last executing test programs:

13.764777895s ago: executing program 3 (id=460):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3010000}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x20000000}, 0x94)

13.756973942s ago: executing program 3 (id=461):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x57, 0xc2}}}}}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
unshare(0x2c020400)
lseek(0xffffffffffffffff, 0xfffffffffffffff9, 0x1)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003400)=@base={0x1c, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x48)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})
r3 = syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
recvmmsg(r4, &(0x7f0000000740), 0x0, 0x40010000, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000001800dd8d00000000000000000229656fee95023dace3799700010300002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
syz_usb_ep_read(r3, 0x7, 0x0, &(0x7f0000000200))
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

10.561310015s ago: executing program 3 (id=473):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x57, 0xc2}}}}}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
unshare(0x2c020400)
lseek(0xffffffffffffffff, 0xfffffffffffffff9, 0x1)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003400)=@base={0x1c, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x48)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
recvmmsg(r4, &(0x7f0000000740), 0x0, 0x40010000, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000001800dd8d00000000000000000229656fee95023dace3799700010300002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
syz_usb_ep_read(r3, 0x7, 0x0, &(0x7f0000000200))
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

7.47431113s ago: executing program 3 (id=485):
syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x19)
socket(0x10, 0x40000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x6, 0x142)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000240)=0x8)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f00000001c0))
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x80000)
fsmount(0xffffffffffffffff, 0x1, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r5, 0x29, 0x46, 0x0, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f00000000c0), 0x12)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

5.763042881s ago: executing program 4 (id=494):
socket$inet6(0xa, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$kcm(0x21, 0x2, 0x2)
dup(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=ANY=[@ANYBLOB="440000001000010400000000000080fe00000000", @ANYRES32=0x0, @ANYBLOB="1b00040000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4000040)

5.400784215s ago: executing program 4 (id=496):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x57, 0xc2}}}}}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
unshare(0x2c020400)
lseek(0xffffffffffffffff, 0xfffffffffffffff9, 0x1)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003400)=@base={0x1c, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x48)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
recvmmsg(r4, &(0x7f0000000740), 0x0, 0x40010000, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000001800dd8d00000000000000000229656fee95023dace3799700010300002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
syz_usb_ep_read(r3, 0x7, 0x0, &(0x7f0000000200))
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

5.241714143s ago: executing program 2 (id=498):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
write(r0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000311000400000000006eec00be10a42f01fe8000000000000000000000000000aaff020000e80300000000000000000001330022eb"], 0x10da)

5.05422583s ago: executing program 3 (id=499):
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x100, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = getpgid(0x0)
syz_pidfd_open(r3, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)

4.70203013s ago: executing program 2 (id=501):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00fe8000000000000000000000120000aaff02000000000000000000000000000106"], 0xffe)

4.680302755s ago: executing program 3 (id=502):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000500)={0x1c, &(0x7f0000000380)={0x20, 0xf, 0x1, 'D'}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8840, 0x0)
fcntl$lock(r1, 0x11, &(0x7f0000003c80)={0x0, 0x0, 0x380000000000, 0x8})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000140)={0x53, 0xfffffffffffffffd, 0x14, 0x2, @buffer={0x0, 0x1000, &(0x7f0000000d40)=""/4096}, &(0x7f0000000000)="8ca38da8dee1882262f174ca881db675a3f43972", &(0x7f0000000040)=""/161, 0x0, 0x11, 0x1, &(0x7f0000000100)})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f000001a4c0)=[{0x0}], 0x1}, 0x2)
r2 = syz_io_uring_setup(0x750a, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x6c35, &(0x7f0000000240)={0x0, 0x3361, 0x2000, 0x3, 0x800116, 0x0, r2})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000640)=[{0x0}], 0x178)

4.612910192s ago: executing program 0 (id=503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xec37}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0xefffffff, 0x1}, 0xc000802)

4.600456729s ago: executing program 1 (id=504):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}}, 0x24004000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.419908453s ago: executing program 0 (id=505):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'})
r0 = socket(0x10, 0x803, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000ff"], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)

4.376723928s ago: executing program 1 (id=506):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0xf8, 0x11, 0x148, 0xf8, 0x0, 0x220, 0x2a8, 0x2a8, 0x220, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x11000000]}}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'geneve0\x00'}, 0x0, 0xc0, 0x128, 0x0, {}, [@common=@ttl={{0x28}}, @common=@icmp={{0x28}, {0x0, "e3ec"}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318)

4.251266346s ago: executing program 0 (id=507):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)=""/173, 0xad}, {&(0x7f0000000200)=""/183, 0xb7}, {&(0x7f0000000340)=""/199, 0xc7}], 0x3, &(0x7f00000002c0)}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vlan1\x00', <r1=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_XFRM_DIR={0x5, 0x3, 0x2}]}}}]}]}], {0x14}}, 0xc4}}, 0xc8810)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x403, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r1, 0x215}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x4}}]}]}}}]}, 0x50}, 0x1, 0xba01, 0x0, 0x4000000}, 0x0)

4.162760613s ago: executing program 2 (id=508):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000120, 0x0)
r5 = syz_pidfd_open(r3, 0x0)
setns(r5, 0x10000000)

4.084996263s ago: executing program 1 (id=509):
r0 = syz_open_dev$media(&(0x7f0000001d80), 0x6, 0x80400)
preadv(r0, &(0x7f0000002dc0)=[{&(0x7f0000001dc0)=""/4096, 0x1000}], 0x1, 0x9, 0x75a5)

4.061093293s ago: executing program 1 (id=510):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x57, 0xc2}}}}}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
unshare(0x2c020400)
lseek(0xffffffffffffffff, 0xfffffffffffffff9, 0x1)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003400)=@base={0x1c, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x48)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})
r3 = syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
recvmmsg(r4, &(0x7f0000000740), 0x0, 0x40010000, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000001800dd8d00000000000000000229656fee95023dace3799700010300002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
syz_usb_ep_read(r3, 0x7, 0x0, &(0x7f0000000200))
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

4.0586415s ago: executing program 0 (id=511):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0xe0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c)

3.26094717s ago: executing program 2 (id=512):
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x100, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = getpgid(0x0)
syz_pidfd_open(r3, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)

