last executing test programs:

12.257787629s ago: executing program 3 (id=755):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB='4\x00I@', @ANYRES16=r2, @ANYBLOB="010000000000000000001000000018000180140002007665746830000000000000000000000008000f0008000000"], 0x34}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
recvmmsg(r0, &(0x7f0000006700)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/95, 0x5f}, {&(0x7f0000001700)=""/142, 0x8e}, {&(0x7f00000017c0)=""/142, 0x8e}, {&(0x7f0000002600)=""/214, 0xd6}, {&(0x7f0000001980)=""/184, 0xb8}, {&(0x7f0000001a80)=""/10, 0xa}, {&(0x7f0000001ac0)=""/239, 0xef}, {&(0x7f0000001bc0)=""/136, 0x88}, {&(0x7f0000001c80)=""/252, 0xfc}], 0xa}, 0x8}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0xffffade7}], 0x5, 0x20, 0x0)

11.993658216s ago: executing program 3 (id=757):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x74b})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x1c, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @generic={0x8, 0x2}]}}}}}}}}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'dummy0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6c, 0x2, {{}, [@TCA_NETEM_LOSS={0x30}, @TCA_NETEM_RATE={0x14, 0xd}, @TCA_NETEM_CORRUPT={0xfffffeb2, 0x2}]}}}]}, 0x9c}}, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000280)={0x10000, 0x108000})
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r8=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r7, 0x84, 0x23, &(0x7f00000000c0)={r8, 0x80}, 0x8)
openat2$dir(0xffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)={0x10040, 0xad}, 0x18)

11.42201663s ago: executing program 3 (id=759):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="ec000000100005002abd700000000000e0000002000000000000000000000000fe8000000000000000000000000000aa00000000000000000000002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000000006c000000ac1414bb000000000000000000001000000000c3ed00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ae6400000000000000000000000000000000000000000000000000000000000700"/154], 0xec}}, 0x0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r2, 0x40096101, &(0x7f0000000080)={{}, 0x6})
r3 = syz_usb_connect(0x3, 0x51, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
syz_usb_ep_read(r3, 0x7, 0xc0, &(0x7f0000000240)=""/192)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
userfaultfd(0x801)
unshare(0x22020600)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1900000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000ff105649d532d11e000000000000000000000096241aa6fdb5d1776e67cde42342809cf0325d90c85bab6572ef17cb1255c5f45924b6f86255c806101c3c01ff96e6d7e2e21797ab71e6a10c3e695ca994ef0f7a1c862980ebdf448f3581e71d04d7de9578dc5362a7b4dae314fcb6169514df9fda60488cb253ce0baa32d8e3926dac761c209dba093127fdd426a6c566b24a44b0f82993cd17ef0fbe4eb44fbcb55ec0ed93babe7badcf5df659980e1eb01800ab"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000001b708000000e7ffff000027d5837d47acd404a38c85fee19400bf00000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4}, &(0x7f0000000800), 0x0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
close(r9)
socket$netlink(0x10, 0x3, 0x8000000004)
readv(r9, 0x0, 0x0)

11.285884877s ago: executing program 2 (id=760):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x25c, 0x138, 0x0, 0x148, 0x0, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'hsr0\x00', {0xff}, {}, 0x84, 0x0, 0x8}, 0x0, 0x118, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0xed, 0x7, 0x18}}}, @common=@inet=@multiport={{0x50}, {0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3]}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2b8)

10.357945021s ago: executing program 4 (id=762):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x94}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000740)={0x1c, r1, 0xaa8bf10ea65291a5, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc004014}, 0x4000)

10.041577804s ago: executing program 4 (id=764):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
ioctl$FS_IOC_RESVSP(r0, 0x402c5828, &(0x7f0000000100)={0x0, 0x1, 0x4, 0x7})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x180, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x150, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x0, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x0, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffdac, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x11a8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x80}, 0x800)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1d, 0x90, 0x6e, 0x20, 0x1d50, 0x60c6, 0x629b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xdd, 0x0, 0x1, 0x76, 0x24, 0x67, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x0, 0x40}}]}}]}}]}}, 0x0)

9.388440539s ago: executing program 0 (id=767):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r0, &(0x7f000001a240)=""/102391, 0x18ff7, 0x0) (async)
pread64(r0, &(0x7f000001a240)=""/102391, 0x18ff7, 0x0)
syz_io_uring_setup(0x5c2, &(0x7f00000006c0)={0x0, 0x0, 0x2, 0x3, 0x317}, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x802, 0x0) (async)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x49, [0x0, 0x3, 0x403, 0x100000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000a, 0x0, 0x0, 0x80000007, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffffffff], [0x0, 0xa82, 0x0, 0x0, 0x2, 0x733, 0x3, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2000000, 0xfffffffc, 0x0, 0x80000, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7fff0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x28220be6, 0x401, 0x0, 0x2, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0xffffffff, 0x89, 0x0, 0x800, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80008000, 0x0, 0xfffffffe, 0xfffffffc, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xd, 0x0, 0x0, 0x6492, 0x8], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xd2a, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0x0, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x8000006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x1, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) (async)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='fdinfo/3\x00') (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='fdinfo/3\x00')
read$FUSE(r2, &(0x7f00000020c0)={0x2020}, 0x2020) (async)
read$FUSE(r2, &(0x7f00000020c0)={0x2020}, 0x2020)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="240000001a0001000000000000000019020000000000000000000000070010"], 0x24}, 0x1, 0x0, 0x0, 0x24004880}, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) (async)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r6, r5)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r5, 0x0)
mbind(&(0x7f0000000000/0x1000)=nil, 0x3000, 0x2, &(0x7f0000000300)=0x2, 0x7797, 0x3)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x1a, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000005000000000000000a0101000000005e1affd5020000000900010073792c000000030a01030000e6ff000000000200000009000132000000001400000011000100000000000000000000000000003d14b78960d90f9e11b8aa9c476997abb2467d52861e22a774c9f94a07f31e74aa635c706eb3257aca755079716f2d041b04b1b8d9c1504a535b542a2054fd794029157480fc15d6fdc92d8cccb9df2e08bf6af78382815d9dbe0151949a8838e473a9e831b213bb648d49c2f84f7fa115977d0ac0ca10dff5c52d4186a027e99455a924b8"], 0x7c}}, 0x0)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000280)={<r7=>0x0, 0x7f, "6175e12f1100a4f58009f0e4b995c52110999c6d897ea9102c0fd29b08ad6bbfa942bd7a176a9de5de72951664c46dc784cd1c7b0cfbec79c13524cc877aecfb81dab30509c458b33f82299498ebf83de5ef6944c08ea1abf1f6bef015f2962d3643faace796fc5d280b9b1dfb42dcee047eab0acad45077175f31556e8aa7"}, &(0x7f0000000340)=0x87)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000540)={r7, 0x3ff, 0x20, 0xfffffffffffffffa, 0xfffffffffffffffe}, &(0x7f0000000580)=0x18)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400008d1000010000000000000000000000000a30000000060a0b0400000000000073797130000000000900020073797a3200000000140000221100010000000000000000000000000a"], 0x58}}, 0x851)
socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000140)={'some'}, 0x2f) (async)
write$cgroup_pressure(r2, &(0x7f0000000140)={'some'}, 0x2f)
syz_io_uring_setup(0x4538, &(0x7f00000000c0)={0x0, 0x9e9, 0xa93f27852d41156a, 0x1, 0x1ee, 0x0, r2}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0xc0, &(0x7f0000000240)=0x2, 0x0, 0x4) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0xc0, &(0x7f0000000240)=0x2, 0x0, 0x4)

8.837648585s ago: executing program 0 (id=768):
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs(0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0xa0202)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009b000040"])
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x802, 0x20)
syz_io_uring_setup(0x237, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$kcm(0xa, 0x2, 0x3a)
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)="00000000f5ff", 0x6, 0xfffffffffffffffd)
flistxattr(r4, &(0x7f00000002c0)=""/132, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

8.266428802s ago: executing program 3 (id=769):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x181)
rmdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r1 = open_tree(r0, &(0x7f0000000280)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r3 = syz_io_uring_setup(0x2f1, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x3}, &(0x7f0000000000)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x50, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x2de7, 0x4000, 0x0, 0x0, 0x0)
write$dsp(r2, &(0x7f0000002000)='`', 0x88020)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
read$FUSE(r6, &(0x7f0000000180)={0x2020}, 0x2020)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)=ANY=[@ANYBLOB="12010000d507df08c410448200dc0102030a090212000100000000090400000003"], 0x0)
io_uring_setup(0x1517, &(0x7f00000002c0)={0x0, 0x58e4, 0x10, 0x104, 0x1ff7ffb})
close_range(r7, 0xffffffffffffffff, 0x0)

7.580760721s ago: executing program 4 (id=770):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540", @ANYRESHEX=r0, @ANYRESOCT=r1], 0x50}, 0x1, 0x0, 0x0, 0x10000092}, 0x20000800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007040000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000000)=0x3, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xfffffffa, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000440)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYRES8=r2, @ANYRES16=r3, @ANYRES8=r4, @ANYRES32=r5, @ANYRES64=r3], 0x54}, 0x1, 0x0, 0x0, 0x44085}, 0x840)
syz_usb_connect(0x5, 0x2d, 0x0, 0x0)
landlock_create_ruleset(&(0x7f0000000000)={0x1400, 0x0, 0x3}, 0x18, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0))
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "d3ac1510b880111dec9d63d49c589abb91b4570104000096745996c2803d681b5785556f6b4b1388fd943f9ecb6345fcd41d00f3c528d2d354310ee6fe079f7f", 0x3f}, 0x48, 0xfffffffffffffffc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/18, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)

7.260667144s ago: executing program 2 (id=771):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000340)={0x2, 0x2, 0x5, 0x3, 0x6})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r2 = accept4(r0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x89f9, &(0x7f00000000c0)={'bond_slave_0\x00', @random="2e2e014010ff"})
syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/vlan0\x00')
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmmsg$inet(r2, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000440)="34bdb15a74", 0x5}, {&(0x7f00000006c0)="1fdd2b8f14ef48f7b15c5e797f40e58a81b4ba1fddb284f1083d2ab3ecdcdcaccd4cf78dca3267f0c7b06a0d63c5275414448ab31265e4fca4680e59714322aa83f9e91db3f6d908275cbc10d6446b354be549ce7b61c75dc4e60801d60ca98b17a7989c7a66b19a49b1c419b4a8c89f9e8d8459fb030891e62d6210ee97bdf436", 0x81}], 0x3}}], 0x1, 0x24008804)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000002100010028bd7000fbdbdf250a101409430000070c0000001400010000000000000000000000000000000001140002000019d200000000000000000000000000080017004e224e20d236187574017c85c1c0e0c7a0ff55dcaafe873516035286200a0677f1e403278fbaafb216440692f2e4e6a7a8473e2d5b7ce769e0b3a8780ffc4c4705eb894f4302a7dcde6abb83690394fcc105282c6e3018c64244e2933450451f93a88380f011c2a352fea2f3f85cb267e8f4f010f95181010eeee7cbb0f3b7430834700aea7e4d1785affddf0c1a1489"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMKID={0x14, 0x55, "43dca99bd037dd9c0b1b9bbe0b3835a7"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xfe}, @NL80211_ATTR_MAC={0xa, 0x6, @random="496b053e5654"}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000015}, 0x20040000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x38, 0x701, 0x70bd2a, 0x0, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x10004891}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r6)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"])
sendmmsg$alg(r2, &(0x7f0000003b80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}], 0x1, 0x10)

6.84730684s ago: executing program 2 (id=773):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000900)=0x4, 0x8)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000740)={&(0x7f0000000200)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, r2})
r4 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x41e, 0x3100, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x92, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x1, 0x3, 0x2, {0x9, 0x21, 0x8, 0x1, 0x1, {0x22, 0xe37}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3, 0x6, 0x8}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x2, 0x9, 0x7}}]}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x2, 0x6, 0x18, 0x20, 0x5}, 0x7d, &(0x7f00000003c0)={0x5, 0xf, 0x7d, 0x3, [@ptm_cap={0x3}, @generic={0x72, 0x10, 0xa, "d87e4b15ba56a2e5a8fb0a4883a8fb8b5363e83bd2733d6e6caf999dc4d9a752c415d4eeb06ceabe5f9755d93617b80f92d799a60c49075b3ec2a685f5248e3002172f70ad6c26c308d85181195a8dfd9a803ce455c4852ba527c9ca095a1b9f4a5548cc17b488c30429023d75c4ec"}, @ptm_cap={0x3}]}})
syz_usb_control_io(r4, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r4, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000180)={0x0, 0x3, 0x2, 'H\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f0000000f00)={0x84, &(0x7f0000000b00)=ANY=[@ANYBLOB="200603"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000002c0)={0x44, &(0x7f0000001180)=ANY=[@ANYBLOB="00af1200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0x26004080}, 0x4000041)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0xc2181, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8d11})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f00000010c0)=ANY=[], 0x4)

6.600749626s ago: executing program 4 (id=774):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r1, &(0x7f0000006ec0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x46, 0x0, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x35, &(0x7f00000000c0)=0x1e78, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xf8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x1, 0x2, {0x9, 0x21, 0x0, 0x9, 0x1, {0x22, 0xf86}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x25, 0xfd, 0xeb}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x80, 0x6, 0x2}}]}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x81, 0xff, 0x8, 0x40, 0x9}, 0xc2, &(0x7f0000000340)={0x5, 0xf, 0xc2, 0x4, [@ptm_cap={0x3}, @generic={0xa5, 0x10, 0xa, "57e16471ce2edcc618854beb0e51d7ebafd51d2099319c50523c081306ebc82415d01d5a63f5f916185aad46616c3303627b73b8dafacfc22c6544bc37ee01295bf89bd8ec3d606edf8904bef27fcd1a09641da08aeab0478f13cc5502a64764c94d0da4d3abeab5a3e5889702d159f9387481a85c19e18c5876379c2bc39d3553250b14a10a38a52e918b19ac7563ad3fff44d2e88d8585042dbbd80842ce053557"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x0, 0xe7, 0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x8, 0x2, 0x10, 0x9, 0x2}]}, 0x5, [{0xc3, &(0x7f0000000500)=@string={0xc3, 0x3, "95a50787edfdeed1be134d63810a6f252373fafbe5df65af11531bcecbf15a8ce23d9ce68ba3ed923b8de2ac22fbb743da8555a95360993c0a6355883c8eaf5082ad13ad72716d0419034922e95ce70e835388629aa30613adc5ba84897ca7a25c867deb0ab031c0374171d14abe82b53832e843b9f786d4b6a163bd7ea847ea2168abbe9573318b0fe4ba6da2d87497d18e0d02fc74367fe9211bb6abc7525d7bc6b1415ff559d273922de83c5720f68001893087f3cbf59cb750a1974464c1c2"}}, {0xde, &(0x7f0000000600)=@string={0xde, 0x3, "f93f0f18df62f14472948d92b12c62339449506a9a31c4656b3a04af0a5cbb04db362a485acf869b6d672e95edc83a604da452fb8599db352dd9e3d1946ea62586989d214fe1e566b0a88c7774e61c379f4005638c2d1fe80666806f57afeead7b922085b06988202691061e96df69f0aef01d0d5342ec272f7f715199a9e955e9ac55eeff2d51c1a5d439042d474fed43f652ea946d8e35070c0d0a2a803d6a47010b1455745928e05d0c142bb55ab123367cab459249bdfa93a0d6d26385930c348ee8bd8c2ce293786544845ea4d4aeceded27051ed710453e84f"}}, {0x5b, &(0x7f0000000240)=@string={0x5b, 0x3, "28d97a3b200f1ce007bfed35680311b03e7e5e916511fa0345bb3d970aec3a771607984b9e5e980560927266957a1c574adec8a71bb0bcea7de71535eecb0eef8b0b80ec965ecefab890461850159460336dc143f5d03334db"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1004}}, {0xd1, &(0x7f0000000700)=@string={0xd1, 0x3, "5f2a03c768e06b8523cc15e38952d028820318d9c742e3b29f7f85a5110a3f3d06f817cb4315b6fd4ee7f134e1dc76e5a500a3cf35f2455acb6909edb45a47a839411cb3462c1c6494c00191722e23ba7e2d613f05c9701b6adf0bb4344ddc15b46637f8ee99a52d2f810425651cd0f6125f2f24404a826d4049b11141fe9fb572098df2b545753d6e252b7bb7e52c493ff23d45c8ba92e4fb125832d11641b2e8e21c923b4a5813d73bd80e2380cb3b8740f6a5989888aa1c73b3540ec1e1feb59f03365cb886fbf4707f4da632fe"}}]})
syz_usb_control_io$hid(r2, &(0x7f0000000940)={0x14, &(0x7f0000000800)={0x20, 0x1c, 0xc1, {0xc1, 0x5, "0a964c160c0cca92748aba05e05471dd0c8b54d1ecae8bad02408b5b17177ba55ead452d47f2feb78a8292df4161650a1e3ad7704450ace8d8a6548fa8a129dc30ae50bbad5943ac39bd13a12dffd02a6ba35a74efb831434d01ff99a4bedbf8e87406ff35282fa7b6f8c6c1dbcd0f46a5b571fc92dec627ecd38de278419357e1f500259c8631f2d2e0aff17bc3c9b84466dc888bd6291a01f0eebcc3c54c7a19e4c4e68e07cf15d0a19281373e1f8f076e8fcce8285aa820140c949c7d4f"}}, &(0x7f0000000440)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x455}}, &(0x7f0000000480)={0x0, 0x22, 0xa, {[@main=@item_012={0x2, 0x0, 0x9, "cd79"}, @main=@item_012={0x1, 0x0, 0x9, '^'}, @main=@item_4={0x3, 0x0, 0xc, "c7d305e1"}]}}, &(0x7f0000000900)={0x0, 0x21, 0x9, {0x9, 0x21, 0x5, 0x4, 0x1, {0x22, 0x5ef}}}}, &(0x7f0000000c00)={0x18, &(0x7f0000000980)={0x0, 0xd, 0xbd, "f05ca04615b2242c12563a4c7510db42b308189745656be152479268f79ac625184723a6b57513aabf3fb793dc6d1a0fd5615a865c1221f49b21eda6331bbbd764b1d57c3efff8d6e93f96d4fe6ed80d6c2bd5e423d0035f460f06756c337e03b27c5fc4a88643d953f929cb4a0cb9fa862049c4f4a7d6898967107c1883d7322b1193db900cd76c97f34e0c8dbb12cf49c654f11f92ffab89c0a7f195c3dd75499828fde07993a6364858a790994143f45b10af997d25587789f9abf4"}, &(0x7f0000000a80)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000b00)={0x20, 0x1, 0x8a, "e822272132486194368001f49a50e636dd70596a0ca5e7696837ede7926993bb4cfe428beb0dfba57e10c18f97d154b4c5e76b0acc6a704649c4f13999526abf823c7352a1802ce4e13cba4abdb4bc72ad00c91f9d24b1beb79b7cc124674e3b02e84541f82303055d56115154f809f392a5307daa98ab4f07e8e565b653afda92e924e33efd6ea67784"}, &(0x7f0000000bc0)={0x20, 0x3, 0x1, 0xb8}})
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
write(r3, &(0x7f0000000000)="240000001a005f0400f9f407000904018020200000000000000000000800010000000000", 0x24)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x4000, 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x1, 0x4000810, 0x0, 0x0)

