last executing test programs:

14.969039223s ago: executing program 4 (id=377):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x300, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0x2, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x4, 0x1, 0x0, 0x1, [{0x3}, {0x8}, {0x4}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x11}, {0x8}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0)

14.521809388s ago: executing program 4 (id=380):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
fallocate(0xffffffffffffffff, 0x3, 0x100000000, 0x80000000)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x400000000000000, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, 0x0)
syz_open_dev$loop(0x0, 0x75f, 0xa382)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r8, @ANYRESDEC=0x0])
openat$dir(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x414301, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x2000000, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(r9, 0x4008ae8a, &(0x7f0000000600)=ANY=[@ANYBLOB="0000000000000000f59c409dcc90e214d053a516c5e380800400efb7acd72c2767cdbaddcc56f63b1883275e883948c802a50583abe1a82d71b13311ad1672b2c04f8c8f6a52ad77cb3ae3ca71f1ec7a5bd22588af9007b8c84ca680e410ad0aa658ab4f2289f243fe0d7f67bd3dc98311c79a951bef8f2237978e8a02c9bad9a88ff817b0bc5e1a6a4bdeda22fcece279e8c7517844721e1d4b759aca8f2177eaafefc1d8d6d7cd08a04b2f35c9c9b3a9fbac3e0d0b057a878f002c9831fb2a95675b11e568b08b57a64e7da4239e7fe742587c4fa3dcb5c3a19637398cee541627dddaced05b00bd9242a8a949753b67d47af661ad526e0ba727d120bf7f6a0f6c5817c389d1bbdc407faeca44137f30bad0fc16fb6d53bf9a58ddb654db2c3a688e4127c22068fe1e0f2fd74c16aa8946def27adb3a4d02791a9362a8ae709501f8c7efe24efe88b09ab484a06100870fb51fa7d7d81e6ddda42dfc1f1f48dde84f7a6275"])
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})

10.318878271s ago: executing program 0 (id=394):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x44)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_open_procfs(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0, 0x0, 0x0, 0x900}}], 0x17fd147c801ae9af, 0xff00)

10.299462088s ago: executing program 4 (id=395):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = dup(r2)
r4 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r4, 0x200004)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000004c0)={0x3, 0x5, 0xffff1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CAP_X2APIC_API(r7, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3})
ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$MRT6(r4, 0x29, 0xcf, &(0x7f0000000200), &(0x7f0000000500)=0x4)
sendmsg$nl_generic(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x41, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x4, 0x90}]}]}, 0x28}}, 0x4010)
r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r9, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)={0x0, 0x13, 0x6, "fc19d02303f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendfile(r3, r4, 0x0, 0x80001d00c0d1)

7.334401363s ago: executing program 0 (id=402):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
write$P9_RXATTRWALK(r1, &(0x7f0000000000)={0xf, 0x1f, 0x2, 0x4}, 0xca80)
write$FUSE_STATFS(r1, &(0x7f0000000000)={0x60, 0x0, 0x0, {{0xe, 0x1, 0x2, 0x7, 0xac, 0x10000, 0x4, 0x1}}}, 0xca80) (fail_nth: 1)

6.638396091s ago: executing program 0 (id=404):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000014000905253d7000fddbdf25020000cb", @ANYRES32=r4, @ANYBLOB="08000a0001000000080009001f7c000008000200e000000208000a00feffffff08000100e00000020800090003"], 0x48}}, 0x4010)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2040, 0x0)
socket(0x18, 0x3, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(0xffffffffffffffff, 0x80044dfb, &(0x7f0000000100))
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000200), 0x0)
r5 = io_uring_setup(0x2ef1, &(0x7f0000000000)={0x0, 0x5712, 0x40, 0x0, 0x3})
r6 = socket$kcm(0x21, 0x2, 0x2)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x3)
write$uinput_user_dev(r7, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x664c]}, 0x45c)
ioctl$UI_DEV_CREATE(r7, 0x5501)
write$uinput_user_dev(r7, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0x40000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9f1, 0x400, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x0, 0x0, 0x40000, 0x687, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7fffffff, 0x0, 0x2, 0x51, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x4, 0x3, 0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x6], [0x2, 0x6, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x6, 0xc, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x8000, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0xfffffffd, 0x2000000, 0x40, 0x100, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x6, 0x80, 0x100000, 0x7, 0x8000, 0x1, 0xffffffff, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x40, 0x0, 0x6], [0x8, 0x0, 0x0, 0x0, 0x0, 0xbd8f, 0x2, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x0, 0x0, 0x7fe, 0xa, 0x0, 0x0, 0x800000, 0x40004, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffe, 0x3, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x1, 0x7ff, 0x0, 0x0, 0x4, 0x2000000, 0x6, 0x4], [0x4, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf63, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x1, 0x401, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffd, 0x6d, 0x5, 0x0, 0x0, 0x0, 0x80, 0x4, 0xfffffffc, 0x1, 0x0, 0x7, 0x408f3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x181, 0x0, 0x80, 0x3, 0x0, 0x0, 0x3]}, 0x45c)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_emit_ethernet(0x382, &(0x7f0000000b00)={@random="a25b1a6605ad", @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x34c, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @mcast2, {[], @mlv2_report={0x8f, 0x0, 0x0, 0x38, 0xa, [{0x4, 0x1, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, [@mcast2], [0x7]}, {0x1, 0x3, 0x4, @private2, [@private0={0xfc, 0x0, '\x00', 0x1}, @local, @local, @local], [0xf, 0x6, 0x40]}, {0x2, 0x1, 0x1, @ipv4={'\x00', '\xff\xff', @multicast1}, [@loopback], [0xced]}, {0x5, 0x8, 0x2, @ipv4={'\x00', '\xff\xff', @local}, [@mcast2, @mcast1], [0x1, 0x5, 0x2, 0x400, 0x81, 0x8, 0x78286752, 0x9]}, {0x2, 0x6, 0x2, @mcast1, [@mcast1, @mcast1], [0x4bcd, 0x9, 0x5, 0x80000000, 0x81, 0xffffffff]}, {0x4, 0x2, 0x7, @empty, [@empty, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, @empty, @mcast2, @local, @rand_addr=' \x01\x00'], [0x10000, 0x5]}, {0x8f, 0x5, 0x2, @rand_addr=' \x01\x00', [@private1, @local], [0x2, 0xb, 0x2, 0x1, 0x2]}, {0x3, 0x1, 0x6, @ipv4={'\x00', '\xff\xff', @multicast2}, [@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @loopback, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @multicast2}], [0x6324]}, {0x1, 0x1, 0x0, @empty, [], [0x2]}, {0xf, 0x3, 0x7, @mcast2, [@mcast1, @dev={0xfe, 0x80, '\x00', 0x11}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x2f}, @private2={0xfc, 0x2, '\x00', 0x1}], [0x7, 0x7, 0x0]}]}}}}}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x38}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb4}}, 0x0)
close_range(r5, r6, 0x0)

6.447622431s ago: executing program 4 (id=405):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000400)={0x2, 0x1, 0x10, 0x0, 0x2}, 0xc)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r2})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000100)={0xc4, 0x0, 0x800000})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'syztnl1\x00', <r4=>0x0, 0x2f, 0xf9, 0x3, 0xf47, 0x44, @loopback, @rand_addr=' \x01\x00', 0x20, 0x7800, 0x3, 0x4b40}})
syz_usb_connect$cdc_ecm(0x1, 0xd0, &(0x7f0000000380)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbe, 0x1, 0x1, 0x7, 0x0, 0x6, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x16, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x200, 0xfffe, 0x3}, [@network_terminal={0x7, 0x24, 0xa, 0x9, 0xb5, 0x0, 0x2}, @dmm={0x7, 0x24, 0x14, 0x7fff, 0x7}, @mdlm_detail={0x54, 0x24, 0x13, 0x1, "17f551f8e6ed3c08dc2af1624d439112f6854104d00eaec4bc296a22379c9311a20d20725d48ad4b9908670f91ea150cb1e5134e8ba598f6232b9986986fe03cdc83d774904b5ae2e9d25dfdb373cec5"}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0xd}, @country_functional={0xc, 0x24, 0x7, 0xfd, 0x5, [0x8, 0x7, 0x8]}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x1, 0x4, 0x97}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0xc, 0xb1, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xc, 0x1f, 0x1}}}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x9, 0xfb, 0x1, 0xff, 0x4}, 0x2d, &(0x7f0000000180)={0x5, 0xf, 0x2d, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "71467c6a0d14194e4665104e44917aae"}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x4, 0x1, 0xace}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x0, 0x3, 0x8}]}, 0x5, [{0x85, &(0x7f0000000600)=@string={0x85, 0x3, "9cbe1740c27650cba2184575981ef7da6d585777819f48a46dc978097ad461a2d981537060d538908627bc7d60c61700abfdeb26c5c8d52d29c3c9877cbce84d45682277d62b80ec39e8757dd4e70feb6c858aa3a7e7b3ff3b3d06069f502c7d821558ab2f53343e3842a9a97b6fbb2f8cc8a2f64cc9ee3b8fc366ca4518b71acf2cca"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x816}}, {0xf7, &(0x7f00000006c0)=@string={0xf7, 0x3, "9d9c9757a71bb24b06d1a30e838cee08a4fcbb7f101d03f6e1732e6a8138e83a61d780b17804bd1a68892fe8cc05679070345f63a66609f6e49ffab441b45b2d71a4a66c07501e4e6274502c9a2efc7086e605ff5a2fec036c537791be52222cc6491981fe77cd446e375c51366d78f449e4d50725706e6f6ddc538ae16cbf09aa1d3245f98d965ff917e297693e5c855a00b79849bac5c5305a9af20a7cd98983265e02ec76a8fc69493393472edba874629ab464fab8b0dde1de0ed617122154de717102a910450bbdc8bdc0ea0d1f42f2d53ee388571ab67941797e1acebc69f2163b793542845041250004c7f67ddfa0c8fb95"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x408}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x445}}]})
r5 = socket$alg(0x26, 0x5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
uname(&(0x7f00000002c0)=""/150)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000000c0)={0x4000, 0xa000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x117000})
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18)
accept4(r5, 0x0, 0x0, 0x80000)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000880)={0x6, 0x1ff, 0xabb1, 0x4})
socket$unix(0x1, 0x2, 0x0)
creat(&(0x7f0000000840)='./file0\x00', 0x28)
socket$inet_tcp(0x2, 0x1, 0x0)
socket(0x15, 0x5, 0x0)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000480)={&(0x7f0000000540)=@newtclass={0xb4, 0x28, 0xc18, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x0, 0xe}, {0xe, 0x8}, {0xfff1, 0x2}}, [@c_cbq={{0x8}, {0x4}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_VALUE={0x5, 0x5, 0x3}}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x6}}}, @c_cbq={{0x8}, {0x4c, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0xfff2, 0xe}, 0x8, 0x101}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x33, 0x3, 0x1e, 0x9, 0x6, 0x2, 0x3e, 0x2}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x10, 0xc}, 0xbd, 0x8}}, @TCA_CBQ_RATE={0x10, 0x5, {0x4, 0x2, 0x4, 0x3, 0xffe0, 0x4}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8085}, 0x8377c5f3e38bcf8f)

6.002016282s ago: executing program 2 (id=407):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, 0x0, 0x0)

5.722142067s ago: executing program 2 (id=410):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f000001f480), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000000, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x5}}, 0x50)
read$FUSE(r0, &(0x7f0000002900)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r2}, 0x10)

5.452806473s ago: executing program 0 (id=411):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000001c0), 0x1, 0x682100)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r3, 0xc01064c2, &(0x7f0000000000))
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYRES32=r4], 0x10000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r9 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffa, 0x281)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f00000000c0)={r8, 0xefff, {0x0, 0x0, 0x0, 0x1000003, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b39800000000000100ece8000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741c50d38ef2a565ef1e93323691c58d665020000000600", "a91005000200000038000000026d1a8554fe581b59ded130e04d528539f3d3285df8a69ea917af4444be3b3e7772fd29f35239d200", "244333791f045158d97405000000000000040000000100", [0xfffffffffeff7ffc]}})
ioctl$BTRFS_IOC_SPACE_INFO(r9, 0x4c08, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x5f, 0x800000000000)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, 0x0)
sendmsg$NFT_BATCH(r7, 0x0, 0x4810)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a010800000000000000000200000009"], 0x68}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x4000, 0x0)

5.276010147s ago: executing program 2 (id=412):
unshare(0x24020400)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000180)=0x8000000000000001)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x80010, 0xffffffffffffffff, 0x57c68000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
utimensat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{}, {0x0, 0x2710}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
ftruncate(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000140)={0x4, {0x1, 0x1, 0x8, 0x4, 0x5, 0x52}})
shutdown(r4, 0x1)
connect$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x4e22, @multicast1}, 0x10)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0)
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8608, 0x70910}, [@IFLA_MAP={0x24, 0xe, {0xfffffffffffffff8, 0x2, 0xd8, 0x3, 0x2, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
r7 = fspick(r6, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r7, 0x7, 0x0, 0x0, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r8, 0x6, 0x21, 0x0, 0x0)

3.192884269s ago: executing program 0 (id=420):
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
tkill(0x0, 0x7)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000440)={0x0, 0x0}, 0x8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000004440)=""/5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

3.082349555s ago: executing program 4 (id=421):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000840)={0x24, &(0x7f00000004c0)={0x40, 0x18, 0x2, "10d8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

2.870364064s ago: executing program 0 (id=423):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x18, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

1.650108038s ago: executing program 2 (id=435):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000200)=0xa0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x3, 0x3, 0x3, 0x1, 0x0, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
setitimer(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x6008040)

1.432256923s ago: executing program 3 (id=437):
socket$inet6_sctp(0xa, 0x1, 0x84)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
socket$kcm(0x10, 0x2, 0x0)
close(r0)

1.298414741s ago: executing program 3 (id=438):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
clock_gettime(0x0, &(0x7f0000000380))

1.248110926s ago: executing program 3 (id=439):
unshare(0x24020400)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000100)=0x6, 0x4)

1.169908036s ago: executing program 3 (id=440):
gettid()
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x105})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x25}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x6e}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

1.026470602s ago: executing program 3 (id=441):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

991.923293ms ago: executing program 3 (id=442):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

563.618272ms ago: executing program 1 (id=444):
unshare(0x22020600)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c0002800800034000000016080001"], 0x110}}, 0x0)

563.269534ms ago: executing program 2 (id=445):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18)
r1 = socket(0x200000000000011, 0x2, 0x2)
bind$packet(r1, &(0x7f0000000080)={0x11, 0x16, 0x0, 0x1, 0x20, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

395.08818ms ago: executing program 1 (id=446):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$pppoe(0x18, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x20048005)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

267.748272ms ago: executing program 1 (id=447):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0xff, @loopback, @loopback}}}}}}}, 0x0)

210.423927ms ago: executing program 2 (id=448):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x10, &(0x7f0000000100)={0x40, 0x12}, 0x0, 0x0})

182.818505ms ago: executing program 1 (id=449):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mknod$loop(0x0, 0x6000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r1, @ANYBLOB="bf4400000000000000000c"], 0x2ac}}, 0x0)

