2_ioctl+0x18d/0x1e0
[  173.338656][ T7812]  ? __pfx_v4l2_ioctl+0x10/0x10
[  173.338667][ T7812]  __se_sys_ioctl+0xf9/0x170
[  173.338678][ T7812]  do_syscall_64+0xfa/0x3b0
[  173.338691][ T7812]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.338702][ T7812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.338711][ T7812]  ? clear_bhb_loop+0x60/0xb0
[  173.338722][ T7812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.338731][ T7812] RIP: 0033:0x7f715a78e929
[  173.338740][ T7812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.338748][ T7812] RSP: 002b:00007f715b562038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  173.338761][ T7812] RAX: ffffffffffffffda RBX: 00007f715a9b5fa0 RCX: 00007f715a78e929
[  173.338767][ T7812] RDX: 0000200000000140 RSI: 0000000040085618 RDI: 0000000000000003
[  173.338773][ T7812] RBP: 00007f715b562090 R08: 0000000000000000 R09: 0000000000000000
[  173.338779][ T7812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.338784][ T7812] R13: 0000000000000000 R14: 00007f715a9b5fa0 R15: 00007ffeefd3e418
[  173.338799][ T7812]  </TASK>
[  173.358334][ T5893] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  173.431313][ T7814] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  173.436194][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.580948][ T5893] usb 5-1: Product: syz
[  173.585236][ T5893] usb 5-1: Manufacturer: syz
[  173.590205][ T5893] usb 5-1: SerialNumber: syz
[  173.599808][ T5893] usb 5-1: config 0 descriptor??
[  173.611365][ T5893] ch341 5-1:0.0: ch341-uart converter detected
[  173.634030][ T2154] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  173.654986][ T2154] usb 4-1: device descriptor read/8, error -71
[  173.661548][ T7818] netlink: 'syz.2.626': attribute type 27 has an invalid length.
[  173.717366][ T7818] vxfs: WRONG superblock magic 00000000 at 1
[  173.724112][ T7818] vxfs: WRONG superblock magic 00000000 at 8
[  173.730912][ T7818] vxfs: can't find superblock.
[  173.764619][ T2154] usb usb4-port1: unable to enumerate USB device
[  173.862100][ T7822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.628'.
[  174.234277][  T924] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  174.364150][  T924] usb 3-1: device descriptor read/64, error -71
[  174.555380][   T10] usb 1-1: USB disconnect, device number 36
[  174.604078][  T924] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  174.754073][  T924] usb 3-1: device descriptor read/64, error -71
[  174.864340][  T924] usb usb3-port1: attempt power cycle
[  174.904017][   T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  175.064306][   T10] usb 1-1: Using ep0 maxpacket: 32
[  175.076041][   T10] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  175.084419][   T10] usb 1-1: config 0 has no interface number 0
[  175.093978][   T10] usb 1-1: config 0 interface 184 has no altsetting 0
[  175.103316][   T10] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  175.112831][   T10] usb 1-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  175.121370][   T10] usb 1-1: Product: syz
[  175.125989][   T10] usb 1-1: Manufacturer: syz
[  175.130961][   T10] usb 1-1: SerialNumber: syz
[  175.155296][   T10] usb 1-1: config 0 descriptor??
[  175.163868][   T10] smsc75xx v1.0.0
[  175.214141][  T924] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  175.244814][  T924] usb 3-1: device descriptor read/8, error -71
[  175.455940][ T5893] ch341-uart ttyUSB0: failed to read break control: -110
[  175.463162][ T5893] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  175.484084][  T924] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  175.515949][  T924] usb 3-1: device descriptor read/8, error -71
[  175.624905][  T924] usb usb3-port1: unable to enumerate USB device
[  175.785076][   T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  175.795986][   T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  175.864386][ T5893] usb 5-1: USB disconnect, device number 13
[  175.880780][ T5893] ch341 5-1:0.0: device disconnected
[  176.007621][   T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  176.024186][   T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  176.036146][   T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  176.046533][   T10] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61
[  176.728641][ T7866] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  176.735541][ T5154] Bluetooth: hci1: command 0x041b tx timeout
[  177.195730][ T7877] fuse: Bad value for 'fd'
[  177.454895][ T7869] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  177.460912][ T7869] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  177.629442][ T5872] usb 1-1: USB disconnect, device number 37
[  194.181252][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  194.187689][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  255.617124][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.623440][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.059942][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.066463][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  331.133998][   T31] INFO: task kworker/0:1:10 blocked for more than 143 seconds.