6.125623765s ago: executing program 1 (id=776):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280))
io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000040)={0x2, r0, 0x0, {0x5, 0x5}, 0xb0}, 0x1)
rseq(&(0x7f0000000300), 0x20, 0x0, 0x0)
futex(&(0x7f0000000180), 0x5, 0x0, 0x0, &(0x7f0000000000), 0xaffffffa)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000340)=@filter={'filter\x00', 0x4, 0x4, 0x41c, 0xffffffff, 0x0, 0x0, 0x28c, 0xfeffffff, 0xffffffff, 0x354, 0x354, 0x354, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @private1, [0xff, 0xff, 0xffffffff, 0xffffff00], [0xff, 0x0, 0xffffff, 0xffffffff], 'macvlan0\x00', 'netpci0\x00', {0xff}, {0xff}, 0x5c, 0x81, 0x5, 0x20}, 0x2f2, 0xe8, 0x10c, 0x0, {}, [@common=@unspec=@helper={{0x44}, {0x1, 'syz1\x00'}}]}, @REJECT={0x24}}, {{@uncond, 0x0, 0x15c, 0x180, 0x0, {}, [@common=@unspec=@conntrack1={{0xb8}, {{@ipv4=@private=0xa010102, [0x0, 0xff, 0xffffffff, 0xff], @ipv6=@private2, [0xffffffff, 0xff, 0xff000000, 0xffffff00], @ipv6=@dev={0xfe, 0x80, '\x00', 0x24}, [0xff000000, 0xffffffff, 0xff, 0x7fffff80], @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0x0, 0xff, 0x85b3a33fb19ee8d1, 0xff], 0x9, 0x3, 0x29, 0x4e22, 0x4e23, 0x4e22, 0x4e23, 0x1601, 0x20}, 0x81, 0xa}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0xb}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [0x0, 0xff000000, 0xffffff00, 0xffffffff], [0xff000000, 0xffffffff, 0x0, 0xff], 'vlan0\x00', 'batadv_slave_0\x00', {}, {0xff}, 0xc, 0x31, 0x3, 0x6}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x478)

5.935872355s ago: executing program 3 (id=777):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
syz_open_dev$vim2m(0x0, 0x7ff, 0x2)
ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, 0x0)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
socket(0x10, 0x2, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(0x0, 0x9, 0x4, 0x0, 0x0, 0x5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r4)
syz_usb_connect$hid(0x5, 0x6d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000086e05fb0000000000000109022400010000b00309040000fd03000100092104380f01220500090581"], 0x0)
syz_usb_connect$cdc_ncm(0x5, 0x75, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x2, 0x1, 0x1, 0x28, 0x74, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x3, 0xe922, 0xffff, 0x9}, {0x6, 0x24, 0x1a, 0xa0, 0x11}, [@network_terminal={0x7, 0x24, 0xa, 0x0, 0x2, 0xc, 0xf}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x66, 0x64, 0xee}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xf8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x1, 0x3, 0x35}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x250, 0xa, 0x7, 0xc, 0x10, 0x5}, 0x64, &(0x7f00000002c0)=ANY=[@ANYBLOB="050f64000507100204000200231008484d56067d3c2eb26321916c9a9c38915e5657e6f955f815248f9e2594bdd7bd15581e3b8dc60b100100000000010000000010"], 0x8, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x444}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x40e}}, {0x19, &(0x7f0000000440)=@string={0x19, 0x3, "332215b9a289f85bff5f19a9a0a8dfa89e3d71c3d57be5"}}, {0xc7, &(0x7f0000000480)=@string={0xc7, 0x3, "c3513078063de7f2238185483c6a25484e76282040d45ab067db9e7b1e935485317ec3d434f41c7b5c4d94a4b08c90c7a5af2375013867a6ee12624d89c265808d44db6f26a6be2edc2161789db615a88e4e235b1bf5fd3162ee0d953fa7c05ddf7e244cbf73d01b3d868e74ebf6fc8a7ded83cb4026f1e67ac234a530735fde60e6b9d7e8b5d68445db42b35819be55ddb0a6cf0aec652150dfc5aeeb1b146a959525cca0bce97d28696030da1d0ac224dfb5c096f0136bc88549ccc249db4d8277124173"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x43e}}, {0xf4, &(0x7f00000005c0)=@string={0xf4, 0x3, "949ef0b5422b92db455ffaf83495fc3cc056d4a4e0912387647f7bbff3bec7354efecaf3afa7cb141896022e1fc4ddaa41b1af22f02201fe1c9733e653026dc732392eb661f2b10287c732ce969370a3847d298b42d140f44d9f6cfdd2767a4dda29939a924a4d3bb7ea138b2939c81f6eecf22c385cf8f53fb0e96d0388cd01648a88613ea2990e6967ecb10a61822d3f5b38c5adf64ebbc4e913ee43cd21562f8868ea511c7f1e28b3b0d3753ae8c7bcfa743aff75f6aacf751226d87f64fd77142c9d4981f6a47d0e27c2e8e6a716a92a5ec472b2e1f05651e2389619299f1205d542df8f09fff2281e67e0116458d067"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x446}}, {0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="360350866705d55b49d705432b084ca1464d4d0efbd57afcc7ab93915857fdb5ad46c3283a62666a22f7812ad1c6bd3e981e9ebd290b46daae46ee1fc45a341cdd1d22a41b5531016fd9d2b7"]}]})
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)

5.834508633s ago: executing program 1 (id=778):
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x50009402, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004850}, 0x48010)
syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b7500090583"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000100)={0x0, 0x0, "4cf90fba85c830e42a3c9ab10f01bbcb15f3806c4853e7c44a6974759d01000000a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f1700002270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d7c17d40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x3800000, &(0x7f00000000c0))
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3380, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x9b}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
r10 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r10, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2})
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_INITMSG(r11, 0x84, 0x2, &(0x7f0000000040)={0x400, 0x3}, 0x8)
sendto$inet(r11, &(0x7f0000000100)="ab", 0xffe0, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)
io_uring_enter(r2, 0x627, 0x14, 0x43, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

5.501289319s ago: executing program 0 (id=779):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x206, 0x8401)
r1 = dup3(r0, r0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x3c, r2, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40905}, 0x0)
r5 = io_uring_setup(0x1fc3, &(0x7f00000002c0))
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
chdir(&(0x7f0000000480)='./cgroup\x00')
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r9, 0xffffffffffffffff, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)={0x14, r10, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
sendmsg$NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000404007000ffdbdf25050000008bff9900000000005f000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000051}, 0x8)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
r11 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r11, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0xa}}, 0x26}}, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r13, 0x6, 0x9, &(0x7f0000000080)={{0xc, @multicast2, 0x0, 0x0, 'ovf\x00'}}, 0x44)
getsockopt$inet_tcp_int(r13, 0x6, 0x9, 0x0, &(0x7f0000000040))
ioctl$FS_IOC_SETFLAGS(r12, 0x40046602, &(0x7f0000000080)=0x200)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000002c0)=@broute={'broute\x00', 0x20, 0x3, 0x412, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80000800], 0x0, &(0x7f0000000180), &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x5, 0x2, 0x18, 'tunl0\x00', 'veth1_to_bridge\x00', 'tunl0\x00', 'veth1\x00', @local, [0x0, 0x0, 0x0, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0xb6, 0x122, 0x166, [@helper={{'helper\x00', 0x0, 0x24}, {{0x1, 'Q.931\x00'}}}], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x0, 0x4, {0x2}}}}, @common=@AUDIT={'AUDIT\x00', 0x4, {{0x2}}}], @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x1, 0x5, {0x101}}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x2, [{0x5, 0x8, 0x8847, 'wlan0\x00', 'veth1_to_bond\x00', 'lo\x00', 'wg2\x00', @multicast, [0xff, 0x0, 0x0, 0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xee, 0x116, 0x13e, [@arp={{'arp\x00', 0x0, 0x34}, {{0x305, 0xaa49, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, @rand_addr=0x64010101, 0x0, @multicast, [0xff, 0xff, 0xff], @empty, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], 0xeb, 0x50}}}, @state={{'state\x00', 0x0, 0x4}, {{0x6}}}], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x44d6}}}], @common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x2}}}}, {0x11, 0x20, 0x8809, 'wlan1\x00', 'rose0\x00', 'virt_wifi0\x00', 'vlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, [0xff, 0xff, 0xff], @multicast, [0xff, 0xff, 0x0, 0xff, 0xff], 0x6e, 0xb6, 0xde, [], [@common=@log={'log\x00', 0x24, {{0x2, "999df68f069c2523bc7a7460e3800e785386dc38bd33c59c4a745225a1f2", 0x1}}}], @common=@AUDIT={'AUDIT\x00', 0x4}}]}]}, 0x462)

5.435775376s ago: executing program 0 (id=780):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000340)={0x2, 0x2, 0x5, 0x3, 0x6})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r2 = accept4(r0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x89f9, &(0x7f00000000c0)={'bond_slave_0\x00', @random="2e2e014010ff"})
syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/vlan0\x00')
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmmsg$inet(r2, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="34bdb15a74", 0x5}, {&(0x7f00000006c0)="1fdd2b8f14ef48f7b15c5e797f40e58a81b4ba1fddb284f1083d2ab3ecdcdcaccd4cf78dca3267f0c7b06a0d63c5275414448ab31265e4fca4680e59714322aa83f9e91db3f6d908275cbc10d6446b354be549ce7b61c75dc4e60801d60ca98b17a7989c7a66b19a49b1c419b4a8c89f9e8d8459fb030891e62d6210ee97bdf436", 0x81}], 0x2}}], 0x1, 0x24008804)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000002100010028bd7000fbdbdf250a101409430000070c0000001400010000000000000000000000000000000001140002000019d200000000000000000000000000080017004e224e20d236187574017c85c1c0e0c7a0ff55dcaafe873516035286200a0677f1e403278fbaafb216440692f2e4e6a7a8473e2d5b7ce769e0b3a8780ffc4c4705eb894f4302a7dcde6abb83690394fcc105282c6e3018c64244e2933450451f93a88380f011c2a352fea2f3f85cb267e8f4f010f95181010eeee7cbb0f3b7430834700aea7e4d1785affddf0c1a1489"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMKID={0x14, 0x55, "43dca99bd037dd9c0b1b9bbe0b3835a7"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xfe}, @NL80211_ATTR_MAC={0xa, 0x6, @random="496b053e5654"}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000015}, 0x20040000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x38, 0x701, 0x70bd2a, 0x0, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x10004891}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r6)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"])
sendmmsg$alg(r2, &(0x7f0000003b80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}], 0x1, 0x10)

5.025197302s ago: executing program 0 (id=781):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x101400, 0x148)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0xc)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000402, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})
r6 = open(0x0, 0x1491ff, 0x22)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000400ec000800", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
sched_rr_get_interval(0x0, 0x0)
r7 = socket$kcm(0xa, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
sendmsg$sock(r7, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000080)="b8431db3", 0x4, 0x0, &(0x7f0000000000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x4)
writev(r9, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000000)={0x0, 0x1, 0x6, @local}, 0x10)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000e80)={@private0, <r10=>0x0}, &(0x7f0000000ec0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000f00)={'team0\x00', <r11=>0x0})
sendmmsg$inet(r6, &(0x7f0000001040)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000240)="4a78e4a97e75de1cc1c392f5326c123efa7522fd3eb273a0d0e817011f0d4a368ced6efe8a13178769643d868e80025379ba1089352a375441e3befff481b5756a70fb290e8419", 0x47}, {&(0x7f0000000100)}], 0x2, &(0x7f0000000340)=[@ip_tos_u8={{0xd, 0x0, 0x1, 0x1}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x8}}, @ip_ttl={{0x10, 0x0, 0x2, 0x3}}], 0x30}}, {{&(0x7f0000000380)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000003c0)=[{&(0x7f00000004c0)="408bc30fb5e724b34cc1405254c23bcbead3616ee26b80f8e06897179d24e3628ddc1db72db8ca38f7e360af2d65509ca2a4f81b0753b4c85985ab8e6bd8c7eedab36ef40e7ed82c803ec3b167033766cf670e4db1f61049c249302bd7e0173abe79b5ca74379329eeff03ca6facd3ce37ab483aa948d59b72a2e3f755ecec3345922cbe1a134224b97ac60a133c1a98515adf51ad32825528b166b520ae36a332dd6aadd61f40bb3b6dbfcf043bff4f098a6db512ee303a303246f6d5ad63add2ec1dfee85ed14019b133b8e502b20be4af169db7", 0xd5}], 0x1, &(0x7f0000000640)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @empty, @empty}}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x8}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x5}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @rand_addr=0x64010102, @multicast1}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0xe51}}, @ip_ttl={{0x10, 0x0, 0x2, 0x10001}}], 0x70}}, {{&(0x7f00000006c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000700), 0x0, &(0x7f0000000740)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @multicast2, @loopback}}}], 0x18}}, {{&(0x7f0000000780)={0x2, 0x4e20, @empty}, 0x10, &(0x7f00000008c0)=[{&(0x7f0000000880)="f45b1acf7a15f780e744b60eb801620b22d1c270fe0d4d557ebbf88c955341845e", 0x21}], 0x1, &(0x7f0000000900)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000940)="c93ddcadaacaa54e2ffaf32c32d46de9e15305bc292a1db563937b2c38ce84e4831753429907dae5ef33ba3e519c8b83e9281e3c7f8a53969a098cd92edd49cdea7cc3aae0b621b1ce648a501c67a697bfe86205829ed1f1c8fd27b869c7eb1c45d158294bad6f21c4c13082c5cdcad0e43be33a67c0193bc33d86257a5e0a7a97c381b3e99bbd88dacb482c2089de265a7235970cc5b39eff72efe88cd0c38dbc5b07ec00e073641738a3046ef744d9a3b3917cbce82e7280", 0xb9}, {&(0x7f0000000a00)="30859ed946614e66b8325ab055e820fc8b7e38665f1763f07f1627b797e5a30fd6c22957dc64a3332efac6e4edd325b4b42d77d29571eeceb621", 0x3a}, {&(0x7f0000000a40)="f0e030fa07010306bdf435531d083e520d88abb1f97febfd70d443e24d3ffc388fdcf5a8eb1fce7cae88954a631a4de7b7a0ab762b4f24420c735a0229e7f2041f929b", 0x43}, {&(0x7f0000000ac0)="16c9f75626fabc318e9de92d894417e94111130a9706ecf45929bf23cac0c09bfdb65a765c143729a7c7fd3fb8a62c141b68c131eb44609536c8146ff59e8fb27a4d7a27847add4a65e898aa26a0a5ccd263a0a3a944df6fd78b669dfb71180ed09f509ed00c4622bd989faa09cf571313043f5c36f771581c9dab695dc2b9ef77c512b041e95e7234eb330945", 0x8d}, {&(0x7f0000000b80)="37f63f663765277c467f1789ca3292ba8fe166dc838138352b7fa3c13f39aa1261bce9c750ad2a2c8462e163f0160ee9fcd9e9916fa6291b70f96b55ebacc2f2485dbc0bb9b4f491d22fa7a0aef925dc7e9c91c89efd1db912300fc3395efad8d0dfbaab660dd3195a340d1f676fb7e5778490d1dfd63cffa3bfb746dbe96482c1d4ac61214a65e33631397087fdd1b27feec1b461ab3b23541deb569e2da97c51bc179f8632ed8c3a432977872a109732bb04caf21f4684698352c192", 0xbd}, {&(0x7f0000000d00)="85f4e18d10dfc6b5b49fb53fe68662b5d73d7312e8a52df1c1ec80e9c14cdf414d56655247f2a25e7fef83f0b14edced6a40b509007f2a88b7f1beddeb6907e9ce225331a302a0a873b231129342befc252bd9516202a17fd444dbef9fa2d6", 0x5f}, {&(0x7f0000000d80)="a61606f4da124aa3fc1e281d2041dd93f992b163405b11ce9cfeb7f0ed2c84ca58bf517154bfbbfd5fdf7779fe146628305e6a58988500e8f978ff40e5d7dd1a1648ad08799d5b314ec4ccbedd07d74eda2dc6f54c6881cf1c98fa296f52f7572461ee0871cd7967e4891c4f217af83dcb9586b9c4f4b7d752243887a517cba7ca9e9f5c00e0b0edcd852a094bacb5c44dcf3f04ecd203ddaa2daab5f948bdfe92fdfc", 0xa3}], 0x7, &(0x7f0000000f40)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r10, @loopback, @rand_addr=0x64010102}}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0xe}}, @ip_retopts={{0x78, 0x0, 0x7, {[@cipso={0x86, 0x10, 0x3, [{0x5, 0xa, "c1c2b473bc5be799"}]}, @timestamp_prespec={0x44, 0x44, 0x8d, 0x3, 0x5, [{@remote, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x400}, {@loopback, 0x5}, {@multicast1, 0x7}, {@remote, 0x1}, {@local, 0x1ff}, {@multicast2, 0x2}, {@empty, 0x3632}]}, @generic={0x0, 0x3, '#'}, @timestamp_prespec={0x44, 0x14, 0x38, 0x3, 0x7, [{@remote, 0x9}, {@multicast1, 0x7}]}]}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x4108f762}}, @ip_pktinfo={{0x18, 0x0, 0x8, {r11, @remote, @private=0xa010101}}}], 0xc8}}], 0x5, 0x2000808d)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000055bed40020000000000000003010902380002000000060904c700010e0101000300d009050a000000000000090400000101be2600090500000000000000080b878a"], 0x0)

4.513526231s ago: executing program 4 (id=782):
r0 = socket$nl_route(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x0, 0x20000000, 0x0, 0x5}, 0x2})
syz_open_dev$admmidi(0x0, 0x2, 0x1a9882)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x5423, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5, 0xa, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4, 0xe}]}}}]}, 0x40}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @private=0xa010100}})
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
read(r7, &(0x7f0000001b00)=""/194, 0xc2)
lseek(r7, 0x5, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x3, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.773575652s ago: executing program 2 (id=783):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000340)={0x2, 0x2, 0x5, 0x3, 0x6})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r2 = accept4(r0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x89f9, &(0x7f00000000c0)={'bond_slave_0\x00', @random="2e2e014010ff"})
syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/vlan0\x00')
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmmsg$inet(r2, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000440)="34bdb15a74", 0x5}, {&(0x7f00000006c0)="1fdd2b8f14ef48f7b15c5e797f40e58a81b4ba1fddb284f1083d2ab3ecdcdcaccd4cf78dca3267f0c7b06a0d63c5275414448ab31265e4fca4680e59714322aa83f9e91db3f6d908275cbc10d6446b354be549ce7b61c75dc4e60801d60ca98b17a7989c7a66b19a49b1c419b4a8c89f9e8d8459fb030891e62d6210ee97bdf436", 0x81}], 0x3}}], 0x1, 0x24008804)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000002100010028bd7000fbdbdf250a101409430000070c0000001400010000000000000000000000000000000001140002000019d200000000000000000000000000080017004e224e20d236187574017c85c1c0e0c7a0ff55dcaafe873516035286200a0677f1e403278fbaafb216440692f2e4e6a7a8473e2d5b7ce769e0b3a8780ffc4c4705eb894f4302a7dcde6abb83690394fcc105282c6e3018c64244e2933450451f93a88380f011c2a352fea2f3f85cb267e8f4f010f95181010eeee7cbb0f3b7430834700aea7e4d1785affddf0c1a1489"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMKID={0x14, 0x55, "43dca99bd037dd9c0b1b9bbe0b3835a7"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0xfe}, @NL80211_ATTR_MAC={0xa, 0x6, @random="496b053e5654"}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000015}, 0x20040000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x38, 0x701, 0x70bd2a, 0x0, {0x10}}, 0x14}, 0x1, 0x0, 0x0, 0x10004891}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r6)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"])
sendmmsg$alg(r2, &(0x7f0000003b80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}], 0x1, 0x10)