3.092757374s ago: executing program 0 (id=513):
io_setup(0x10000, &(0x7f0000000800))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socket$inet(0x2, 0x80000, 0x0)
preadv(r2, &(0x7f0000002280)=[{&(0x7f0000002780)=""/133, 0x85}], 0x1, 0x10001, 0x7)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x4f, 0x0, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1f, 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000300), 0xd37, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000004b40)={0x1, @vbi={0x0, 0x0, 0x56595559}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
unlinkat(r7, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$EVIOCGSND(r7, 0x8040451a, &(0x7f00000000c0)=""/120)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000900)={&(0x7f0000003000), 0x0, 0x3}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r7, 0x17, &(0x7f0000000f40)={0x0, 0x0, 0x1}, 0x1)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix_mp={0x4, 0x4, 0x32314d48, 0x8, 0x5, [{0x1, 0x8000}, {0x8001, 0x4}, {0x6, 0x7}, {0xa379, 0x8951}, {0x9, 0x4}, {0x9, 0xf6}, {0x1de6, 0x6}, {0x80000000, 0x7fffffff}], 0x3, 0xa, 0x1, 0x1, 0x4}})

2.904886975s ago: executing program 2 (id=514):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet_sctp(r0, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000100)="f4", 0x1}], 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000814800000700000fac1e0101000000001800000000000000840000000700fdffac"], 0x30}], 0x1, 0x0)

2.111072182s ago: executing program 2 (id=515):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net\x00')
symlinkat(&(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00')
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
dup2(r0, r0)
r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x1a1081, 0x18)
r3 = fsopen(&(0x7f0000000140)='virtiofs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='sourca', &(0x7f00000000c0)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1\x88\x16', 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0)
capset(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_io_uring_setup(0x4e6d, 0x0, 0x0, 0x0)
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f00000002c0)={'ipvlan1\x00'})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='source', 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b/?\\o\xdc\xea\x95\x9a)\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\x9c\x00\x00\x00\x00\x00\x00\x00&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r8 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x500)
ioctl(r8, 0xc0004508, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

1.99083587s ago: executing program 4 (id=516):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d214"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000060000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x8040)

1.696740669s ago: executing program 4 (id=517):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x7, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x15}]}, 0x0, 0x6, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000084070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b80440001800c000100636f756e746572"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)

1.491477343s ago: executing program 4 (id=518):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@ipv4_newroute={0x30, 0x18, 0x4a2499fd4c68d2f3, 0x2, 0x25dfdbfd, {0x2, 0x0, 0x0, 0x4, 0xfd, 0x0, 0xc8, 0x7}, [@RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8, 0x6, 0x5}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x3}]}, 0x30}}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3)
r4 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
ftruncate(r4, 0x3f)
lseek(r4, 0x3, 0x3)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x80800, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000000)={0x0, 0xa, 0x80800})
r7 = syz_io_uring_complete(0x0)
r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x200402, 0x0)
signalfd4(r8, &(0x7f0000000000)={[0x101]}, 0x8, 0x800)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'netdevsim0\x00', <r9=>0x0})
r10 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x208400, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r10, @ANYRES32=r10, @ANYRES32=r10], 0x20)
r11 = openat$mice(0xffffffffffffff9c, &(0x7f0000000700), 0x400000)
r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000780)=@o_path={&(0x7f0000000740)='./file0\x00', 0x0, 0x10, r2}, 0x18)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@o_path={&(0x7f00000007c0)='./file0\x00', 0x0, 0x10, r0}, 0x18)
r14 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
writev(r14, &(0x7f0000000200)=[{0x0}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x21, &(0x7f0000000940)=ANY=[@ANYBLOB="18110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000006180000040000000acd00000200000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000008000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703514952bd000000000000850000000c000000b70000000000000018000000800000000000000040000000"], &(0x7f0000000540)='GPL\x00', 0xfffffffc, 0x28, &(0x7f0000000580)=""/40, 0x41000, 0x61, '\x00', r9, 0x0, r2, 0x8, &(0x7f0000000680)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000006c0)={0x4, 0x0, 0xffffffff, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r10, r11, 0x1, r12, r13, r14], 0x0, 0x10, 0x36}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x398, 0x0, 0x0, 0x148, 0x0, 0x148, 0x300, 0x240, 0x240, 0x300, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x1, 0x7c}, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x3, [0x4e23, 0x4e22, 0x4e30, 0x4e20, 0x4e24, 0x4e23, 0x4e22, 0x4e24, 0x4e22, 0x4e22, 0x4e25, 0x4e24, 0x4e20, 0x4e20, 0x4e20], [0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1]}}, @common=@ah={{0x30}, {[0x80000000, 0x1ff], 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x85d, 0xf, [0x12, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x41, 0x17, 0x19, 0x26, 0x2c, 0x3d, 0x7, 0x3e, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1b0, 0x0, {}, [@common=@inet=@recent0={{0x20}, {0x6, 0x9, 0x1, 0x1, 'syz1\x00', 0xff}}, @common=@icmp={{0x28}, {0x10, "ca5d"}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8)

1.323937412s ago: executing program 4 (id=519):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10, 0x80000)
accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @local}, 0x10, 0x800) (async)
io_setup(0x4, &(0x7f0000000340)) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8) (async)
syz_clone3(&(0x7f0000000980)={0x200, 0x0, 0x0, 0x0, {0x5}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async, rerun: 32)
io_setup(0x7, &(0x7f0000000100)) (rerun: 32)

496.60792ms ago: executing program 0 (id=520):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000400)={0x3, 0x1, 0x7, "5a309a426be809a48aa9bc68b9de658caf5999a76c019fefcf54e97d739d47b9"})
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f0000000080)={{0xfff, 0x9}, 0x9}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000a00)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0xc52, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000004c0)="f3", 0x1}], 0x1}}], 0x1, 0x4000841)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0)
listen(r3, 0x2000fff)
accept(r3, 0xfffffffffffffffd, &(0x7f0000000180))
bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe, 0x2}], 0x2}}], 0x48}, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x63, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f0000000040)=0x1e)
prctl$PR_SET_FPEMU(0xa, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000ecffffff8802"])
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c)

452.038813ms ago: executing program 1 (id=521):
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') (fail_nth: 4)

0s ago: executing program 1 (id=522):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000120, 0x0)
r5 = syz_pidfd_open(r3, 0x0)
setns(r5, 0x10000000)

kernel console output (not intermixed with test programs):