104.463784ms ago: executing program 1 (id=450):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="3b0200007d00000005fa"], 0x23b)

6.254612ms ago: executing program 1 (id=451):
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0)
lseek(0xffffffffffffffff, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

0s ago: executing program 4 (id=452):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000003c0)=@x86={0x5, 0x9, 0x6, 0x0, 0xfffffffe, 0x5, 0x4, 0xf, 0x5, 0x6, 0x8, 0x2, 0x0, 0x3, 0x5, 0x4, 0xf4, 0x84, 0x7f, '\x00', 0x7, 0x6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

 unknown main item tag 0x0
[   98.983645][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983676][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983707][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983737][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x2
[   98.983766][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983796][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983826][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983856][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983886][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983915][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983945][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   98.983974][  T980] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0
[   99.025661][ T5966] usb 3-1: config 0 has no interfaces?
[   99.031860][ T5966] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   99.031879][ T5966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.031892][ T5966] usb 3-1: Product: syz
[   99.031902][ T5966] usb 3-1: Manufacturer: syz
[   99.031912][ T5966] usb 3-1: SerialNumber: syz
[   99.033638][ T5966] usb 3-1: config 0 descriptor??
[   99.067474][  T980] hid-generic 00A0:0006:0003.0001: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[   99.254456][  T977] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   99.410387][  T977] usb 2-1: Using ep0 maxpacket: 8
[   99.427895][  T977] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[   99.427922][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.427949][  T977] usb 2-1: Product: syz
[   99.427964][  T977] usb 2-1: Manufacturer: syz
[   99.427978][  T977] usb 2-1: SerialNumber: syz
[   99.432667][  T977] usb 2-1: config 0 descriptor??
[   99.436739][  T977] gspca_main: sq930x-2.14.0 probing 2770:930c
[  100.113549][ T6193] netlink: 28 bytes leftover after parsing attributes in process `syz.0.72'.
[  100.157997][  T977] gspca_sq930x: ucbus_write failed -110
[  100.158074][  T977] sq930x 2-1:0.0: probe with driver sq930x failed with error -110
[  100.348418][ T5966] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  100.518002][ T5966] usb 1-1: Using ep0 maxpacket: 32
[  100.525398][ T5966] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  100.525430][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  100.525457][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  100.525499][ T5966] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  100.525522][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.528073][ T5966] usb 1-1: config 0 descriptor??
[  100.529433][ T6193] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  100.533827][ T5966] hub 1-1:0.0: USB hub found
[  101.028060][ T5966] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  101.035145][ T5966] usbhid 1-1:0.0: can't add hid device: -71
[  101.035216][ T5966] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  101.049015][ T5966] usb 1-1: USB disconnect, device number 3
[  101.390337][ T6197] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.398374][ T6197] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.408671][ T5889] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  101.587898][ T5889] usb 5-1: device descriptor read/64, error -71
[  101.804947][  T977] usb 2-1: USB disconnect, device number 8
[  101.837897][ T5889] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  101.991163][   T43] usb 3-1: USB disconnect, device number 6
[  102.018628][ T5889] usb 5-1: device descriptor read/64, error -71
[  102.033796][ T6197] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.133001][ T5889] usb usb5-port1: attempt power cycle
[  102.160115][ T6197] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.354152][ T6197] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.397913][ T6197] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.411782][ T6197] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.433590][ T6197] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.498095][  T977] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  102.528504][ T5889] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  102.559687][ T6211] syzkaller1: entered promiscuous mode
[  102.566208][ T5889] usb 5-1: device descriptor read/8, error -71
[  102.576304][ T6211] syzkaller1: entered allmulticast mode
[  102.606174][ T6220] Zero length message leads to an empty skb
[  102.620882][ T6212] FAULT_INJECTION: forcing a failure.
[  102.620882][ T6212] name failslab, interval 1, probability 0, space 0, times 0
[  102.635296][ T6212] CPU: 1 UID: 0 PID: 6212 Comm: syz.2.80 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  102.635320][ T6212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  102.635331][ T6212] Call Trace:
[  102.635338][ T6212]  <TASK>
[  102.635345][ T6212]  dump_stack_lvl+0x189/0x250
[  102.635380][ T6212]  ? __pfx____ratelimit+0x10/0x10
[  102.635408][ T6212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.635437][ T6212]  ? __pfx__printk+0x10/0x10
[  102.635462][ T6212]  ? __pfx___might_resched+0x10/0x10
[  102.635490][ T6212]  ? fs_reclaim_acquire+0x7d/0x100
[  102.635517][ T6212]  should_fail_ex+0x414/0x560
[  102.635546][ T6212]  should_failslab+0xa8/0x100
[  102.635567][ T6212]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  102.635585][ T6212]  ? __alloc_skb+0x112/0x2d0
[  102.635610][ T6212]  __alloc_skb+0x112/0x2d0
[  102.635635][ T6212]  netlink_ack+0x146/0xa50
[  102.635655][ T6212]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  102.635673][ T6212]  ? ref_tracker_free+0x63a/0x7d0
[  102.635696][ T6212]  ? __copy_skb_header+0xa7/0x550
[  102.635722][ T6212]  ? __pfx_ref_tracker_free+0x10/0x10
[  102.635764][ T6212]  ? __skb_clone+0x63/0x7a0
[  102.635797][ T6212]  netlink_rcv_skb+0x28c/0x470
[  102.635821][ T6212]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  102.635843][ T6212]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  102.635879][ T6212]  ? netlink_deliver_tap+0x2e/0x1b0
[  102.635901][ T6212]  ? netlink_deliver_tap+0x2e/0x1b0
[  102.635936][ T6212]  netlink_unicast+0x758/0x8d0
[  102.635967][ T6212]  netlink_sendmsg+0x805/0xb30
[  102.636000][ T6212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.636027][ T6212]  ? aa_sock_msg_perm+0x94/0x160
[  102.636054][ T6212]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  102.636090][ T6212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.636113][ T6212]  __sock_sendmsg+0x21c/0x270
[  102.636146][ T6212]  ____sys_sendmsg+0x505/0x830
[  102.636174][ T6212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  102.636206][ T6212]  ? import_iovec+0x74/0xa0
[  102.636227][ T6212]  ___sys_sendmsg+0x21f/0x2a0
[  102.636253][ T6212]  ? __pfx____sys_sendmsg+0x10/0x10
[  102.636309][ T6212]  ? __fget_files+0x2a/0x420
[  102.636329][ T6212]  ? __fget_files+0x3a0/0x420
[  102.636362][ T6212]  __x64_sys_sendmsg+0x19b/0x260
[  102.636389][ T6212]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  102.636422][ T6212]  ? __pfx_ksys_write+0x10/0x10
[  102.636438][ T6212]  ? rcu_is_watching+0x15/0xb0
[  102.636471][ T6212]  ? do_syscall_64+0xbe/0x3b0
[  102.636492][ T6212]  do_syscall_64+0xfa/0x3b0
[  102.636508][ T6212]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.636534][ T6212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.636553][ T6212]  ? clear_bhb_loop+0x60/0xb0
[  102.636575][ T6212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.636592][ T6212] RIP: 0033:0x7fc77578e929
[  102.636608][ T6212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.636623][ T6212] RSP: 002b:00007fc776578038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.636643][ T6212] RAX: ffffffffffffffda RBX: 00007fc7759b5fa0 RCX: 00007fc77578e929
[  102.636656][ T6212] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  102.636667][ T6212] RBP: 00007fc776578090 R08: 0000000000000000 R09: 0000000000000000
[  102.636678][ T6212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.636689][ T6212] R13: 0000000000000000 R14: 00007fc7759b5fa0 R15: 00007fc775adfa28
[  102.636716][ T6212]  </TASK>
[  102.970835][  T977] usb 2-1: Using ep0 maxpacket: 8
[  103.097844][ T5889] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  103.118510][ T5889] usb 5-1: device descriptor read/8, error -71
[  103.228260][ T5889] usb usb5-port1: unable to enumerate USB device
[  103.317142][  T977] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  103.329248][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.358164][  T977] usb 2-1: Product: syz
[  103.378853][  T977] usb 2-1: Manufacturer: syz
[  103.383673][  T977] usb 2-1: SerialNumber: syz
[  103.449087][  T977] usb 2-1: config 0 descriptor??
[  103.477509][  T977] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  103.679222][ T6226] netlink: 'syz.2.83': attribute type 1 has an invalid length.
[  103.708695][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057c06400: rx timeout, send abort
[  104.209268][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057c05c00: rx timeout, send abort
[  104.217666][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057c06400: abort rx timeout. Force session deactivation
[  104.289356][ T5889] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  104.498379][ T5889] usb 5-1: Using ep0 maxpacket: 32
[  104.505330][ T5889] usb 5-1: config 0 interface 0 has no altsetting 0
[  104.516721][ T5889] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  104.526473][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.551007][ T5889] usb 5-1: Product: syz
[  104.562812][ T5889] usb 5-1: Manufacturer: syz
[  104.600535][  T977] gspca_sonixj: reg_w1 err -71
[  104.607962][ T5889] usb 5-1: SerialNumber: syz
[  104.649124][ T5889] usb 5-1: config 0 descriptor??
[  104.691550][  T977] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  104.703153][  T977] usb 2-1: USB disconnect, device number 9
[  104.717629][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057c05c00: abort rx timeout. Force session deactivation
[  105.078918][ T5889] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  105.669358][ T6244] bridge_slave_0: left allmulticast mode
[  105.675057][ T6244] bridge_slave_0: left promiscuous mode
[  105.688909][ T6246] FAULT_INJECTION: forcing a failure.
[  105.688909][ T6246] name failslab, interval 1, probability 0, space 0, times 0
[  105.707735][ T5966] usb 5-1: USB disconnect, device number 10
[  105.719845][ T6244] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.734174][ T6246] CPU: 1 UID: 0 PID: 6246 Comm: syz.3.90 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  105.734198][ T6246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.734209][ T6246] Call Trace:
[  105.734217][ T6246]  <TASK>
[  105.734225][ T6246]  dump_stack_lvl+0x189/0x250
[  105.734260][ T6246]  ? __pfx____ratelimit+0x10/0x10
[  105.734288][ T6246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.734319][ T6246]  ? __pfx__printk+0x10/0x10
[  105.734345][ T6246]  ? __pfx___might_resched+0x10/0x10
[  105.734379][ T6246]  should_fail_ex+0x414/0x560
[  105.734420][ T6246]  should_failslab+0xa8/0x100
[  105.734441][ T6246]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  105.734462][ T6246]  ? __alloc_skb+0x112/0x2d0
[  105.734489][ T6246]  __alloc_skb+0x112/0x2d0
[  105.734516][ T6246]  netlink_sendmsg+0x5c6/0xb30
[  105.734548][ T6246]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.734575][ T6246]  ? aa_sock_msg_perm+0x94/0x160
[  105.734600][ T6246]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  105.734624][ T6246]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.734659][ T6246]  __sock_sendmsg+0x21c/0x270
[  105.734699][ T6246]  ____sys_sendmsg+0x505/0x830
[  105.734724][ T6246]  ? __pfx_____sys_sendmsg+0x10/0x10
[  105.734752][ T6246]  ? import_iovec+0x74/0xa0
[  105.734770][ T6246]  ___sys_sendmsg+0x21f/0x2a0
[  105.734795][ T6246]  ? __pfx____sys_sendmsg+0x10/0x10
[  105.734843][ T6246]  ? __fget_files+0x2a/0x420
[  105.734860][ T6246]  ? __fget_files+0x3a0/0x420
[  105.734885][ T6246]  __x64_sys_sendmsg+0x19b/0x260
[  105.734908][ T6246]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  105.734936][ T6246]  ? __pfx_ksys_write+0x10/0x10
[  105.734949][ T6246]  ? rcu_is_watching+0x15/0xb0
[  105.734978][ T6246]  ? do_syscall_64+0xbe/0x3b0
[  105.734997][ T6246]  do_syscall_64+0xfa/0x3b0
[  105.735010][ T6246]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.735038][ T6246]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.735068][ T6246]  ? clear_bhb_loop+0x60/0xb0
[  105.735089][ T6246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.735106][ T6246] RIP: 0033:0x7f1b0298e929
[  105.735121][ T6246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.735136][ T6246] RSP: 002b:00007f1b0376e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.735154][ T6246] RAX: ffffffffffffffda RBX: 00007f1b02bb5fa0 RCX: 00007f1b0298e929
[  105.735167][ T6246] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  105.735178][ T6246] RBP: 00007f1b0376e090 R08: 0000000000000000 R09: 0000000000000000
[  105.735189][ T6246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.735200][ T6246] R13: 0000000000000000 R14: 00007f1b02bb5fa0 R15: 00007f1b02cdfa28
[  105.735226][ T6246]  </TASK>
[  106.014078][ T6244] bridge_slave_1: left allmulticast mode
[  106.021803][ T6244] bridge_slave_1: left promiscuous mode
[  106.027626][ T6244] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.042952][ T5889] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  106.106420][ T6244] bond0: (slave bond_slave_0): Releasing backup interface
[  106.131365][ T6244] bond0: (slave bond_slave_1): Releasing backup interface
[  106.157421][ T6244] team0: Port device team_slave_0 removed
[  106.169825][ T6244] team0: Port device team_slave_1 removed
[  106.176486][ T6244] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.185451][ T6244] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.198149][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  106.199584][ T6244] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.205659][ T5889] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  106.223391][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  106.247988][ T6244] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.256596][ T5889] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  106.265984][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.274156][ T5889] usb 2-1: Product: syz
[  106.278386][ T5889] usb 2-1: Manufacturer: syz
[  106.282999][ T5889] usb 2-1: SerialNumber: syz
[  106.291136][ T5889] usb 2-1: config 0 descriptor??
[  106.308617][ T5889] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  106.342207][ T5889] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  106.678009][  T980] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  106.857948][  T980] usb 3-1: Using ep0 maxpacket: 8
[  106.873238][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  106.913201][ T5889] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  106.925045][  T980] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  106.933981][ T5889] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  107.104784][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  107.219764][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  107.251344][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  107.265818][ T6285] netlink: zone id is out of range
[  107.533179][  T980] usb 3-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  107.567030][  T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.658512][ T5889] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[  107.669128][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  107.676123][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  107.685388][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  107.693169][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  107.712869][  T980] usb 3-1: Product: syz
[  107.716922][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  107.727883][ T3082] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  107.749529][  T980] usb 3-1: Manufacturer: syz
[  107.803852][  T980] usb 3-1: SerialNumber: syz
[  107.927807][ T3082] usb 4-1: Using ep0 maxpacket: 8
[  107.939113][  T980] usb 3-1: config 0 descriptor??
[  107.960567][ T3082] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  107.970551][ T3082] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.975750][  T980] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -8