3.293861174s ago: executing program 2 (id=784):
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120086dd000411000400000000006eec00be10a42f01fe8000000000000000000000000000aaff020000000000000000000000000001330022eb"], 0x10da)

2.841483713s ago: executing program 2 (id=785):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000000080)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c0001400b080c00bdad01409bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @mcast2, 0x6}, 0x1c)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r2, 0x81, 0x1, &(0x7f00000004c0)='P')

2.695550642s ago: executing program 3 (id=786):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x123882, 0x0)
write$sequencer(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8106"], 0x8)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1294, 0x1320, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
getresuid(&(0x7f0000014fc0), &(0x7f0000015000), &(0x7f0000015040))
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0x3c, 0x1, 0x0, "3a8e080000b2b60100009100000004000000000000000900", 0x32344d59})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg2\x00', <r6=>0x0})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@empty}, 0x0, @in6=@ipv4={""/10, ""/2, @empty}}}, &(0x7f0000000280)=0xe4)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000300)={{{@in=@loopback, @in=@loopback, 0x4e20, 0x0, 0x4e21, 0xef, 0x2, 0x20, 0x20, 0x16, r6, r7}, {0x9, 0xfff, 0x7, 0x7000000000000, 0x4ef90106, 0x5, 0x1d00, 0xffffffff}, {0x7, 0x1e843886, 0x5, 0x80000001}, 0x4b, 0x6e6aba, 0x2, 0x0, 0x2, 0x3}, {{@in=@local, 0x4d6, 0x6c}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3507, 0x2, 0x3, 0x4, 0xcab2, 0x857, 0x6}}, 0xe4)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_setup(0x221f, &(0x7f0000000400)={0x0, 0xc9fd, 0x4708, 0x2, 0x374, 0x0, r4}, &(0x7f0000000480), &(0x7f00000004c0))
setsockopt$inet6_buf(r8, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d411000000000000002900000037000000", 0xfe60)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=@newpolicy={0xb4, 0x13, 0x1, 0x0, 0x0, {{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0x0, 0x0, 0xffffffffffffffff}, {}, 0xfffffffe}}, 0xb4}}, 0x0)
r9 = socket$caif_seqpacket(0x25, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000500)={'vxcan0\x00'})
sysfs$2(0x2, 0x3, &(0x7f0000000600)=""/24)
fsetxattr$security_capability(r2, &(0x7f0000000580), &(0x7f00000005c0)=@v2={0x2000000, [{0x5, 0x4}, {0x2, 0x9}]}, 0x14, 0x1)
syz_usb_control_io(r1, &(0x7f0000000740)={0x2c, &(0x7f0000000140)={0xccefb9fedd81d790, 0x10, 0x5, {0x5, 0x4ffd271b2776e994, "747f98"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000540)={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x24}, 0x1, 0x2, [@empty, @multicast2]}, 0x18)

2.584079063s ago: executing program 4 (id=787):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x181)
rmdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r1 = open_tree(r0, &(0x7f0000000280)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r3 = syz_io_uring_setup(0x2f1, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x3}, &(0x7f0000000000)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x50, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x2de7, 0x4000, 0x0, 0x0, 0x0)
write$dsp(r2, &(0x7f0000002000)='`', 0x88020)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)=ANY=[@ANYBLOB="12010000d507df08c410448200dc0102030a090212000100000000090400000003"], 0x0)
io_uring_setup(0x1517, &(0x7f00000002c0)={0x0, 0x58e4, 0x10, 0x104, 0x1ff7ffb})
close_range(r6, 0xffffffffffffffff, 0x0)

1.854500921s ago: executing program 1 (id=788):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x2, 0x1, 0x1, 0x0, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000740)=0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x100004, 0x10, {}, {0x0, 0x2, 0x0, 0x0, 0xfd}, 0x20000000, 0x2, {0x0}})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1.301972514s ago: executing program 0 (id=789):
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs(0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0xa0202)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009b000040"])
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x802, 0x20)
syz_io_uring_setup(0x237, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$kcm(0xa, 0x2, 0x3a)
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)="00000000f5ff", 0x6, 0xfffffffffffffffd)
flistxattr(r4, &(0x7f00000002c0)=""/132, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

1.081384405s ago: executing program 1 (id=790):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x206, 0x8401)
r1 = dup3(r0, r0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x3c, r2, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40905}, 0x0)
r5 = io_uring_setup(0x1fc3, &(0x7f00000002c0))
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
chdir(&(0x7f0000000480)='./cgroup\x00')
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r9, 0xffffffffffffffff, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)={0x14, r10, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
sendmsg$NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000404007000ffdbdf25050000008bff9900000000005f000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000051}, 0x8)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
r11 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r11, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0xa}}, 0x26}}, 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r13, 0x6, 0x9, &(0x7f0000000080)={{0xc, @multicast2, 0x0, 0x0, 'ovf\x00'}}, 0x44)
getsockopt$inet_tcp_int(r13, 0x6, 0x9, 0x0, &(0x7f0000000040))
ioctl$FS_IOC_SETFLAGS(r12, 0x40046602, &(0x7f0000000080)=0x200)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000002c0)=@broute={'broute\x00', 0x20, 0x3, 0x412, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80000800], 0x0, &(0x7f0000000180), &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x5, 0x2, 0x18, 'tunl0\x00', 'veth1_to_bridge\x00', 'tunl0\x00', 'veth1\x00', @local, [0x0, 0x0, 0x0, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0xb6, 0x122, 0x166, [@helper={{'helper\x00', 0x0, 0x24}, {{0x1, 'Q.931\x00'}}}], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x0, 0x4, {0x2}}}}, @common=@AUDIT={'AUDIT\x00', 0x4, {{0x2}}}], @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x1, 0x5, {0x101}}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x2, [{0x5, 0x8, 0x8847, 'wlan0\x00', 'veth1_to_bond\x00', 'lo\x00', 'wg2\x00', @multicast, [0xff, 0x0, 0x0, 0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xee, 0x116, 0x13e, [@arp={{'arp\x00', 0x0, 0x34}, {{0x305, 0xaa49, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, @rand_addr=0x64010101, 0x0, @multicast, [0xff, 0xff, 0xff], @empty, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], 0xeb, 0x50}}}, @state={{'state\x00', 0x0, 0x4}, {{0x6}}}], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x44d6}}}], @common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x2}}}}, {0x11, 0x20, 0x8809, 'wlan1\x00', 'rose0\x00', 'virt_wifi0\x00', 'vlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, [0xff, 0xff, 0xff], @multicast, [0xff, 0xff, 0x0, 0xff, 0xff], 0x6e, 0xb6, 0xde, [], [@common=@log={'log\x00', 0x24, {{0x2, "999df68f069c2523bc7a7460e3800e785386dc38bd33c59c4a745225a1f2", 0x1}}}], @common=@AUDIT={'AUDIT\x00', 0x4}}]}]}, 0x462)

810.030963ms ago: executing program 1 (id=791):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1})
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x200, 0x1, &(0x7f0000000340)=[r1], &(0x7f00000002c0)=[0x1], &(0x7f0000000200), &(0x7f0000000280), 0x0, 0x4})
r2 = fsopen(&(0x7f0000000780)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x1)
fchdir(r3)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0xa0c0, 0x51)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000140)={0x3, 0x2, 0x200, 0x3, 0xf1f})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940))
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
pipe(&(0x7f00000000c0))
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x54}, 0x1, 0x0, 0x0, 0x90}, 0x20000000)

0s ago: executing program 1 (id=792):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_setup(0x3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xb05, 0x1822, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x20, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, 0xffffffffffffffff, 0x180000000)
io_submit(0x0, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_DEL(r6, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0xc8, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0xc8}, 0x1, 0x0, 0x0, 0x40}, 0xc000)
write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1c, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)
io_uring_enter(0xffffffffffffffff, 0x70c3, 0x1fd4, 0x75, &(0x7f0000000040)={[0x9, 0x7]}, 0x8)

kernel console output (not intermixed with test programs):

891] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  248.045913][ T5891] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  248.064650][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  248.078295][ T5891] usb 5-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  248.087565][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.103826][ T5891] usb 5-1: config 0 descriptor??
[  248.125142][ T5891] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  248.320991][ T7513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.331225][ T7513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.781577][ T7515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.792036][ T7515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.964508][ T5842] uclogic 0003:256C:006D.0012: failed retrieving string descriptor #200: -71
[  248.973545][ T5842] uclogic 0003:256C:006D.0012: failed retrieving pen parameters: -71
[  249.005063][ T5842] uclogic 0003:256C:006D.0012: failed probing pen v2 parameters: -71
[  249.027940][ T5842] uclogic 0003:256C:006D.0012: failed probing parameters: -71
[  249.043555][ T5842] uclogic 0003:256C:006D.0012: probe with driver uclogic failed with error -71
[  249.075699][ T5842] usb 1-1: USB disconnect, device number 51
[  249.866809][ T7523] netlink: 32 bytes leftover after parsing attributes in process `syz.3.502'.
[  249.876268][ T7523] netem: unknown loss type 13
[  249.881697][ T7523] netem: change failed
[  250.027826][ T5842] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  250.069558][ T5887] usb 3-1: USB disconnect, device number 47
[  250.102642][ T5887] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  250.283547][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.309320][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.360657][ T5842] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  250.407798][ T5891] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  250.417660][   T24] usb 5-1: USB disconnect, device number 47
[  250.510825][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.620134][ T5842] usb 1-1: config 0 descriptor??
[  250.674799][ T5891] usb 2-1: Using ep0 maxpacket: 32
[  250.714557][ T5891] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  250.777504][ T5891] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  250.864670][ T5891] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  250.925655][ T5891] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  250.967554][ T5891] usb 2-1: config 0 interface 0 has no altsetting 0
[  250.992142][ T5891] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  251.069661][ T5891] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  251.100984][ T5891] usb 2-1: Product: syz
[  251.201339][ T5891] usb 2-1: Manufacturer: syz
[  251.206222][ T5891] usb 2-1: SerialNumber: syz
[  251.221914][ T5891] usb 2-1: config 0 descriptor??
[  251.277204][ T5891] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  251.311373][ T5887] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  251.401251][ T5891] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  251.481374][ T5887] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  251.551796][ T5887] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  251.648101][ T5887] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  251.669958][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.729322][ T5887] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  251.768268][ T5887] usb 4-1: invalid MIDI out EP 0
[  252.113101][ T5887] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  252.300181][ T7554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.309350][ T7554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.625970][ T7564] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  252.635111][ T7564] team0: Device macvlan2 is up. Set it down before adding it as a team port
[  253.095257][ T7567] netlink: 32 bytes leftover after parsing attributes in process `syz.2.515'.
[  253.104814][ T7567] netem: unknown loss type 13
[  253.117531][ T7567] netem: change failed
[  253.308688][ T5842] uclogic 0003:256C:006D.0013: failed retrieving string descriptor #200: -71
[  253.333258][ T5842] uclogic 0003:256C:006D.0013: failed retrieving pen parameters: -71
[  253.337945][    T9] usb 2-1: USB disconnect, device number 29
[  253.341528][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  253.372813][    T9] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  253.396940][ T5842] uclogic 0003:256C:006D.0013: failed probing pen v2 parameters: -71
[  253.479449][ T5842] uclogic 0003:256C:006D.0013: failed probing parameters: -71
[  253.490485][ T5842] uclogic 0003:256C:006D.0013: probe with driver uclogic failed with error -71
[  253.507768][ T5842] usb 1-1: USB disconnect, device number 52
[  253.778590][ T7578] FAULT_INJECTION: forcing a failure.
[  253.778590][ T7578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.793635][ T7578] CPU: 0 UID: 0 PID: 7578 Comm: syz.2.518 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  253.793664][ T7578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  253.793677][ T7578] Call Trace:
[  253.793685][ T7578]  <TASK>
[  253.793694][ T7578]  dump_stack_lvl+0x189/0x250
[  253.793728][ T7578]  ? __lock_acquire+0xaac/0xd20
[  253.793758][ T7578]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.793787][ T7578]  ? __pfx__printk+0x10/0x10
[  253.793816][ T7578]  ? __might_fault+0xb0/0x130
[  253.793852][ T7578]  should_fail_ex+0x414/0x560
[  253.793888][ T7578]  _copy_from_iter+0x1db/0x15a0
[  253.793919][ T7578]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  253.793941][ T7578]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  253.793968][ T7578]  ? __pfx__copy_from_iter+0x10/0x10
[  253.793993][ T7578]  ? __build_skb_around+0x257/0x3e0
[  253.794017][ T7578]  ? netlink_sendmsg+0x642/0xb30
[  253.794034][ T7578]  ? skb_put+0x11b/0x210
[  253.794059][ T7578]  netlink_sendmsg+0x6b2/0xb30
[  253.794087][ T7578]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.794108][ T7578]  ? __import_iovec+0x5d4/0x7f0
[  253.794132][ T7578]  ? aa_sock_msg_perm+0x94/0x160
[  253.794154][ T7578]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.794176][ T7578]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.794195][ T7578]  __sock_sendmsg+0x219/0x270
[  253.794227][ T7578]  ____sys_sendmsg+0x505/0x830
[  253.794255][ T7578]  ? __pfx_____sys_sendmsg+0x10/0x10
[  253.794304][ T7578]  ___sys_sendmsg+0x21f/0x2a0
[  253.794329][ T7578]  ? __pfx____sys_sendmsg+0x10/0x10
[  253.794393][ T7578]  ? __fget_files+0x2a/0x420
[  253.794418][ T7578]  ? __fget_files+0x3a0/0x420
[  253.794452][ T7578]  __sys_sendmsg+0x164/0x220
[  253.794475][ T7578]  ? __pfx___sys_sendmsg+0x10/0x10
[  253.794515][ T7578]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  253.794537][ T7578]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.794559][ T7578]  __do_fast_syscall_32+0xb4/0x110
[  253.794580][ T7578]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.794602][ T7578]  do_fast_syscall_32+0x34/0x80
[  253.794623][ T7578]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.794647][ T7578] RIP: 0023:0xf7f52539
[  253.794664][ T7578] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  253.794682][ T7578] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  253.794703][ T7578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  253.794716][ T7578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.794728][ T7578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  253.794739][ T7578] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  253.794751][ T7578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  253.794780][ T7578]  </TASK>
[  254.078977][    C0] vkms_vblank_simulate: vblank timer overrun
[  254.152256][   T24] usb 4-1: USB disconnect, device number 43
[  254.268138][    T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  254.419871][    T9] usb 2-1: Using ep0 maxpacket: 8
[  254.431535][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  254.444591][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  254.472563][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  254.487148][    T9] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  254.496363][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.516363][    T9] usb 2-1: config 0 descriptor??
[  254.548360][    T9] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  254.707494][ T5886] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  254.740589][ T7577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.751004][ T7577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.817409][   T24] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  254.870299][ T5886] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  254.889354][ T5886] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  254.899946][ T5886] usb 3-1: config 0 interface 0 has no altsetting 0
[  254.909142][ T5886] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  254.923973][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.938857][ T5886] usb 3-1: config 0 descriptor??
[  254.987524][   T24] usb 5-1: Using ep0 maxpacket: 8
[  255.003232][   T24] usb 5-1: too many configurations: 10, using maximum allowed: 8
[  255.037980][   T24] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  255.047850][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.056180][   T24] usb 5-1: Product: syz
[  255.061000][   T24] usb 5-1: Manufacturer: syz
[  255.066016][   T24] usb 5-1: SerialNumber: syz
[  255.077939][   T24] usb 5-1: config 0 descriptor??
[  255.091234][   T24] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  255.717610][    T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  255.886836][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  255.895261][    T9] usb 1-1: Using ep0 maxpacket: 8
[  255.901561][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  255.913508][   T24] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  255.930595][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  255.947222][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  256.215515][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  256.236202][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  256.266800][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  256.296152][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.368223][   T24] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  256.397395][   T24] usb 5-1: USB disconnect, device number 48
[  256.584076][    T9] usb 1-1: GET_CAPABILITIES returned 0
[  256.614937][    T9] usbtmc 1-1:16.0: can't read capabilities
[  256.706533][    T9] usb 2-1: USB disconnect, device number 30
[  257.220152][   T47] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  257.456338][   T47] usb 2-1: Using ep0 maxpacket: 32
[  257.522105][   T47] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  257.545293][   T47] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  257.610998][   T47] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  257.719888][   T47] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  257.738831][   T47] usb 2-1: config 0 interface 0 has no altsetting 0
[  257.749540][   T47] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  257.758882][   T47] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  257.773345][   T47] usb 2-1: Product: syz
[  257.782309][   T47] usb 2-1: Manufacturer: syz
[  257.803280][   T47] usb 2-1: SerialNumber: syz
[  257.853168][   T47] usb 2-1: config 0 descriptor??
[  257.873703][    T9] usb 1-1: USB disconnect, device number 53
[  257.944861][   T47] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  257.975142][   T47] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  258.678216][ T5886] usbhid 3-1:0.0: can't add hid device: -71
[  258.684551][ T5886] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  258.733101][ T5886] usb 3-1: USB disconnect, device number 48
[  258.923233][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.937672][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.207741][ T7621] netlink: 32 bytes leftover after parsing attributes in process `syz.0.529'.
[  259.227504][ T7621] netem: unknown loss type 13
[  259.253473][ T7621] netem: change failed
[  259.410556][ T7629] FAULT_INJECTION: forcing a failure.
[  259.410556][ T7629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.425735][ T7629] CPU: 1 UID: 0 PID: 7629 Comm: syz.3.531 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  259.425763][ T7629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  259.425776][ T7629] Call Trace:
[  259.425783][ T7629]  <TASK>
[  259.425792][ T7629]  dump_stack_lvl+0x189/0x250
[  259.425825][ T7629]  ? __lock_acquire+0xaac/0xd20
[  259.425874][ T7629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.425904][ T7629]  ? __pfx__printk+0x10/0x10
[  259.425924][ T7629]  ? __might_fault+0xb0/0x130
[  259.425962][ T7629]  should_fail_ex+0x414/0x560
[  259.426000][ T7629]  _copy_from_user+0x2d/0xb0
[  259.426030][ T7629]  sock_copy_user_timeval+0x264/0x3c0
[  259.426065][ T7629]  ? __pfx_sock_copy_user_timeval+0x10/0x10
[  259.426110][ T7629]  sock_set_timeout+0xa8/0x2c0
[  259.426135][ T7629]  ? __pfx_sock_set_timeout+0x10/0x10
[  259.426166][ T7629]  sk_setsockopt+0x18ca/0x2940
[  259.426193][ T7629]  ? __pfx_sk_setsockopt+0x10/0x10
[  259.426218][ T7629]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  259.426270][ T7629]  ? __pfx___might_resched+0x10/0x10
[  259.426310][ T7629]  mptcp_setsockopt+0x155d/0x3460
[  259.426354][ T7629]  ? aa_sk_perm+0x81e/0x950
[  259.426384][ T7629]  ? __pfx_mptcp_setsockopt+0x10/0x10
[  259.426415][ T7629]  ? __pfx_aa_sk_perm+0x10/0x10
[  259.426452][ T7629]  ? aa_sock_opt_perm+0x74/0x110
[  259.426474][ T7629]  ? sock_common_setsockopt+0x36/0xc0
[  259.426504][ T7629]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  259.426537][ T7629]  do_sock_setsockopt+0x257/0x3e0
[  259.426572][ T7629]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  259.426592][ T7629]  ? __fget_files+0x2a/0x420
[  259.426623][ T7629]  ? __fget_files+0x3a0/0x420
[  259.426647][ T7629]  ? __fget_files+0x2a/0x420
[  259.426681][ T7629]  __ia32_sys_setsockopt+0x18b/0x220
[  259.426712][ T7629]  __do_fast_syscall_32+0xb4/0x110
[  259.426743][ T7629]  do_fast_syscall_32+0x34/0x80
[  259.426765][ T7629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  259.426790][ T7629] RIP: 0023:0xf704e539
[  259.426807][ T7629] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  259.426825][ T7629] RSP: 002b:00000000f4ffc55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  259.426846][ T7629] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000001
[  259.426859][ T7629] RDX: 0000000000000015 RSI: 0000000080000400 RDI: 0000000000000008
[  259.426871][ T7629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  259.426893][ T7629] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  259.426905][ T7629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  259.426934][ T7629]  </TASK>
[  260.045928][   T47] usb 2-1: USB disconnect, device number 31
[  260.052113][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  260.077119][   T47] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  260.117984][ T5886] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  260.179964][ T7641] QAT: Device 6 not found
[  260.298947][ T5886] usb 5-1: Using ep0 maxpacket: 16
[  260.337116][ T5886] usb 5-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  260.361569][ T5918] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  260.402181][ T5886] usb 5-1: config 1 interface 0 has no altsetting 0
[  260.417729][    T9] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  260.426061][ T5886] usb 5-1: string descriptor 0 read error: -22
[  260.434029][ T5886] usb 5-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  260.451775][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.547780][ T5918] usb 3-1: config 0 has no interfaces?
[  260.567505][    T9] usb 1-1: device descriptor read/64, error -71
[  260.640718][ T5918] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  260.795821][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.984261][ T5918] usb 3-1: Product: syz
[  260.999184][ T5918] usb 3-1: Manufacturer: syz
[  261.008889][ T5918] usb 3-1: SerialNumber: syz
[  261.030522][ T5918] usb 3-1: config 0 descriptor??
[  261.037899][    T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  261.067381][   T47] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  261.188268][    T9] usb 1-1: device descriptor read/64, error -71
[  261.257629][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.312704][    T9] usb usb1-port1: attempt power cycle
[  261.333308][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.349733][   T47] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  261.387646][   T24] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  261.412780][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.470116][   T47] usb 2-1: config 0 descriptor??
[  261.494062][ T7639] Invalid logical block size (1)
[  261.577394][   T24] usb 4-1: Using ep0 maxpacket: 8
[  261.589970][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  261.606877][   T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  261.646377][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  261.670821][    T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  261.702804][   T24] usb 4-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  261.711592][    T9] usb 1-1: device descriptor read/8, error -71
[  261.735335][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.792867][   T24] usb 4-1: config 0 descriptor??
[  261.864279][   T24] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  262.018230][    T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  262.061128][    T9] usb 1-1: device descriptor read/8, error -71
[  262.123353][ T7652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.158365][ T7652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.256877][    T9] usb usb1-port1: unable to enumerate USB device
[  262.339749][ T5886] usbhid 5-1:1.0: can't add hid device: -71
[  262.346849][ T5886] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  262.379555][ T5886] usb 5-1: USB disconnect, device number 49
[  262.679891][ T7657] netlink: 32 bytes leftover after parsing attributes in process `syz.4.538'.
[  263.599586][ T5891] usb 3-1: USB disconnect, device number 49
[  263.787556][    T9] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  263.867524][   T47] usbhid 2-1:0.0: can't add hid device: -71
[  263.908203][   T47] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  263.931079][ T5891] usb 4-1: USB disconnect, device number 44
[  263.971192][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.006690][   T47] usb 2-1: USB disconnect, device number 32
[  264.036215][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  264.100545][    T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  264.121890][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.156003][    T9] usb 1-1: config 0 descriptor??
[  264.370537][ T7671] netlink: 32 bytes leftover after parsing attributes in process `syz.1.541'.
[  264.382764][ T5891] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  264.387425][ T5886] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  264.605690][ T5891] usb 4-1: Using ep0 maxpacket: 8
[  264.610608][ T5886] usb 3-1: Using ep0 maxpacket: 8
[  264.619533][ T5891] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  264.630165][ T5891] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  264.653284][ T5886] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  264.658856][ T5891] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  264.758755][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.772428][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  264.786791][ T5891] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  264.793195][ T5886] usb 3-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  264.835388][ T5891] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  264.846978][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.847719][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.930999][ T5886] usb 3-1: config 0 descriptor??
[  265.196090][ T5891] usb 4-1: GET_CAPABILITIES returned 0
[  265.200098][ T5886] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  265.202774][ T5891] usbtmc 4-1:16.0: can't read capabilities
[  265.339142][    T9] ath6kl: Failed to submit usb control message: -110
[  265.352037][    T9] ath6kl: unable to send the bmi data to the device: -110
[  265.374946][    T9] ath6kl: Unable to send get target info: -110
[  265.391688][ T7667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.422943][    T9] ath6kl: Failed to init ath6kl core: -110
[  265.437476][    T9] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[  265.477939][ T7667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.654810][ T7679] netlink: 32 bytes leftover after parsing attributes in process `syz.4.543'.
[  265.664937][ T7679] netem: unknown loss type 13
[  265.671074][ T7679] netem: change failed
[  265.986005][ T7684] FAULT_INJECTION: forcing a failure.
[  265.986005][ T7684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.003698][ T7684] CPU: 0 UID: 0 PID: 7684 Comm: syz.1.544 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  266.003736][ T7684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  266.003748][ T7684] Call Trace:
[  266.003756][ T7684]  <TASK>
[  266.003765][ T7684]  dump_stack_lvl+0x189/0x250
[  266.003804][ T7684]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.003834][ T7684]  ? __pfx__printk+0x10/0x10
[  266.003885][ T7684]  should_fail_ex+0x414/0x560
[  266.003923][ T7684]  _copy_to_user+0x31/0xb0
[  266.003953][ T7684]  simple_read_from_buffer+0xe1/0x170
[  266.003982][ T7684]  proc_fail_nth_read+0x1df/0x250
[  266.004014][ T7684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  266.004045][ T7684]  ? rw_verify_area+0x258/0x650
[  266.004066][ T7684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  266.004096][ T7684]  vfs_read+0x1fd/0x980
[  266.004124][ T7684]  ? __pfx___mutex_lock+0x10/0x10
[  266.004146][ T7684]  ? __pfx_vfs_read+0x10/0x10
[  266.004169][ T7684]  ? __fget_files+0x2a/0x420
[  266.004199][ T7684]  ? __fget_files+0x3a0/0x420
[  266.004223][ T7684]  ? __fget_files+0x2a/0x420
[  266.004256][ T7684]  ksys_read+0x145/0x250
[  266.004279][ T7684]  ? __pfx_ksys_read+0x10/0x10
[  266.004302][ T7684]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  266.004325][ T7684]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.004347][ T7684]  __do_fast_syscall_32+0xb4/0x110
[  266.004370][ T7684]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.004394][ T7684]  do_fast_syscall_32+0x34/0x80
[  266.004416][ T7684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  266.004440][ T7684] RIP: 0023:0xf7f68539
[  266.004458][ T7684] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  266.004475][ T7684] RSP: 002b:00000000f5086590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  266.004497][ T7684] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5086620
[  266.004511][ T7684] RDX: 000000000000000f RSI: 00000000f73f2ff4 RDI: 0000000000000000
[  266.004527][ T7684] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  266.004539][ T7684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  266.004551][ T7684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  266.004580][ T7684]  </TASK>
[  266.650072][    T9] usb 1-1: USB disconnect, device number 58
[  266.879873][ T7694] netlink: 'syz.0.547': attribute type 6 has an invalid length.
[  267.019906][ T5886] usb 4-1: USB disconnect, device number 45
[  267.058606][ T5891] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  267.097568][   T47] usb 3-1: USB disconnect, device number 50
[  267.272876][ T5891] usb 2-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85
[  267.284329][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.295126][ T5891] usb 2-1: Product: syz
[  267.301395][ T5891] usb 2-1: Manufacturer: syz
[  267.306769][ T5891] usb 2-1: SerialNumber: syz
[  267.381250][ T5891] usb 2-1: config 0 descriptor??
[  267.404055][ T5891] usb 2-1: selecting invalid altsetting 1
[  267.422343][ T5891] technisat-usb2: could not set alternate setting to 0
[  267.797067][ T5891] technisat-usb2: firmware version: 0.0
[  267.803346][ T5891] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state.
[  268.036183][ T5891] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  268.067614][ T5842] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  268.188757][ T5891] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) error while loading driver (-19)
[  268.207124][ T5891] usb 2-1: USB disconnect, device number 33
[  268.355081][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.370654][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.403913][ T5842] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  268.542092][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.655772][ T5842] usb 3-1: config 0 descriptor??
[  268.666579][ T7707] QAT: Device 6 not found
[  268.987729][ T5886] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  269.157548][ T5886] usb 4-1: device descriptor read/64, error -71
[  269.331094][ T5918] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  269.799350][ T5886] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  270.026881][ T5918] usb 1-1: config 0 has an invalid interface number: 199 but max is 1
[  270.063371][ T5918] usb 1-1: config 0 has no interface number 1
[  270.079503][ T5918] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  270.089568][ T5918] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  270.102972][ T5918] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  270.117368][ T5886] usb 4-1: device descriptor read/64, error -71