66750][ T5848] Bluetooth: hci1: command tx timeout
[   76.674552][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.689736][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.709349][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.734810][ T5848] Bluetooth: hci3: command tx timeout
[   76.741671][ T5861] Bluetooth: hci4: command tx timeout
[   76.747177][ T5848] Bluetooth: hci2: command tx timeout
[   76.752588][ T5848] Bluetooth: hci0: command tx timeout
[   76.823705][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   77.005289][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.013788][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.070467][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.092795][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.117402][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.135857][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.203564][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.263405][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.272653][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.283956][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.313051][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.323148][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.344168][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.460258][ T5953] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.573600][ T5914] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   77.748877][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.771851][ T5914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.824685][ T5914] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[   77.834471][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.863558][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.915750][ T5914] usb 1-1: config 0 descriptor??
[   77.980573][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9'.
[   78.014571][ T5966] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   78.022182][ T5966] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   78.060315][ T5966] program syz.4.9 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   78.075019][ T5966] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   78.082396][ T5966] IPv6: NLM_F_CREATE should be set when creating new route
[   78.211458][ T5975] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.235219][ T5906] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   78.826301][   T51] Bluetooth: hci1: command tx timeout
[   78.862718][ T5848] Bluetooth: hci0: command tx timeout
[   78.886929][   T51] Bluetooth: hci4: command tx timeout
[   78.917253][ T5848] Bluetooth: hci2: command tx timeout
[   78.957681][   T51] Bluetooth: hci3: command tx timeout
[   78.984288][ T5914] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0
[   79.010163][ T5914] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0
[   79.065156][ T5914] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0
[   79.079410][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.115089][ T5914] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0
[   79.122170][ T5914] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0
[   79.155027][ T5906] usb 2-1: Using ep0 maxpacket: 32
[   79.164492][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.185815][ T5906] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[   79.232295][ T5914] hid-rmi 0003:06CB:81A7.0001: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.0-1/input0
[   79.256940][ T5914] usb 1-1: USB disconnect, device number 2
[   79.266700][ T5906] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   79.421604][ T5982] fido_id[5982]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   79.735852][ T5906] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[   79.743586][   T30] audit: type=1326 audit(1752894552.275:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5980 comm="syz.4.12" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81f098e9a9 code=0x0
[   79.791622][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.893908][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.947523][ T5991] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   80.135837][ T5906] usb 2-1: config 1 has no interface number 0
[   80.141976][ T5906] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   80.328471][ T5906] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   80.352830][ T5906] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   80.411687][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.451382][ T5906] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[   80.659263][ T5995] input: syz0 as /devices/virtual/input/input5
[   80.668704][   T30] audit: type=1326 audit(1752894553.345:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691518e9a9 code=0x7ffc0000
[   80.680283][ T5906] snd_usb_pod 2-1:1.1: invalid control EP
[   80.770113][   T30] audit: type=1326 audit(1752894553.345:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691518e9a9 code=0x7ffc0000
[   80.874678][ T5906] snd_usb_pod 2-1:1.1: cannot start listening: -22
[   80.876888][   T30] audit: type=1326 audit(1752894553.345:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f691518e9a9 code=0x7ffc0000
[   80.891146][ T5906] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[   80.963744][ T5906] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[   81.007164][   T30] audit: type=1326 audit(1752894553.345:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691518e9a9 code=0x7ffc0000
[   81.029075][    C0] vkms_vblank_simulate: vblank timer overrun
[   81.088425][ T5906] usb 2-1: USB disconnect, device number 2
[   81.189940][   T30] audit: type=1326 audit(1752894553.345:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691518e9a9 code=0x7ffc0000
[   81.213052][    C0] vkms_vblank_simulate: vblank timer overrun
[   81.300405][ T6006] Cannot find set identified by id 0 to match
[   81.306668][   T30] audit: type=1326 audit(1752894553.345:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f691518e5ab code=0x7ffc0000
[   81.328472][    C0] vkms_vblank_simulate: vblank timer overrun
[   81.354575][ T5975] syz.3.11 (5975): drop_caches: 2
[   81.441996][ T6008] fuse: Invalid rootmode
[   81.607598][   T30] audit: type=1326 audit(1752894553.345:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f691518e5ab code=0x7ffc0000
[   81.629412][    C0] vkms_vblank_simulate: vblank timer overrun
[   81.640433][ T6012] netlink: 'syz.3.20': attribute type 3 has an invalid length.
[   81.663984][ T6012] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.20'.
[   81.720805][   T30] audit: type=1326 audit(1752894553.345:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f691518e5ab code=0x7ffc0000
[   81.732908][ T5921] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   81.864951][   T30] audit: type=1326 audit(1752894553.345:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.1.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f691518e5ab code=0x7ffc0000
[   81.899118][ T6019] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   81.936941][ T5921] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[   81.959238][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.972927][ T6023] iommufd_mock iommufd_mock1: Adding to iommu group 1
[   82.004752][ T5921] usb 5-1: config 0 descriptor??
[   82.048426][ T5921] gspca_main: spca508-2.14.0 probing 8086:0110
[   82.160543][ T6029] netlink: 48 bytes leftover after parsing attributes in process `syz.1.26'.
[   82.171963][ T6029] tc_dump_action: action bad kind
[   82.211967][ T5921] gspca_spca508: reg_read err -32
[   82.222879][   T10] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   82.228236][ T5921] gspca_spca508: reg_read err -32