[  107.986908][ T3082] usb 4-1: Product: syz
[  108.035476][ T3082] usb 4-1: Manufacturer: syz
[  108.066876][ T3082] usb 4-1: SerialNumber: syz
[  108.086895][ T3082] usb 4-1: config 0 descriptor??
[  108.115983][ T3082] gspca_main: sq930x-2.14.0 probing 2770:930c
[  108.299411][  T980] usb 3-1: USB disconnect, device number 7
[  108.325552][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  108.332276][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  108.339813][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  108.356453][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  108.371442][ T5889] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  108.399809][ T5889] usb 2-1: USB disconnect, device number 10
[  108.828199][ T3082] gspca_sq930x: ucbus_write failed -110
[  108.925507][ T3082] sq930x 4-1:0.0: probe with driver sq930x failed with error -110
[  109.092431][ T6315] FAULT_INJECTION: forcing a failure.
[  109.092431][ T6315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.188087][ T6315] CPU: 0 UID: 0 PID: 6315 Comm: syz.0.108 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  109.188117][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  109.188130][ T6315] Call Trace:
[  109.188138][ T6315]  <TASK>
[  109.188147][ T6315]  dump_stack_lvl+0x189/0x250
[  109.188186][ T6315]  ? __pfx____ratelimit+0x10/0x10
[  109.188218][ T6315]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.188251][ T6315]  ? __pfx__printk+0x10/0x10
[  109.188273][ T6315]  ? __might_fault+0xb0/0x130
[  109.188305][ T6315]  should_fail_ex+0x414/0x560
[  109.188337][ T6315]  _copy_from_user+0x2d/0xb0
[  109.188360][ T6315]  ___sys_sendmsg+0x158/0x2a0
[  109.188390][ T6315]  ? __pfx____sys_sendmsg+0x10/0x10
[  109.188455][ T6315]  ? __fget_files+0x2a/0x420
[  109.188478][ T6315]  ? __fget_files+0x3a0/0x420
[  109.188512][ T6315]  __x64_sys_sendmsg+0x19b/0x260
[  109.188542][ T6315]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  109.188580][ T6315]  ? __pfx_ksys_write+0x10/0x10
[  109.188596][ T6315]  ? rcu_is_watching+0x15/0xb0
[  109.188634][ T6315]  ? do_syscall_64+0xbe/0x3b0
[  109.188658][ T6315]  do_syscall_64+0xfa/0x3b0
[  109.188676][ T6315]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.188707][ T6315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.188727][ T6315]  ? clear_bhb_loop+0x60/0xb0
[  109.188752][ T6315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.188772][ T6315] RIP: 0033:0x7f1264d8e929
[  109.188790][ T6315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.188807][ T6315] RSP: 002b:00007f1265cdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  109.188829][ T6315] RAX: ffffffffffffffda RBX: 00007f1264fb5fa0 RCX: 00007f1264d8e929
[  109.188843][ T6315] RDX: 0000000000000000 RSI: 0000200000005d80 RDI: 0000000000000003
[  109.188856][ T6315] RBP: 00007f1265cdd090 R08: 0000000000000000 R09: 0000000000000000
[  109.188868][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.188880][ T6315] R13: 0000000000000000 R14: 00007f1264fb5fa0 R15: 00007f12650dfa28
[  109.188910][ T6315]  </TASK>
[  109.404894][    C0] vkms_vblank_simulate: vblank timer overrun
[  109.699421][ T6325] fuse: Bad value for 'fd'
[  109.804752][ T6335] fuse: Bad value for 'fd'
[  109.871658][ T6336] fuse: Bad value for 'fd'
[  110.007046][ T6321] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  110.014055][ T6321] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  110.044950][ T6321] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  110.063441][ T6321] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  110.071458][ T6321] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  110.082456][ T6321] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  110.093547][ T6321] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  110.100926][ T6321] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  110.113102][ T6321] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  110.146126][ T6321] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  110.153036][ T6321] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  110.162235][ T6321] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  110.170170][ T6321] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  110.176253][ T6321] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  110.186349][ T6321] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  110.659547][ T3082] usb 4-1: USB disconnect, device number 8
[  110.661207][ T6362] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  110.688369][ T6363] netlink: 'syz.1.116': attribute type 39 has an invalid length.
[  111.038832][  T980] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  111.221276][ T6375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.119'.
[  111.370229][  T980] usb 1-1: config 0 has no interfaces?
[  111.567096][ T6380] xt_CT: You must specify a L4 protocol and not use inversions on it
[  111.605136][  T980] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  111.614838][  T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.623297][  T980] usb 1-1: Product: syz
[  111.707886][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout
[  111.750250][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  111.750266][   T30] audit: type=1326 audit(1749985845.846:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0298e929 code=0x7ffc0000
[  111.821714][  T980] usb 1-1: Manufacturer: syz
[  111.826513][  T980] usb 1-1: SerialNumber: syz
[  111.840575][  T980] usb 1-1: config 0 descriptor??
[  111.940477][   T30] audit: type=1326 audit(1749985845.846:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6376 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0298e929 code=0x7ffc0000
[  112.114945][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  112.121104][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout
[  112.195591][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  112.206685][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[  112.595938][ T6397] QAT: failed to copy from user cfg_data.
[  112.718186][ T5889] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  112.883582][ T5889] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  112.893903][ T5889] usb 4-1: config 0 interface 0 has no altsetting 0
[  112.915454][ T5889] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  112.927466][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.947652][ T5889] usb 4-1: Product: syz
[  112.966171][ T5889] usb 4-1: Manufacturer: syz
[  112.980810][ T5889] usb 4-1: SerialNumber: syz
[  113.003202][ T6401] FAULT_INJECTION: forcing a failure.
[  113.003202][ T6401] name failslab, interval 1, probability 0, space 0, times 0
[  113.027942][ T5889] usb 4-1: config 0 descriptor??
[  113.034619][ T6401] CPU: 1 UID: 0 PID: 6401 Comm: syz.2.127 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  113.034646][ T6401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  113.034658][ T6401] Call Trace:
[  113.034667][ T6401]  <TASK>
[  113.034680][ T6401]  dump_stack_lvl+0x189/0x250
[  113.034731][ T6401]  ? __pfx____ratelimit+0x10/0x10
[  113.034762][ T6401]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.034804][ T6401]  ? __pfx__printk+0x10/0x10
[  113.034831][ T6401]  ? __pfx___might_resched+0x10/0x10
[  113.034866][ T6401]  should_fail_ex+0x414/0x560
[  113.034896][ T6401]  should_failslab+0xa8/0x100
[  113.034919][ T6401]  kmem_cache_alloc_noprof+0x73/0x3c0
[  113.034950][ T6401]  ? sk_prot_alloc+0x57/0x220
[  113.034978][ T6401]  sk_prot_alloc+0x57/0x220
[  113.035008][ T6401]  ? sk_alloc+0x24/0x370
[  113.035032][ T6401]  sk_alloc+0x3a/0x370
[  113.035061][ T6401]  inet_create+0x76b/0x1000
[  113.035082][ T6401]  ? inet_create+0x97/0x1000
[  113.035106][ T6401]  __sock_create+0x4b3/0x9f0
[  113.035134][ T6401]  udp_sock_create4+0xbe/0x4b0
[  113.035156][ T6401]  ? __pfx_udp_sock_create4+0x10/0x10
[  113.035188][ T6401]  rxrpc_lookup_local+0xcae/0x1410
[  113.035224][ T6401]  ? __pfx_rxrpc_lookup_local+0x10/0x10
[  113.035256][ T6401]  ? __local_bh_enable_ip+0x12d/0x1c0
[  113.035290][ T6401]  ? __local_bh_enable_ip+0x12d/0x1c0
[  113.035322][ T6401]  ? do_raw_spin_unlock+0x122/0x240
[  113.035350][ T6401]  rxrpc_sendmsg+0x399/0x710
[  113.035377][ T6401]  ? __pfx_rxrpc_sendmsg+0x10/0x10
[  113.035400][ T6401]  __sock_sendmsg+0x21c/0x270
[  113.035433][ T6401]  ____sys_sendmsg+0x505/0x830
[  113.035464][ T6401]  ? __pfx_____sys_sendmsg+0x10/0x10
[  113.035498][ T6401]  ? import_iovec+0x74/0xa0
[  113.035522][ T6401]  ___sys_sendmsg+0x21f/0x2a0
[  113.035549][ T6401]  ? __pfx____sys_sendmsg+0x10/0x10
[  113.035610][ T6401]  ? __fget_files+0x2a/0x420
[  113.035631][ T6401]  ? __fget_files+0x3a0/0x420
[  113.035664][ T6401]  __x64_sys_sendmsg+0x19b/0x260
[  113.035692][ T6401]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  113.035727][ T6401]  ? __pfx_ksys_write+0x10/0x10
[  113.035754][ T6401]  ? rcu_is_watching+0x15/0xb0
[  113.035787][ T6401]  ? do_syscall_64+0xbe/0x3b0
[  113.035807][ T6401]  do_syscall_64+0xfa/0x3b0
[  113.035823][ T6401]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.035849][ T6401]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.035867][ T6401]  ? clear_bhb_loop+0x60/0xb0
[  113.035895][ T6401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.035912][ T6401] RIP: 0033:0x7fc77578e929
[  113.035928][ T6401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.035943][ T6401] RSP: 002b:00007fc776578038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.035961][ T6401] RAX: ffffffffffffffda RBX: 00007fc7759b5fa0 RCX: 00007fc77578e929
[  113.035974][ T6401] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  113.035985][ T6401] RBP: 00007fc776578090 R08: 0000000000000000 R09: 0000000000000000
[  113.036002][ T6401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.036012][ T6401] R13: 0000000000000000 R14: 00007fc7759b5fa0 R15: 00007fc775adfa28
[  113.036040][ T6401]  </TASK>
[  113.495894][ T5889] usb 4-1: selecting invalid altsetting 0
[  113.714381][ T6395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.731354][ T6395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.778787][ T6394] netlink: 20 bytes leftover after parsing attributes in process `syz.3.124'.
[  113.789179][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  113.820871][  T980] usb 4-1: USB disconnect, device number 9
[  113.838651][ T5889] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  113.918430][ T6412] netlink: 108 bytes leftover after parsing attributes in process `syz.2.130'.
[  113.953452][ T6413] netlink: 192 bytes leftover after parsing attributes in process `syz.4.129'.
[  113.963060][ T6413] netlink: 36 bytes leftover after parsing attributes in process `syz.4.129'.
[  114.188328][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  114.194579][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  114.215679][  T977] usb 1-1: USB disconnect, device number 4
[  114.281121][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  114.287656][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[  114.497922][   T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  114.548073][ T6422] xt_CT: You must specify a L4 protocol and not use inversions on it
[  114.659072][   T10] usb 3-1: Using ep0 maxpacket: 16
[  114.692130][   T10] usb 3-1: config 0 has an invalid interface number: 196 but max is 1
[  114.711125][   T10] usb 3-1: config 0 has an invalid interface number: 196 but max is 1
[  114.731870][   T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  114.755170][   T10] usb 3-1: config 0 has no interface number 0
[  114.761429][   T10] usb 3-1: config 0 interface 196 altsetting 119 endpoint 0xB has an invalid bInterval 248, changing to 11
[  114.786153][   T10] usb 3-1: config 0 interface 196 altsetting 119 endpoint 0xD has invalid wMaxPacketSize 0
[  114.806772][   T30] audit: type=1326 audit(1749985848.906:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.1.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f558e929 code=0x7ffc0000
[  114.832438][   T10] usb 3-1: config 0 interface 196 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  114.880137][   T30] audit: type=1326 audit(1749985848.936:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.1.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f558e929 code=0x7ffc0000
[  114.991193][   T10] usb 3-1: config 0 interface 196 has no altsetting 0
[  115.012282][   T10] usb 3-1: config 0 interface 196 has no altsetting 1
[  115.172683][   T10] usb 3-1: New USB device found, idVendor=0a46, idProduct=1269, bcdDevice=1a.0a
[  115.193947][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.428026][   T10] usb 3-1: Product: syz
[  115.443930][   T10] usb 3-1: Manufacturer: syz
[  115.462592][   T10] usb 3-1: SerialNumber: syz
[  115.501233][   T30] audit: type=1326 audit(1749985848.936:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.1.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f81f558e929 code=0x7ffc0000
[  115.527430][   T10] usb 3-1: config 0 descriptor??
[  115.846624][   T30] audit: type=1326 audit(1749985848.936:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.1.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f558e929 code=0x7ffc0000
[  115.862951][ T6434] dlm: plock device version mismatch: kernel (1.2.0), user (926363952.926365495.926365495)
[  115.888682][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  115.894892][   T30] audit: type=1326 audit(1749985848.936:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.1.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f558e929 code=0x7ffc0000
[  115.933584][   T10] dm9601 3-1:0.196: probe with driver dm9601 failed with error -22
[  116.106143][   T10] usb 3-1: USB disconnect, device number 8
[  116.267938][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  116.274024][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout
[  116.348012][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  116.356198][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[  116.591304][   T30] audit: type=1326 audit(1749985850.696:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6405 comm="syz.4.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7fc00000
[  116.903544][ T5889] usb 5-1: device descriptor read/all, error -71
[  117.798286][   T30] audit: type=1326 audit(1749985851.886:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  117.941891][ T6484] netlink: 'syz.0.141': attribute type 1 has an invalid length.
[  118.154108][ T5889] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  118.290447][   T30] audit: type=1326 audit(1749985851.886:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  118.408440][ T5889] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  118.608967][  T977] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  118.657830][   T30] audit: type=1326 audit(1749985852.046:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  118.679896][ T5966] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  118.797822][   T30] audit: type=1326 audit(1749985852.046:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  118.928275][  T977] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  118.965566][  T977] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  118.966384][ T5966] usb 5-1: config 0 has no interfaces?
[  118.974764][   T30] audit: type=1326 audit(1749985852.046:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.036585][  T977] usb 1-1: config 1 has no interface number 0
[  119.046829][  T977] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.097916][  T977] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  119.107133][   T30] audit: type=1326 audit(1749985852.206:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.187992][  T977] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  119.217455][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.271253][   T30] audit: type=1326 audit(1749985852.206:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.317167][  T977] usb 1-1: Product: syz
[  119.327800][  T977] usb 1-1: Manufacturer: syz
[  119.341472][  T977] usb 1-1: SerialNumber: syz
[  119.368241][   T30] audit: type=1326 audit(1749985852.256:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.418461][ T5966] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  119.434158][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.483358][   T30] audit: type=1326 audit(1749985852.256:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.483428][ T5966] usb 5-1: Product: syz
[  119.540464][   T30] audit: type=1326 audit(1749985852.256:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  119.859157][ T5966] usb 5-1: Manufacturer: syz
[  119.867167][ T5966] usb 5-1: SerialNumber: syz
[  119.896792][ T5966] usb 5-1: config 0 descriptor??
[  119.957168][ T6512] netlink: 176 bytes leftover after parsing attributes in process `syz.1.143'.
[  120.103339][ T6514] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check.
[  120.273503][  T977] cdc_ncm 1-1:1.1: bind() failure