[  331.141593][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  331.149053][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  331.157763][   T31] task:kworker/0:1     state:D stack:21304 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00004000
[  331.169913][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  331.176748][   T31] Call Trace:
[  331.180025][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  331.182949][   T31]  __schedule+0x16f5/0x4d00
[  331.189384][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  331.195275][   T31]  ? schedule+0x165/0x360
[  331.199623][   T31]  ? __pfx___schedule+0x10/0x10
[  331.209505][   T31]  ? schedule+0x91/0x360
[  331.213774][   T31]  schedule+0x165/0x360
[  331.218293][   T31]  schedule_preempt_disabled+0x13/0x30
[  331.223773][   T31]  __mutex_lock+0x724/0xe80
[  331.232305][   T31]  ? look_up_lock_class+0x74/0x170
[  331.237880][   T31]  ? __mutex_lock+0x51b/0xe80
[  331.242575][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  331.252823][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  331.258473][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  331.269003][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  331.276096][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  331.282184][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  331.293283][   T31]  process_scheduled_works+0xae1/0x17b0
[  331.301685][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  331.308029][   T31]  worker_thread+0x8a0/0xda0
[  331.312651][   T31]  kthread+0x70e/0x8a0
[  331.316853][   T31]  ? __pfx_worker_thread+0x10/0x10
[  331.321968][   T31]  ? __pfx_kthread+0x10/0x10
[  331.326602][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  331.331798][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.337065][   T31]  ? __pfx_kthread+0x10/0x10
[  331.341659][   T31]  ret_from_fork+0x3fc/0x770
[  331.346383][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  331.351503][   T31]  ? __switch_to_asm+0x39/0x70
[  331.356356][   T31]  ? __switch_to_asm+0x33/0x70
[  331.361125][   T31]  ? __pfx_kthread+0x10/0x10
[  331.365751][   T31]  ret_from_fork_asm+0x1a/0x30
[  331.370526][   T31]  </TASK>
[  331.373658][   T31] INFO: task syz.4.640:7852 blocked for more than 143 seconds.
[  331.382249][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  331.389433][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  331.398151][   T31] task:syz.4.640       state:D stack:25096 pid:7852  tgid:7852  ppid:6784   task_flags:0x400040 flags:0x00004004
[  331.410204][   T31] Call Trace:
[  331.413488][   T31]  <TASK>
[  331.416438][   T31]  __schedule+0x16f5/0x4d00
[  331.420960][   T31]  ? __lock_acquire+0xab9/0xd20
[  331.425894][   T31]  ? schedule+0x165/0x360
[  331.430226][   T31]  ? __pfx___schedule+0x10/0x10
[  331.435142][   T31]  ? schedule+0x91/0x360
[  331.439385][   T31]  schedule+0x165/0x360
[  331.443523][   T31]  schedule_preempt_disabled+0x13/0x30
[  331.449021][   T31]  __mutex_lock+0x724/0xe80
[  331.453523][   T31]  ? kobject_put+0x43f/0x480
[  331.458166][   T31]  ? __mutex_lock+0x51b/0xe80
[  331.462848][   T31]  ? rfkill_unregister+0xc8/0x220
[  331.467948][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  331.472987][   T31]  ? __pfx_device_del+0x10/0x10
[  331.477894][   T31]  rfkill_unregister+0xc8/0x220
[  331.482750][   T31]  nfc_unregister_device+0x96/0x2a0
[  331.487990][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  331.493710][   T31]  virtual_ncidev_close+0x56/0x90
[  331.498753][   T31]  __fput+0x44c/0xa70
[  331.502739][   T31]  task_work_run+0x1d1/0x260
[  331.507403][   T31]  ? __pfx_task_work_run+0x10/0x10
[  331.512518][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  331.518012][   T31]  exit_to_user_mode_loop+0xec/0x110
[  331.523309][   T31]  do_syscall_64+0x2bd/0x3b0
[  331.527963][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.534260][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  331.540423][   T31]  ? clear_bhb_loop+0x60/0xb0
[  331.545392][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.551304][   T31] RIP: 0033:0x7f02d078e929
[  331.555927][   T31] RSP: 002b:00007ffe298efbd8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  331.564401][   T31] RAX: 0000000000000000 RBX: 00007f02d09b7ba0 RCX: 00007f02d078e929
[  331.572375][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  331.580428][   T31] RBP: 00007f02d09b7ba0 R08: 00000000000001b0 R09: 0000001a298efecf
[  331.588426][   T31] R10: 00007f02d09b7ac0 R11: 0000000000000246 R12: 000000000002b3fa
[  331.596432][   T31] R13: 00007f02d09b6080 R14: ffffffffffffffff R15: 00007ffe298efcf0
[  331.605423][   T31]  </TASK>
[  331.608457][   T31] INFO: task syz.3.644:7869 blocked for more than 143 seconds.