[   82.251176][ T5921] gspca_spca508: reg_read err -32
[   82.384658][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[   82.410861][   T10] usb 3-1: config 0 has no interface number 0
[   82.423378][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[   82.437415][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[   82.449071][   T10] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   82.553434][ T5921] gspca_spca508: reg_read err -71
[   82.573105][ T5921] gspca_spca508: reg write: error -71
[   82.600500][ T5921] spca508 5-1:0.0: probe with driver spca508 failed with error -71
[   82.641136][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.686745][   T10] usb 3-1: config 0 descriptor??
[   82.697229][ T5921] usb 5-1: USB disconnect, device number 2
[   82.703185][ T6025] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[   82.708182][ T6040] netlink: 264 bytes leftover after parsing attributes in process `syz.3.29'.
[   82.721087][   T10] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[   82.754612][ T5928] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   83.112459][ T6046] tipc: Started in network mode
[   83.152963][ T6046] tipc: Node identity 927e20c5845a, cluster identity 4711
[   83.184191][ T6046] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   83.184740][ T5928] usb 1-1: config 0 has no interfaces?
[   83.256690][ T6049] syzkaller0: entered promiscuous mode
[   83.262242][ T6049] syzkaller0: entered allmulticast mode
[   83.295450][ T5928] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   83.339038][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.359089][ T5928] usb 1-1: Product: syz
[   83.368790][ T5928] usb 1-1: Manufacturer: syz
[   83.377534][ T5928] usb 1-1: SerialNumber: syz
[   83.386900][ T5928] usb 1-1: config 0 descriptor??
[   83.651353][ T6051] tipc: Resetting bearer <eth:syzkaller0>
[   83.671387][   T10] usb 3-1: USB disconnect, device number 2
[   83.729743][ T6045] tipc: Resetting bearer <eth:syzkaller0>
[   83.756294][ T6034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'.
[   83.831376][ T6045] tipc: Disabling bearer <eth:syzkaller0>
[   83.863100][ T5928] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   83.926712][ T6034] pimreg: entered allmulticast mode
[   84.042893][ T5928] usb 5-1: Using ep0 maxpacket: 32
[   84.049662][ T5928] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[   84.065300][ T5928] usb 5-1: config 0 has no interface number 0
[   84.078667][ T5928] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   84.087940][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.097451][ T5928] usb 5-1: Product: syz
[   84.101820][ T5928] usb 5-1: Manufacturer: syz
[   84.113563][ T5928] usb 5-1: SerialNumber: syz
[   84.125721][ T5928] usb 5-1: config 0 descriptor??
[   84.138673][ T5928] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[   84.350513][ T5928] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   84.402075][ T5928] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   84.455531][ T6070] netlink: 48 bytes leftover after parsing attributes in process `syz.3.38'.
[   84.470497][ T6070] tc_dump_action: action bad kind
[   84.681487][ T6058] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   84.703140][ T6058] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   84.725926][ T6058] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   84.748467][ T6058] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   84.750582][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[   84.762424][ T5928] usb 5-1: USB disconnect, device number 3
[   84.783627][ T5928] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   84.797743][ T6058] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   84.812355][ T6058] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   84.829733][ T6058] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   84.839153][ T5928] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   84.857087][ T6058] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   84.876886][ T5928] quatech2 5-1:0.51: device disconnected
[   84.891059][ T6078] Zero length message leads to an empty skb
[   84.898965][ T6058] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   84.927504][ T6058] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   84.937402][ T6058] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   84.946418][ T6058] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   84.960143][ T6058] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   84.968124][ T6058] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   84.985812][ T6058] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   85.092503][ T6082] lo: entered promiscuous mode
[   85.099717][ T6082] tunl0: entered promiscuous mode
[   85.110068][ T6082] gre0: entered promiscuous mode
[   85.117642][ T6082] gretap0: entered promiscuous mode
[   85.126292][ T6082] erspan0: entered promiscuous mode
[   85.135672][ T6082] ip_vti0: entered promiscuous mode
[   85.151410][ T6082] ip6_vti0: entered promiscuous mode
[   85.184671][ T6082] sit0: entered promiscuous mode
[   85.206010][ T6082] ip6tnl0: entered promiscuous mode
[   85.214956][ T6084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42'.
[   85.243074][ T6082] ip6gre0: entered promiscuous mode
[   85.268933][ T6082] syz_tun: entered promiscuous mode
[   85.274973][ T6082] ip6gretap0: entered promiscuous mode
[   85.281023][ T6082] bridge0: entered promiscuous mode
[   85.286700][ T6082] vcan0: entered promiscuous mode
[   85.292143][ T6082] bond0: entered promiscuous mode
[   85.311608][ T6082] bond_slave_0: entered promiscuous mode
[   85.378575][ T6082] bond_slave_1: entered promiscuous mode
[   85.427732][ T6082] team0: entered promiscuous mode
[   85.466211][ T6082] team_slave_0: entered promiscuous mode
[   85.474346][ T6082] team_slave_1: entered promiscuous mode
[   85.481953][ T6082] dummy0: entered promiscuous mode
[   85.492645][ T6082] nlmon0: entered promiscuous mode
[   85.497645][ T6096] input: syz0 as /devices/virtual/input/input7
[   85.517392][ T6082] caif0: entered promiscuous mode
[   85.523642][ T6082] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   85.672974][ T5928] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   85.933549][ T5921] usb 1-1: USB disconnect, device number 3
[   86.275829][ T5928] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[   86.285171][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.392997][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[   86.407134][ T5928] usb 4-1: Product: syz
[   86.412927][ T5928] usb 4-1: Manufacturer: syz
[   86.417545][ T5928] usb 4-1: SerialNumber: syz
[   86.441316][ T5928] usb 4-1: config 0 descriptor??
[   86.553083][ T5168] Bluetooth: hci5: urb ffff88802945e400 submission failed (2)
[   86.672439][  T977] cfg80211: failed to load regulatory.db
[   86.690208][ T5928] usb 4-1: USB disconnect, device number 2
[   86.812912][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout
[   86.893464][ T5168] Bluetooth: hci2: command 0x0c1a tx timeout
[   86.965163][ T6104] syz.1.49 (6104): drop_caches: 2
[   86.978758][ T5168] Bluetooth: hci4: command 0x0c1a tx timeout
[   86.979366][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[   87.048311][ T6116] netlink: 48 bytes leftover after parsing attributes in process `syz.4.55'.
[   87.080856][ T6116] tc_dump_action: action bad kind
[   87.517386][ T6122] netlink: 28 bytes leftover after parsing attributes in process `syz.3.57'.
[   87.569445][ T6124] ptrace attach of "./syz-executor exec"[5865] was attempted by "./syz-executor exec"[6124]
[   88.047450][ T6135] xt_recent: Unsupported userspace flags (000000de)
[   88.300837][ T6142] netlink: 16 bytes leftover after parsing attributes in process `syz.4.63'.