[  120.309253][ T6517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.319557][ T6517] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.329326][ T6517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.341816][ T6517] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.476297][  T977] usb 1-1: USB disconnect, device number 5
[  120.782387][   T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  120.977836][   T10] usb 3-1: Using ep0 maxpacket: 8
[  121.000444][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  121.017979][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  121.065555][ T6524] netlink: 20 bytes leftover after parsing attributes in process `syz.1.147'.
[  121.098538][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  121.138260][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.164333][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  121.183683][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.412354][   T10] usb 3-1: GET_CAPABILITIES returned 0
[  121.437617][   T10] usbtmc 3-1:16.0: can't read capabilities
[  121.624498][ T6518] usbtmc 3-1:16.0: send_request_dev_dep_msg_in returned -90
[  121.930873][ T5897] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  121.972211][  T977] usb 5-1: USB disconnect, device number 13
[  122.037877][   T10] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  122.108466][ T5897] usb 4-1: Using ep0 maxpacket: 8
[  122.153269][ T5897] usb 4-1: unable to get BOS descriptor or descriptor too short
[  122.259621][ T5897] usb 4-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 16
[  122.272211][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  122.461380][ T5897] usb 4-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[  122.471929][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  122.517190][ T5897] usb 4-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  122.544999][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  122.590366][ T6548] netlink: 'syz.4.155': attribute type 2 has an invalid length.
[  122.598592][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  122.598623][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  122.602426][ T5897] usb 4-1: config 1 interface 0 has no altsetting 0
[  122.771416][  T977] usb 3-1: USB disconnect, device number 9
[  122.830288][   T10] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  122.890331][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  122.890344][   T30] audit: type=1326 audit(1749985856.996:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.4.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  122.955425][   T30] audit: type=1326 audit(1749985856.996:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.4.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  122.998828][ T5897] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  123.029641][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.075485][ T6558] netlink: 12 bytes leftover after parsing attributes in process `syz.1.158'.
[  123.105513][   T30] audit: type=1326 audit(1749985856.996:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.4.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  123.171822][   T30] audit: type=1326 audit(1749985856.996:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.4.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  123.204710][   T30] audit: type=1326 audit(1749985856.996:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6551 comm="syz.4.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  123.272152][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.302257][   T10] usb 1-1: Product: syz
[  123.371354][   T10] usb 1-1: Manufacturer: syz
[  123.394137][ T5897] usb 4-1: Product: syz
[  123.399676][ T6558] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  123.441910][   T10] usb 1-1: SerialNumber: syz
[  123.492979][ T5897] usb 4-1: Manufacturer: syz
[  123.510858][   T10] usb 1-1: config 0 descriptor??
[  123.521964][ T5897] usb 4-1: SerialNumber: syz
[  123.592872][   T10] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7
[  123.855368][ T6530] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  123.914103][ T6530] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  123.938118][ T5966] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  124.099484][ T5966] usb 3-1: Using ep0 maxpacket: 8
[  124.123156][ T5966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.149507][ T5897] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  124.175123][ T5966] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  124.194211][ T5897] usb 4-1: USB disconnect, device number 10
[  124.219638][ T5966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.237116][ T5966] usb 3-1: Product: syz
[  124.246955][ T5966] usb 3-1: Manufacturer: syz
[  124.255729][ T5966] usb 3-1: SerialNumber: syz
[  124.309109][ T5966] usb 3-1: config 0 descriptor??
[  124.557151][ T5966] usb 3-1: USB disconnect, device number 10
[  124.918616][ T6578] netlink: zone id is out of range
[  125.115068][ T5889] usb 1-1: USB disconnect, device number 6
[  125.120514][ T6580] FAULT_INJECTION: forcing a failure.
[  125.120514][ T6580] name failslab, interval 1, probability 0, space 0, times 0
[  125.173804][ T5966] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  125.178412][ T6580] CPU: 0 UID: 0 PID: 6580 Comm: syz.3.165 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  125.178444][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  125.178456][ T6580] Call Trace:
[  125.178465][ T6580]  <TASK>
[  125.178475][ T6580]  dump_stack_lvl+0x189/0x250
[  125.178514][ T6580]  ? __pfx____ratelimit+0x10/0x10
[  125.178548][ T6580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.178583][ T6580]  ? __pfx__printk+0x10/0x10
[  125.178612][ T6580]  ? __pfx___might_resched+0x10/0x10
[  125.178645][ T6580]  ? fs_reclaim_acquire+0x7d/0x100
[  125.178683][ T6580]  should_fail_ex+0x414/0x560
[  125.178717][ T6580]  should_failslab+0xa8/0x100
[  125.178743][ T6580]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  125.178764][ T6580]  ? __alloc_skb+0x112/0x2d0
[  125.178794][ T6580]  __alloc_skb+0x112/0x2d0
[  125.178822][ T6580]  netlink_ack+0x146/0xa50
[  125.178845][ T6580]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  125.178866][ T6580]  ? ref_tracker_free+0x63a/0x7d0
[  125.178895][ T6580]  ? __copy_skb_header+0xa7/0x550
[  125.178924][ T6580]  ? __pfx_ref_tracker_free+0x10/0x10
[  125.178953][ T6580]  ? __skb_clone+0x63/0x7a0
[  125.178989][ T6580]  netlink_rcv_skb+0x28c/0x470
[  125.179015][ T6580]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  125.179040][ T6580]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  125.179079][ T6580]  ? netlink_deliver_tap+0x2e/0x1b0
[  125.179103][ T6580]  ? netlink_deliver_tap+0x2e/0x1b0
[  125.179135][ T6580]  netlink_unicast+0x758/0x8d0
[  125.179168][ T6580]  netlink_sendmsg+0x805/0xb30
[  125.179205][ T6580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  125.179235][ T6580]  ? aa_sock_msg_perm+0x94/0x160
[  125.179264][ T6580]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  125.179293][ T6580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  125.179320][ T6580]  __sock_sendmsg+0x21c/0x270
[  125.179356][ T6580]  ____sys_sendmsg+0x505/0x830
[  125.179390][ T6580]  ? __pfx_____sys_sendmsg+0x10/0x10
[  125.179432][ T6580]  ? import_iovec+0x74/0xa0
[  125.179458][ T6580]  ___sys_sendmsg+0x21f/0x2a0
[  125.179489][ T6580]  ? __pfx____sys_sendmsg+0x10/0x10
[  125.179557][ T6580]  ? __fget_files+0x2a/0x420
[  125.179582][ T6580]  ? __fget_files+0x3a0/0x420
[  125.179617][ T6580]  __x64_sys_sendmsg+0x19b/0x260
[  125.179648][ T6580]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  125.179693][ T6580]  ? __pfx_ksys_write+0x10/0x10
[  125.179711][ T6580]  ? rcu_is_watching+0x15/0xb0
[  125.179750][ T6580]  ? do_syscall_64+0xbe/0x3b0
[  125.179774][ T6580]  do_syscall_64+0xfa/0x3b0
[  125.179793][ T6580]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.179824][ T6580]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.179845][ T6580]  ? clear_bhb_loop+0x60/0xb0
[  125.179871][ T6580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.179892][ T6580] RIP: 0033:0x7f1b0298e929
[  125.179910][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.179933][ T6580] RSP: 002b:00007f1b0376e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  125.179956][ T6580] RAX: ffffffffffffffda RBX: 00007f1b02bb5fa0 RCX: 00007f1b0298e929
[  125.179972][ T6580] RDX: 0000000004000052 RSI: 0000200000000140 RDI: 0000000000000003
[  125.179985][ T6580] RBP: 00007f1b0376e090 R08: 0000000000000000 R09: 0000000000000000
[  125.179999][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.180011][ T6580] R13: 0000000000000000 R14: 00007f1b02bb5fa0 R15: 00007f1b02cdfa28
[  125.180043][ T6580]  </TASK>
[  125.712241][ T6584] fuse: Bad value for 'fd'
[  125.738115][ T5966] usb 2-1: Using ep0 maxpacket: 8
[  125.754002][ T5966] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  125.767883][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.797257][ T5966] usb 2-1: Product: syz
[  125.811719][ T5966] usb 2-1: Manufacturer: syz
[  125.827827][ T5966] usb 2-1: SerialNumber: syz
[  125.856538][ T5966] usb 2-1: config 0 descriptor??
[  125.880065][ T5966] gspca_main: sq930x-2.14.0 probing 2770:930c
[  126.567985][   T24] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  126.599466][ T6601] netlink: 'syz.3.172': attribute type 1 has an invalid length.
[  126.648180][ T5966] gspca_sq930x: ucbus_write failed -110
[  126.654476][ T5966] sq930x 2-1:0.0: probe with driver sq930x failed with error -110
[  126.761374][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  126.815662][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  126.864763][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  126.935704][   T24] usb 1-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  126.957795][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.989154][   T24] usb 1-1: config 0 descriptor??
[  127.006289][ T6596] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  127.476878][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  127.495081][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  127.535910][   T24] usb 1-1: USB disconnect, device number 7
[  127.727299][ T5966] usb 2-1: USB disconnect, device number 11
[  129.078362][  T977] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  129.391621][  T977] usb 1-1: config 0 has no interfaces?
[  129.399325][  T977] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  129.410948][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.421299][  T977] usb 1-1: Product: syz
[  129.425492][  T977] usb 1-1: Manufacturer: syz
[  129.430333][ T5897] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  129.439179][  T977] usb 1-1: SerialNumber: syz
[  129.461931][  T977] usb 1-1: config 0 descriptor??
[  129.547931][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  129.555600][  T980] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  129.589630][ T5897] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  129.598294][ T5897] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  129.606952][ T5897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.627459][ T5897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  129.648194][ T5897] usb 3-1: config 1 has no interface number 0
[  129.654344][ T5897] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  129.663946][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.698337][  T980] usb 5-1: device descriptor read/64, error -71
[  129.718008][   T10] usb 2-1: Using ep0 maxpacket: 32
[  129.725994][   T10] usb 2-1: config 0 has an invalid interface number: 201 but max is 0
[  129.735585][   T10] usb 2-1: config 0 has no interface number 0
[  129.749632][   T10] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=e9.0e
[  129.769169][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.777898][   T10] usb 2-1: Product: syz
[  129.782590][   T10] usb 2-1: Manufacturer: syz
[  129.787185][   T10] usb 2-1: SerialNumber: syz
[  129.824364][ T5897] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  129.844338][   T10] usb 2-1: config 0 descriptor??
[  129.937857][  T980] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  130.019525][ T5897] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[  130.039086][ T5897] snd_usb_pod 3-1:1.1: invalid control EP
[  130.044891][ T5897] snd_usb_pod 3-1:1.1: cannot start listening: -22
[  130.055279][ T6640] kvm: user requested TSC rate below hardware speed
[  130.072532][  T980] usb 5-1: device descriptor read/64, error -71
[  130.081491][   T10] pcwd_usb: The device isn't a Human Interface Device
[  130.090372][ T5897] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  130.098168][ T5897] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[  130.113960][   T10] usb 2-1: USB disconnect, device number 12
[  130.189343][  T980] usb usb5-port1: attempt power cycle
[  130.324237][ T6647] netlink: 52 bytes leftover after parsing attributes in process `syz.3.187'.
[  130.538208][  T980] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  130.558558][  T980] usb 5-1: device descriptor read/8, error -71
[  130.575121][ T6654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.583959][ T6654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.743996][ T6658] netlink: 16 bytes leftover after parsing attributes in process `syz.1.191'.
[  130.764117][ T6658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.191'.
[  130.773071][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  130.807856][  T980] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  130.829550][  T980] usb 5-1: device descriptor read/8, error -71
[  130.937983][   T10] usb 4-1: Using ep0 maxpacket: 16
[  130.943348][  T980] usb usb5-port1: unable to enumerate USB device
[  130.953482][   T10] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  130.961794][   T10] usb 4-1: config 0 has no interface number 0
[  130.968067][   T10] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  130.978017][   T10] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  130.987965][   T10] usb 4-1: config 0 interface 41 has no altsetting 0
[  130.999553][   T10] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  131.009108][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.017140][   T10] usb 4-1: Product: syz
[  131.021444][   T10] usb 4-1: Manufacturer: syz
[  131.026059][   T10] usb 4-1: SerialNumber: syz
[  131.033666][   T10] usb 4-1: config 0 descriptor??
[  131.039520][ T6653] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  131.046779][ T6653] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  131.067861][ T5890] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  131.190171][ T5889] usb 1-1: USB disconnect, device number 8
[  131.220801][ T5890] usb 2-1: Using ep0 maxpacket: 16
[  131.237067][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.261526][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.264617][ T6653] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  131.271804][ T5890] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  131.293838][ T5890] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  131.307509][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.316214][ T6653] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  131.387285][ T5890] usb 2-1: config 0 descriptor??
[  131.485975][   T30] audit: type=1326 audit(1749985865.586:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  131.534432][   T30] audit: type=1326 audit(1749985865.586:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  131.561547][   T30] audit: type=1326 audit(1749985865.626:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  131.588255][   T30] audit: type=1326 audit(1749985865.626:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1264d2ab19 code=0x7ffc0000
[  131.621179][   T30] audit: type=1326 audit(1749985865.626:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1264d2ab19 code=0x7ffc0000
[  131.649102][   T30] audit: type=1326 audit(1749985865.626:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  131.676112][   T30] audit: type=1326 audit(1749985865.626:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1264d2ab19 code=0x7ffc0000
[  131.707259][   T30] audit: type=1326 audit(1749985865.626:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1264d2ab19 code=0x7ffc0000
[  131.730924][   T30] audit: type=1326 audit(1749985865.626:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1264d8e929 code=0x7ffc0000
[  131.754505][   T30] audit: type=1326 audit(1749985865.626:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6664 comm="syz.0.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1264d2ab19 code=0x7ffc0000
[  131.841818][ T5890] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max
[  131.867689][ T5890] microsoft 0003:045E:07DA.0003: No inputs registered, leaving
[  131.898334][ T5890] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  131.916516][ T5890] microsoft 0003:045E:07DA.0003: no inputs found