[  270.148321][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  270.172749][ T5918] usb 1-1: SerialNumber: syz
[  270.199711][ T5918] usb 1-1: config 0 descriptor??
[  270.225677][ T5918] usb 1-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  270.236212][ T5886] usb usb4-port1: attempt power cycle
[  270.243007][ T5918] usb 1-1: No valid video chain found.
[  270.621837][ T5886] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  270.648519][ T5918] usb 1-1: USB disconnect, device number 59
[  270.665540][ T5886] usb 4-1: device descriptor read/8, error -71
[  270.917672][ T5886] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  270.937946][ T5886] usb 4-1: device descriptor read/8, error -71
[  271.064808][ T5886] usb usb4-port1: unable to enumerate USB device
[  271.177396][ T5918] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  271.378563][ T5918] usb 1-1: Using ep0 maxpacket: 16
[  271.402862][ T5918] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  271.431255][ T5918] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  271.467363][ T5918] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  271.517440][ T5842] uclogic 0003:256C:006D.0014: failed retrieving Huion firmware version: -71
[  271.526597][ T5842] uclogic 0003:256C:006D.0014: failed probing parameters: -71
[  271.589064][ T5842] uclogic 0003:256C:006D.0014: probe with driver uclogic failed with error -71
[  271.599557][ T5918] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  271.649874][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.670489][ T5842] usb 3-1: USB disconnect, device number 51
[  271.695274][ T5918] usb 1-1: Product: syz
[  271.725241][ T5918] usb 1-1: Manufacturer: syz
[  271.753228][ T5918] usb 1-1: SerialNumber: syz
[  271.858761][ T5841] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  271.868300][ T5841] Bluetooth: hci1: Injecting HCI hardware error event
[  271.876963][   T55] Bluetooth: hci1: hardware error 0x00
[  272.017064][ T7725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.040846][ T7725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.167492][ T5842] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  272.269336][ T5918] usb 1-1: 0:2 : does not exist
[  272.351937][ T5842] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.364593][ T5842] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.379823][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  272.386776][ T5842] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  272.482008][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.507580][   T24] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  272.595082][ T5842] usb 3-1: config 0 descriptor??
[  272.689076][   T24] usb 4-1: config 0 has no interfaces?
[  272.718435][   T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  272.728504][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.818566][   T24] usb 4-1: Product: syz
[  272.894273][   T24] usb 4-1: Manufacturer: syz
[  272.912789][ T7722] netlink: 32 bytes leftover after parsing attributes in process `syz.4.553'.
[  272.959413][   T24] usb 4-1: SerialNumber: syz
[  273.224916][   T24] usb 4-1: config 0 descriptor??
[  273.525905][ T7733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.922672][ T7733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.937492][   T55] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  274.193389][ T5886] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  274.435662][ T5886] usb 5-1: Using ep0 maxpacket: 8
[  274.473921][ T5886] usb 5-1: too many configurations: 10, using maximum allowed: 8
[  274.556514][ T5886] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  274.619565][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.693753][ T5886] usb 5-1: Product: syz
[  274.865130][ T5886] usb 5-1: Manufacturer: syz
[  274.889464][ T5886] usb 5-1: SerialNumber: syz
[  274.940924][ T5886] usb 5-1: config 0 descriptor??
[  274.998211][ T5886] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244)
[  275.461010][ T5886] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  275.515389][ T5886] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  275.554237][ T5886] usb 5-1: USB disconnect, device number 50
[  275.991044][ T5842] usbhid 3-1:0.0: can't add hid device: -71
[  276.018926][ T5842] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  276.105657][ T5842] usb 3-1: USB disconnect, device number 52
[  276.324708][ T5888] usb 4-1: USB disconnect, device number 50
[  276.767355][   T24] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  276.946133][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  276.957744][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.974732][   T24] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  276.995817][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.157734][   T24] usb 5-1: config 0 descriptor??
[  278.210874][ T5918] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  278.571327][ T2150] usb 1-1: USB disconnect, device number 60
[  278.690796][ T6031] udevd[6031]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  278.949461][ T7768] QAT: Device 6 not found
[  279.368778][ T2150] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  279.510059][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  279.516230][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  279.524361][ T2150] usb 1-1: device descriptor read/64, error -71
[  279.558725][   T24] usb 5-1: USB disconnect, device number 51
[  279.647379][ T5842] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  279.809986][ T2150] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  279.837554][ T5842] usb 2-1: Using ep0 maxpacket: 8
[  279.883372][ T5842] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  279.893539][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.926489][ T5842] usb 2-1: Product: syz
[  279.936397][ T5842] usb 2-1: Manufacturer: syz
[  279.946565][ T5842] usb 2-1: SerialNumber: syz
[  279.951529][ T2150] usb 1-1: device descriptor read/64, error -71
[  279.985719][ T5842] usb 2-1: config 0 descriptor??
[  280.100313][ T2150] usb usb1-port1: attempt power cycle
[  280.135243][ T5842] gspca_main: se401-2.14.0 probing 047d:5003
[  280.703038][ T2150] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  280.872871][ T7775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.894224][ T7775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.950328][ T2150] usb 1-1: device descriptor read/8, error -71
[  281.190243][ T2150] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  281.207382][ T5888] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  281.228417][ T2150] usb 1-1: device descriptor read/8, error -71
[  281.348376][ T2150] usb usb1-port1: unable to enumerate USB device
[  281.489095][ T5888] usb 3-1: config 0 has an invalid interface number: 199 but max is 1
[  281.518297][ T5888] usb 3-1: config 0 has no interface number 1
[  281.569318][ T5888] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  281.666040][ T5888] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  282.048110][ T5888] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  282.059189][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  282.128155][ T5842] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  282.135771][ T5842] se401 2-1:0.0: probe with driver se401 failed with error -110
[  282.137332][ T5888] usb 3-1: SerialNumber: syz
[  282.200546][ T5888] usb 3-1: config 0 descriptor??
[  282.285159][ T5888] usb 3-1: can't set config #0, error -71
[  282.319082][ T5888] usb 3-1: USB disconnect, device number 53
[  282.587764][ T5842] usb 2-1: USB disconnect, device number 34
[  282.627372][ T5886] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  282.847379][ T5886] usb 1-1: Using ep0 maxpacket: 8
[  282.855251][ T5886] usb 1-1: too many configurations: 10, using maximum allowed: 8
[  282.919169][ T5886] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  282.938848][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.956649][ T5886] usb 1-1: Product: syz
[  282.977484][ T5891] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  282.990203][ T5886] usb 1-1: Manufacturer: syz
[  282.995086][ T5886] usb 1-1: SerialNumber: syz
[  283.023895][ T5886] usb 1-1: config 0 descriptor??
[  283.043433][ T5886] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244)
[  283.174027][ T5842] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  283.347112][ T5886] radio-usb-si4713 1-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  283.377706][ T5842] usb 2-1: Using ep0 maxpacket: 8
[  283.404805][ T5842] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  283.433265][ T5886] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  283.464596][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.503264][ T5886] usb 1-1: USB disconnect, device number 65
[  283.540022][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.564892][ T5842] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  283.594111][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.617404][ T5842] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  283.626770][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.635155][ T5891] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  283.675957][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.725604][ T5842] usb 2-1: config 0 descriptor??
[  283.733112][ T5891] usb 5-1: config 0 descriptor??
[  283.809647][ T5842] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  284.093423][ T7810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.137684][ T7810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  285.177503][ T5842] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  285.447789][ T5842] usb 1-1: Using ep0 maxpacket: 32
[  285.462833][ T5842] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  285.475313][ T5842] usb 1-1: config 0 has no interface number 0
[  285.482479][ T5842] usb 1-1: config 0 interface 184 has no altsetting 0
[  285.504934][ T5842] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  285.611325][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.690243][ T5842] usb 1-1: Product: syz
[  285.702878][ T5886] usb 2-1: USB disconnect, device number 35
[  285.724095][ T7834] x_tables: duplicate underflow at hook 1
[  285.734643][ T5842] usb 1-1: Manufacturer: syz
[  285.782235][ T5842] usb 1-1: SerialNumber: syz
[  285.933761][ T5842] usb 1-1: config 0 descriptor??
[  285.965083][ T5842] smsc75xx v1.0.0
[  286.083542][ T5891] usbhid 5-1:0.0: can't add hid device: -71
[  286.197705][ T5891] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  286.224217][ T5891] usb 5-1: USB disconnect, device number 52
[  286.314936][ T7829] netlink: 20 bytes leftover after parsing attributes in process `syz.0.580'.
[  287.695365][ T5842] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  287.712245][ T5842] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  287.757765][ T5842] usb 1-1: USB disconnect, device number 66
[  287.988617][ T5891] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  288.176372][ T5891] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  288.242307][ T5891] usb 4-1: config 0 has no interface number 1
[  288.256764][ T5891] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  288.268017][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  288.288026][ T5891] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  288.297710][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  288.309334][ T5891] usb 4-1: SerialNumber: syz
[  288.330485][ T5891] usb 4-1: config 0 descriptor??
[  288.346444][ T5891] usb 4-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  288.354207][ T5891] usb 4-1: No valid video chain found.
[  289.674197][ T2150] usb 4-1: USB disconnect, device number 51
[  290.129368][ T7866] FAULT_INJECTION: forcing a failure.
[  290.129368][ T7866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.178252][ T7866] CPU: 0 UID: 0 PID: 7866 Comm: syz.1.594 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  290.178284][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  290.178297][ T7866] Call Trace:
[  290.178305][ T7866]  <TASK>
[  290.178314][ T7866]  dump_stack_lvl+0x189/0x250
[  290.178347][ T7866]  ? __lock_acquire+0xaac/0xd20
[  290.178378][ T7866]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.178406][ T7866]  ? __pfx__printk+0x10/0x10
[  290.178426][ T7866]  ? __might_fault+0xb0/0x130
[  290.178463][ T7866]  should_fail_ex+0x414/0x560
[  290.178505][ T7866]  _copy_from_iter+0x1db/0x15a0
[  290.178537][ T7866]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  290.178559][ T7866]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  290.178585][ T7866]  ? __pfx__copy_from_iter+0x10/0x10
[  290.178610][ T7866]  ? __build_skb_around+0x257/0x3e0
[  290.178635][ T7866]  ? netlink_sendmsg+0x642/0xb30
[  290.178652][ T7866]  ? skb_put+0x11b/0x210
[  290.178676][ T7866]  netlink_sendmsg+0x6b2/0xb30
[  290.178709][ T7866]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.178731][ T7866]  ? __import_iovec+0x5d4/0x7f0
[  290.178755][ T7866]  ? aa_sock_msg_perm+0x94/0x160
[  290.178777][ T7866]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  290.178800][ T7866]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.178819][ T7866]  __sock_sendmsg+0x219/0x270
[  290.178851][ T7866]  ____sys_sendmsg+0x505/0x830
[  290.178880][ T7866]  ? __pfx_____sys_sendmsg+0x10/0x10
[  290.178910][ T7866]  ? ___sys_sendmsg+0x17c/0x2a0
[  290.178938][ T7866]  ___sys_sendmsg+0x21f/0x2a0
[  290.178963][ T7866]  ? __pfx____sys_sendmsg+0x10/0x10
[  290.179023][ T7866]  ? __fget_files+0x2a/0x420
[  290.179053][ T7866]  ? __fget_files+0x3a0/0x420
[  290.179088][ T7866]  __sys_sendmsg+0x164/0x220
[  290.179113][ T7866]  ? __pfx___sys_sendmsg+0x10/0x10
[  290.179151][ T7866]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  290.179174][ T7866]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.179196][ T7866]  __do_fast_syscall_32+0xb4/0x110
[  290.179234][ T7866]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.179257][ T7866]  do_fast_syscall_32+0x34/0x80
[  290.179278][ T7866]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  290.179303][ T7866] RIP: 0023:0xf7f68539
[  290.179320][ T7866] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  290.179338][ T7866] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  290.179365][ T7866] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080005440
[  290.179380][ T7866] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[  290.179391][ T7866] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  290.179402][ T7866] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  290.179413][ T7866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  290.179440][ T7866]  </TASK>
[  290.507563][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.595'.
[  290.755853][ T7879] FAULT_INJECTION: forcing a failure.
[  290.755853][ T7879] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.807379][ T5888] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  290.815377][ T7879] CPU: 0 UID: 0 PID: 7879 Comm: syz.4.597 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  290.815399][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  290.815408][ T7879] Call Trace:
[  290.815414][ T7879]  <TASK>
[  290.815421][ T7879]  dump_stack_lvl+0x189/0x250
[  290.815453][ T7879]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.815474][ T7879]  ? __pfx__printk+0x10/0x10
[  290.815497][ T7879]  should_fail_ex+0x414/0x560
[  290.815524][ T7879]  _copy_to_user+0x31/0xb0
[  290.815545][ T7879]  simple_read_from_buffer+0xe1/0x170
[  290.815566][ T7879]  proc_fail_nth_read+0x1df/0x250
[  290.815600][ T7879]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.815622][ T7879]  ? rw_verify_area+0x258/0x650
[  290.815638][ T7879]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.815659][ T7879]  vfs_read+0x1fd/0x980
[  290.815678][ T7879]  ? __pfx___mutex_lock+0x10/0x10
[  290.815694][ T7879]  ? __pfx_vfs_read+0x10/0x10
[  290.815710][ T7879]  ? __fget_files+0x2a/0x420
[  290.815732][ T7879]  ? __fget_files+0x3a0/0x420
[  290.815749][ T7879]  ? __fget_files+0x2a/0x420
[  290.815774][ T7879]  ksys_read+0x145/0x250
[  290.815791][ T7879]  ? __pfx_ksys_read+0x10/0x10
[  290.815808][ T7879]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  290.815825][ T7879]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.815841][ T7879]  __do_fast_syscall_32+0xb4/0x110
[  290.815857][ T7879]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.815874][ T7879]  do_fast_syscall_32+0x34/0x80
[  290.815889][ T7879]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  290.815907][ T7879] RIP: 0023:0xf70de539
[  290.815920][ T7879] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  290.815932][ T7879] RSP: 002b:00000000f50ce590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  290.815948][ T7879] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50ce620
[  290.815964][ T7879] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  290.815973][ T7879] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  290.815981][ T7879] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  290.815989][ T7879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  290.816010][ T7879]  </TASK>
[  291.327693][ T5888] usb 3-1: Using ep0 maxpacket: 16
[  291.335064][ T5888] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  291.365649][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  291.408329][ T5888] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  291.427302][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.435454][ T5888] usb 3-1: Product: syz
[  291.466558][ T5888] usb 3-1: Manufacturer: syz
[  291.479281][ T5888] usb 3-1: SerialNumber: syz
[  291.495330][ T5888] usb 3-1: config 0 descriptor??
[  291.508161][ T5888] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  291.519904][ T5888] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  291.746279][ T7892] netlink: 32 bytes leftover after parsing attributes in process `syz.4.602'.
[  291.792480][ T7892] netem: unknown loss type 13
[  291.818858][ T7892] netem: change failed
[  292.114909][ T5888] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  292.131479][ T5888] em28xx 3-1:0.0: Config register raw data: 0x41
[  292.687479][ T2150] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  292.950439][ T2150] usb 1-1: config 0 has an invalid interface number: 199 but max is 1
[  292.961251][ T2150] usb 1-1: config 0 has no interface number 1
[  292.972426][ T2150] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  293.000385][ T2150] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  293.032251][ T2150] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  293.043236][ T2150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  293.057526][ T2150] usb 1-1: SerialNumber: syz
[  293.085711][ T2150] usb 1-1: config 0 descriptor??
[  293.096435][ T2150] usb 1-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  293.107634][ T2150] usb 1-1: No valid video chain found.
[  293.399098][ T5887] usb 3-1: USB disconnect, device number 54
[  293.406710][ T5887] em28xx 3-1:0.0: Disconnecting em28xx
[  293.445081][ T5887] em28xx 3-1:0.0: Freeing device
[  294.622262][ T7927] FAULT_INJECTION: forcing a failure.
[  294.622262][ T7927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.637479][ T7927] CPU: 1 UID: 0 PID: 7927 Comm: syz.4.611 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  294.637510][ T7927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  294.637523][ T7927] Call Trace:
[  294.637532][ T7927]  <TASK>
[  294.637540][ T7927]  dump_stack_lvl+0x189/0x250
[  294.637577][ T7927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.637606][ T7927]  ? __pfx__printk+0x10/0x10
[  294.637639][ T7927]  should_fail_ex+0x414/0x560
[  294.637676][ T7927]  _copy_to_user+0x31/0xb0
[  294.637704][ T7927]  simple_read_from_buffer+0xe1/0x170
[  294.637734][ T7927]  proc_fail_nth_read+0x1df/0x250
[  294.637764][ T7927]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  294.637795][ T7927]  ? rw_verify_area+0x258/0x650
[  294.637828][ T7927]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  294.637857][ T7927]  vfs_read+0x1fd/0x980
[  294.637883][ T7927]  ? __pfx___mutex_lock+0x10/0x10
[  294.637905][ T7927]  ? __pfx_vfs_read+0x10/0x10
[  294.637928][ T7927]  ? __fget_files+0x2a/0x420
[  294.637958][ T7927]  ? __fget_files+0x3a0/0x420
[  294.637981][ T7927]  ? __fget_files+0x2a/0x420
[  294.638015][ T7927]  ksys_read+0x145/0x250
[  294.638040][ T7927]  ? __pfx_ksys_read+0x10/0x10
[  294.638064][ T7927]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  294.638085][ T7927]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.638108][ T7927]  __do_fast_syscall_32+0xb4/0x110
[  294.638130][ T7927]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.638154][ T7927]  do_fast_syscall_32+0x34/0x80
[  294.638175][ T7927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.638199][ T7927] RIP: 0023:0xf70de539
[  294.638217][ T7927] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  294.638235][ T7927] RSP: 002b:00000000f50ce590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  294.638256][ T7927] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50ce620
[  294.638276][ T7927] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  294.638289][ T7927] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  294.638301][ T7927] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  294.638312][ T7927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.638342][ T7927]  </TASK>
[  295.087382][ T2150] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  295.195816][ T7932] openvswitch: netlink: Actions may not be safe on all matching packets
[  295.220247][ T5891] usb 1-1: USB disconnect, device number 67
[  295.252814][ T2150] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.283013][ T2150] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.451280][ T2150] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  295.481825][ T2150] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  295.491959][ T2150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.519306][ T2150] usb 3-1: config 0 descriptor??
[  295.637423][ T5887] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  295.826617][ T5887] usb 5-1: config 0 has no interfaces?
[  295.840383][ T5887] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  295.853945][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.863202][ T5887] usb 5-1: Product: syz
[  295.873342][ T5887] usb 5-1: Manufacturer: syz
[  295.887299][ T5887] usb 5-1: SerialNumber: syz
[  295.899723][ T5887] usb 5-1: config 0 descriptor??
[  295.994369][ T2150] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  296.075536][ T2150] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  296.168001][ T5888] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  296.194893][ T7939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.204059][ T7939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.417904][ T5888] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.458046][ T5888] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.484346][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0
[  296.505980][ T5888] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  296.532862][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.559295][ T5888] usb 1-1: config 0 descriptor??
[  296.640945][    C1] plantronics 0003:047F:FFFF.0015: hid_field_extract() called with n (132) > 32! (syz.2.610)
[  296.970986][ T5891] usb 3-1: USB disconnect, device number 55
[  298.483698][ T5887] usb 5-1: USB disconnect, device number 53
[  299.738010][ T5887] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  299.877415][ T5886] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  300.223950][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.237691][ T5888] usbhid 1-1:0.0: can't add hid device: -71
[  300.243888][ T5888] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  300.278448][ T5886] usb 3-1: Using ep0 maxpacket: 32
[  300.299533][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.322579][ T5888] usb 1-1: USB disconnect, device number 68
[  300.332094][ T5886] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  300.344913][ T5886] usb 3-1: config 0 has no interface number 0
[  300.361910][ T7986] netlink: 32 bytes leftover after parsing attributes in process `syz.1.626'.
[  300.371810][ T5887] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  300.388472][ T5886] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  300.401153][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.409983][ T7986] netem: unknown loss type 13
[  300.418706][ T7986] netem: change failed
[  300.423019][ T5886] usb 3-1: config 0 interface 85 has no altsetting 0
[  300.441062][ T5887] usb 4-1: config 0 descriptor??
[  300.492725][ T5886] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  300.523238][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.556369][ T5886] usb 3-1: Product: syz
[  300.572745][ T5886] usb 3-1: Manufacturer: syz
[  300.609030][ T5886] usb 3-1: SerialNumber: syz
[  300.630869][ T5886] usb 3-1: config 0 descriptor??
[  300.847790][ T5886] appletouch 3-1:0.85: Failed to read mode from device.
[  300.867991][ T5886] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  301.137699][ T5891] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  301.264960][ T7983] netlink: 'syz.2.625': attribute type 164 has an invalid length.
[  301.296228][ T5886] usb 3-1: USB disconnect, device number 56
[  301.297622][ T5891] usb 5-1: Using ep0 maxpacket: 8
[  301.400200][ T5891] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  301.423563][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  301.480724][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  301.504428][ T5891] usb 5-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  301.528888][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.544892][ T5891] usb 5-1: config 0 descriptor??