[   88.331982][ T6142] bond0: entered promiscuous mode
[   88.347935][ T6142] bond_slave_0: entered promiscuous mode
[   88.396509][ T6146] netlink: 16 bytes leftover after parsing attributes in process `syz.3.62'.
[   88.422362][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[   88.422368][   T30] kauditd_printk_skb: 3 callbacks suppressed
[   88.422380][   T30] audit: type=1800 audit(1752894561.095:15): pid=6146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.62" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[   88.479519][ T6142] bond_slave_1: entered promiscuous mode
[   88.708324][ T6142] bond0: left promiscuous mode
[   88.725776][ T6142] bond_slave_0: left promiscuous mode
[   88.754485][ T5928] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   88.761752][ T6142] bond_slave_1: left promiscuous mode
[   88.869407][ T6151] netlink: 56 bytes leftover after parsing attributes in process `syz.2.65'.
[   88.895859][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[   88.924801][ T5928] usb 2-1: config 0 has no interfaces?
[   88.972892][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[   89.102973][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[   89.129247][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[   89.231955][ T5928] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   89.278639][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.320351][ T5928] usb 2-1: Product: syz
[   89.330342][ T5928] usb 2-1: Manufacturer: syz
[   89.398231][ T5928] usb 2-1: SerialNumber: syz
[   89.469311][ T6155] netlink: 48 bytes leftover after parsing attributes in process `syz.4.66'.
[   89.500309][ T6155] tc_dump_action: action bad kind
[   89.523769][ T5928] usb 2-1: config 0 descriptor??
[   89.772296][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.61'.
[   89.788742][ T6143] pimreg: entered allmulticast mode
[   90.139759][ T6162] syz.4.69 uses obsolete (PF_INET,SOCK_PACKET)
[   90.502928][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout
[   90.537451][ T6174] netlink: 8 bytes leftover after parsing attributes in process `syz.0.76'.
[   90.548719][ T6174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'.
[   90.558817][ T6174] netlink: 'syz.0.76': attribute type 15 has an invalid length.
[   90.582768][ T5928] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   90.602009][ T6178] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   90.745046][ T5928] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[   90.760861][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.795091][ T5928] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   90.806879][ T5928] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   90.829397][ T5928] usb 4-1: Manufacturer: syz
[   90.845329][ T5928] usb 4-1: config 0 descriptor??
[   90.975047][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[   90.981200][ T5928] rc_core: IR keymap rc-hauppauge not found
[   90.993822][ T5928] Registered IR keymap rc-empty
[   91.016323][ T5928] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[   91.047738][ T5928] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8
[   91.062858][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[   91.212832][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[   91.218910][ T5168] Bluetooth: hci3: command 0x0c1a tx timeout
[   91.272085][   T10] usb 2-1: USB disconnect, device number 3
[   91.285491][ T5928] usb 4-1: USB disconnect, device number 3
[   91.678461][ T6207] syz_tun: entered allmulticast mode
[   92.002735][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   92.175599][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.254372][ T5913] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   92.268185][   T10] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   92.278215][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.331056][   T10] usb 5-1: config 0 descriptor??
[   92.482898][ T5913] usb 4-1: Using ep0 maxpacket: 32
[   92.510065][ T5913] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[   92.521112][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.529495][ T5913] usb 4-1: Product: syz
[   92.534532][ T5913] usb 4-1: Manufacturer: syz
[   92.539151][ T5913] usb 4-1: SerialNumber: syz
[   92.549080][ T5913] usb 4-1: config 0 descriptor??
[   92.602767][ T5928] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.631463][ T5913] usb 4-1: no audio or video endpoints found
[   92.741107][   T10] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor
[   92.839170][ T5913] usb 4-1: USB disconnect, device number 4
[   92.862386][ T5928] usb 2-1: config 0 has no interfaces?
[   92.891503][   T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0002/input/input9
[   92.918062][ T5928] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   92.934249][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.943729][ T6209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.954245][ T6209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.979780][ T6209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.988305][ T5928] usb 2-1: Product: syz
[   92.998099][ T6209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.998115][ T5928] usb 2-1: Manufacturer: syz
[   93.024858][ T5928] usb 2-1: SerialNumber: syz
[   93.045267][ T5928] usb 2-1: config 0 descriptor??
[   93.108677][   T10] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[   93.217894][ T6209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   93.242294][ T6209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.278526][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.91'.
[   93.346492][ T5913] usb 5-1: USB disconnect, device number 4
[   93.664075][ T6247] FAULT_INJECTION: forcing a failure.
[   93.664075][ T6247] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   93.677584][ T6247] CPU: 0 UID: 0 PID: 6247 Comm: syz.4.99 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[   93.677607][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   93.677624][ T6247] Call Trace:
[   93.677631][ T6247]  <TASK>
[   93.677638][ T6247]  dump_stack_lvl+0x189/0x250
[   93.677670][ T6247]  ? __pfx____ratelimit+0x10/0x10
[   93.677688][ T6247]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.677709][ T6247]  ? __pfx__printk+0x10/0x10
[   93.677731][ T6247]  ? __might_fault+0xb0/0x130
[   93.677765][ T6247]  should_fail_ex+0x414/0x560
[   93.677788][ T6247]  _copy_from_iter+0x1db/0x16f0
[   93.677819][ T6247]  ? policy_nodemask+0x27c/0x720
[   93.677841][ T6247]  ? __pfx__copy_from_iter+0x10/0x10
[   93.677868][ T6247]  ? set_page_refcounted+0xa0/0x1e0
[   93.677891][ T6247]  ? page_copy_sane+0x4e/0x280
[   93.677913][ T6247]  copy_page_from_iter+0xdd/0x170
[   93.677939][ T6247]  tun_get_user+0x1c4d/0x3ce0
[   93.677962][ T6247]  ? tun_get_user+0x693/0x3ce0
[   93.677996][ T6247]  ? aa_file_perm+0x11f/0xed0
[   93.678016][ T6247]  ? __pfx_tun_get_user+0x10/0x10
[   93.678036][ T6247]  ? aa_file_perm+0x11f/0xed0
[   93.678054][ T6247]  ? aa_file_perm+0x3e7/0xed0
[   93.678085][ T6247]  ? ref_tracker_alloc+0x318/0x460
[   93.678102][ T6247]  ? __lock_acquire+0xab9/0xd20
[   93.678122][ T6247]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   93.678146][ T6247]  ? tun_get+0x1c/0x2f0
[   93.678173][ T6247]  ? tun_get+0x1c/0x2f0
[   93.678192][ T6247]  ? tun_get+0x1c/0x2f0
[   93.678231][ T6247]  tun_chr_write_iter+0x113/0x200
[   93.678254][ T6247]  vfs_write+0x548/0xa90
[   93.678281][ T6247]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   93.678302][ T6247]  ? __pfx_vfs_write+0x10/0x10
[   93.678334][ T6247]  ? __fget_files+0x2a/0x420
[   93.678359][ T6247]  ksys_write+0x145/0x250
[   93.678383][ T6247]  ? __pfx_ksys_write+0x10/0x10