[  131.926035][ T5890] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[  131.991462][   T10] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  132.081956][   T24] usb 2-1: USB disconnect, device number 13
[  132.166574][ T5890] usb 3-1: USB disconnect, device number 11
[  132.378432][ T6677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.197'.
[  132.677646][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  132.685370][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  132.888665][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.199'.
[  132.917301][ T6690] binder: 6685:6690 ioctl c0306201 200000000480 returned -14
[  132.917977][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.199'.
[  133.057980][  T980] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  133.251013][   T10] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[  133.288145][   T10] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  133.396653][   T10] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71
[  133.442636][   T10] usb 4-1: USB disconnect, device number 11
[  133.457704][ T6698] capability: warning: `syz.2.202' uses deprecated v2 capabilities in a way that may be insecure
[  133.516751][  T980] usb 5-1: config 0 has no interfaces?
[  133.639025][  T980] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  133.648247][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.657706][  T980] usb 5-1: Product: syz
[  133.668910][  T980] usb 5-1: Manufacturer: syz
[  133.673674][  T980] usb 5-1: SerialNumber: syz
[  133.694592][  T980] usb 5-1: config 0 descriptor??
[  133.803069][ T6700] fuse: Bad value for 'group_id'
[  133.810113][ T6700] fuse: Bad value for 'group_id'
[  133.945247][ T6702] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  134.035016][ T6702] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  134.305142][ T6704] netlink: 'syz.1.205': attribute type 7 has an invalid length.
[  134.373691][ T6704] netlink: 16 bytes leftover after parsing attributes in process `syz.1.205'.
[  135.863789][  T980] usb 5-1: USB disconnect, device number 18
[  136.087882][ T5889] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  136.163373][ T6728] netlink: zone id is out of range
[  136.218013][   T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  136.231601][ T5889] usb 1-1: device descriptor read/64, error -71
[  136.356754][ T6732] sch_tbf: peakrate 64 is lower than or equals to rate 2147483649 !
[  136.430586][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.437990][ T5890] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  136.449623][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.478615][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  136.510665][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  136.520047][ T5889] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  136.553767][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.603965][   T24] usb 4-1: config 0 descriptor??
[  136.617962][ T5890] usb 5-1: Using ep0 maxpacket: 8
[  136.684867][ T5890] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  136.697883][ T5889] usb 1-1: device descriptor read/64, error -71
[  136.704382][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.715340][ T5890] usb 5-1: Product: syz
[  136.734782][ T5890] usb 5-1: Manufacturer: syz
[  136.743411][ T5890] usb 5-1: SerialNumber: syz
[  136.780303][ T5890] usb 5-1: config 0 descriptor??
[  136.821732][ T5889] usb usb1-port1: attempt power cycle
[  137.051088][   T24] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  137.145850][ T5890] gspca_main: sq930x-2.14.0 probing 2770:930c
[  137.173578][   T24] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  137.215790][ T6720] syz.1.209 (6720): drop_caches: 2
[  137.298366][ T5889] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  137.320757][ T5889] usb 1-1: device descriptor read/8, error -71
[  137.387956][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  137.541989][   T24] usb 3-1: config 0 has no interfaces?
[  137.554805][   T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  137.564221][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.572388][ T5889] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  137.589564][   T24] usb 3-1: Product: syz
[  137.604531][   T24] usb 3-1: Manufacturer: syz
[  137.637349][ T5889] usb 1-1: device descriptor read/8, error -71
[  137.646102][   T24] usb 3-1: SerialNumber: syz
[  137.657362][   T24] usb 3-1: config 0 descriptor??
[  137.748307][ T5889] usb usb1-port1: unable to enumerate USB device
[  137.858499][ T5890] gspca_sq930x: ucbus_write failed -110
[  137.864236][ T5890] sq930x 5-1:0.0: probe with driver sq930x failed with error -110
[  138.038934][ T5890] usb 5-1: USB disconnect, device number 19
[  139.132424][ T5889] usb 4-1: USB disconnect, device number 12
[  139.538439][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  139.864525][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.931524][ T6769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  139.957169][   T24] usb 1-1: config 0 has no interfaces?
[  139.965253][ T5966] usb 3-1: USB disconnect, device number 12
[  139.973883][   T24] usb 1-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  139.992297][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.000648][   T24] usb 1-1: Product: syz
[  140.005483][   T24] usb 1-1: Manufacturer: syz
[  140.010792][   T24] usb 1-1: SerialNumber: syz
[  140.024471][   T24] usb 1-1: config 0 descriptor??
[  140.326407][ T6782] process 'syz.2.229' launched './file2' with NULL argv: empty string added
[  140.485408][ T6777] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004
[  141.668796][ T6810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.700687][ T6810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.777827][   T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  141.794043][ T6810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.831549][ T6810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.985145][   T10] usb 2-1: config 0 has no interfaces?
[  142.086073][   T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  142.115653][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.142494][   T10] usb 2-1: Product: syz
[  142.173911][   T10] usb 2-1: Manufacturer: syz
[  142.182690][   T10] usb 2-1: SerialNumber: syz
[  142.196442][   T10] usb 2-1: config 0 descriptor??
[  142.317990][  T980] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  142.468374][  T980] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  142.477456][  T980] usb 5-1: unable to read config index 0 descriptor/start: -61
[  142.485231][  T980] usb 5-1: can't read configurations, error -61
[  142.629520][  T980] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  142.798530][  T980] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  142.808289][  T980] usb 5-1: unable to read config index 0 descriptor/start: -61
[  142.816481][  T980] usb 5-1: can't read configurations, error -61
[  142.830988][  T980] usb usb5-port1: attempt power cycle
[  143.103477][ T5966] usb 1-1: USB disconnect, device number 13
[  143.188544][  T980] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  143.211133][  T980] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  143.222124][  T980] usb 5-1: unable to read config index 0 descriptor/start: -61
[  143.231801][  T980] usb 5-1: can't read configurations, error -61
[  143.368046][  T980] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  143.410181][  T980] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  143.427666][  T980] usb 5-1: unable to read config index 0 descriptor/start: -61
[  143.436627][  T980] usb 5-1: can't read configurations, error -61
[  143.450199][  T980] usb usb5-port1: unable to enumerate USB device
[  143.710442][ T5966] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  143.730613][ T6844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.245'.
[  143.868147][ T5966] usb 1-1: Using ep0 maxpacket: 16
[  143.878729][ T5966] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  143.891406][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  143.907105][ T5966] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  143.916421][ T5966] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.924752][ T5966] usb 1-1: Product: syz
[  143.929243][ T5966] usb 1-1: Manufacturer: syz
[  143.933880][ T5966] usb 1-1: SerialNumber: syz
[  143.941475][ T5966] usb 1-1: config 0 descriptor??
[  143.951736][ T5966] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  143.961162][ T5966] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  144.427989][   T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  144.572325][ T5966] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  144.588913][   T24] usb 3-1: Using ep0 maxpacket: 32
[  144.594515][ T5966] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  144.606040][   T24] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  144.616180][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.624323][   T24] usb 3-1: Product: syz
[  144.628905][   T24] usb 3-1: Manufacturer: syz
[  144.633591][   T24] usb 3-1: SerialNumber: syz
[  144.642833][   T24] usb 3-1: config 0 descriptor??
[  145.020227][ T5897] usb 2-1: USB disconnect, device number 14
[  145.074276][ T6852] netlink: 'syz.1.248': attribute type 21 has an invalid length.
[  145.091679][   T24] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  145.111254][ T6852] netlink: 132 bytes leftover after parsing attributes in process `syz.1.248'.
[  145.117600][   T24] peak_usb 3-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  145.188012][ T6854] tipc: Started in network mode
[  145.203201][ T6854] tipc: Node identity ac14140f, cluster identity 4711
[  145.220246][   T24] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[  145.234772][ T5966] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  145.236915][ T6854] tipc: New replicast peer: 255.255.255.255
[  145.261246][   T24] usb 3-1: USB disconnect, device number 13
[  145.280080][ T6854] tipc: Enabled bearer <udp:syz2>, priority 10
[  145.579633][  T980] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  145.874161][  T980] usb 5-1: config 0 has an invalid interface number: 207 but max is 0
[  145.915825][  T980] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.961224][  T980] usb 5-1: config 0 has no interface number 0
[  145.985345][  T980] usb 5-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  146.013673][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.057422][  T980] usb 5-1: Product: syz
[  146.076266][  T980] usb 5-1: Manufacturer: syz
[  146.096460][  T980] usb 5-1: SerialNumber: syz
[  146.111510][ T5966] em28xx 1-1:0.0: couldn't setup AC97 register 4
[  146.128297][ T5966] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  146.137342][  T980] usb 5-1: config 0 descriptor??
[  146.148679][ T5966] em28xx 1-1:0.0: couldn't setup AC97 register 54
[  146.176518][ T5966] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  146.215634][ T5966] usb 1-1: USB disconnect, device number 14
[  146.368345][  T980] qmi_wwan 5-1:0.207: probe with driver qmi_wwan failed with error -22
[  146.408980][ T5897] tipc: Node number set to 2886997007
[  146.438848][  T980] usb 5-1: USB disconnect, device number 24
[  146.628111][ T6876] fuse: Unknown parameter ''
[  147.027972][  T980] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  147.220732][  T980] usb 3-1: config 0 has no interfaces?
[  147.226516][ T6896] netlink: 'syz.0.262': attribute type 10 has an invalid length.
[  147.271919][  T980] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  147.304333][  T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.324129][  T980] usb 3-1: Product: syz
[  147.339871][  T980] usb 3-1: Manufacturer: syz
[  147.366268][  T980] usb 3-1: SerialNumber: syz
[  147.393915][  T980] usb 3-1: config 0 descriptor??
[  147.601846][ T6908] FAULT_INJECTION: forcing a failure.
[  147.601846][ T6908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.706605][ T6908] CPU: 0 UID: 0 PID: 6908 Comm: syz.4.266 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  147.706627][ T6908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.706636][ T6908] Call Trace:
[  147.706642][ T6908]  <TASK>
[  147.706649][ T6908]  dump_stack_lvl+0x189/0x250
[  147.706675][ T6908]  ? __pfx____ratelimit+0x10/0x10
[  147.706699][ T6908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.706722][ T6908]  ? __pfx__printk+0x10/0x10
[  147.706737][ T6908]  ? __might_fault+0xb0/0x130
[  147.706758][ T6908]  should_fail_ex+0x414/0x560
[  147.706780][ T6908]  _copy_from_iter+0x3f5/0x16f0
[  147.706809][ T6908]  ? __pfx__copy_from_iter+0x10/0x10
[  147.706835][ T6908]  ? set_page_refcounted+0xa0/0x1e0
[  147.706853][ T6908]  af_alg_sendmsg+0x1436/0x22e0
[  147.706870][ T6908]  ? __pfx___might_resched+0x10/0x10
[  147.706908][ T6908]  ? __pfx_af_alg_sendmsg+0x10/0x10
[  147.706924][ T6908]  ? __pfx_aa_sk_perm+0x10/0x10
[  147.706945][ T6908]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  147.706970][ T6908]  ? aa_sock_msg_perm+0x94/0x160
[  147.706990][ T6908]  ? skcipher_sendmsg+0x26/0xf0
[  147.707008][ T6908]  ? __pfx_skcipher_sendmsg+0x10/0x10
[  147.707028][ T6908]  __sock_sendmsg+0x21c/0x270
[  147.707053][ T6908]  ____sys_sendmsg+0x505/0x830
[  147.707075][ T6908]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.707099][ T6908]  ? import_iovec+0x74/0xa0
[  147.707115][ T6908]  ___sys_sendmsg+0x21f/0x2a0
[  147.707135][ T6908]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.707187][ T6908]  ? __fget_files+0x2a/0x420
[  147.707201][ T6908]  ? __fget_files+0x3a0/0x420
[  147.707222][ T6908]  __x64_sys_sendmsg+0x19b/0x260
[  147.707240][ T6908]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  147.707263][ T6908]  ? __pfx_ksys_write+0x10/0x10
[  147.707278][ T6908]  ? do_syscall_64+0xbe/0x3b0
[  147.707293][ T6908]  do_syscall_64+0xfa/0x3b0
[  147.707304][ T6908]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.707323][ T6908]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.707336][ T6908]  ? clear_bhb_loop+0x60/0xb0
[  147.707351][ T6908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.707364][ T6908] RIP: 0033:0x7f3d1918e929
[  147.707375][ T6908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.707386][ T6908] RSP: 002b:00007f3d1a034038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.707400][ T6908] RAX: ffffffffffffffda RBX: 00007f3d193b6080 RCX: 00007f3d1918e929
[  147.707410][ T6908] RDX: 0000000004084041 RSI: 0000200000000180 RDI: 0000000000000004
[  147.707418][ T6908] RBP: 00007f3d1a034090 R08: 0000000000000000 R09: 0000000000000000
[  147.707426][ T6908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.707434][ T6908] R13: 0000000000000001 R14: 00007f3d193b6080 R15: 00007f3d194dfa28
[  147.707453][ T6908]  </TASK>
[  148.618430][ T6920] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  148.748000][  T980] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  148.857940][ T5890] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  148.905573][ T6923] FAULT_INJECTION: forcing a failure.
[  148.905573][ T6923] name failslab, interval 1, probability 0, space 0, times 0
[  148.919992][ T6923] CPU: 0 UID: 0 PID: 6923 Comm: syz.4.272 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  148.920018][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.920029][ T6923] Call Trace:
[  148.920036][ T6923]  <TASK>
[  148.920044][ T6923]  dump_stack_lvl+0x189/0x250
[  148.920081][ T6923]  ? __pfx____ratelimit+0x10/0x10
[  148.920109][ T6923]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.920138][ T6923]  ? __pfx__printk+0x10/0x10
[  148.920163][ T6923]  ? __pfx___might_resched+0x10/0x10
[  148.920191][ T6923]  ? fs_reclaim_acquire+0x7d/0x100
[  148.920217][ T6923]  should_fail_ex+0x414/0x560
[  148.920246][ T6923]  should_failslab+0xa8/0x100
[  148.920267][ T6923]  __kmalloc_noprof+0xcb/0x4f0
[  148.920284][ T6923]  ? kfree+0x4d/0x440
[  148.920308][ T6923]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  148.920340][ T6923]  tomoyo_realpath_from_path+0xe3/0x5d0
[  148.920367][ T6923]  ? tomoyo_domain+0xd9/0x130
[  148.920398][ T6923]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  148.920419][ T6923]  tomoyo_path_number_perm+0x1e8/0x5a0
[  148.920443][ T6923]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  148.920480][ T6923]  ? __lock_acquire+0xab9/0xd20
[  148.920524][ T6923]  ? __fget_files+0x2a/0x420
[  148.920548][ T6923]  ? __fget_files+0x2a/0x420
[  148.920567][ T6923]  ? __fget_files+0x3a0/0x420
[  148.920586][ T6923]  ? __fget_files+0x2a/0x420
[  148.920610][ T6923]  security_file_ioctl+0xcb/0x2d0
[  148.920632][ T6923]  __se_sys_ioctl+0x47/0x170
[  148.920661][ T6923]  do_syscall_64+0xfa/0x3b0
[  148.920677][ T6923]  ? lockdep_hardirqs_on+0x9c/0x150
[  148.920705][ T6923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.920723][ T6923]  ? clear_bhb_loop+0x60/0xb0
[  148.920745][ T6923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.920763][ T6923] RIP: 0033:0x7f3d1918e929