[  301.551035][   T24] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  301.655106][ T5891] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  301.710113][   T24] usb 1-1: config 0 has an invalid interface number: 199 but max is 1
[  301.721180][   T24] usb 1-1: config 0 has no interface number 1
[  301.728825][   T24] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  301.743686][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  301.762775][   T24] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  301.774221][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  301.783697][   T24] usb 1-1: SerialNumber: syz
[  301.805683][   T24] usb 1-1: config 0 descriptor??
[  301.886179][ T7994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.914995][ T7994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.971502][ T5842] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  302.018999][   T24] usb 1-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  302.028700][   T24] usb 1-1: No valid video chain found.
[  302.187110][ T5842] usb 2-1: config 0 has no interfaces?
[  302.217642][ T5842] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  302.244855][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.254710][ T5842] usb 2-1: Product: syz
[  302.266226][ T5842] usb 2-1: Manufacturer: syz
[  302.271588][ T5842] usb 2-1: SerialNumber: syz
[  302.299814][ T5842] usb 2-1: config 0 descriptor??
[  302.377423][ T5886] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  302.693762][ T5886] usb 3-1: config 0 has no interfaces?
[  302.705761][ T5886] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  302.715563][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.736606][ T5886] usb 3-1: Product: syz
[  302.760609][ T5886] usb 3-1: Manufacturer: syz
[  302.775615][ T5886] usb 3-1: SerialNumber: syz
[  302.805109][ T5886] usb 3-1: config 0 descriptor??
[  302.873021][ T5887] usbhid 4-1:0.0: can't add hid device: -71
[  302.880640][ T5887] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  302.925124][ T5887] usb 4-1: USB disconnect, device number 52
[  303.107175][ T8007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.117377][ T8007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.572615][ T5886] usb 1-1: USB disconnect, device number 69
[  303.757352][ T5918] usb 5-1: USB disconnect, device number 54
[  304.066776][ T8020] QAT: Device 6 not found
[  304.329617][ T5887] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  304.515878][ T5887] usb 4-1: device descriptor read/64, error -71
[  304.663815][ T8027] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  304.672961][ T5886] usb 2-1: USB disconnect, device number 36
[  304.695058][ T8027] loop1: detected capacity change from 0 to 63
[  304.739735][ T8029] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  304.827854][ T5887] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  304.997763][ T5887] usb 4-1: device descriptor read/64, error -71
[  305.138823][ T5887] usb usb4-port1: attempt power cycle
[  305.197508][ T5886] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  305.531430][ T5886] usb 2-1: device descriptor read/64, error -71
[  305.592909][   T24] usb 3-1: USB disconnect, device number 57
[  305.607728][ T5887] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  305.648498][ T5887] usb 4-1: device descriptor read/8, error -71
[  305.797660][ T5886] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  305.887547][ T5887] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  305.928958][ T5887] usb 4-1: device descriptor read/8, error -71
[  305.957625][ T5886] usb 2-1: device descriptor read/64, error -71
[  306.058228][ T5887] usb usb4-port1: unable to enumerate USB device
[  306.079272][ T5886] usb usb2-port1: attempt power cycle
[  306.117447][ T5918] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  306.317414][ T5918] usb 3-1: config 0 has no interfaces?
[  306.349746][ T5918] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  306.383874][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.400228][ T5918] usb 3-1: Product: syz
[  306.404870][ T5918] usb 3-1: Manufacturer: syz
[  306.409821][ T5887] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  306.424341][ T5918] usb 3-1: SerialNumber: syz
[  306.447383][ T5886] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  306.466959][ T5918] usb 3-1: config 0 descriptor??
[  306.512795][ T5886] usb 2-1: device descriptor read/8, error -71
[  306.627315][ T5887] usb 1-1: Using ep0 maxpacket: 8
[  306.643373][ T5887] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  306.665440][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  306.751165][ T5891] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  306.758143][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  306.794777][ T5887] usb 1-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  306.814548][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.823827][ T5886] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  306.849297][ T5887] usb 1-1: config 0 descriptor??
[  306.859578][ T5886] usb 2-1: device descriptor read/8, error -71
[  306.884770][ T5887] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  306.919074][ T5891] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  306.931254][ T5891] usb 5-1: config 0 has no interface number 1
[  306.951255][ T5891] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  306.962881][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  306.978979][ T5891] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  307.071472][ T5886] usb usb2-port1: unable to enumerate USB device
[  307.084914][ T8050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.119023][ T8050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.177377][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  307.187179][ T5891] usb 5-1: SerialNumber: syz
[  307.206592][ T5891] usb 5-1: config 0 descriptor??
[  307.238186][ T5891] usb 5-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  307.250514][ T5891] usb 5-1: No valid video chain found.
[  308.012029][ T8061] FAULT_INJECTION: forcing a failure.
[  308.012029][ T8061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.030773][ T8061] CPU: 0 UID: 0 PID: 8061 Comm: syz.1.654 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  308.030797][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  308.030805][ T8061] Call Trace:
[  308.030812][ T8061]  <TASK>
[  308.030819][ T8061]  dump_stack_lvl+0x189/0x250
[  308.030843][ T8061]  ? __lock_acquire+0xaac/0xd20
[  308.030865][ T8061]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.030886][ T8061]  ? __pfx__printk+0x10/0x10
[  308.030901][ T8061]  ? __might_fault+0xb0/0x130
[  308.030927][ T8061]  should_fail_ex+0x414/0x560
[  308.030954][ T8061]  _copy_from_user+0x2d/0xb0
[  308.030974][ T8061]  ip_tunnel_parm_from_user+0xa2/0x380
[  308.030992][ T8061]  ? arch_stack_walk+0xfc/0x150
[  308.031012][ T8061]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[  308.031036][ T8061]  ? stack_trace_save+0x9c/0xe0
[  308.031056][ T8061]  ip_tunnel_siocdevprivate+0x99/0x180
[  308.031076][ T8061]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  308.031100][ T8061]  ? __lock_acquire+0xaac/0xd20
[  308.031124][ T8061]  ipip6_tunnel_siocdevprivate+0x24e/0x1580
[  308.031144][ T8061]  ? __pfx___mutex_trylock_common+0x10/0x10
[  308.031159][ T8061]  ? __pfx_ipip6_tunnel_siocdevprivate+0x10/0x10
[  308.031177][ T8061]  ? rcu_is_watching+0x15/0xb0
[  308.031199][ T8061]  ? trace_contention_end+0x39/0x120
[  308.031213][ T8061]  ? __mutex_lock+0x330/0xe80
[  308.031233][ T8061]  ? __lock_acquire+0xaac/0xd20
[  308.031253][ T8061]  ? dev_ioctl+0x83c/0x1150
[  308.031274][ T8061]  ? full_name_hash+0x92/0xe0
[  308.031297][ T8061]  ? netdev_name_node_lookup+0xdf/0x120
[  308.031320][ T8061]  dev_ifsioc+0xb54/0xf00
[  308.031348][ T8061]  dev_ioctl+0x84c/0x1150
[  308.031371][ T8061]  sock_ioctl+0x719/0x790
[  308.031393][ T8061]  ? __pfx_sock_ioctl+0x10/0x10
[  308.031423][ T8061]  compat_sock_ioctl+0x285/0xc80
[  308.031447][ T8061]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  308.031469][ T8061]  ? __fget_files+0x3a0/0x420
[  308.031487][ T8061]  ? __fget_files+0x2a/0x420
[  308.031508][ T8061]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  308.031529][ T8061]  __ia32_compat_sys_ioctl+0x551/0x840
[  308.031547][ T8061]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  308.031562][ T8061]  ? __fget_files+0x3a0/0x420
[  308.031585][ T8061]  ? fput+0xa0/0xd0
[  308.031606][ T8061]  ? ksys_write+0x1f0/0x250
[  308.031627][ T8061]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  308.031643][ T8061]  ? lockdep_hardirqs_on+0x9c/0x150
[  308.031659][ T8061]  __do_fast_syscall_32+0xb4/0x110
[  308.031675][ T8061]  ? lockdep_hardirqs_on+0x9c/0x150
[  308.031692][ T8061]  do_fast_syscall_32+0x34/0x80
[  308.031708][ T8061]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  308.031774][ T8061] RIP: 0023:0xf7f68539
[  308.031792][ T8061] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  308.031808][ T8061] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  308.031830][ T8061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f3
[  308.031844][ T8061] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  308.031856][ T8061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  308.031867][ T8061] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  308.031879][ T8061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  308.031909][ T8061]  </TASK>
[  308.448261][ T8063] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  308.456207][ T8063] team0: Device macvlan2 is up. Set it down before adding it as a team port
[  309.059505][   T24] usb 1-1: USB disconnect, device number 70
[  309.097421][ T5891] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  309.161541][ T2150] usb 5-1: USB disconnect, device number 55
[  309.192041][ T5886] usb 3-1: USB disconnect, device number 58
[  309.386668][ T5891] usb 4-1: config 0 has no interfaces?
[  309.401940][ T5891] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  309.415168][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.425830][ T5891] usb 4-1: Product: syz
[  309.450506][ T5891] usb 4-1: Manufacturer: syz
[  309.462292][ T5891] usb 4-1: SerialNumber: syz
[  309.470664][ T5891] usb 4-1: config 0 descriptor??
[  309.645790][ T8082] QAT: Device 6 not found
[  309.801717][ T8067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.814097][ T8067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.830133][ T8079] netlink: 32 bytes leftover after parsing attributes in process `syz.2.660'.
[  309.839763][ T8079] netem: unknown loss type 13
[  309.950591][ T8079] netem: change failed
[  309.997545][ T5886] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  310.137684][ T5886] usb 5-1: device descriptor read/64, error -71
[  310.397353][ T5886] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  310.615432][ T5886] usb 5-1: device descriptor read/64, error -71
[  310.651103][ T8096] FAULT_INJECTION: forcing a failure.
[  310.651103][ T8096] name failslab, interval 1, probability 0, space 0, times 0
[  310.664241][ T8096] CPU: 1 UID: 0 PID: 8096 Comm: syz.2.666 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  310.664268][ T8096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  310.664281][ T8096] Call Trace:
[  310.664290][ T8096]  <TASK>
[  310.664299][ T8096]  dump_stack_lvl+0x189/0x250
[  310.664332][ T8096]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.664354][ T8096]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.664383][ T8096]  ? __pfx__printk+0x10/0x10
[  310.664419][ T8096]  should_fail_ex+0x414/0x560
[  310.664456][ T8096]  should_failslab+0xa8/0x100
[  310.664491][ T8096]  kmem_cache_alloc_noprof+0x73/0x3c0
[  310.664515][ T8096]  ? sctp_get_port_local+0x6bb/0x1610
[  310.664550][ T8096]  sctp_get_port_local+0x6bb/0x1610
[  310.664593][ T8096]  ? __pfx_sctp_get_port_local+0x10/0x10
[  310.664625][ T8096]  ? sctp_bind_addr_match+0x28b/0x2b0
[  310.664654][ T8096]  sctp_do_bind+0x4ea/0x940
[  310.664696][ T8096]  sctp_connect_new_asoc+0x25c/0x690
[  310.664729][ T8096]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  310.664760][ T8096]  ? __lock_acquire+0xaac/0xd20
[  310.664788][ T8096]  ? sctp_get_af_specific+0x29/0x80
[  310.664810][ T8096]  ? sctp_inet6_send_verify+0x80/0x300
[  310.664833][ T8096]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[  310.664864][ T8096]  __sctp_connect+0x5ba/0xd50
[  310.664906][ T8096]  ? __pfx___sctp_connect+0x10/0x10
[  310.664938][ T8096]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  310.664962][ T8096]  ? security_sctp_bind_connect+0x7e/0x2e0
[  310.664995][ T8096]  sctp_getsockopt_connectx3+0x2c4/0x440
[  310.665023][ T8096]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  310.665048][ T8096]  ? __local_bh_enable_ip+0x12d/0x1c0
[  310.665092][ T8096]  sctp_getsockopt+0x98a/0xb60
[  310.665122][ T8096]  do_sock_getsockopt+0x35d/0x650
[  310.665149][ T8096]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  310.665173][ T8096]  ? __fget_files+0x2a/0x420
[  310.665197][ T8096]  ? __fget_files+0x3a0/0x420
[  310.665221][ T8096]  ? __fget_files+0x2a/0x420
[  310.665255][ T8096]  __ia32_sys_getsockopt+0x1a5/0x250
[  310.665289][ T8096]  __do_fast_syscall_32+0xb4/0x110
[  310.665312][ T8096]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.665336][ T8096]  do_fast_syscall_32+0x34/0x80
[  310.665358][ T8096]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  310.665383][ T8096] RIP: 0023:0xf7f52539
[  310.665401][ T8096] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  310.665419][ T8096] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[  310.665440][ T8096] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[  310.665453][ T8096] RDX: 000000000000006f RSI: 0000000080000000 RDI: 0000000080000080
[  310.665467][ T8096] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  310.665479][ T8096] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  310.665497][ T8096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  310.665527][ T8096]  </TASK>
[  310.972840][    C1] vkms_vblank_simulate: vblank timer overrun
[  310.980956][ T5886] usb usb5-port1: attempt power cycle
[  311.337800][ T5886] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  311.368449][ T5886] usb 5-1: device descriptor read/8, error -71
[  311.647976][ T5886] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  311.667857][ T5887] usb 4-1: USB disconnect, device number 57
[  311.689191][ T5886] usb 5-1: device descriptor read/8, error -71
[  311.704817][ T8102] netlink: 32 bytes leftover after parsing attributes in process `syz.3.669'.
[  311.745255][ T8102] netem: unknown loss type 13
[  311.757472][ T5891] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  311.808867][ T8102] netem: change failed
[  311.809100][ T5886] usb usb5-port1: unable to enumerate USB device
[  311.964997][ T5891] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  311.989065][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.998024][ T5891] usb 3-1: Product: syz
[  312.002477][ T5891] usb 3-1: Manufacturer: syz
[  312.008950][ T5891] usb 3-1: SerialNumber: syz
[  312.029112][ T5891] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  312.049555][ T5918] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  312.116017][ T2150] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  312.137500][ T5887] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  312.217350][ T5918] usb 2-1: Using ep0 maxpacket: 8
[  312.227675][ T5918] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  312.238860][ T5918] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  312.255863][ T5918] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  312.287665][ T5918] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  312.296949][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.311533][ T5887] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.335824][ T5918] usb 2-1: config 0 descriptor??
[  312.341258][ T5887] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.362746][ T5887] usb 1-1: config 0 interface 0 has no altsetting 0
[  312.374300][ T5918] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  312.381392][ T5891] usb 3-1: USB disconnect, device number 59
[  312.392203][ T5887] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  312.392238][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.422848][ T5887] usb 1-1: config 0 descriptor??
[  312.599694][ T8104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.625402][ T8104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.857728][   T24] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  313.067568][ T5842] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  313.102514][   T24] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  313.112624][   T24] usb 4-1: config 0 has no interface number 1
[  313.119439][   T24] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  313.130003][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  313.145974][   T24] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  313.156795][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  313.165523][   T24] usb 4-1: SerialNumber: syz
[  313.176120][   T24] usb 4-1: config 0 descriptor??
[  313.193912][   T24] usb 4-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  313.202186][   T24] usb 4-1: No valid video chain found.
[  313.230711][ T5842] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.242870][ T2150] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  313.250767][ T2150] ath9k_htc: Failed to initialize the device
[  313.257889][ T5842] usb 5-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.350410][ T5842] usb 5-1: config 0 interface 0 has no altsetting 0
[  313.357964][ T5891] usb 3-1: ath9k_htc: USB layer deinitialized
[  313.364893][ T5842] usb 5-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  313.384709][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.405686][ T5842] usb 5-1: config 0 descriptor??
[  314.654955][ T5918] usb 2-1: USB disconnect, device number 41
[  315.292955][   T24] usb 4-1: USB disconnect, device number 58
[  315.634466][ T8136] FAULT_INJECTION: forcing a failure.
[  315.634466][ T8136] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.707530][ T8136] CPU: 0 UID: 0 PID: 8136 Comm: syz.1.678 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  315.707564][ T8136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  315.707577][ T8136] Call Trace:
[  315.707589][ T8136]  <TASK>
[  315.707599][ T8136]  dump_stack_lvl+0x189/0x250
[  315.707631][ T8136]  ? __lock_acquire+0xaac/0xd20
[  315.707663][ T8136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.707710][ T8136]  ? __pfx__printk+0x10/0x10
[  315.707730][ T8136]  ? __might_fault+0xb0/0x130
[  315.707768][ T8136]  should_fail_ex+0x414/0x560
[  315.707805][ T8136]  _copy_from_user+0x2d/0xb0
[  315.707833][ T8136]  vti6_siocdevprivate+0x1af/0x700
[  315.707980][ T8136]  ? __pfx_vti6_siocdevprivate+0x10/0x10
[  315.708009][ T8136]  ? rcu_is_watching+0x15/0xb0
[  315.708047][ T8136]  ? irqentry_exit+0x74/0x90
[  315.708077][ T8136]  ? __pfx_vti6_siocdevprivate+0x10/0x10
[  315.708108][ T8136]  ? dev_ifsioc+0xb27/0xf00
[  315.708147][ T8136]  dev_ifsioc+0xb54/0xf00
[  315.708186][ T8136]  dev_ioctl+0x84c/0x1150
[  315.708220][ T8136]  sock_ioctl+0x719/0x790
[  315.708250][ T8136]  ? __pfx_sock_ioctl+0x10/0x10
[  315.708300][ T8136]  compat_sock_ioctl+0x285/0xc80
[  315.708332][ T8136]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  315.708362][ T8136]  ? __fget_files+0x3a0/0x420
[  315.708388][ T8136]  ? __fget_files+0x2a/0x420
[  315.708418][ T8136]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  315.708448][ T8136]  __ia32_compat_sys_ioctl+0x551/0x840
[  315.708474][ T8136]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  315.708497][ T8136]  ? __fget_files+0x3a0/0x420
[  315.708530][ T8136]  ? fput+0xa0/0xd0
[  315.708560][ T8136]  ? ksys_write+0x1f0/0x250
[  315.708591][ T8136]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  315.708614][ T8136]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.708637][ T8136]  __do_fast_syscall_32+0xb4/0x110
[  315.708660][ T8136]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.708685][ T8136]  do_fast_syscall_32+0x34/0x80
[  315.708707][ T8136]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  315.708733][ T8136] RIP: 0023:0xf7f68539
[  315.708750][ T8136] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  315.708768][ T8136] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  315.708791][ T8136] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1
[  315.708805][ T8136] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000
[  315.708818][ T8136] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  315.708831][ T8136] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  315.708843][ T8136] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  315.708880][ T8136]  </TASK>
[  316.391540][ T5887] usbhid 1-1:0.0: can't add hid device: -71
[  316.409563][ T5887] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  316.455790][ T5887] usb 1-1: USB disconnect, device number 71
[  316.599958][ T8140] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  316.642225][ T5842] usbhid 5-1:0.0: can't add hid device: -71
[  316.646410][ T8140] netlink: 16 bytes leftover after parsing attributes in process `syz.2.681'.
[  316.660830][ T8140] netlink: 16 bytes leftover after parsing attributes in process `syz.2.681'.
[  316.677334][ T5888] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  316.686393][ T5842] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  316.694049][ T8140] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  316.724095][ T5842] usb 5-1: USB disconnect, device number 60
[  316.791623][ T8140] bond1: entered allmulticast mode
[  316.800279][ T8140] 8021q: adding VLAN 0 to HW filter on device bond1
[  316.817660][ T8145] netlink: 32 bytes leftover after parsing attributes in process `syz.1.682'.
[  316.826877][ T8145] netem: unknown loss type 13
[  316.842407][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  316.858212][ T5888] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  316.876040][ T5888] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  316.888254][ T5888] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  316.899567][ T5888] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  316.931385][ T8145] netem: change failed
[  316.936010][ T5888] usb 4-1: config 0 interface 0 has no altsetting 0
[  316.966510][ T5888] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  316.996304][ T8154] QAT: Device 6 not found
[  317.001511][ T5888] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  317.037286][ T5888] usb 4-1: Product: syz
[  317.062475][ T5888] usb 4-1: Manufacturer: syz
[  317.080618][ T5888] usb 4-1: SerialNumber: syz
[  317.117183][ T5888] usb 4-1: config 0 descriptor??
[  317.179194][ T5888] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  317.216577][ T5888] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  317.251561][ T5842] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  317.303858][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  317.313229][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  317.397556][ T5842] usb 5-1: device descriptor read/64, error -71
[  317.534164][ T8162] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  317.657438][ T5842] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  317.849176][ T5842] usb 5-1: device descriptor read/64, error -71
[  317.911908][ T8165] ldusb 4-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  317.923494][ T5886] usb 4-1: USB disconnect, device number 59
[  317.923679][    C1] ldusb 4-1:0.0: usb_submit_urb failed (-19)
[  317.940335][ T8138] FAULT_INJECTION: forcing a failure.
[  317.940335][ T8138] name failslab, interval 1, probability 0, space 0, times 0
[  317.965742][ T8138] CPU: 0 UID: 0 PID: 8138 Comm: syz.3.679 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  317.965770][ T8138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  317.965781][ T8138] Call Trace:
[  317.965789][ T8138]  <TASK>
[  317.965798][ T8138]  dump_stack_lvl+0x189/0x250
[  317.965833][ T8138]  ? __pfx_dump_stack_lvl+0x10/0x10
[  317.965870][ T8138]  ? __pfx__printk+0x10/0x10
[  317.965892][ T8138]  ? __pfx___might_resched+0x10/0x10
[  317.965923][ T8138]  ? fs_reclaim_acquire+0x7d/0x100
[  317.965957][ T8138]  should_fail_ex+0x414/0x560
[  317.965993][ T8138]  should_failslab+0xa8/0x100
[  317.966020][ T8138]  kmem_cache_alloc_noprof+0x73/0x3c0
[  317.966043][ T8138]  ? security_file_alloc+0x34/0x330
[  317.966076][ T8138]  security_file_alloc+0x34/0x330
[  317.966114][ T8138]  init_file+0x93/0x2f0
[  317.966145][ T8138]  alloc_empty_file+0x6e/0x1d0
[  317.966174][ T8138]  path_openat+0x107/0x3830
[  317.966191][ T8138]  ? arch_stack_walk+0xfc/0x150
[  317.966228][ T8138]  ? stack_trace_save+0x9c/0xe0
[  317.966251][ T8138]  ? stack_depot_save_flags+0x40/0x910
[  317.966279][ T8138]  ? kasan_save_track+0x4f/0x80
[  317.966299][ T8138]  ? __kasan_slab_alloc+0x6c/0x80
[  317.966320][ T8138]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  317.966341][ T8138]  ? getname_flags+0xb8/0x540
[  317.966366][ T8138]  ? __pfx_path_openat+0x10/0x10
[  317.966382][ T8138]  ? do_fast_syscall_32+0x34/0x80
[  317.966402][ T8138]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  317.966443][ T8138]  do_filp_open+0x1fa/0x410
[  317.966465][ T8138]  ? __pfx_do_filp_open+0x10/0x10
[  317.966505][ T8138]  ? _raw_spin_unlock+0x28/0x50
[  317.966533][ T8138]  ? alloc_fd+0x64c/0x6c0
[  317.966568][ T8138]  do_sys_openat2+0x121/0x1c0
[  317.966600][ T8138]  ? __pfx_do_sys_openat2+0x10/0x10
[  317.966634][ T8138]  ? ksys_write+0x1f0/0x250
[  317.966654][ T8138]  ? rcu_is_watching+0x15/0xb0