[   93.678402][ T6247]  ? rcu_is_watching+0x15/0xb0
[   93.678427][ T6247]  ? do_syscall_64+0xbe/0x3b0
[   93.678453][ T6247]  do_syscall_64+0xfa/0x3b0
[   93.678470][ T6247]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.678488][ T6247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.678505][ T6247]  ? clear_bhb_loop+0x60/0xb0
[   93.678525][ T6247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.678542][ T6247] RIP: 0033:0x7f81f098d45f
[   93.678561][ T6247] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   93.678575][ T6247] RSP: 002b:00007f81f1714000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   93.678594][ T6247] RAX: ffffffffffffffda RBX: 00007f81f0bb5fa0 RCX: 00007f81f098d45f
[   93.678606][ T6247] RDX: 0000000000000046 RSI: 0000200000000200 RDI: 00000000000000c8
[   93.678617][ T6247] RBP: 00007f81f1714090 R08: 0000000000000000 R09: 0000000000000000
[   93.678627][ T6247] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001
[   93.678637][ T6247] R13: 0000000000000000 R14: 00007f81f0bb5fa0 R15: 00007f81f0cdfa28
[   93.678665][ T6247]  </TASK>
[   94.222353][ T6254] bridge0: port 3(syz_tun) entered blocking state
[   94.252437][ T6254] bridge0: port 3(syz_tun) entered disabled state
[   94.278413][ T6254] syz_tun: entered allmulticast mode
[   94.312559][ T6254] syz_tun: entered promiscuous mode
[   94.318831][ T6254] bridge0: port 3(syz_tun) entered blocking state
[   94.325728][ T6254] bridge0: port 3(syz_tun) entered forwarding state
[   94.362827][   T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   94.514101][   T10] usb 4-1: Using ep0 maxpacket: 16
[   94.541321][   T10] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[   94.557504][   T10] usb 4-1: config 1 has no interface number 0
[   94.571810][   T10] usb 4-1: config 1 interface 105 has no altsetting 0
[   94.586316][   T10] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   94.597966][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.609503][   T10] usb 4-1: Product: syz
[   94.614409][   T10] usb 4-1: Manufacturer: syz
[   94.626943][   T10] usb 4-1: SerialNumber: syz
[   95.212938][ T5921] usb 2-1: USB disconnect, device number 4
[   95.367151][   T10] aqc111 4-1:1.105: probe with driver aqc111 failed with error -22
[   95.400482][   T10] usb 4-1: USB disconnect, device number 5
[   96.362769][ T5921] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   96.593092][   T30] audit: type=1326 audit(1752894569.215:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.2.117" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[   96.614633][    C1] vkms_vblank_simulate: vblank timer overrun
[   96.880179][ T5921] usb 1-1: config 0 has no interfaces?
[   96.894005][ T5921] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   96.923731][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.951176][ T5921] usb 1-1: Product: syz
[   96.961396][ T5921] usb 1-1: Manufacturer: syz
[   96.968829][ T5921] usb 1-1: SerialNumber: syz
[   97.030170][ T5921] usb 1-1: config 0 descriptor??
[   97.786560][ T6329] usb usb8: usbfs: process 6329 (syz.4.126) did not claim interface 0 before use
[   97.917563][  T977] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   97.953194][ T6334] netlink: 20 bytes leftover after parsing attributes in process `syz.4.126'.
[   98.077617][ T6336] netlink: 40 bytes leftover after parsing attributes in process `syz.1.128'.
[   98.247887][  T977] usb 4-1: config 0 has no interfaces?
[   98.461483][  T977] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   98.725392][  T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.814405][ T5921] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   98.833428][  T977] usb 4-1: Product: syz
[   98.994210][ T5921] usb 3-1: Using ep0 maxpacket: 32
[   99.002282][  T977] usb 4-1: Manufacturer: syz
[   99.017472][ T5906] usb 1-1: USB disconnect, device number 4
[   99.033003][ T5921] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[   99.051397][ T5921] usb 3-1: config 0 has an invalid descriptor of length 127, skipping remainder of the config
[   99.054120][  T977] usb 4-1: SerialNumber: syz
[   99.109054][ T5921] usb 3-1: config 0 has no interface number 0
[   99.158584][ T5921] usb 3-1: config 0 interface 184 altsetting 7 has an endpoint descriptor with address 0x4F, changing to 0xF
[   99.184226][  T977] usb 4-1: config 0 descriptor??
[   99.219603][ T5921] usb 3-1: config 0 interface 184 altsetting 7 endpoint 0xF has an invalid bInterval 35, changing to 9
[   99.290448][ T5921] usb 3-1: config 0 interface 184 altsetting 7 endpoint 0xF has invalid maxpacket 17376, setting to 1024
[   99.347177][ T5921] usb 3-1: config 0 interface 184 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   99.388647][ T5921] usb 3-1: config 0 interface 184 has no altsetting 0
[   99.400930][ T6349] binder: BINDER_SET_CONTEXT_MGR already set
[   99.408047][ T6349] binder: 6348:6349 ioctl 4018620d 200000000040 returned -16
[   99.430656][ T5921] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   99.465731][ T6323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.124'.
[   99.493674][ T6323] pimreg: entered allmulticast mode
[   99.506236][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.528844][ T5921] usb 3-1: Product: syz
[   99.541694][ T5921] usb 3-1: Manufacturer: syz
[   99.556892][ T5921] usb 3-1: SerialNumber: syz
[   99.596309][ T5921] usb 3-1: config 0 descriptor??
[   99.612298][ T5921] smsc75xx v1.0.0
[   99.620623][ T5921] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   99.660486][ T5921] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[   99.681381][ T6355] netlink: 12 bytes leftover after parsing attributes in process `syz.0.134'.
[   99.694187][ T6355] xt_policy: neither incoming nor outgoing policy selected
[   99.703569][ T6355] netlink: 56 bytes leftover after parsing attributes in process `syz.0.134'.
[   99.836283][ T6357] xt_recent: Unsupported userspace flags (000000de)
[  100.462877][  T977] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  100.497092][ T6371] netlink: 24 bytes leftover after parsing attributes in process `syz.4.141'.
[  100.523878][ T2151] usb 4-1: USB disconnect, device number 6
[  100.549555][ T6373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.141'.
[  100.716392][ T6371] netlink: 'syz.4.141': attribute type 10 has an invalid length.
[  100.787809][  T977] usb 2-1: Using ep0 maxpacket: 16
[  100.796730][  T977] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  100.807449][  T977] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  100.827026][  T977] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  100.836333][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.900052][  T977] usb 2-1: Product: syz
[  100.906776][  T977] usb 2-1: Manufacturer: syz
[  100.915657][  T977] usb 2-1: SerialNumber: syz
[  100.937857][   T30] audit: type=1326 audit(1752894573.615:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  100.970704][   T30] audit: type=1326 audit(1752894573.645:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f76fbf8d310 code=0x7ffc0000
[  101.107740][   T30] audit: type=1326 audit(1752894573.645:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.143109][   T30] audit: type=1326 audit(1752894573.645:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.165311][   T30] audit: type=1326 audit(1752894573.645:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.245410][  T977] usb 2-1: 0:2 : does not exist
[  101.268287][  T977] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  101.335505][   T30] audit: type=1326 audit(1752894573.645:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.362230][  T977] usb 2-1: USB disconnect, device number 5