[  148.920778][ T6923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.920794][ T6923] RSP: 002b:00007f3d1a05c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  148.920814][ T6923] RAX: ffffffffffffffda RBX: 00007f3d193b5fa0 RCX: 00007f3d1918e929
[  148.920828][ T6923] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  148.920839][ T6923] RBP: 00007f3d1a05c090 R08: 0000000000000000 R09: 0000000000000000
[  148.920851][ T6923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.920861][ T6923] R13: 0000000000000000 R14: 00007f3d193b5fa0 R15: 00007f3d194dfa28
[  148.920897][ T6923]  </TASK>
[  148.922132][ T6923] ERROR: Out of memory at tomoyo_realpath_from_path.
[  149.175733][  T980] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  149.184055][  T980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  149.197768][  T980] usb 2-1: config 0 has no interface number 0
[  149.207275][  T980] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  149.216430][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.225484][  T980] usb 2-1: Product: syz
[  149.229724][  T980] usb 2-1: Manufacturer: syz
[  149.234321][  T980] usb 2-1: SerialNumber: syz
[  149.240760][  T980] usb 2-1: config 0 descriptor??
[  149.257874][ T5890] usb 4-1: device descriptor read/64, error -71
[  149.497851][ T5890] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  149.657828][ T5890] usb 4-1: device descriptor read/64, error -71
[  149.778360][ T5890] usb usb4-port1: attempt power cycle
[  149.966730][ T5966] usb 3-1: USB disconnect, device number 14
[  150.122245][ T6938] netlink: 96 bytes leftover after parsing attributes in process `syz.4.276'.
[  150.158346][ T5890] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  150.202200][ T6938] tipc: Started in network mode
[  150.207402][ T6938] tipc: Node identity ac141442, cluster identity 4711
[  150.214992][ T6938] tipc: New replicast peer: 0.0.0.0
[  150.228691][ T5890] usb 4-1: device descriptor read/8, error -71
[  150.236636][ T6938] tipc: Enabled bearer <udp:syz0>, priority 10
[  150.471857][ T5890] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  150.521499][ T5890] usb 4-1: device descriptor read/8, error -71
[  150.648338][ T5890] usb usb4-port1: unable to enumerate USB device
[  150.935504][  T980] usb 2-1: USB disconnect, device number 15
[  151.348093][   T24] tipc: Node number set to 2886997058
[  151.887925][ T5966] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  152.059751][ T5966] usb 2-1: Using ep0 maxpacket: 32
[  152.071462][ T5966] usb 2-1: unable to get BOS descriptor or descriptor too short
[  152.184044][ T5966] usb 2-1: config 128 has an invalid interface number: 127 but max is 3
[  152.207783][ T5966] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  152.232429][ T5966] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4
[  152.257794][ T5966] usb 2-1: config 128 has no interface number 0
[  152.264130][ T5966] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024
[  152.296918][ T5966] usb 2-1: config 128 interface 127 has no altsetting 0
[  152.311199][ T5966] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  152.331322][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.351232][ T5966] usb 2-1: Product: syz
[  152.355430][ T5966] usb 2-1: Manufacturer: syz
[  152.369156][ T5966] usb 2-1: SerialNumber: syz
[  152.392118][ T6965] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  152.475688][ T6971] netlink: 28 bytes leftover after parsing attributes in process `syz.2.289'.
[  152.484985][ T6971] netlink: 28 bytes leftover after parsing attributes in process `syz.2.289'.
[  152.599973][ T6982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.612309][ T6965] netlink: 'syz.1.286': attribute type 8 has an invalid length.
[  152.621276][ T6982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.751085][ T5966] usb 2-1: USB disconnect, device number 16
[  152.862188][  T980] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  152.926076][ T6410] udevd[6410]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  153.050272][  T980] usb 1-1: Invalid ep0 maxpacket: 16
[  153.064783][ T6989] netlink: 60 bytes leftover after parsing attributes in process `syz.2.294'.
[  153.095181][ T6989] unsupported nlmsg_type 40
[  153.192779][  T980] usb 1-1: new low-speed USB device number 16 using dummy_hcd
[  153.213912][   T30] kauditd_printk_skb: 175 callbacks suppressed
[  153.213931][   T30] audit: type=1326 audit(1749985887.316:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77578e929 code=0x7ffc0000
[  153.338042][ T5890] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  153.372824][  T980] usb 1-1: Invalid ep0 maxpacket: 16
[  153.458821][  T980] usb usb1-port1: attempt power cycle
[  153.642607][   T30] audit: type=1326 audit(1749985887.316:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  153.664738][    C0] vkms_vblank_simulate: vblank timer overrun
[  153.671178][ T5890] usb 4-1: Using ep0 maxpacket: 16
[  153.682927][ T5890] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  153.699472][   T30] audit: type=1326 audit(1749985887.316:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  153.723912][   T30] audit: type=1326 audit(1749985887.316:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  153.724259][ T5890] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  153.746337][    C0] vkms_vblank_simulate: vblank timer overrun
[  153.775891][   T30] audit: type=1326 audit(1749985887.316:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  153.797973][    C0] vkms_vblank_simulate: vblank timer overrun
[  153.808355][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.816571][ T5890] usb 4-1: Product: syz
[  153.821292][ T5890] usb 4-1: Manufacturer: syz
[  153.825933][ T5890] usb 4-1: SerialNumber: syz
[  153.832763][   T30] audit: type=1326 audit(1749985887.316:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7fc77578e929 code=0x7ffc0000
[  153.868584][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout
[  153.882252][   T30] audit: type=1326 audit(1749985887.316:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  153.905363][ T5890] usb 4-1: config 0 descriptor??
[  153.912863][ T5890] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  153.922999][ T5890] usb 4-1: Detected FT232R
[  153.974913][   T30] audit: type=1326 audit(1749985887.316:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  154.038879][  T980] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  154.062332][   T30] audit: type=1326 audit(1749985887.316:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  154.083555][  T980] usb 1-1: Invalid ep0 maxpacket: 16
[  154.126991][ T5890] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  154.147454][ T5890] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  154.162780][ T5890] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  154.181335][ T5890] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  154.197562][ T5890] usb 4-1: USB disconnect, device number 17
[  154.213203][ T5890] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  154.224586][  T980] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  154.236324][   T30] audit: type=1326 audit(1749985887.316:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6992 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc77572ab19 code=0x7ffc0000
[  154.247311][ T5890] ftdi_sio 4-1:0.0: device disconnected
[  154.265534][  T980] usb 1-1: Invalid ep0 maxpacket: 16
[  154.274447][  T980] usb usb1-port1: unable to enumerate USB device
[  155.099784][   T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  155.416653][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  155.428541][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.456524][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  155.495786][   T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  155.509740][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.529621][   T24] usb 2-1: config 0 descriptor??
[  155.662608][ T5966] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  155.888857][ T5966] usb 4-1: config 0 has no interfaces?
[  155.951171][   T24] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  155.968079][ T5966] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  156.049103][ T5966] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.059717][   T24] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  156.107800][ T5966] usb 4-1: Product: syz
[  156.112005][ T5966] usb 4-1: Manufacturer: syz
[  156.116628][ T5966] usb 4-1: SerialNumber: syz
[  156.362793][   T24] usb 2-1: USB disconnect, device number 17
[  156.399024][ T5966] usb 4-1: config 0 descriptor??
[  156.611437][ T7031] fido_id[7031]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  156.978191][ T7045] xt_CT: You must specify a L4 protocol and not use inversions on it
[  158.262037][ T7052] FAULT_INJECTION: forcing a failure.
[  158.262037][ T7052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.324782][ T7052] CPU: 1 UID: 0 PID: 7052 Comm: syz.0.313 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  158.324809][ T7052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.324822][ T7052] Call Trace:
[  158.324828][ T7052]  <TASK>
[  158.324834][ T7052]  dump_stack_lvl+0x189/0x250
[  158.324860][ T7052]  ? __pfx____ratelimit+0x10/0x10
[  158.324881][ T7052]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.324901][ T7052]  ? __pfx__printk+0x10/0x10
[  158.324916][ T7052]  ? __might_fault+0xb0/0x130
[  158.324935][ T7052]  should_fail_ex+0x414/0x560
[  158.324956][ T7052]  _copy_from_user+0x2d/0xb0
[  158.324970][ T7052]  ___sys_recvmsg+0x12e/0x510
[  158.324991][ T7052]  ? __pfx____sys_recvmsg+0x10/0x10
[  158.325033][ T7052]  ? __might_fault+0xb0/0x130
[  158.325048][ T7052]  do_recvmmsg+0x307/0x770
[  158.325071][ T7052]  ? __pfx_do_recvmmsg+0x10/0x10
[  158.325096][ T7052]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  158.325120][ T7052]  __x64_sys_recvmmsg+0x190/0x240
[  158.325140][ T7052]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  158.325156][ T7052]  ? rcu_is_watching+0x15/0xb0
[  158.325180][ T7052]  ? do_syscall_64+0xbe/0x3b0
[  158.325194][ T7052]  do_syscall_64+0xfa/0x3b0
[  158.325205][ T7052]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.325225][ T7052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.325238][ T7052]  ? clear_bhb_loop+0x60/0xb0
[  158.325254][ T7052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.325267][ T7052] RIP: 0033:0x7f1264d8e929
[  158.325278][ T7052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.325290][ T7052] RSP: 002b:00007f1265cdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  158.325304][ T7052] RAX: ffffffffffffffda RBX: 00007f1264fb5fa0 RCX: 00007f1264d8e929
[  158.325314][ T7052] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000003
[  158.325323][ T7052] RBP: 00007f1265cdd090 R08: 0000000000000000 R09: 0000000000000000
[  158.325331][ T7052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  158.325356][ T7052] R13: 0000000000000000 R14: 00007f1264fb5fa0 R15: 00007f12650dfa28
[  158.325376][ T7052]  </TASK>
[  159.208053][ T5890] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  159.357928][ T5890] usb 5-1: Using ep0 maxpacket: 8
[  159.375526][   T43] usb 4-1: USB disconnect, device number 18
[  159.409934][ T5890] usb 5-1: config 0 has an invalid interface number: 246 but max is 0
[  159.418298][ T5890] usb 5-1: config 0 has no interface number 0
[  159.436518][ T5890] usb 5-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  159.527686][ T5890] usb 5-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  159.557173][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.595390][ T5890] usb 5-1: Product: syz
[  159.607793][ T5890] usb 5-1: Manufacturer: syz
[  159.625926][ T5890] usb 5-1: SerialNumber: syz
[  159.658857][ T5890] usb 5-1: config 0 descriptor??
[  159.921149][ T5890] msi2500 5-1:0.246: Registered as swradio24
[  159.927206][ T5890] msi2500 5-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  160.011566][ T5890] usb 5-1: USB disconnect, device number 25
[  160.594849][ T7087] netlink: 'syz.1.323': attribute type 1 has an invalid length.
[  160.850640][ T7092] bond1: entered promiscuous mode
[  160.855961][ T7092] bond1: entered allmulticast mode
[  160.865277][ T7092] 8021q: adding VLAN 0 to HW filter on device bond1
[  161.022601][ T7096] bridge1: entered promiscuous mode
[  161.110712][ T6493] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  161.134925][ T7096] bridge1: entered allmulticast mode
[  161.154302][ T7096] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  161.258397][ T1035] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  161.708534][   T30] kauditd_printk_skb: 252 callbacks suppressed
[  161.708550][   T30] audit: type=1326 audit(1749985895.816:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7105 comm="syz.1.328" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81f558e929 code=0x0
[  162.480754][   T30] audit: type=1326 audit(1749985896.586:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.529773][   T30] audit: type=1326 audit(1749985896.596:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.657898][   T30] audit: type=1326 audit(1749985896.596:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.680072][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.724287][ T7136] loop2: detected capacity change from 0 to 7
[  162.731883][   T30] audit: type=1326 audit(1749985896.596:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3d1918d197 code=0x7ffc0000
[  162.758360][ T7136] Dev loop2: unable to read RDB block 7
[  162.763980][ T7136]  loop2: unable to read partition table
[  162.766547][   T30] audit: type=1326 audit(1749985896.596:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3d191900ca code=0x7ffc0000
[  162.792189][   T30] audit: type=1326 audit(1749985896.596:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.802368][ T7136] loop2: partition table beyond EOD, 
[  162.818575][   T30] audit: type=1326 audit(1749985896.596:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f3d1918d33c code=0x7ffc0000
[  162.855162][   T30] audit: type=1326 audit(1749985896.596:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.872913][ T7136] truncated
[  162.894146][   T30] audit: type=1326 audit(1749985896.596:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7125 comm="syz.4.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d1918e929 code=0x7ffc0000
[  162.927255][ T7139] netlink: zone id is out of range
[  162.942509][ T7136] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  162.975084][ T7139] netlink: zone id is out of range
[  162.989439][ T7139] netlink: zone id is out of range
[  163.009888][ T7139] netlink: zone id is out of range
[  163.027687][ T7139] netlink: zone id is out of range
[  163.054829][ T7139] netlink: zone id is out of range
[  163.081551][ T7139] netlink: zone id is out of range
[  163.086701][ T7139] netlink: zone id is out of range
[  163.137836][   T43] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  163.280385][   T43] usb 1-1: device descriptor read/64, error -71
[  163.364271][ T5208] Dev loop2: unable to read RDB block 7
[  163.373277][ T5208]  loop2: unable to read partition table
[  163.397138][ T5208] loop2: partition table beyond EOD, truncated
[  163.518160][   T43] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  163.702223][   T43] usb 1-1: device descriptor read/64, error -71
[  163.835677][   T43] usb usb1-port1: attempt power cycle
[  164.016232][ T7156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.343'.
[  164.033509][ T5966] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  164.189793][ T5966] usb 5-1: config 0 has no interfaces?
[  164.198103][ T5966] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  164.217376][   T43] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  164.225155][ T5966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.237799][ T5966] usb 5-1: Product: syz
[  164.242005][ T5966] usb 5-1: Manufacturer: syz
[  164.257522][   T43] usb 1-1: device descriptor read/8, error -71
[  164.266007][ T5966] usb 5-1: SerialNumber: syz
[  164.281825][ T5966] usb 5-1: config 0 descriptor??
[  164.366610][ T5208] Dev loop2: unable to read RDB block 7
[  164.377868][ T5208]  loop2: unable to read partition table
[  164.389791][ T5208] loop2: partition table beyond EOD, truncated
[  164.508624][   T43] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  164.530297][ T5208] Dev loop2: unable to read RDB block 7
[  164.549422][ T5208]  loop2: unable to read partition table
[  164.566994][ T5208] loop2: partition table beyond EOD, truncated
[  164.583815][   T43] usb 1-1: device descriptor read/8, error -71
[  164.721839][   T43] usb usb1-port1: unable to enumerate USB device
[  164.808343][ T5890] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  164.812794][ T7172] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  164.823741][ T7172] batman_adv: batadv0: Removing interface: batadv_slave_0
[  164.840666][ T7172] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  164.849000][ T7172] batman_adv: batadv0: Removing interface: batadv_slave_1