[  317.966697][ T8138]  __ia32_compat_sys_openat+0x131/0x160
[  317.966734][ T8138]  __do_fast_syscall_32+0xb4/0x110
[  317.966757][ T8138]  ? lockdep_hardirqs_on+0x9c/0x150
[  317.966781][ T8138]  do_fast_syscall_32+0x34/0x80
[  317.966803][ T8138]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  317.966826][ T8138] RIP: 0023:0xf704e539
[  317.966844][ T8138] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  317.966861][ T8138] RSP: 002b:00000000f503e490 EFLAGS: 00000206 ORIG_RAX: 0000000000000127
[  317.966882][ T8138] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f503e4e0
[  317.966896][ T8138] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f73b2ff4
[  317.966908][ T8138] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  317.966918][ T8138] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  317.966930][ T8138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  317.966956][ T8138]  </TASK>
[  318.271135][ T5886] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  318.287753][ T5842] usb usb5-port1: attempt power cycle
[  318.647350][ T5888] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  318.847405][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  318.878694][ T5842] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  318.880767][ T5888] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  318.887153][ T5891] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  318.896826][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.931415][ T5842] usb 5-1: device descriptor read/8, error -71
[  318.962895][ T5888] usb 3-1: Product: syz
[  318.973444][ T5888] usb 3-1: Manufacturer: syz
[  318.982992][ T5888] usb 3-1: SerialNumber: syz
[  319.000344][ T5888] usb 3-1: config 0 descriptor??
[  319.106993][ T5888] gspca_main: se401-2.14.0 probing 047d:5003
[  319.147122][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.166821][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.182153][ T5842] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  319.194624][ T5891] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  319.227068][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.236368][ T5842] usb 5-1: device descriptor read/8, error -71
[  319.437399][ T2150] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  319.597755][ T5842] usb usb5-port1: unable to enumerate USB device
[  319.631825][ T8169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.652341][ T8169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  319.745723][ T5891] usb 2-1: config 0 descriptor??
[  319.786646][ T2150] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.799138][ T2150] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.834751][ T2150] usb 1-1: config 0 interface 0 has no altsetting 0
[  319.859155][ T2150] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  319.878065][ T2150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.177093][ T2150] usb 1-1: config 0 descriptor??
[  320.823267][ T5888] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  320.907589][ T5888] se401 3-1:0.0: probe with driver se401 failed with error -110
[  322.191314][ T5891] usbhid 2-1:0.0: can't add hid device: -71
[  322.228098][ T5891] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  322.290046][ T5891] usb 2-1: USB disconnect, device number 42
[  322.449468][ T5918] usb 3-1: USB disconnect, device number 60
[  323.153991][ T8212] FAULT_INJECTION: forcing a failure.
[  323.153991][ T8212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  323.204418][ T8212] CPU: 1 UID: 0 PID: 8212 Comm: syz.3.699 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  323.204449][ T8212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  323.204462][ T8212] Call Trace:
[  323.204470][ T8212]  <TASK>
[  323.204482][ T8212]  dump_stack_lvl+0x189/0x250
[  323.204515][ T8212]  ? __lock_acquire+0xaac/0xd20
[  323.204546][ T8212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.204575][ T8212]  ? __pfx__printk+0x10/0x10
[  323.204601][ T8212]  ? __might_fault+0xb0/0x130
[  323.204638][ T8212]  should_fail_ex+0x414/0x560
[  323.204675][ T8212]  _copy_from_iter+0x1db/0x15a0
[  323.204706][ T8212]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  323.204728][ T8212]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  323.204754][ T8212]  ? __pfx__copy_from_iter+0x10/0x10
[  323.204779][ T8212]  ? __build_skb_around+0x257/0x3e0
[  323.204804][ T8212]  ? netlink_sendmsg+0x642/0xb30
[  323.204821][ T8212]  ? skb_put+0x11b/0x210
[  323.204845][ T8212]  netlink_sendmsg+0x6b2/0xb30
[  323.204873][ T8212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.204895][ T8212]  ? __import_iovec+0x5d4/0x7f0
[  323.204918][ T8212]  ? aa_sock_msg_perm+0x94/0x160
[  323.204941][ T8212]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  323.204963][ T8212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.204983][ T8212]  __sock_sendmsg+0x219/0x270
[  323.205013][ T8212]  ____sys_sendmsg+0x505/0x830
[  323.205041][ T8212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.205079][ T8212]  ___sys_sendmsg+0x21f/0x2a0
[  323.205103][ T8212]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.205161][ T8212]  ? __fget_files+0x2a/0x420
[  323.205186][ T8212]  ? __fget_files+0x3a0/0x420
[  323.205221][ T8212]  __sys_sendmsg+0x164/0x220
[  323.205247][ T8212]  ? __pfx___sys_sendmsg+0x10/0x10
[  323.205283][ T8212]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  323.205306][ T8212]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.205328][ T8212]  __do_fast_syscall_32+0xb4/0x110
[  323.205350][ T8212]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.205372][ T8212]  do_fast_syscall_32+0x34/0x80
[  323.205394][ T8212]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.205418][ T8212] RIP: 0023:0xf704e539
[  323.205435][ T8212] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  323.205453][ T8212] RSP: 002b:00000000f503e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  323.205473][ T8212] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000780
[  323.205487][ T8212] RDX: 0000000004004000 RSI: 0000000000000000 RDI: 0000000000000000
[  323.205499][ T8212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.205511][ T8212] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  323.205522][ T8212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.205550][ T8212]  </TASK>
[  323.226304][   T30] kauditd_printk_skb: 192 callbacks suppressed
[  323.226328][   T30] audit: type=1326 audit(1745684738.249:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  323.476686][ T8209] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  323.564279][ T8209] team0: Device macvlan2 is up. Set it down before adding it as a team port
[  323.567870][ T5891] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  323.690344][   T30] audit: type=1326 audit(1745684738.299:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70de539 code=0x7ffc0000
[  323.707887][ T2150] usbhid 1-1:0.0: can't add hid device: -71
[  323.738331][ T8221] QAT: Device 6 not found
[  323.751964][ T2150] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  323.764750][   T30] audit: type=1326 audit(1745684738.299:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  323.790940][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  323.801850][ T5891] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  323.813476][ T5891] usb 5-1: config 0 has no interface number 0
[  323.825769][   T30] audit: type=1326 audit(1745684738.299:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  323.861793][ T5891] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  323.875631][ T2150] usb 1-1: USB disconnect, device number 72
[  323.885757][ T5891] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  323.914452][   T30] audit: type=1326 audit(1745684738.309:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  323.997408][   T24] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  324.046350][ T5891] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  324.057489][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.078629][ T5891] usb 5-1: config 0 descriptor??
[  324.091041][   T30] audit: type=1326 audit(1745684738.309:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  324.126683][   T30] audit: type=1326 audit(1745684738.419:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  324.185152][   T30] audit: type=1326 audit(1745684738.499:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  324.207686][   T24] usb 2-1: device descriptor read/64, error -71
[  324.214418][   T30] audit: type=1326 audit(1745684738.629:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  324.237062][   T30] audit: type=1326 audit(1745684738.639:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.4.700" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  324.386003][ T8228] netlink: 16 bytes leftover after parsing attributes in process `syz.0.704'.
[  324.461153][   T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  324.607527][   T24] usb 2-1: device descriptor read/64, error -71
[  324.727853][   T24] usb usb2-port1: attempt power cycle
[  324.743974][ T5891] input: HID 28bd:0094 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:28BD:0094.0016/input/input13
[  324.924310][ T5891] uclogic 0003:28BD:0094.0016: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.4-1/input1
[  324.981306][ T8214] program syz.4.700 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  325.053556][ T8214] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  325.080507][   T24] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  325.208115][   T24] usb 2-1: device descriptor read/8, error -71
[  325.222916][ T8235] capability: warning: `syz.0.706' uses 32-bit capabilities (legacy support in use)
[  325.223925][ T5891] usb 5-1: USB disconnect, device number 65
[  325.477415][   T24] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  325.508833][   T24] usb 2-1: device descriptor read/8, error -71
[  325.740632][   T24] usb usb2-port1: unable to enumerate USB device
[  325.944760][ T8244] netlink: 32 bytes leftover after parsing attributes in process `syz.3.709'.
[  325.955117][ T8244] netem: unknown loss type 13
[  325.972620][ T8244] netem: change failed
[  326.097509][   T24] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  326.312724][   T24] usb 1-1: Using ep0 maxpacket: 8
[  326.503735][   T24] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  326.513147][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.521816][   T24] usb 1-1: Product: syz
[  326.635299][   T24] usb 1-1: Manufacturer: syz
[  326.665127][   T24] usb 1-1: SerialNumber: syz
[  326.714506][ T8256] dns_resolver: Unsupported server list version (0)
[  326.759874][   T24] usb 1-1: config 0 descriptor??
[  326.828835][   T24] gspca_main: se401-2.14.0 probing 047d:5003
[  326.948608][ T5888] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  327.006177][ T8242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  327.024868][ T8242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.187624][ T5891] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  327.241209][ T5888] usb 4-1: config 0 has no interfaces?
[  327.252458][ T5888] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  327.264833][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.288884][ T5888] usb 4-1: Product: syz
[  327.293320][ T5888] usb 4-1: Manufacturer: syz
[  327.317722][ T5888] usb 4-1: SerialNumber: syz
[  327.333968][ T5888] usb 4-1: config 0 descriptor??
[  327.412100][ T5891] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.437513][ T5891] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  327.474236][ T5891] usb 3-1: config 0 interface 0 has no altsetting 0
[  327.499406][ T5891] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  327.584967][ T2150] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  327.598092][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.632539][ T5891] usb 3-1: config 0 descriptor??
[  327.778770][ T2150] usb 2-1: Using ep0 maxpacket: 8
[  327.787108][ T2150] usb 2-1: unable to get BOS descriptor or descriptor too short
[  327.797010][ T2150] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  327.806461][ T2150] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.817669][ T2150] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  327.882599][ T2150] usb 2-1: config 1 has no interface number 1
[  327.902522][ T2150] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  327.923891][ T2150] usb 2-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x1E, changing to 0xE
[  327.945370][ T2150] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0xE has invalid wMaxPacketSize 0
[  327.960242][ T2150] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  327.970627][ T2150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.979166][ T2150] usb 2-1: Product: syz
[  327.983459][ T2150] usb 2-1: Manufacturer: syz
[  328.013100][ T2150] usb 2-1: SerialNumber: syz
[  328.098654][   T24] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  328.106485][   T24] se401 1-1:0.0: probe with driver se401 failed with error -110
[  328.341929][ T2150] usb 2-1: USB disconnect, device number 47
[  328.430274][ T6031] udevd[6031]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  328.527836][ T5918] usb 1-1: USB disconnect, device number 73
[  328.962861][ T8275] netlink: 20 bytes leftover after parsing attributes in process `syz.0.717'.
[  328.972399][ T8275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.717'.
[  329.785370][ T2150] usb 4-1: USB disconnect, device number 60
[  330.430682][ T8288] netlink: 32 bytes leftover after parsing attributes in process `syz.0.722'.
[  330.444788][ T8288] netem: unknown loss type 13
[  330.450477][ T8288] netem: change failed
[  330.837619][   T24] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  331.032098][ T5891] usbhid 3-1:0.0: can't add hid device: -71
[  331.087463][ T5891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  331.168494][ T8296] QAT: Device 6 not found
[  331.188771][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.209555][ T5891] usb 3-1: USB disconnect, device number 61
[  331.243160][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  331.326842][   T24] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  331.497464][ T5888] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  331.548306][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.647347][ T5888] usb 5-1: device descriptor read/64, error -71
[  331.710306][   T24] usb 4-1: config 0 descriptor??
[  331.818922][ T8301] dns_resolver: Unsupported server list version (0)
[  332.247327][ T5888] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  332.397458][ T5888] usb 5-1: device descriptor read/64, error -71
[  332.827802][ T5888] usb usb5-port1: attempt power cycle
[  333.244504][ T5888] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  333.359431][ T5888] usb 5-1: device descriptor read/8, error -71
[  333.437351][ T2150] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  333.587421][ T2150] usb 1-1: Using ep0 maxpacket: 16
[  333.597327][ T5888] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  333.605621][ T2150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.619298][ T5888] usb 5-1: device descriptor read/8, error -71
[  333.687591][ T2150] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  333.756935][ T5888] usb usb5-port1: unable to enumerate USB device
[  333.767747][ T2150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.857785][ T2150] usb 1-1: config 0 descriptor??
[  333.959498][ T8310] dns_resolver: Unsupported server list version (0)
[  334.031186][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  334.038094][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  334.056994][   T24] usb 4-1: USB disconnect, device number 61
[  334.435531][ T2150] mcp2221 0003:04D8:00DD.0017: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  334.838368][ T5918] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  334.897458][ T2150] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  335.015794][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.028185][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.068960][ T2150] usb 2-1: Using ep0 maxpacket: 8
[  335.079520][ T2150] usb 2-1: too many configurations: 10, using maximum allowed: 8
[  335.104970][ T2150] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  335.124293][ T2150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.141275][ T5918] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  335.157190][ T2150] usb 2-1: Product: syz
[  335.165082][ T2150] usb 2-1: Manufacturer: syz
[  335.174446][ T2150] usb 2-1: SerialNumber: syz
[  335.191508][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.205527][ T2150] usb 2-1: config 0 descriptor??
[  335.220892][ T2150] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  335.262680][ T5918] usb 4-1: config 0 descriptor??
[  335.593024][ T2150] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  335.630726][ T8330] netlink: 32 bytes leftover after parsing attributes in process `syz.4.734'.
[  335.660316][ T2150] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  335.686405][ T2150] usb 2-1: USB disconnect, device number 48
[  335.826510][ T8330] netem: unknown loss type 13
[  335.914584][   T24] usb 1-1: USB disconnect, device number 74
[  335.919944][ T8330] netem: change failed
[  337.594044][ T8358] QAT: Device 6 not found
[  337.717662][   T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  337.843607][ T5918] usbhid 4-1:0.0: can't add hid device: -71
[  337.867453][ T5888] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  337.898065][ T5918] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  337.960284][ T5918] usb 4-1: USB disconnect, device number 62
[  338.031798][ T5888] usb 1-1: device descriptor read/64, error -71
[  338.042567][ T8359] dns_resolver: Unsupported server list version (0)
[  338.352153][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  338.363598][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  338.376853][   T24] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  338.388130][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.420558][   T24] usb 2-1: config 0 descriptor??
[  338.439048][ T5888] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  338.517329][ T5918] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  338.606855][ T5888] usb 1-1: device descriptor read/64, error -71
[  338.677439][ T5918] usb 4-1: Using ep0 maxpacket: 32
[  338.691592][ T5918] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  338.710908][ T5918] usb 4-1: config 0 has no interface number 0
[  338.727286][ T5918] usb 4-1: config 0 interface 184 altsetting 7 endpoint 0x3 has invalid wMaxPacketSize 0
[  338.747293][ T5918] usb 4-1: config 0 interface 184 has no altsetting 0
[  338.760241][ T5888] usb usb1-port1: attempt power cycle
[  338.768998][ T8366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.743'.
[  338.812221][ T5918] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  338.822479][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.832461][ T5918] usb 4-1: Product: syz
[  338.853205][ T5918] usb 4-1: Manufacturer: syz
[  338.868441][ T5918] usb 4-1: SerialNumber: syz
[  338.910797][ T5918] usb 4-1: config 0 descriptor??
[  338.956536][ T5918] smsc75xx v1.0.0
[  338.967358][ T5918] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  339.004796][ T5918] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22
[  339.147401][ T5888] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  339.170528][ T5888] usb 1-1: device descriptor read/8, error -71
[  339.459153][ T5888] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  339.513342][ T5888] usb 1-1: device descriptor read/8, error -71
[  339.568621][ T8371] netlink: 196 bytes leftover after parsing attributes in process `syz.3.742'.
[  339.581014][ T8371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  339.612911][ T8371] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.637563][ T5888] usb usb1-port1: unable to enumerate USB device
[  339.654458][ T8371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  339.700256][ T8371] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.977879][ T5888] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  340.157539][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  340.173616][ T5888] usb 3-1: too many configurations: 10, using maximum allowed: 8
[  340.233696][ T5888] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  340.249911][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.274043][ T5888] usb 3-1: Product: syz
[  340.278788][ T5888] usb 3-1: Manufacturer: syz
[  340.283688][ T5888] usb 3-1: SerialNumber: syz
[  340.302018][ T5888] usb 3-1: config 0 descriptor??
[  340.346264][ T5888] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244)
[  340.571036][ T8384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  340.652231][ T8384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  340.664259][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  340.687373][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  340.741408][   T24] usb 2-1: USB disconnect, device number 49
[  340.812273][ T5888] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  340.844676][ T5888] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  340.875690][ T5888] usb 3-1: USB disconnect, device number 62
[  341.114304][ T8390] dns_resolver: Unsupported server list version (0)
[  341.263094][   T24] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  341.439011][   T24] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.454289][   T24] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  341.481238][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  341.495787][   T24] usb 2-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  341.518113][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.546671][   T24] usb 2-1: config 0 descriptor??
[  341.644760][ T8393] IPv6: NLM_F_REPLACE set, but no existing node found!
[  341.748653][ T8397] futex_wake_op: syz.2.752 tries to shift op by -1; fix this program
[  341.803352][ T8397] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  342.177838][ T5925] usb 4-1: USB disconnect, device number 63
[  342.503569][ T8412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'.
[  342.561187][ T8414] netlink: 32 bytes leftover after parsing attributes in process `syz.3.757'.
[  342.620255][ T8414] netem: unknown loss type 13
[  342.625192][ T8414] netem: change failed
[  342.917492][ T5842] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  343.077445][ T5842] usb 1-1: device descriptor read/64, error -71
[  343.164750][ T8418] QAT: Device 6 not found
[  343.340607][ T5842] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  343.427395][ T5888] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  343.577463][ T5842] usb 1-1: device descriptor read/64, error -71
[  343.677507][ T5888] usb 4-1: device descriptor read/64, error -71
[  343.688782][ T5842] usb usb1-port1: attempt power cycle
[  343.947821][ T5888] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  343.957850][ T5886] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  344.013811][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  344.024400][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  344.033488][ T5842] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  344.052262][   T24] usb 2-1: USB disconnect, device number 50
[  344.085958][ T5842] usb 1-1: device descriptor read/8, error -71
[  344.126228][ T5888] usb 4-1: device descriptor read/64, error -71
[  344.159263][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  344.184791][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  344.219860][ T5886] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  344.248043][ T5888] usb usb4-port1: attempt power cycle
[  344.267410][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.294249][ T8429] netlink: 80 bytes leftover after parsing attributes in process `syz.1.763'.
[  344.341467][ T5842] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  344.364012][ T5886] usb 3-1: config 0 descriptor??
[  344.376220][ T5842] usb 1-1: device descriptor read/8, error -71
[  344.487731][ T5842] usb usb1-port1: unable to enumerate USB device
[  344.573811][ T8434] netlink: 304 bytes leftover after parsing attributes in process `syz.4.764'.
[  344.607701][ T8434] netlink: 4 bytes leftover after parsing attributes in process `syz.4.764'.
[  344.669915][ T5888] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  344.698387][ T5888] usb 4-1: device descriptor read/8, error -71
[  344.907371][ T5887] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  344.947434][ T5888] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  344.968115][ T5888] usb 4-1: device descriptor read/8, error -71
[  345.067523][ T5887] usb 5-1: Using ep0 maxpacket: 32
[  345.087943][ T5888] usb usb4-port1: unable to enumerate USB device
[  345.106080][ T5887] usb 5-1: config 0 has an invalid interface number: 221 but max is 0
[  345.115375][ T5887] usb 5-1: config 0 has no interface number 0
[  345.135329][ T5887] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  345.143455][ T8442] input: syz0 as /devices/virtual/input/input14
[  345.169142][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.216841][ T5887] usb 5-1: Product: syz
[  345.225976][ T5887] usb 5-1: Manufacturer: syz
[  345.243533][ T8444] netlink: 'syz.0.767': attribute type 16 has an invalid length.
[  345.274874][ T5887] usb 5-1: SerialNumber: syz
[  345.479165][ T5887] usb 5-1: config 0 descriptor??
[  345.840391][ T5918] usb 5-1: USB disconnect, device number 70
[  346.717522][ T5918] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  346.937340][ T5918] usb 4-1: Using ep0 maxpacket: 8
[  346.987435][ T5918] usb 4-1: too many configurations: 10, using maximum allowed: 8
[  347.139609][ T5886] usbhid 3-1:0.0: can't add hid device: -71