[  331.616381][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  331.623490][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  331.632238][   T31] task:syz.3.644       state:D stack:21352 pid:7869  tgid:7865  ppid:5839   task_flags:0x400040 flags:0x00004004
[  331.644248][   T31] Call Trace:
[  331.647523][   T31]  <TASK>
[  331.650436][   T31]  __schedule+0x16f5/0x4d00
[  331.655205][   T31]  ? __lock_acquire+0xab9/0xd20
[  331.660077][   T31]  ? schedule+0x165/0x360
[  331.664486][   T31]  ? __pfx___schedule+0x10/0x10
[  331.669345][   T31]  ? schedule+0x91/0x360
[  331.673569][   T31]  schedule+0x165/0x360
[  331.677875][   T31]  schedule_preempt_disabled+0x13/0x30
[  331.683341][   T31]  __mutex_lock+0x724/0xe80
[  331.687911][   T31]  ? __lock_acquire+0xab9/0xd20
[  331.692773][   T31]  ? __mutex_lock+0x51b/0xe80
[  331.697621][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  331.702921][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  331.708010][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.713219][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  331.719184][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  331.725556][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  331.731267][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  331.736438][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  331.742165][   T31]  rfkill_set_block+0x1cf/0x440
[  331.747122][   T31]  rfkill_fop_write+0x44b/0x570
[  331.751984][   T31]  ? common_file_perm+0x199/0x200
[  331.757045][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  331.762441][   T31]  ? security_kernfs_init_security+0x290/0x290
[  331.768830][   T31]  ? rw_verify_area+0x258/0x650
[  331.773693][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  331.779351][   T31]  vfs_write+0x27e/0xa90
[  331.783763][   T31]  ? __pfx_vfs_write+0x10/0x10
[  331.788618][   T31]  ? __fget_files+0x2a/0x420
[  331.793226][   T31]  ? __fget_files+0x2a/0x420
[  331.797890][   T31]  ? __fget_files+0x3a0/0x420
[  331.802574][   T31]  ? __fget_files+0x2a/0x420
[  331.807226][   T31]  ksys_write+0x145/0x250
[  331.811557][   T31]  ? __pfx_ksys_write+0x10/0x10
[  331.816426][   T31]  ? rcu_is_watching+0x15/0xb0
[  331.821191][   T31]  ? do_syscall_64+0xbe/0x3b0
[  331.825929][   T31]  do_syscall_64+0xfa/0x3b0
[  331.830433][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.835686][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.841751][   T31]  ? clear_bhb_loop+0x60/0xb0
[  331.846485][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.852376][   T31] RIP: 0033:0x7f4957b8e929
[  331.856984][   T31] RSP: 002b:00007f49559d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  331.865503][   T31] RAX: ffffffffffffffda RBX: 00007f4957db6080 RCX: 00007f4957b8e929
[  331.873481][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000005
[  331.881675][   T31] RBP: 00007f4957c10b39 R08: 0000000000000000 R09: 0000000000000000
[  331.889924][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  331.897937][   T31] R13: 0000000000000000 R14: 00007f4957db6080 R15: 00007fffa1728da8
[  331.905965][   T31]  </TASK>
[  331.908983][   T31] INFO: task syz.2.648:7880 blocked for more than 144 seconds.