[  101.427799][   T30] audit: type=1326 audit(1752894573.645:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.573724][   T30] audit: type=1326 audit(1752894573.645:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.691261][ T6396] xt_hashlimit: size too large, truncated to 1048576
[  101.730169][   T30] audit: type=1326 audit(1752894573.645:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.769708][ T6398] 
: renamed from bridge_slave_0 (while UP)
[  101.829043][   T30] audit: type=1326 audit(1752894573.645:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.858365][   T30] audit: type=1326 audit(1752894573.675:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  101.937603][ T5906] usb 3-1: USB disconnect, device number 3
[  102.025838][   T30] audit: type=1326 audit(1752894573.675:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  102.062879][  T977] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  102.121224][   T30] audit: type=1326 audit(1752894573.675:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  102.310465][   T30] audit: type=1326 audit(1752894573.675:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  102.550000][  T977] usb 2-1: config 0 has no interfaces?
[  102.592140][   T30] audit: type=1326 audit(1752894573.675:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  102.592230][  T977] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  102.630221][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.709016][  T977] usb 2-1: Product: syz
[  102.727245][  T977] usb 2-1: Manufacturer: syz
[  102.735743][  T977] usb 2-1: SerialNumber: syz
[  102.774295][ T6414] capability: warning: `syz.4.151' uses deprecated v2 capabilities in a way that may be insecure
[  102.816364][  T977] usb 2-1: config 0 descriptor??
[  102.879222][   T30] audit: type=1326 audit(1752894573.675:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  102.959721][   T30] audit: type=1326 audit(1752894573.685:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  103.441163][   T30] audit: type=1326 audit(1752894573.685:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76fbf8e9a9 code=0x7ffc0000
[  103.822746][ T2151] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  103.998269][ T2151] usb 1-1: config 0 has no interfaces?
[  104.008063][ T2151] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  104.018370][ T2151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.027670][ T2151] usb 1-1: Product: syz
[  104.075203][ T2151] usb 1-1: Manufacturer: syz
[  104.088309][ T2151] usb 1-1: SerialNumber: syz
[  104.105165][ T2151] usb 1-1: config 0 descriptor??
[  104.618412][ T5921] usb 2-1: USB disconnect, device number 6
[  104.830475][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.162'.
[  104.974357][ T6447] bridge0: port 3(syz_tun) entered blocking state
[  104.995870][ T6447] bridge0: port 3(syz_tun) entered disabled state
[  105.011425][ T6447] syz_tun: entered allmulticast mode
[  105.098618][ T6447] bridge0: port 3(syz_tun) entered blocking state
[  105.105189][ T6447] bridge0: port 3(syz_tun) entered forwarding state
[  105.604903][ T6453] netlink: 52 bytes leftover after parsing attributes in process `syz.2.165'.
[  105.625515][ T6453] netlink: 52 bytes leftover after parsing attributes in process `syz.2.165'.
[  105.668689][ T6453] netlink: 52 bytes leftover after parsing attributes in process `syz.2.165'.
[  105.697116][ T6455] netlink: 348 bytes leftover after parsing attributes in process `syz.1.167'.
[  105.820747][ T6455] bridge_slave_0: left allmulticast mode
[  105.828391][ T6455] bridge_slave_0: left promiscuous mode
[  105.839649][ T6455] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.868643][ T6457] netlink: 'syz.1.167': attribute type 10 has an invalid length.
[  105.928506][ T6455] bridge_slave_1: left allmulticast mode
[  105.937880][ T6455] bridge_slave_1: left promiscuous mode
[  105.945989][ T6455] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.961603][ T6455] bond0: (slave bond_slave_0): Releasing backup interface
[  105.991552][ T6455] bond0: (slave bond_slave_1): Releasing backup interface
[  106.058051][ T6455] team0: Failed to send options change via netlink (err -105)
[  106.081478][ T6455] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  106.095411][ T6455] team0: Port device team_slave_0 removed
[  106.128382][ T6455] team0: Failed to send options change via netlink (err -105)
[  106.138857][ T6455] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  106.150221][ T6455] team0: Port device team_slave_1 removed
[  106.168279][ T6455] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.179611][ T6455] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.194792][ T6455] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.203870][ T6455] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.257022][ T6457] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.265337][ T2151] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  106.289027][ T6457] team0: Failed to send port change of device bond0 via netlink (err -105)
[  106.362988][ T6457] team0: Failed to send options change via netlink (err -105)
[  106.370502][ T6457] team0: Port device bond0 added
[  106.440388][   T59] team0: Failed to send port change of device bond0 via netlink (err -105)
[  106.526069][ T2151] usb 3-1: Using ep0 maxpacket: 32
[  106.534831][ T2151] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  106.543404][ T2151] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  106.564314][ T2151] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  106.576889][   T24] usb 1-1: USB disconnect, device number 5
[  106.638472][ T2151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  106.669374][ T2151] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  106.707328][ T2151] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  106.769193][ T2151] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  106.790640][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.954395][ T2151] usb 3-1: config 0 descriptor??
[  107.176452][ T2151] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  107.269261][ T6464] geneve2: entered allmulticast mode
[  107.362020][ T2151] usb 3-1: USB disconnect, device number 4
[  107.492914][ T2151] usblp0: removed
[  107.800898][ T2151] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  108.141586][ T2151] usb 3-1: Using ep0 maxpacket: 32
[  108.460498][ T2151] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  108.481443][ T2151] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  108.530667][ T2151] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  108.587867][ T2151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  108.616801][ T2151] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  108.637515][ T2151] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  108.690366][ T2151] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  108.750595][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.876639][ T2151] usb 3-1: config 0 descriptor??
[  108.993331][ T2151] usb 3-1: can't set config #0, error -71
[  109.038219][ T2151] usb 3-1: USB disconnect, device number 5
[  109.208146][ T6481] Cannot find set identified by id 0 to match
[  109.254010][ T6483] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  109.583616][ T5906] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  109.793382][ T5906] usb 3-1: Using ep0 maxpacket: 32
[  109.814957][ T5906] usb 3-1: config 0 interface 0 has no altsetting 0
[  109.847993][ T5906] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  109.872576][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.009473][ T5906] usb 3-1: Product: syz
[  110.045749][ T5906] usb 3-1: Manufacturer: syz
[  110.054532][ T5906] usb 3-1: SerialNumber: syz
[  110.075528][ T5906] usb 3-1: config 0 descriptor??