[  164.894096][ T7173] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'.
[  164.906611][ T7173] netlink: 165 bytes leftover after parsing attributes in process `syz.1.349'.
[  164.988001][  T980] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  165.003407][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  165.015043][ T5890] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  165.025965][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.043104][ T5890] usb 3-1: config 0 descriptor??
[  165.064998][ T5890] pwc: Askey VC010 type 2 USB webcam detected.
[  165.159418][  T980] usb 4-1: config 0 has no interfaces?
[  165.167263][  T980] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  165.176758][  T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.187447][  T980] usb 4-1: Product: syz
[  165.191787][  T980] usb 4-1: Manufacturer: syz
[  165.204959][  T980] usb 4-1: SerialNumber: syz
[  165.214816][  T980] usb 4-1: config 0 descriptor??
[  165.468569][ T5890] pwc: recv_control_msg error -32 req 02 val 2b00
[  165.469738][ T5890] pwc: recv_control_msg error -32 req 02 val 2700
[  165.470327][ T5890] pwc: recv_control_msg error -32 req 02 val 2c00
[  165.470832][ T5890] pwc: recv_control_msg error -32 req 04 val 1000
[  165.471672][ T5890] pwc: recv_control_msg error -32 req 04 val 1300
[  165.472422][ T5890] pwc: recv_control_msg error -32 req 04 val 1400
[  165.472945][ T5890] pwc: recv_control_msg error -32 req 02 val 2000
[  165.473811][ T5890] pwc: recv_control_msg error -32 req 02 val 2100
[  165.474590][ T5890] pwc: recv_control_msg error -32 req 04 val 1500
[  165.475207][ T5890] pwc: recv_control_msg error -32 req 02 val 2500
[  165.475939][ T5890] pwc: recv_control_msg error -32 req 02 val 2400
[  165.476513][ T5890] pwc: recv_control_msg error -32 req 02 val 2600
[  165.481186][ T5890] pwc: recv_control_msg error -32 req 02 val 2900
[  165.493573][ T5890] pwc: recv_control_msg error -32 req 02 val 2800
[  165.509025][ T7180] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  165.543247][ T5890] pwc: recv_control_msg error -32 req 04 val 1100
[  165.559301][ T5890] pwc: recv_control_msg error -71 req 04 val 1200
[  165.561652][ T5890] pwc: Registered as video103.
[  165.562961][ T5890] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10
[  165.566746][ T5890] usb 3-1: USB disconnect, device number 15
[  165.692889][ T7182] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  166.337708][ T7196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.355'.
[  166.456767][ T7189] netlink: 452 bytes leftover after parsing attributes in process `syz.0.353'.
[  166.476707][ T7198] FAULT_INJECTION: forcing a failure.
[  166.476707][ T7198] name failslab, interval 1, probability 0, space 0, times 0
[  166.492401][ T7198] CPU: 1 UID: 0 PID: 7198 Comm: syz.1.356 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  166.492425][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.492437][ T7198] Call Trace:
[  166.492445][ T7198]  <TASK>
[  166.492452][ T7198]  dump_stack_lvl+0x189/0x250
[  166.492486][ T7198]  ? __pfx____ratelimit+0x10/0x10
[  166.492515][ T7198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.492544][ T7198]  ? __pfx__printk+0x10/0x10
[  166.492570][ T7198]  ? __pfx___might_resched+0x10/0x10
[  166.492603][ T7198]  should_fail_ex+0x414/0x560
[  166.492632][ T7198]  should_failslab+0xa8/0x100
[  166.492654][ T7198]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  166.492673][ T7198]  ? __alloc_skb+0x112/0x2d0
[  166.492699][ T7198]  __alloc_skb+0x112/0x2d0
[  166.492723][ T7198]  netlink_sendmsg+0x5c6/0xb30
[  166.492755][ T7198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.492781][ T7198]  ? aa_sock_msg_perm+0x94/0x160
[  166.492807][ T7198]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  166.492831][ T7198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.492855][ T7198]  __sock_sendmsg+0x21c/0x270
[  166.492887][ T7198]  ____sys_sendmsg+0x505/0x830
[  166.492916][ T7198]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.492948][ T7198]  ? import_iovec+0x74/0xa0
[  166.492970][ T7198]  ___sys_sendmsg+0x21f/0x2a0
[  166.492997][ T7198]  ? __pfx____sys_sendmsg+0x10/0x10
[  166.493061][ T7198]  ? __fget_files+0x2a/0x420
[  166.493082][ T7198]  ? __fget_files+0x3a0/0x420
[  166.493112][ T7198]  __x64_sys_sendmsg+0x19b/0x260
[  166.493138][ T7198]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  166.493172][ T7198]  ? __pfx_ksys_write+0x10/0x10
[  166.493187][ T7198]  ? rcu_is_watching+0x15/0xb0
[  166.493221][ T7198]  ? do_syscall_64+0xbe/0x3b0
[  166.493242][ T7198]  do_syscall_64+0xfa/0x3b0
[  166.493257][ T7198]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.493284][ T7198]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.493303][ T7198]  ? clear_bhb_loop+0x60/0xb0
[  166.493325][ T7198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.493348][ T7198] RIP: 0033:0x7f81f558e929
[  166.493364][ T7198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.493381][ T7198] RSP: 002b:00007f81f63c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.493401][ T7198] RAX: ffffffffffffffda RBX: 00007f81f57b5fa0 RCX: 00007f81f558e929
[  166.493415][ T7198] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  166.493426][ T7198] RBP: 00007f81f63c8090 R08: 0000000000000000 R09: 0000000000000000
[  166.493438][ T7198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.493449][ T7198] R13: 0000000000000000 R14: 00007f81f57b5fa0 R15: 00007f81f58dfa28
[  166.493477][ T7198]  </TASK>
[  166.863328][   T43] usb 5-1: USB disconnect, device number 26
[  167.527621][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  167.527635][   T30] audit: type=1326 audit(1749985901.626:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.2.361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc77578e929 code=0x0
[  167.617270][   T43] usb 4-1: USB disconnect, device number 19
[  168.502143][ T7258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.363'.
[  168.607414][ T7258] dummy0: entered promiscuous mode
[  168.627328][ T7258] dummy0: left promiscuous mode
[  169.231112][ T7267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.364'.
[  169.398271][ T5889] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  169.591545][ T7267] team0 (unregistering): Port device team_slave_0 removed
[  169.610307][ T7267] team0 (unregistering): Port device team_slave_1 removed
[  169.685156][ T5889] usb 3-1: unable to get BOS descriptor or descriptor too short
[  169.717874][ T5889] usb 3-1: not running at top speed; connect to a high speed hub
[  169.751842][ T5889] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  169.781192][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  169.812840][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  169.857528][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.883494][ T5889] usb 3-1: Product: syz
[  169.903028][ T5889] usb 3-1: Manufacturer: syz
[  169.924632][ T5889] usb 3-1: SerialNumber: syz
[  170.155048][ T7263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.166671][ T7263] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.190037][ T5889] usb 3-1: 0:2 : does not exist
[  170.258049][ T5889] usb 3-1: USB disconnect, device number 16
[  170.316029][ T6410] udevd[6410]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.327902][  T980] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  170.489835][  T980] usb 4-1: Using ep0 maxpacket: 8
[  170.498965][  T980] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  170.510376][  T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.532458][  T980] pvrusb2: Hardware description: Terratec Grabster AV400
[  170.539779][  T980] pvrusb2: **********
[  170.544352][  T980] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  170.555246][  T980] pvrusb2: Important functionality might not be entirely working.
[  170.564062][  T980] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  170.575878][  T980] pvrusb2: **********
[  170.761653][ T2347] pvrusb2: Invalid write control endpoint
[  171.048453][ T7274] pvrusb2: Invalid write control endpoint
[  171.072020][ T7274] pvrusb2: Invalid write control endpoint
[  171.114407][ T7274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.196990][ T7274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.608932][ T2347] pvrusb2: Invalid write control endpoint
[  171.623887][ T2347] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  171.764068][ T2347] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  171.863069][ T2347] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  171.898922][ T2347] pvrusb2: Device being rendered inoperable
[  171.907117][ T2347] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  171.919009][ T2347] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  171.937416][ T2347] pvrusb2: Attached sub-driver cx25840
[  171.947625][ T2347] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  171.958894][ T2347] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  172.477900][ T7321] netlink: 40 bytes leftover after parsing attributes in process `syz.4.377'.
[  172.498479][ T7321] netlink: 40 bytes leftover after parsing attributes in process `syz.4.377'.
[  172.622810][ T7329] netlink: 176 bytes leftover after parsing attributes in process `syz.0.379'.
[  172.707608][ T7326] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004
[  172.854565][ T7337] netlink: 548 bytes leftover after parsing attributes in process `syz.1.378'.
[  173.021705][ T5904] usb 4-1: USB disconnect, device number 20
[  173.337833][ T5889] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  173.791225][ T5889] usb 5-1: config 0 has no interfaces?
[  173.803991][ T5889] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  173.815089][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.855680][ T5889] usb 5-1: Product: syz
[  173.870284][ T5889] usb 5-1: Manufacturer: syz
[  173.876990][ T5889] usb 5-1: SerialNumber: syz
[  173.901133][ T5889] usb 5-1: config 0 descriptor??
[  174.518152][   T43] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  174.678455][   T43] usb 1-1: Using ep0 maxpacket: 8
[  174.716243][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  174.773514][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  174.846472][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  174.974567][   T43] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=f6.82
[  175.016958][ T7363] syz.1.387 uses obsolete (PF_INET,SOCK_PACKET)
[  175.039552][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.089214][   T43] usb 1-1: Product: syz
[  175.107441][   T43] usb 1-1: Manufacturer: syz
[  175.165978][   T43] usb 1-1: SerialNumber: syz
[  175.203792][   T43] usb 1-1: config 0 descriptor??
[  175.307977][ T7370] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  175.375407][ T7370] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  175.911400][   T43] usb 1-1: USB disconnect, device number 23
[  175.994425][ T7383] FAULT_INJECTION: forcing a failure.
[  175.994425][ T7383] name failslab, interval 1, probability 0, space 0, times 0
[  176.087870][ T7383] CPU: 1 UID: 0 PID: 7383 Comm: syz.1.391 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  176.087901][ T7383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  176.087913][ T7383] Call Trace:
[  176.087922][ T7383]  <TASK>
[  176.087930][ T7383]  dump_stack_lvl+0x189/0x250
[  176.087968][ T7383]  ? __pfx____ratelimit+0x10/0x10
[  176.087999][ T7383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  176.088032][ T7383]  ? __pfx__printk+0x10/0x10
[  176.088069][ T7383]  ? __pfx___might_resched+0x10/0x10
[  176.088101][ T7383]  ? fs_reclaim_acquire+0x7d/0x100
[  176.088130][ T7383]  should_fail_ex+0x414/0x560
[  176.088162][ T7383]  should_failslab+0xa8/0x100
[  176.088194][ T7383]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  176.088215][ T7383]  ? __pfx___dev_queue_xmit+0x10/0x10
[  176.088244][ T7383]  ? __alloc_skb+0x112/0x2d0
[  176.088272][ T7383]  __alloc_skb+0x112/0x2d0
[  176.088300][ T7383]  netlink_ack+0x146/0xa50
[  176.088323][ T7383]  ? ref_tracker_free+0x63a/0x7d0
[  176.088350][ T7383]  ? __copy_skb_header+0xa7/0x550
[  176.088380][ T7383]  ? __pfx_ref_tracker_free+0x10/0x10
[  176.088407][ T7383]  ? __skb_clone+0x63/0x7a0
[  176.088442][ T7383]  netlink_rcv_skb+0x28c/0x470
[  176.088468][ T7383]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  176.088498][ T7383]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  176.088536][ T7383]  ? netlink_deliver_tap+0x2e/0x1b0
[  176.088561][ T7383]  ? netlink_deliver_tap+0x2e/0x1b0
[  176.088591][ T7383]  netlink_unicast+0x758/0x8d0
[  176.088625][ T7383]  netlink_sendmsg+0x805/0xb30
[  176.088661][ T7383]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.088690][ T7383]  ? aa_sock_msg_perm+0x94/0x160
[  176.088720][ T7383]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  176.088746][ T7383]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.088773][ T7383]  __sock_sendmsg+0x21c/0x270
[  176.088809][ T7383]  ____sys_sendmsg+0x505/0x830
[  176.088843][ T7383]  ? __pfx_____sys_sendmsg+0x10/0x10
[  176.088878][ T7383]  ? import_iovec+0x74/0xa0
[  176.088904][ T7383]  ___sys_sendmsg+0x21f/0x2a0
[  176.088934][ T7383]  ? __pfx____sys_sendmsg+0x10/0x10
[  176.088999][ T7383]  ? __fget_files+0x2a/0x420
[  176.089022][ T7383]  ? __fget_files+0x3a0/0x420
[  176.089056][ T7383]  __x64_sys_sendmsg+0x19b/0x260
[  176.089086][ T7383]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  176.089122][ T7383]  ? __pfx_ksys_write+0x10/0x10
[  176.089139][ T7383]  ? rcu_is_watching+0x15/0xb0
[  176.089177][ T7383]  ? do_syscall_64+0xbe/0x3b0
[  176.089211][ T7383]  do_syscall_64+0xfa/0x3b0
[  176.089229][ T7383]  ? lockdep_hardirqs_on+0x9c/0x150
[  176.089260][ T7383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.089280][ T7383]  ? clear_bhb_loop+0x60/0xb0
[  176.089306][ T7383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.089327][ T7383] RIP: 0033:0x7f81f558e929
[  176.089343][ T7383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.089362][ T7383] RSP: 002b:00007f81f63c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.089384][ T7383] RAX: ffffffffffffffda RBX: 00007f81f57b5fa0 RCX: 00007f81f558e929
[  176.089400][ T7383] RDX: 0000000020000814 RSI: 0000200000000300 RDI: 0000000000000003
[  176.089414][ T7383] RBP: 00007f81f63c8090 R08: 0000000000000000 R09: 0000000000000000
[  176.089427][ T7383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.089439][ T7383] R13: 0000000000000000 R14: 00007f81f57b5fa0 R15: 00007f81f58dfa28
[  176.089471][ T7383]  </TASK>
[  176.501938][ T7386] veth1_to_bond: entered allmulticast mode
[  176.568778][ T7387] veth1_to_bond: entered promiscuous mode
[  176.570734][   T43] usb 5-1: USB disconnect, device number 27
[  177.070867][ T5904] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  177.296586][ T7406] net_ratelimit: 123 callbacks suppressed
[  177.296600][ T7406] netlink: zone id is out of range
[  177.338090][ T5904] usb 3-1: Using ep0 maxpacket: 8
[  177.362495][ T5904] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  177.375530][ T5904] usb 3-1: config 179 has no interface number 0
[  177.392363][ T5904] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  177.414178][ T5904] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  177.455263][ T5904] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  177.522315][ T7414] netlink: del zone limit has 4 unknown bytes
[  177.531445][ T5904] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  177.574456][ T5904] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  177.588207][  T980] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  177.629631][ T5904] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  177.641900][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.656695][ T7390] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  177.737838][ T5966] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  177.777919][  T980] usb 5-1: Using ep0 maxpacket: 8
[  177.823126][  T980] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  177.881305][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.929982][ T5966] usb 4-1: Using ep0 maxpacket: 32
[  177.955782][ T5966] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  178.054457][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.065548][ T5904] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input11
[  178.125966][  T980] usb 5-1: Product: syz
[  178.132746][  T980] usb 5-1: Manufacturer: syz
[  178.137556][  T980] usb 5-1: SerialNumber: syz
[  178.176527][ T5966] usb 4-1: config 0 descriptor??
[  178.206814][ T5966] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  178.331998][  T980] usb 5-1: config 0 descriptor??
[  178.351976][   T43] usb 3-1: USB disconnect, device number 17
[  178.352113][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  178.366292][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  178.447222][ T7385] veth1_to_bond: left promiscuous mode
[  178.495241][ T7385] veth1_to_bond: left allmulticast mode