[  331.916583][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  331.923693][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  331.932434][   T31] task:syz.2.648       state:D stack:25848 pid:7880  tgid:7879  ppid:5837   task_flags:0x400140 flags:0x00004004
[  331.944435][   T31] Call Trace:
[  331.947718][   T31]  <TASK>
[  331.950655][   T31]  __schedule+0x16f5/0x4d00
[  331.955227][   T31]  ? __lock_acquire+0xab9/0xd20
[  331.960105][   T31]  ? schedule+0x165/0x360
[  331.964494][   T31]  ? __pfx___schedule+0x10/0x10
[  331.969357][   T31]  ? schedule+0x91/0x360
[  331.973587][   T31]  schedule+0x165/0x360
[  331.977770][   T31]  schedule_preempt_disabled+0x13/0x30
[  331.983230][   T31]  __mutex_lock+0x724/0xe80
[  331.987979][   T31]  ? __mutex_lock+0x51b/0xe80
[  331.992669][   T31]  ? rfkill_fop_open+0x12d/0x820
[  331.997643][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  332.002675][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  332.008018][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  332.013396][   T31]  rfkill_fop_open+0x12d/0x820
[  332.018309][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  332.023603][   T31]  misc_open+0x2b9/0x330
[  332.027910][   T31]  chrdev_open+0x4c9/0x5e0
[  332.032335][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.037320][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.042267][   T31]  do_dentry_open+0xdf0/0x1970
[  332.047111][   T31]  vfs_open+0x3b/0x340
[  332.051193][   T31]  ? path_openat+0x2ecd/0x3830
[  332.056000][   T31]  path_openat+0x2ee5/0x3830
[  332.060598][   T31]  ? arch_stack_walk+0xfc/0x150
[  332.065576][   T31]  ? __pfx_path_openat+0x10/0x10
[  332.070521][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.076656][   T31]  do_filp_open+0x1fa/0x410
[  332.081184][   T31]  ? __lock_acquire+0xab9/0xd20
[  332.086161][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  332.091201][   T31]  ? _raw_spin_unlock+0x28/0x50
[  332.097416][   T31]  ? alloc_fd+0x64c/0x6c0
[  332.101774][   T31]  do_sys_openat2+0x121/0x1c0
[  332.109654][   T31]  ? __se_sys_futex+0x36f/0x400
[  332.114890][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  332.120107][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  332.125587][   T31]  ? __fget_files+0x2a/0x420
[  332.130195][   T31]  __x64_sys_openat+0x138/0x170
[  332.135096][   T31]  do_syscall_64+0xfa/0x3b0
[  332.139605][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.144934][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.151000][   T31]  ? clear_bhb_loop+0x60/0xb0
[  332.155717][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.161608][   T31] RIP: 0033:0x7f715a78e929
[  332.166163][   T31] RSP: 002b:00007f715b562038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  332.174617][   T31] RAX: ffffffffffffffda RBX: 00007f715a9b5fa0 RCX: 00007f715a78e929
[  332.182595][   T31] RDX: 00000000000e0083 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  332.190981][   T31] RBP: 00007f715a810b39 R08: 0000000000000000 R09: 0000000000000000
[  332.200382][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  332.208480][   T31] R13: 0000000000000000 R14: 00007f715a9b5fa0 R15: 00007ffeefd3e418
[  332.216495][   T31]  </TASK>
[  332.219514][   T31] INFO: task syz.2.648:7881 blocked for more than 144 seconds.