[  347.145685][ T5886] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  347.182391][ T8468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.770'.
[  347.204566][ T5918] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  347.227741][ T5886] usb 3-1: USB disconnect, device number 63
[  347.265136][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.329251][ T5918] usb 4-1: Product: syz
[  347.337354][ T5918] usb 4-1: Manufacturer: syz
[  347.342202][ T5918] usb 4-1: SerialNumber: syz
[  347.387458][ T5918] usb 4-1: config 0 descriptor??
[  347.410661][ T5918] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244)
[  347.472456][ T8470] dns_resolver: Unsupported server list version (0)
[  347.537425][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  347.538451][ T5925] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  347.607327][ T5925] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  347.744333][ T5918] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  347.757926][ T5918] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  347.788162][ T5918] usb 4-1: USB disconnect, device number 68
[  348.057460][ T5886] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  348.217320][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  348.227357][ T5887] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  348.246745][ T5886] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  348.266755][ T5886] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  348.297344][ T5886] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  348.334694][ T5886] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  348.382519][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.413816][ T8494] futex_wake_op: syz.1.776 tries to shift op by -1; fix this program
[  348.430206][ T5887] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 37, changing to 9
[  348.452840][ T5886] usb 3-1: Product: syz
[  348.464643][ T8494] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  348.476517][ T5886] usb 3-1: Manufacturer: syz
[  348.491146][ T5887] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  348.508061][ T5886] usb 3-1: SerialNumber: syz
[  348.528293][ T5887] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x2 has an invalid bInterval 128, changing to 11
[  348.549681][ T5887] usb 5-1: config 1 interface 0 has no altsetting 0
[  348.591917][ T5887] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.40
[  348.632072][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.661312][ T5887] usb 5-1: Product: 㭺༠뼇㗭ͨ뀑績酞ᅥϺ뭅霽眺ܖ䮘庞֘鉠晲窕圜ꟈ뀛㔕쯮஋庖龜邸ᡆᕐ悔洳䏁탵㐳
[  348.693351][ T5887] usb 5-1: Manufacturer: 㿹᠏拟䓱鑲銍ⲱ㍢䦔橐㆚旄㩫꼄尊һ㛛䠪콚鮆杭键죭怺ꑍﭒ馅㗛퇣溔▦领↝曥ꢰ瞌㜜䂟挅ⶌ昆澀꽗귮鉻蔠榰₈鄦Ḇഝ䉓⟬缯共ꦙ嗩곩ⷿ셑풥й䜭涔㖎ఇ਍耪樽Ňᐋ瑕⡙巠ᐌ딫녚㘣ꭼ鉅뵉鏺횠插鎅㐌貽碓䑥庄풤캮틞兰燭匄俨
[  348.804823][ T8478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.827571][ T5887] usb 5-1: SerialNumber: င
[  348.858820][ T8478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.021514][   T24] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  349.077428][ T2150] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  349.099300][ T5886] usb 3-1: 0:2 : does not exist
[  349.202098][   T24] usb 2-1: Using ep0 maxpacket: 16
[  349.209524][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  349.225236][   T24] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  349.242488][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.251692][   T24] usb 2-1: Product: syz
[  349.256153][   T24] usb 2-1: Manufacturer: syz
[  349.261404][ T2150] usb 4-1: Using ep0 maxpacket: 8
[  349.281285][ T2150] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  349.292833][ T5887] usbhid 5-1:1.0: can't add hid device: -71
[  349.296730][   T24] usb 2-1: SerialNumber: syz
[  349.303977][ T2150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.314234][ T5887] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  349.330079][   T24] usb 2-1: config 0 descriptor??
[  349.342913][ T2150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  349.361814][ T2150] usb 4-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  349.371772][ T5887] usb 5-1: USB disconnect, device number 71
[  349.373245][   T24] hub 2-1:0.0: bad descriptor, ignoring hub
[  349.407142][   T24] hub 2-1:0.0: probe with driver hub failed with error -5
[  349.427093][ T2150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.471681][   T24] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15
[  349.497019][ T2150] usb 4-1: config 0 descriptor??
[  349.534239][ T2150] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  349.697617][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  349.699932][ T5925] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  349.728090][ T8503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.768508][ T5925] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  349.780387][ T8503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  350.110336][ T5886] usb 3-1: 1:0: failed to get current value for ch 0 (-22)
[  350.203874][ T5886] usb 3-1: USB disconnect, device number 64
[  350.305625][ T6031] udevd[6031]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  350.868414][ T5886] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  351.040878][ T5886] usb 1-1: config 0 has an invalid interface number: 199 but max is 1
[  351.054941][ T5886] usb 1-1: config 0 has no interface number 1
[  351.065261][ T5886] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  351.085025][ T5886] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  351.113235][ T5886] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  351.135409][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  351.159337][ T5886] usb 1-1: SerialNumber: syz
[  351.192727][ T5886] usb 1-1: config 0 descriptor??
[  351.240030][ T5886] usb 1-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  351.267814][ T5886] usb 1-1: No valid video chain found.
[  351.724430][ T5889] usb 4-1: USB disconnect, device number 69
[  351.857866][   T55] Bluetooth: hci3: command 0x0c1a tx timeout
[  351.858545][ T5925] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  352.312440][ T5925] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  352.710615][ T5886] usb 2-1: USB disconnect, device number 51
[  352.783295][ T5889] usb 1-1: USB disconnect, device number 83
[  352.807417][ T5887] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  352.857875][ T5888] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  352.998497][ T5887] usb 3-1: Using ep0 maxpacket: 16
[  353.070331][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.096670][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.129273][ T5888] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  353.149758][ T5887] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  353.164415][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.185534][ T5888] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[  353.200481][ T5887] usb 3-1: config 0 descriptor??
[  353.233817][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.278608][ T5888] usb 4-1: config 0 descriptor??
[  353.878164][ T5888] hid-led 0003:1294:1320.0018: hidraw0: USB HID vff.fe Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0
[  353.961877][ T5888] hid-led 0003:1294:1320.0018: Riso Kagaku Webmail Notifier initialized
[  354.274935][ T5887] mcp2221 0003:04D8:00DD.0019: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  354.469789][    C0] ==================================================================
[  354.477904][    C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0xfcd/0x1190
[  354.485822][    C0] Read of size 1 at addr ffff88805797ffff by task syz.2.785/8556
[  354.493565][    C0] 
[  354.496051][    C0] CPU: 0 UID: 0 PID: 8556 Comm: syz.2.785 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  354.496073][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  354.496084][    C0] Call Trace:
[  354.496093][    C0]  <IRQ>
[  354.496100][    C0]  dump_stack_lvl+0x189/0x250
[  354.496126][    C0]  ? rcu_is_watching+0x15/0xb0
[  354.496149][    C0]  ? __kasan_check_byte+0x12/0x40
[  354.496173][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.496205][    C0]  ? rcu_is_watching+0x15/0xb0
[  354.496234][    C0]  ? lock_release+0x4b/0x3e0
[  354.496269][    C0]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  354.496301][    C0]  ? __virt_addr_valid+0x18c/0x540
[  354.496328][    C0]  ? __virt_addr_valid+0x469/0x540
[  354.496355][    C0]  print_report+0xb4/0x290
[  354.496382][    C0]  ? mcp2221_raw_event+0xfcd/0x1190
[  354.496402][    C0]  kasan_report+0x118/0x150
[  354.496422][    C0]  ? mcp2221_raw_event+0xfcd/0x1190
[  354.496443][    C0]  mcp2221_raw_event+0xfcd/0x1190
[  354.496462][    C0]  ? down_trylock+0x50/0xb0
[  354.496479][    C0]  hid_input_report+0x407/0x520
[  354.496495][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  354.496514][    C0]  hid_irq_in+0x47e/0x6d0
[  354.496535][    C0]  __usb_hcd_giveback_urb+0x417/0x690
[  354.496559][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  354.496584][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  354.496610][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  354.496634][    C0]  dummy_timer+0x862/0x4550
[  354.496677][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  354.496699][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  354.496720][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  354.496740][    C0]  __hrtimer_run_queues+0x529/0xc60
[  354.496769][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  354.496792][    C0]  ? read_tsc+0x9/0x20
[  354.496807][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  354.496834][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  354.496859][    C0]  handle_softirqs+0x283/0x870
[  354.496884][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  354.496898][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  354.496925][    C0]  __irq_exit_rcu+0xca/0x1f0
[  354.496938][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  354.496954][    C0]  irq_exit_rcu+0x9/0x30
[  354.496966][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  354.496991][    C0]  </IRQ>
[  354.497007][    C0]  <TASK>
[  354.497014][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  354.497031][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  354.497054][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 1b 33 d7 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  354.497068][    C0] RSP: 0018:ffffc9000481f498 EFLAGS: 00000206
[  354.497083][    C0] RAX: 0ebde8f9aed63a00 RBX: 0000000000000000 RCX: 0ebde8f9aed63a00
[  354.497095][    C0] RDX: 0000000000000001 RSI: ffffffff8d934029 RDI: ffffffff8bc1cde0
[  354.497106][    C0] RBP: ffffffff817199f5 R08: 0000000000000000 R09: 0000000000000000
[  354.497116][    C0] R10: 0000000000000000 R11: ffffffff817199f5 R12: 0000000000000002
[  354.497126][    C0] R13: ffffffff8df3b860 R14: 0000000000000000 R15: 0000000000000246
[  354.497137][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497155][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497179][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497200][    C0]  ? kfree+0x193/0x440
[  354.497222][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497246][    C0]  unwind_next_frame+0xc2/0x2390
[  354.497273][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497293][    C0]  ? unwind_next_frame+0xa5/0x2390
[  354.497311][    C0]  ? __kasan_slab_free+0x62/0x70
[  354.497333][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  354.497350][    C0]  arch_stack_walk+0x11c/0x150
[  354.497371][    C0]  ? kfree+0x193/0x440
[  354.497389][    C0]  stack_trace_save+0x9c/0xe0
[  354.497404][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  354.497420][    C0]  ? __lock_acquire+0xaac/0xd20
[  354.497449][    C0]  kasan_save_track+0x3e/0x80
[  354.497465][    C0]  ? kasan_save_track+0x3e/0x80
[  354.497480][    C0]  ? kasan_save_free_info+0x46/0x50
[  354.497502][    C0]  ? __kasan_slab_free+0x62/0x70
[  354.497518][    C0]  ? kfree+0x193/0x440
[  354.497552][    C0]  kasan_save_free_info+0x46/0x50
[  354.497575][    C0]  __kasan_slab_free+0x62/0x70
[  354.497592][    C0]  ? raw_ioctl+0x23fc/0x3c90
[  354.497611][    C0]  kfree+0x193/0x440
[  354.497629][    C0]  raw_ioctl+0x23fc/0x3c90
[  354.497650][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  354.497675][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  354.497699][    C0]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  354.497721][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  354.497745][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  354.497769][    C0]  ? __pfx_raw_ioctl+0x10/0x10
[  354.497790][    C0]  ? __pfx_futex_wake_mark+0x10/0x10
[  354.497820][    C0]  ? __fget_files+0x2a/0x420
[  354.497842][    C0]  ? __fget_files+0x3a0/0x420
[  354.497861][    C0]  ? __fget_files+0x2a/0x420
[  354.497883][    C0]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  354.497905][    C0]  __ia32_compat_sys_ioctl+0x551/0x840
[  354.497922][    C0]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  354.497943][    C0]  ? rcu_is_watching+0x15/0xb0
[  354.497968][    C0]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  354.497984][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.498007][    C0]  __do_fast_syscall_32+0xb4/0x110
[  354.498024][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.498039][    C0]  do_fast_syscall_32+0x34/0x80
[  354.498055][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  354.498074][    C0] RIP: 0023:0xf7f52539
[  354.498088][    C0] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  354.498101][    C0] RSP: 002b:00000000f5054504 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  354.498117][    C0] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040085507
[  354.498128][    C0] RDX: 00000000f5054548 RSI: 00000000f73e2ff4 RDI: 0000000000000001
[  354.498137][    C0] RBP: 00000000f5055568 R08: 0000000000000000 R09: 0000000000000000
[  354.498147][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  354.498156][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  354.498171][    C0]  </TASK>
[  354.498177][    C0] 
[  355.116802][    C0] Allocated by task 13:
[  355.120974][    C0]  kasan_save_track+0x3e/0x80
[  355.125669][    C0]  __kasan_kmalloc+0x93/0xb0
[  355.130621][    C0]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[  355.137316][    C0]  kmalloc_reserve+0x136/0x290
[  355.142129][    C0]  __alloc_skb+0x142/0x2d0
[  355.146562][    C0]  nsim_dev_trap_report_work+0x29a/0xb80
[  355.152323][    C0]  process_scheduled_works+0xadb/0x17a0
[  355.158321][    C0]  worker_thread+0x8a0/0xda0
[  355.162914][    C0]  kthread+0x70e/0x8a0
[  355.167095][    C0]  ret_from_fork+0x4b/0x80
[  355.171615][    C0]  ret_from_fork_asm+0x1a/0x30
[  355.176396][    C0] 
[  355.178814][    C0] Freed by task 13:
[  355.182900][    C0]  kasan_save_track+0x3e/0x80
[  355.187610][    C0]  kasan_save_free_info+0x46/0x50
[  355.193155][    C0]  __kasan_slab_free+0x62/0x70
[  355.198116][    C0]  kfree+0x193/0x440
[  355.202120][    C0]  skb_release_data+0x69a/0x890
[  355.207066][    C0]  consume_skb+0x9e/0xf0
[  355.211405][    C0]  nsim_dev_trap_report_work+0x7cf/0xb80
[  355.217178][    C0]  process_scheduled_works+0xadb/0x17a0
[  355.222936][    C0]  worker_thread+0x8a0/0xda0
[  355.227541][    C0]  kthread+0x70e/0x8a0
[  355.231672][    C0]  ret_from_fork+0x4b/0x80
[  355.236132][    C0]  ret_from_fork_asm+0x1a/0x30
[  355.240921][    C0] 
[  355.243268][    C0] The buggy address belongs to the object at ffff88805797e000
[  355.243268][    C0]  which belongs to the cache kmalloc-4k of size 4096
[  355.258295][    C0] The buggy address is located 4095 bytes to the right of
[  355.258295][    C0]  allocated 4096-byte region [ffff88805797e000, ffff88805797f000)
[  355.273469][    C0] 
[  355.275937][    C0] The buggy address belongs to the physical page:
[  355.282383][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57978
[  355.291279][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  355.299801][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  355.307382][    C0] page_type: f5(slab)
[  355.311629][    C0] raw: 00fff00000000040 ffff88801a042140 dead000000000100 dead000000000122
[  355.320311][    C0] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  355.328909][    C0] head: 00fff00000000040 ffff88801a042140 dead000000000100 dead000000000122
[  355.337761][    C0] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  355.346634][    C0] head: 00fff00000000003 ffffea00015e5e01 00000000ffffffff 00000000ffffffff
[  355.355328][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  355.364270][    C0] page dumped because: kasan: bad access detected
[  355.370714][    C0] page_owner tracks the page as allocated
[  355.376442][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7742, tgid 7741 (syz.4.559), ts 275415822142, free_ts 275213343419
[  355.398086][    C0]  post_alloc_hook+0x1d8/0x230
[  355.402878][    C0]  get_page_from_freelist+0x21ce/0x22b0
[  355.408446][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  355.414357][    C0]  alloc_pages_mpol+0x232/0x4a0
[  355.419490][    C0]  allocate_slab+0x8a/0x3b0
[  355.423996][    C0]  ___slab_alloc+0xbfc/0x1480
[  355.428684][    C0]  __kmalloc_cache_noprof+0x296/0x3d0
[  355.434246][    C0]  io_ring_ctx_alloc+0x53/0xa30
[  355.439187][    C0]  io_uring_create+0x130/0xb60
[  355.444039][    C0]  __se_sys_io_uring_setup+0x264/0x270
[  355.449602][    C0]  __do_fast_syscall_32+0xb4/0x110
[  355.454741][    C0]  do_fast_syscall_32+0x34/0x80
[  355.459862][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  355.466377][    C0] page last free pid 7741 tgid 7741 stack trace:
[  355.472720][    C0]  __free_frozen_pages+0xb0e/0xcd0
[  355.478146][    C0]  __put_partials+0x161/0x1c0
[  355.482888][    C0]  put_cpu_partial+0x17c/0x250
[  355.487869][    C0]  __slab_free+0x2f7/0x400
[  355.492386][    C0]  qlist_free_all+0x9a/0x140
[  355.497075][    C0]  kasan_quarantine_reduce+0x148/0x160
[  355.502712][    C0]  __kasan_slab_alloc+0x22/0x80
[  355.507575][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  355.513039][    C0]  ptlock_alloc+0x20/0x70
[  355.517377][    C0]  pte_alloc_one+0x6d/0x160
[  355.522079][    C0]  __handle_mm_fault+0x27e8/0x5380
[  355.527223][    C0]  handle_mm_fault+0x3f6/0x8c0
[  355.532201][    C0]  do_user_addr_fault+0xa81/0x1390
[  355.537575][    C0]  exc_page_fault+0x68/0x110
[  355.542364][    C0]  asm_exc_page_fault+0x26/0x30
[  355.547398][    C0] 
[  355.550105][    C0] Memory state around the buggy address:
[  355.555909][    C0]  ffff88805797fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  355.564076][    C0]  ffff88805797ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  355.572196][    C0] >ffff88805797ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  355.580302][    C0]                                                                 ^
[  355.588742][    C0]  ffff888057980000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  355.597013][    C0]  ffff888057980080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  355.605096][    C0] ==================================================================
[  355.613199][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  355.620410][    C0] CPU: 0 UID: 0 PID: 8556 Comm: syz.2.785 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
[  355.632410][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  355.642656][    C0] Call Trace:
[  355.645942][    C0]  <IRQ>
[  355.648801][    C0]  dump_stack_lvl+0x99/0x250
[  355.653429][    C0]  ? __asan_memcpy+0x40/0x70
[  355.658199][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.663515][    C0]  ? __pfx__printk+0x10/0x10
[  355.668117][    C0]  panic+0x2db/0x790
[  355.672296][    C0]  ? __pfx_panic+0x10/0x10
[  355.676813][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  355.682153][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  355.688388][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  355.695043][    C0]  ? mcp2221_raw_event+0xfcd/0x1190
[  355.700274][    C0]  check_panic_on_warn+0x89/0xb0
[  355.705261][    C0]  ? mcp2221_raw_event+0xfcd/0x1190
[  355.710496][    C0]  end_report+0x78/0x160
[  355.714778][    C0]  kasan_report+0x129/0x150
[  355.719305][    C0]  ? mcp2221_raw_event+0xfcd/0x1190
[  355.724532][    C0]  mcp2221_raw_event+0xfcd/0x1190
[  355.729744][    C0]  ? down_trylock+0x50/0xb0
[  355.734347][    C0]  hid_input_report+0x407/0x520
[  355.739297][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  355.744922][    C0]  hid_irq_in+0x47e/0x6d0
[  355.749270][    C0]  __usb_hcd_giveback_urb+0x417/0x690
[  355.754855][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  355.760684][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  355.766603][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[  355.772012][    C0]  dummy_timer+0x862/0x4550
[  355.776556][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  355.781607][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  355.786658][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  355.791625][    C0]  __hrtimer_run_queues+0x529/0xc60
[  355.796861][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  355.802613][    C0]  ? read_tsc+0x9/0x20
[  355.806865][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  355.812887][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  355.818108][    C0]  handle_softirqs+0x283/0x870
[  355.822991][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  355.828396][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  355.833704][    C0]  __irq_exit_rcu+0xca/0x1f0
[  355.838300][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  355.846026][    C0]  irq_exit_rcu+0x9/0x30
[  355.850370][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  355.856197][    C0]  </IRQ>
[  355.859220][    C0]  <TASK>
[  355.862431][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  355.868684][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  355.873987][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 1b 33 d7 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  355.893788][    C0] RSP: 0018:ffffc9000481f498 EFLAGS: 00000206
[  355.900615][    C0] RAX: 0ebde8f9aed63a00 RBX: 0000000000000000 RCX: 0ebde8f9aed63a00
[  355.909244][    C0] RDX: 0000000000000001 RSI: ffffffff8d934029 RDI: ffffffff8bc1cde0
[  355.917237][    C0] RBP: ffffffff817199f5 R08: 0000000000000000 R09: 0000000000000000
[  355.925398][    C0] R10: 0000000000000000 R11: ffffffff817199f5 R12: 0000000000000002
[  355.933580][    C0] R13: ffffffff8df3b860 R14: 0000000000000000 R15: 0000000000000246
[  355.941843][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.947086][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.952238][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.957360][    C0]  ? kfree+0x193/0x440
[  355.961539][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.966747][    C0]  unwind_next_frame+0xc2/0x2390
[  355.971698][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.976832][    C0]  ? unwind_next_frame+0xa5/0x2390
[  355.981956][    C0]  ? __kasan_slab_free+0x62/0x70
[  355.986927][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  355.993365][    C0]  arch_stack_walk+0x11c/0x150
[  355.998171][    C0]  ? kfree+0x193/0x440
[  356.002270][    C0]  stack_trace_save+0x9c/0xe0
[  356.006958][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  356.012397][    C0]  ? __lock_acquire+0xaac/0xd20
[  356.017369][    C0]  kasan_save_track+0x3e/0x80
[  356.022273][    C0]  ? kasan_save_track+0x3e/0x80
[  356.027236][    C0]  ? kasan_save_free_info+0x46/0x50
[  356.032646][    C0]  ? __kasan_slab_free+0x62/0x70
[  356.037605][    C0]  ? kfree+0x193/0x440
[  356.041709][    C0]  kasan_save_free_info+0x46/0x50
[  356.046819][    C0]  __kasan_slab_free+0x62/0x70
[  356.051657][    C0]  ? raw_ioctl+0x23fc/0x3c90
[  356.056620][    C0]  kfree+0x193/0x440
[  356.060537][    C0]  raw_ioctl+0x23fc/0x3c90
[  356.064988][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  356.070674][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  356.076347][    C0]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  356.082180][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  356.088106][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  356.094161][    C0]  ? __pfx_raw_ioctl+0x10/0x10
[  356.098969][    C0]  ? __pfx_futex_wake_mark+0x10/0x10
[  356.104285][    C0]  ? __fget_files+0x2a/0x420
[  356.108955][    C0]  ? __fget_files+0x3a0/0x420
[  356.113667][    C0]  ? __fget_files+0x2a/0x420
[  356.118302][    C0]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  356.123975][    C0]  __ia32_compat_sys_ioctl+0x551/0x840
[  356.129480][    C0]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  356.135491][    C0]  ? rcu_is_watching+0x15/0xb0
[  356.140307][    C0]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  356.147016][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.152242][    C0]  __do_fast_syscall_32+0xb4/0x110
[  356.157545][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.163099][    C0]  do_fast_syscall_32+0x34/0x80
[  356.168063][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  356.174791][    C0] RIP: 0023:0xf7f52539
[  356.178870][    C0] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  356.199138][    C0] RSP: 002b:00000000f5054504 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  356.207585][    C0] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040085507
[  356.215800][    C0] RDX: 00000000f5054548 RSI: 00000000f73e2ff4 RDI: 0000000000000001
[  356.224065][    C0] RBP: 00000000f5055568 R08: 0000000000000000 R09: 0000000000000000
[  356.232067][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  356.240250][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  356.248279][    C0]  </TASK>
[  356.251564][    C0] Kernel Offset: disabled
[  356.255899][    C0] Rebooting in 86400 seconds..