[  178.538280][   T43] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  178.629179][  T980] gspca_main: sq930x-2.14.0 probing 2770:930c
[  178.929079][ T5966] gspca_vc032x: reg_w err -110
[  178.934061][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  178.944601][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  178.950689][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  178.967623][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  178.983791][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.019025][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.062162][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.095060][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.213847][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.229417][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.247014][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.274088][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.317934][  T980] gspca_sq930x: ucbus_write failed -110
[  179.332762][  T980] sq930x 5-1:0.0: probe with driver sq930x failed with error -110
[  179.344445][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.381036][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.403528][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.426341][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.454308][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.491283][ T5966] gspca_vc032x: I2c Bus Busy Wait 00
[  179.508706][ T5966] gspca_vc032x: Unknown sensor...
[  179.526422][ T5966] vc032x 4-1:0.0: probe with driver vc032x failed with error -22
[  180.041015][ T7440] FAULT_INJECTION: forcing a failure.
[  180.041015][ T7440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.102949][ T7440] CPU: 1 UID: 0 PID: 7440 Comm: syz.0.402 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  180.102977][ T7440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.102988][ T7440] Call Trace:
[  180.102996][ T7440]  <TASK>
[  180.103004][ T7440]  dump_stack_lvl+0x189/0x250
[  180.103038][ T7440]  ? __pfx____ratelimit+0x10/0x10
[  180.103066][ T7440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.103096][ T7440]  ? __pfx__printk+0x10/0x10
[  180.103135][ T7440]  should_fail_ex+0x414/0x560
[  180.103164][ T7440]  _copy_from_user+0x2d/0xb0
[  180.103184][ T7440]  __vb2_perform_fileio+0x960/0x1600
[  180.103222][ T7440]  vb2_fop_write+0x22f/0x340
[  180.103246][ T7440]  v4l2_write+0x19c/0x2c0
[  180.103283][ T7440]  ? __pfx_v4l2_write+0x10/0x10
[  180.103304][ T7440]  vfs_write+0x27e/0xa90
[  180.103331][ T7440]  ? __pfx_vfs_write+0x10/0x10
[  180.103363][ T7440]  ? __fget_files+0x2a/0x420
[  180.103407][ T7440]  ? __fget_files+0x2a/0x420
[  180.103429][ T7440]  ? __fget_files+0x3a0/0x420
[  180.103451][ T7440]  ? __fget_files+0x2a/0x420
[  180.103484][ T7440]  ksys_write+0x145/0x250
[  180.103507][ T7440]  ? __pfx_ksys_write+0x10/0x10
[  180.103524][ T7440]  ? rcu_is_watching+0x15/0xb0
[  180.103581][ T7440]  ? do_syscall_64+0xbe/0x3b0
[  180.103607][ T7440]  do_syscall_64+0xfa/0x3b0
[  180.103625][ T7440]  ? lockdep_hardirqs_on+0x9c/0x150
[  180.103662][ T7440]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.103683][ T7440]  ? clear_bhb_loop+0x60/0xb0
[  180.103710][ T7440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.103732][ T7440] RIP: 0033:0x7f1264d8e929
[  180.103751][ T7440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.103770][ T7440] RSP: 002b:00007f1265cdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  180.103793][ T7440] RAX: ffffffffffffffda RBX: 00007f1264fb5fa0 RCX: 00007f1264d8e929
[  180.103809][ T7440] RDX: 000000000000ca80 RSI: 0000200000000000 RDI: 0000000000000004
[  180.103823][ T7440] RBP: 00007f1265cdd090 R08: 0000000000000000 R09: 0000000000000000
[  180.103846][ T7440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.103859][ T7440] R13: 0000000000000000 R14: 00007f1264fb5fa0 R15: 00007f12650dfa28
[  180.103892][ T7440]  </TASK>
[  180.715748][ T5966] usb 5-1: USB disconnect, device number 28
[  180.895162][ T7454] netlink: 8 bytes leftover after parsing attributes in process `syz.0.404'.
[  180.995190][ T7457] pim6reg: entered allmulticast mode
[  181.102368][ T7462] input: syz1 as /devices/virtual/input/input12
[  181.398002][  T980] usb 5-1: new low-speed USB device number 29 using dummy_hcd
[  181.449772][ T5904] usb 4-1: USB disconnect, device number 21
[  181.599141][  T980] usb 5-1: device descriptor read/64, error -71
[  181.868030][  T980] usb 5-1: new low-speed USB device number 30 using dummy_hcd
[  182.000785][  T980] usb 5-1: device descriptor read/64, error -71
[  182.149548][  T980] usb usb5-port1: attempt power cycle
[  182.280447][ T7496] Invalid logical block size (61439)
[  182.652433][  T980] usb 5-1: new low-speed USB device number 31 using dummy_hcd
[  182.703587][  T980] usb 5-1: device descriptor read/8, error -71
[  182.997863][  T980] usb 5-1: new low-speed USB device number 32 using dummy_hcd
[  183.028338][  T980] usb 5-1: device descriptor read/8, error -71
[  183.138088][  T980] usb usb5-port1: unable to enumerate USB device
[  183.190542][ T5966] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  183.378202][ T5966] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  183.388662][ T5966] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  183.434351][ T5966] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  183.488006][ T5966] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  183.489328][ T7515] netlink: 'syz.1.415': attribute type 10 has an invalid length.
[  183.527571][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.551246][ T7515] netlink: 'syz.1.415': attribute type 10 has an invalid length.
[  183.590581][ T7515] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  183.619305][ T5966] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  183.648815][ T5966] usb 3-1: invalid MIDI out EP 0
[  183.887856][ T6410] udevd[6410]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  183.912085][ T5966] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  184.540203][ T5966] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  184.698375][   T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  184.730018][ T5966] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  184.751873][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.811966][ T5966] usb 5-1: config 0 descriptor??
[  184.839643][ T5966] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  184.868267][   T43] usb 1-1: Using ep0 maxpacket: 16
[  184.875732][   T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  184.891288][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  184.931638][   T43] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  184.948076][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.961962][ T7551] kvm: apic: phys broadcast and lowest prio
[  184.966324][   T43] usb 1-1: Product: syz
[  184.979784][   T43] usb 1-1: Manufacturer: syz
[  185.002977][   T43] usb 1-1: SerialNumber: syz
[  185.047093][   T43] usb 1-1: config 0 descriptor??
[  185.072621][   T43] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  185.083091][   T43] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  185.503164][   T24] usb 3-1: USB disconnect, device number 18
[  185.676963][   T43] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  185.691417][ T7572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.433'.
[  185.709348][   T43] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  186.088240][ T7581] syz.2.435 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  186.246947][ T5966] gspca_stv06xx: HDCS-1020 sensor detected
[  186.265738][ T7588] capability: warning: `syz.3.441' uses 32-bit capabilities (legacy support in use)
[  186.320965][   T43] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  186.332509][   T43] em28xx 1-1:0.0: couldn't setup AC97 register 2
[  186.341539][   T43] em28xx 1-1:0.0: couldn't setup AC97 register 4
[  186.348806][   T43] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  186.557925][  T980] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  186.717795][  T980] usb 4-1: Using ep0 maxpacket: 8
[  186.727161][ T5966] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[  186.736513][  T980] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  186.754102][ T7594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.445'.
[  186.757795][ T5966] usb 5-1: USB disconnect, device number 33
[  186.763084][  T980] usb 4-1: config 0 has no interface number 0
[  186.787515][  T980] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  186.808947][ T7596] netlink: 56 bytes leftover after parsing attributes in process `syz.1.444'.
[  186.820187][  T980] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  186.835201][  T980] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  186.857792][  T980] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  186.867903][  T980] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  186.881008][  T980] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  186.910231][  T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.933283][  T980] usb 4-1: config 0 descriptor??
[  186.954231][  T980] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  186.982596][   T43] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  187.007426][   T43] usb 1-1: USB disconnect, device number 24
[  187.137115][ T7604] netlink: 664 bytes leftover after parsing attributes in process `syz.1.449'.
[  187.156398][  T980] usb 4-1: USB disconnect, device number 22
[  187.172149][  T980] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  187.288140][ T3503] ------------[ cut here ]------------
[  187.292259][ T7608] netlink: 'syz.1.451': attribute type 10 has an invalid length.
[  187.293875][ T3503] RTNL: assertion failed at ./include/net/netdev_lock.h (72)
[  187.310981][ T3503] WARNING: CPU: 1 PID: 3503 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350
[  187.321840][ T3503] Modules linked in:
[  187.325932][ T3503] CPU: 1 UID: 0 PID: 3503 Comm: kworker/u8:9 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  187.338242][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.348450][ T3503] Workqueue: bond0 bond_mii_monitor
[  187.353709][ T3503] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  187.359780][ T3503] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  187.363990][ T7608] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.379620][ T3503] RSP: 0018:ffffc9000c107670 EFLAGS: 00010246
[  187.388104][ T7608] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.392686][ T3503] RAX: afc63cf91a2b6800 RBX: ffff888059a86000 RCX: ffff888031060000
[  187.407267][ T7608] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.407651][ T3503] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  187.414828][ T7608] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.422805][ T3503] RBP: 0000000000000000 R08: ffffc9000c107387 R09: 1ffff92001820e70
[  187.430565][ T7608] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.438120][ T3503] R10: dffffc0000000000 R11: fffff52001820e71 R12: 1ffff1100b350c5d
[  187.445196][ T7608] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.453049][ T3503] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000
[  187.468415][ T3503] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  187.477371][ T3503] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  187.484060][ T3503] CR2: 000000110c402ce7 CR3: 0000000033fd0000 CR4: 00000000003526f0
[  187.492133][ T3503] Call Trace:
[  187.495442][ T3503]  <TASK>
[  187.498485][ T3503]  ? ethtool_op_get_link+0xd/0x70
[  187.503609][ T3503]  ethtool_op_get_link+0x15/0x70
[  187.508622][ T3503]  bond_check_dev_link+0x444/0x6c0
[  187.513782][ T3503]  ? __pfx_bond_check_dev_link+0x10/0x10
[  187.519510][ T3503]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  187.525968][ T3503]  bond_mii_monitor+0x428/0x2e00
[  187.531016][ T3503]  ? bond_mii_monitor+0x153/0x2e00
[  187.536158][ T3503]  ? __lock_acquire+0xab9/0xd20
[  187.541271][ T3503]  ? __pfx_bond_mii_monitor+0x10/0x10
[  187.546668][ T3503]  ? register_lock_class+0x51/0x320
[  187.551958][ T3503]  ? __lock_acquire+0xab9/0xd20
[  187.556869][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.562924][ T3503]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.568194][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.574004][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.579782][ T3503]  process_scheduled_works+0xae1/0x17b0
[  187.585369][ T3503]  ? __pfx_process_scheduled_works+0x10/0x10
[  187.591419][ T3503]  worker_thread+0x8a0/0xda0
[  187.596040][ T3503]  kthread+0x70e/0x8a0
[  187.600171][ T3503]  ? __pfx_worker_thread+0x10/0x10
[  187.605328][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.609959][ T3503]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.615180][ T3503]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.620435][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.625045][ T3503]  ret_from_fork+0x3fc/0x770
[  187.629744][ T3503]  ? __pfx_ret_from_fork+0x10/0x10
[  187.634883][ T3503]  ? __switch_to_asm+0x39/0x70
[  187.639702][ T3503]  ? __switch_to_asm+0x33/0x70
[  187.644495][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.649176][ T3503]  ret_from_fork_asm+0x1a/0x30
[  187.653996][ T3503]  </TASK>
[  187.657057][ T3503] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  187.664364][ T3503] CPU: 1 UID: 0 PID: 3503 Comm: kworker/u8:9 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) 
[  187.676526][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.686581][ T3503] Workqueue: bond0 bond_mii_monitor
[  187.691795][ T3503] Call Trace:
[  187.695076][ T3503]  <TASK>
[  187.698008][ T3503]  dump_stack_lvl+0x99/0x250
[  187.702605][ T3503]  ? __asan_memcpy+0x40/0x70
[  187.707207][ T3503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.712433][ T3503]  ? __pfx__printk+0x10/0x10
[  187.717047][ T3503]  panic+0x2db/0x790
[  187.720955][ T3503]  ? __pfx_panic+0x10/0x10
[  187.725384][ T3503]  ? ret_from_fork_asm+0x1a/0x30
[  187.730352][ T3503]  __warn+0x31b/0x4b0
[  187.734362][ T3503]  ? __linkwatch_sync_dev+0x303/0x350
[  187.739748][ T3503]  ? __linkwatch_sync_dev+0x303/0x350
[  187.745129][ T3503]  report_bug+0x2be/0x4f0
[  187.749468][ T3503]  ? __linkwatch_sync_dev+0x303/0x350
[  187.754858][ T3503]  ? __linkwatch_sync_dev+0x303/0x350
[  187.760239][ T3503]  ? __linkwatch_sync_dev+0x305/0x350
[  187.765617][ T3503]  handle_bug+0x84/0x160
[  187.769865][ T3503]  exc_invalid_op+0x1a/0x50
[  187.774378][ T3503]  asm_exc_invalid_op+0x1a/0x20
[  187.779235][ T3503] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  187.785224][ T3503] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  187.804829][ T3503] RSP: 0018:ffffc9000c107670 EFLAGS: 00010246
[  187.810935][ T3503] RAX: afc63cf91a2b6800 RBX: ffff888059a86000 RCX: ffff888031060000
[  187.818916][ T3503] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  187.826888][ T3503] RBP: 0000000000000000 R08: ffffc9000c107387 R09: 1ffff92001820e70
[  187.834858][ T3503] R10: dffffc0000000000 R11: fffff52001820e71 R12: 1ffff1100b350c5d
[  187.842915][ T3503] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000
[  187.850928][ T3503]  ? ethtool_op_get_link+0xd/0x70
[  187.855971][ T3503]  ethtool_op_get_link+0x15/0x70
[  187.860923][ T3503]  bond_check_dev_link+0x444/0x6c0
[  187.866043][ T3503]  ? __pfx_bond_check_dev_link+0x10/0x10
[  187.871689][ T3503]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  187.878110][ T3503]  bond_mii_monitor+0x428/0x2e00
[  187.883070][ T3503]  ? bond_mii_monitor+0x153/0x2e00
[  187.888187][ T3503]  ? __lock_acquire+0xab9/0xd20
[  187.893049][ T3503]  ? __pfx_bond_mii_monitor+0x10/0x10
[  187.898429][ T3503]  ? register_lock_class+0x51/0x320
[  187.903647][ T3503]  ? __lock_acquire+0xab9/0xd20
[  187.908523][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.914267][ T3503]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.919487][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.925237][ T3503]  ? process_scheduled_works+0x9ef/0x17b0
[  187.930982][ T3503]  process_scheduled_works+0xae1/0x17b0
[  187.936563][ T3503]  ? __pfx_process_scheduled_works+0x10/0x10
[  187.942569][ T3503]  worker_thread+0x8a0/0xda0
[  187.947182][ T3503]  kthread+0x70e/0x8a0
[  187.951281][ T3503]  ? __pfx_worker_thread+0x10/0x10
[  187.956411][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.961011][ T3503]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.966214][ T3503]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.971436][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.976027][ T3503]  ret_from_fork+0x3fc/0x770
[  187.980635][ T3503]  ? __pfx_ret_from_fork+0x10/0x10
[  187.985769][ T3503]  ? __switch_to_asm+0x39/0x70
[  187.990556][ T3503]  ? __switch_to_asm+0x33/0x70
[  187.995329][ T3503]  ? __pfx_kthread+0x10/0x10
[  187.999931][ T3503]  ret_from_fork_asm+0x1a/0x30
[  188.004715][ T3503]  </TASK>
[  188.008047][ T3503] Kernel Offset: disabled
[  188.012380][ T3503] Rebooting in 86400 seconds..