[  332.227243][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  332.234437][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  332.243107][   T31] task:syz.2.648       state:D stack:27928 pid:7881  tgid:7879  ppid:5837   task_flags:0x400040 flags:0x00004004
[  332.255192][   T31] Call Trace:
[  332.258473][   T31]  <TASK>
[  332.261388][   T31]  __schedule+0x16f5/0x4d00
[  332.266025][   T31]  ? __kasan_slab_free+0x62/0x70
[  332.270968][   T31]  ? security_file_open+0xb1/0x270
[  332.276165][   T31]  ? do_dentry_open+0x35e/0x1970
[  332.281110][   T31]  ? __lock_acquire+0xab9/0xd20
[  332.286019][   T31]  ? schedule+0x165/0x360
[  332.290351][   T31]  ? __pfx___schedule+0x10/0x10
[  332.295274][   T31]  ? schedule+0x91/0x360
[  332.299529][   T31]  schedule+0x165/0x360
[  332.303697][   T31]  schedule_preempt_disabled+0x13/0x30
[  332.309280][   T31]  __mutex_lock+0x724/0xe80
[  332.313788][   T31]  ? __mutex_lock+0x51b/0xe80
[  332.318542][   T31]  ? misc_open+0x51/0x330
[  332.322881][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  332.327961][   T31]  misc_open+0x51/0x330
[  332.332132][   T31]  chrdev_open+0x4c9/0x5e0
[  332.336572][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.341521][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.346531][   T31]  do_dentry_open+0xdf0/0x1970
[  332.351309][   T31]  vfs_open+0x3b/0x340
[  332.355410][   T31]  ? path_openat+0x2ecd/0x3830
[  332.360251][   T31]  path_openat+0x2ee5/0x3830
[  332.364913][   T31]  ? arch_stack_walk+0xfc/0x150
[  332.369793][   T31]  ? __pfx_path_openat+0x10/0x10
[  332.374778][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.380857][   T31]  do_filp_open+0x1fa/0x410
[  332.385440][   T31]  ? __lock_acquire+0xab9/0xd20
[  332.390302][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  332.395377][   T31]  ? _raw_spin_unlock+0x28/0x50
[  332.400229][   T31]  ? alloc_fd+0x64c/0x6c0
[  332.404613][   T31]  do_sys_openat2+0x121/0x1c0
[  332.409293][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  332.417204][   T31]  ? exc_page_fault+0x76/0xf0
[  332.422631][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  332.428279][   T31]  __x64_sys_openat+0x138/0x170
[  332.433144][   T31]  do_syscall_64+0xfa/0x3b0
[  332.437787][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.442995][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.449090][   T31]  ? clear_bhb_loop+0x60/0xb0
[  332.453770][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.459691][   T31] RIP: 0033:0x7f715a78e929
[  332.464170][   T31] RSP: 002b:00007f715b541038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  332.472585][   T31] RAX: ffffffffffffffda RBX: 00007f715a9b6080 RCX: 00007f715a78e929
[  332.480580][   T31] RDX: 00000000000e0083 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  332.488574][   T31] RBP: 00007f715a810b39 R08: 0000000000000000 R09: 0000000000000000
[  332.496606][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  332.504668][   T31] R13: 0000000000000001 R14: 00007f715a9b6080 R15: 00007ffeefd3e418
[  332.512657][   T31]  </TASK>
[  332.515717][   T31] INFO: task syz.0.650:7887 blocked for more than 144 seconds.
[  332.523255][   T31]       Not tainted 6.16.0-rc4-next-20250702-syzkaller #0
[  332.530537][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  332.539261][   T31] task:syz.0.650       state:D stack:27840 pid:7887  tgid:7886  ppid:5830   task_flags:0x400040 flags:0x00004004
[  332.551285][   T31] Call Trace:
[  332.554608][   T31]  <TASK>
[  332.557550][   T31]  __schedule+0x16f5/0x4d00
[  332.562064][   T31]  ? __kasan_slab_free+0x62/0x70
[  332.567033][   T31]  ? security_file_open+0xb1/0x270
[  332.572150][   T31]  ? do_dentry_open+0x35e/0x1970
[  332.577340][   T31]  ? __lock_acquire+0xab9/0xd20
[  332.582211][   T31]  ? schedule+0x165/0x360
[  332.586611][   T31]  ? __pfx___schedule+0x10/0x10
[  332.591475][   T31]  ? schedule+0x91/0x360
[  332.595764][   T31]  schedule+0x165/0x360
[  332.599925][   T31]  schedule_preempt_disabled+0x13/0x30
[  332.605432][   T31]  __mutex_lock+0x724/0xe80
[  332.609942][   T31]  ? __mutex_lock+0x51b/0xe80
[  332.614693][   T31]  ? misc_open+0x51/0x330
[  332.619027][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  332.624143][   T31]  misc_open+0x51/0x330
[  332.628311][   T31]  chrdev_open+0x4c9/0x5e0
[  332.632717][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.637708][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  332.642650][   T31]  do_dentry_open+0xdf0/0x1970
[  332.647483][   T31]  vfs_open+0x3b/0x340
[  332.651557][   T31]  ? path_openat+0x2ecd/0x3830
[  332.656404][   T31]  path_openat+0x2ee5/0x3830
[  332.660999][   T31]  ? arch_stack_walk+0xfc/0x150
[  332.665970][   T31]  ? __pfx_path_openat+0x10/0x10
[  332.670915][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.677053][   T31]  do_filp_open+0x1fa/0x410
[  332.681564][   T31]  ? __lock_acquire+0xab9/0xd20
[  332.686505][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  332.691541][   T31]  ? _raw_spin_unlock+0x28/0x50
[  332.696542][   T31]  ? alloc_fd+0x64c/0x6c0
[  332.700881][   T31]  do_sys_openat2+0x121/0x1c0
[  332.705647][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  332.710846][   T31]  ? exc_page_fault+0x76/0xf0
[  332.715575][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  332.720873][   T31]  __x64_sys_openat+0x138/0x170
[  332.725751][   T31]  do_syscall_64+0xfa/0x3b0
[  332.730260][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  332.735779][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.741976][   T31]  ? clear_bhb_loop+0x60/0xb0
[  332.746752][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.752646][   T31] RIP: 0033:0x7ffb2378e929
[  332.757105][   T31] RSP: 002b:00007ffb24649038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  332.765915][   T31] RAX: ffffffffffffffda RBX: 00007ffb239b5fa0 RCX: 00007ffb2378e929
[  332.773980][   T31] RDX: 0000000000000000 RSI: 0000200000000340 RDI: ffffffffffffff9c
[  332.781956][   T31] RBP: 00007ffb23810b39 R08: 0000000000000000 R09: 0000000000000000
[  332.790005][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  332.798016][   T31] R13: 0000000000000001 R14: 00007ffb239b5fa0 R15: 00007fffd1cc1b68
[  332.806054][   T31]  </TASK>
[  332.809120][   T31] 
[  332.809120][   T31] Showing all locks held in the system:
[  332.816966][   T31] 3 locks held by kworker/0:1/10:
[  332.821999][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  332.833092][   T31]  #1: ffffc900000f7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  332.846853][   T31]  #2: ffffffff8fa05008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  332.858250][   T31] 1 lock held by khungtaskd/31:
[  332.863102][   T31]  #0: ffffffff8e33bfe0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  332.873076][   T31] 1 lock held by klogd/5193:
[  332.877726][   T31]  #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  332.887745][   T31] 2 locks held by getty/5600:
[  332.892413][   T31]  #0: ffff88814d3ad0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  332.902255][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  332.912470][   T31] 2 locks held by syz.4.640/7852:
[  332.917526][   T31]  #0: ffff888031d5d100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  332.927339][   T31]  #1: ffffffff8fa05008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  332.937517][   T31] 2 locks held by syz.3.644/7869:
[  332.942550][   T31]  #0: ffffffff8fa05008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  332.952736][   T31]  #1: ffff888031d5d100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  332.962477][   T31] 2 locks held by syz.2.648/7880:
[  332.967521][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  332.976044][   T31]  #1: ffffffff8fa05008 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  332.986150][   T31] 1 lock held by syz.2.648/7881:
[  332.991082][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  332.999567][   T31] 1 lock held by syz.0.650/7887:
[  333.004535][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.012998][   T31] 1 lock held by syz-executor/7891:
[  333.018222][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.026710][   T31] 1 lock held by syz-executor/7892:
[  333.031883][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.040368][   T31] 1 lock held by syz-executor/7895:
[  333.045609][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.054421][   T31] 1 lock held by syz-executor/7896:
[  333.059677][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.068167][   T31] 1 lock held by syz-executor/7902:
[  333.073361][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.081891][   T31] 1 lock held by syz-executor/7903:
[  333.087132][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.095647][   T31] 1 lock held by syz-executor/7906:
[  333.100850][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.109321][   T31] 1 lock held by syz-executor/7907:
[  333.114545][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.123009][   T31] 1 lock held by syz-executor/7913:
[  333.128241][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.139891][   T31] 1 lock held by syz-executor/7914:
[  333.145161][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.153628][   T31] 1 lock held by syz-executor/7917:
[  333.158871][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.167376][   T31] 1 lock held by syz-executor/7918:
[  333.172549][   T31]  #0: ffffffff8ebd5068 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  333.181041][   T31] 
[  333.183360][   T31] =============================================
[  333.183360][   T31] 
[  333.192185][   T31] NMI backtrace for cpu 1
[  333.192197][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  333.192208][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.192214][   T31] Call Trace:
[  333.192218][   T31]  <TASK>
[  333.192222][   T31]  dump_stack_lvl+0x189/0x250
[  333.192236][   T31]  ? __wake_up_klogd+0xd9/0x110
[  333.192249][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.192260][   T31]  ? __pfx__printk+0x10/0x10
[  333.192276][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  333.192288][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  333.192297][   T31]  ? _printk+0xcf/0x120
[  333.192309][   T31]  ? __pfx__printk+0x10/0x10
[  333.192320][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  333.192336][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  333.192347][   T31]  watchdog+0xfee/0x1030
[  333.192361][   T31]  ? watchdog+0x1de/0x1030
[  333.192377][   T31]  kthread+0x70e/0x8a0
[  333.192390][   T31]  ? __pfx_watchdog+0x10/0x10
[  333.192402][   T31]  ? __pfx_kthread+0x10/0x10
[  333.192413][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  333.192424][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.192435][   T31]  ? __pfx_kthread+0x10/0x10
[  333.192446][   T31]  ret_from_fork+0x3fc/0x770
[  333.192456][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  333.192467][   T31]  ? __switch_to_asm+0x39/0x70
[  333.192478][   T31]  ? __switch_to_asm+0x33/0x70
[  333.192488][   T31]  ? __pfx_kthread+0x10/0x10
[  333.192499][   T31]  ret_from_fork_asm+0x1a/0x30
[  333.192517][   T31]  </TASK>
[  333.192521][   T31] Sending NMI from CPU 1 to CPUs 0:
[  333.348425][    C0] NMI backtrace for cpu 0
[  333.348442][    C0] CPU: 0 UID: 0 PID: 1115 Comm: kworker/u8:6 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  333.348461][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.348472][    C0] Workqueue: events_unbound toggle_allocation_gate
[  333.348495][    C0] RIP: 0010:match_held_lock+0x78/0xc0
[  333.348517][    C0] Code: 00 00 48 c7 c2 30 63 6c 93 48 29 d0 48 c1 f8 03 48 ba 29 5c 8f c2 f5 28 5c 8f 48 0f af d0 bb 01 00 00 00 48 39 ca 74 02 31 db <89> d8 5b 41 5e c3 cc cc cc cc cc 90 e8 17 83 53 f9 85 c0 74 22 83
[  333.348530][    C0] RSP: 0018:ffffc90003e67660 EFLAGS: 00000046
[  333.348543][    C0] RAX: 0000000000000006 RBX: 0000000000000001 RCX: 9c770994e2403900
[  333.348554][    C0] RDX: 0000000000000000 RSI: ffffffff8e33bfe0 RDI: ffff888026c7a9b8
[  333.348565][    C0] RBP: ffff888026c7a9b8 R08: ffff88801a87b063 R09: 1ffff1100350f60c
[  333.348577][    C0] R10: dffffc0000000000 R11: ffffed100350f60d R12: 0000000000000005
[  333.348588][    C0] R13: 0000000000000005 R14: ffffffff8e33bfe0 R15: ffff888026c79e00
[  333.348599][    C0] FS:  0000000000000000(0000) GS:ffff8881259e5000(0000) knlGS:0000000000000000
[  333.348612][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  333.348622][    C0] CR2: 00007ffef1eb37d8 CR3: 000000000e136000 CR4: 00000000003526f0
[  333.348636][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001889
[  333.348646][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  333.348656][    C0] Call Trace:
[  333.348662][    C0]  <TASK>
[  333.348669][    C0]  lock_release+0x127/0x3e0
[  333.348691][    C0]  ? __text_poke+0x832/0xa10
[  333.348710][    C0]  ? __kmalloc_cache_node_noprof+0x8b/0x3d0
[  333.348728][    C0]  __text_poke+0x83e/0xa10
[  333.348747][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  333.348765][    C0]  ? __kmalloc_cache_node_noprof+0x8b/0x3d0
[  333.348782][    C0]  ? __pfx___text_poke+0x10/0x10
[  333.348798][    C0]  ? rcu_is_watching+0x15/0xb0
[  333.348813][    C0]  ? trace_contention_end+0x39/0x120
[  333.348834][    C0]  smp_text_poke_batch_finish+0xd0a/0x1100
[  333.348856][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  333.348877][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[  333.348903][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  333.348924][    C0]  static_key_enable_cpuslocked+0x128/0x250
[  333.348944][    C0]  static_key_enable+0x1a/0x20
[  333.348960][    C0]  toggle_allocation_gate+0xad/0x240
[  333.348977][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  333.348995][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  333.349021][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  333.349043][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  333.349065][    C0]  process_scheduled_works+0xae1/0x17b0
[  333.349098][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  333.349127][    C0]  worker_thread+0x8a0/0xda0
[  333.349142][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  333.349163][    C0]  ? __kthread_parkme+0x7b/0x200
[  333.349187][    C0]  kthread+0x70e/0x8a0
[  333.349205][    C0]  ? __pfx_worker_thread+0x10/0x10
[  333.349219][    C0]  ? __pfx_kthread+0x10/0x10
[  333.349236][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  333.349253][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.349270][    C0]  ? __pfx_kthread+0x10/0x10
[  333.349287][    C0]  ret_from_fork+0x3fc/0x770
[  333.349302][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  333.349318][    C0]  ? __switch_to_asm+0x39/0x70
[  333.349336][    C0]  ? __switch_to_asm+0x33/0x70
[  333.349353][    C0]  ? __pfx_kthread+0x10/0x10
[  333.349370][    C0]  ret_from_fork_asm+0x1a/0x30
[  333.349394][    C0]  </TASK>
[  333.349470][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  333.349483][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  333.349501][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.349512][   T31] Call Trace:
[  333.349519][   T31]  <TASK>
[  333.349526][   T31]  dump_stack_lvl+0x99/0x250
[  333.349547][   T31]  ? __asan_memcpy+0x40/0x70
[  333.349562][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.349580][   T31]  ? __pfx__printk+0x10/0x10
[  333.349609][   T31]  panic+0x2db/0x790
[  333.349630][   T31]  ? __pfx_panic+0x10/0x10
[  333.349644][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  333.349659][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  333.349679][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  333.349703][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  333.349728][   T31]  watchdog+0x102d/0x1030
[  333.349752][   T31]  ? watchdog+0x1de/0x1030
[  333.349779][   T31]  kthread+0x70e/0x8a0
[  333.349801][   T31]  ? __pfx_watchdog+0x10/0x10
[  333.349821][   T31]  ? __pfx_kthread+0x10/0x10
[  333.349842][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  333.349860][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.349878][   T31]  ? __pfx_kthread+0x10/0x10
[  333.349897][   T31]  ret_from_fork+0x3fc/0x770
[  333.349916][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  333.349944][   T31]  ? __switch_to_asm+0x39/0x70
[  333.349962][   T31]  ? __switch_to_asm+0x33/0x70
[  333.349980][   T31]  ? __pfx_kthread+0x10/0x10
[  333.350000][   T31]  ret_from_fork_asm+0x1a/0x30
[  333.350033][   T31]  </TASK>
[  333.844726][   T31] Kernel Offset: disabled
[  333.849029][   T31] Rebooting in 86400 seconds..