[  110.099491][ T5906] gs_usb 3-1:0.0: Required endpoints not found
[  110.290079][ T6485] ip6_vti0: left promiscuous mode
[  110.302795][ T6485] netlink: 136 bytes leftover after parsing attributes in process `syz.2.175'.
[  110.356030][ T6485] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  110.420462][   T24] usb 3-1: USB disconnect, device number 6
[  110.759954][ T5906] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  110.986410][ T5906] usb 2-1: Using ep0 maxpacket: 16
[  111.027716][ T6533] input: syz0 as /devices/virtual/input/input10
[  111.073556][ T5906] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  111.088831][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  111.098097][ T5906] usb 2-1: Product: syz
[  111.102306][ T5906] usb 2-1: Manufacturer: syz
[  111.116765][ T5906] usb 2-1: SerialNumber: syz
[  111.205704][ T5906] usb 2-1: config 0 descriptor??
[  111.504612][ T6545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.186'.
[  111.513825][ T6545] netlink: 20 bytes leftover after parsing attributes in process `syz.1.186'.
[  112.083227][ T5906] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  112.380570][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  112.458429][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  112.492628][ T5906] usb 4-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[  112.510841][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.565725][ T6566] kvm: emulating exchange as write
[  112.598357][ T5906] usb 4-1: config 0 descriptor??
[  112.606696][ T6555] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  113.020228][ T6555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.033488][ T6555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.097405][ T5906] usbhid 4-1:0.0: can't add hid device: -71
[  113.131343][ T5906] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  113.189532][ T5906] usb 4-1: USB disconnect, device number 7
[  113.419285][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  113.419300][   T30] audit: type=1326 audit(1752894586.095:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6574 comm="syz.2.203" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  114.022082][ T2151] usb 2-1: USB disconnect, device number 7
[  114.631172][ T2151] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  114.813347][ T2151] usb 2-1: Using ep0 maxpacket: 32
[  114.828859][ T2151] usb 2-1: New USB device found, idVendor=78d9, idProduct=ee53, bcdDevice=29.dc
[  114.841345][ T2151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.860987][ T2151] usb 2-1: config 0 descriptor??
[  115.367881][ T6615] ptrace attach of "./syz-executor exec"[5862] was attempted by "./syz-executor exec"[6615]
[  115.676795][ T6611] syz.3.214 (6611): drop_caches: 2
[  116.019480][   T51] Bluetooth: hci4: Malformed HCI Event: 0x22
[  116.120861][ T6621] netlink: 'syz.0.217': attribute type 1 has an invalid length.
[  116.174322][ T6621] bond2: entered promiscuous mode
[  116.189556][ T6621] 8021q: adding VLAN 0 to HW filter on device bond2
[  116.356676][ T5906] usb 2-1: USB disconnect, device number 8
[  116.486966][ T6631] FAULT_INJECTION: forcing a failure.
[  116.486966][ T6631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.542874][ T6631] CPU: 0 UID: 0 PID: 6631 Comm: syz.1.220 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  116.542900][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.542910][ T6631] Call Trace:
[  116.542918][ T6631]  <TASK>
[  116.542926][ T6631]  dump_stack_lvl+0x189/0x250
[  116.542952][ T6631]  ? __pfx____ratelimit+0x10/0x10
[  116.542971][ T6631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.542992][ T6631]  ? __pfx__printk+0x10/0x10
[  116.543027][ T6631]  should_fail_ex+0x414/0x560
[  116.543051][ T6631]  _copy_to_user+0x31/0xb0
[  116.543077][ T6631]  simple_read_from_buffer+0xe1/0x170
[  116.543106][ T6631]  proc_fail_nth_read+0x1df/0x250
[  116.543127][ T6631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.543148][ T6631]  ? rw_verify_area+0x258/0x650
[  116.543168][ T6631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.543187][ T6631]  vfs_read+0x200/0x980
[  116.543214][ T6631]  ? __pfx___mutex_lock+0x10/0x10
[  116.543234][ T6631]  ? __pfx_vfs_read+0x10/0x10
[  116.543257][ T6631]  ? __fget_files+0x2a/0x420
[  116.543285][ T6631]  ? __fget_files+0x3a0/0x420
[  116.543300][ T6631]  ? __fget_files+0x2a/0x420
[  116.543325][ T6631]  ksys_read+0x145/0x250
[  116.543350][ T6631]  ? __pfx_ksys_read+0x10/0x10
[  116.543377][ T6631]  ? do_syscall_64+0xbe/0x3b0
[  116.543400][ T6631]  do_syscall_64+0xfa/0x3b0
[  116.543417][ T6631]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.543435][ T6631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.543452][ T6631]  ? clear_bhb_loop+0x60/0xb0
[  116.543473][ T6631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.543489][ T6631] RIP: 0033:0x7f691518d3bc
[  116.543505][ T6631] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  116.543519][ T6631] RSP: 002b:00007f691606e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.543538][ T6631] RAX: ffffffffffffffda RBX: 00007f69153b5fa0 RCX: 00007f691518d3bc
[  116.543550][ T6631] RDX: 000000000000000f RSI: 00007f691606e0a0 RDI: 0000000000000005
[  116.543560][ T6631] RBP: 00007f691606e090 R08: 0000000000000000 R09: 0000000000000000
[  116.543570][ T6631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.543580][ T6631] R13: 0000000000000000 R14: 00007f69153b5fa0 R15: 00007f69154dfa28
[  116.543608][ T6631]  </TASK>
[  116.905705][ T6637] netlink: 428 bytes leftover after parsing attributes in process `syz.0.221'.
[  116.941022][ T6637] netlink: 32 bytes leftover after parsing attributes in process `syz.0.221'.
[  117.080516][ T6641] netlink: 5 bytes leftover after parsing attributes in process `syz.1.225'.
[  117.128106][ T6641] 0ªX¹¦D: renamed from macvtap0 (while UP)
[  117.157082][ T6641] 0ªX¹¦D: entered allmulticast mode
[  117.164479][ T6641] veth0_macvtap: entered allmulticast mode
[  117.182234][ T6641] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  117.222170][ T6647] netlink: 52 bytes leftover after parsing attributes in process `syz.3.227'.
[  117.231625][ T6647] netlink: 52 bytes leftover after parsing attributes in process `syz.3.227'.
[  117.248909][ T6647] netlink: 52 bytes leftover after parsing attributes in process `syz.3.227'.
[  117.258031][   T30] audit: type=1326 audit(1752894589.925:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.4.224" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f81f098e9a9 code=0x0
[  117.769252][ T6662] FAULT_INJECTION: forcing a failure.
[  117.769252][ T6662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.784363][ T6662] CPU: 0 UID: 0 PID: 6662 Comm: syz.0.231 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  117.784388][ T6662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.784398][ T6662] Call Trace:
[  117.784406][ T6662]  <TASK>
[  117.784413][ T6662]  dump_stack_lvl+0x189/0x250
[  117.784438][ T6662]  ? __pfx____ratelimit+0x10/0x10
[  117.784458][ T6662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.784478][ T6662]  ? __pfx__printk+0x10/0x10
[  117.784513][ T6662]  should_fail_ex+0x414/0x560
[  117.784538][ T6662]  _copy_to_user+0x31/0xb0
[  117.784564][ T6662]  simple_read_from_buffer+0xe1/0x170
[  117.784593][ T6662]  proc_fail_nth_read+0x1df/0x250
[  117.784614][ T6662]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  117.784635][ T6662]  ? rw_verify_area+0x258/0x650
[  117.784656][ T6662]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  117.784675][ T6662]  vfs_read+0x200/0x980
[  117.784701][ T6662]  ? __pfx___mutex_lock+0x10/0x10
[  117.784721][ T6662]  ? __pfx_vfs_read+0x10/0x10
[  117.784745][ T6662]  ? __fget_files+0x2a/0x420
[  117.784765][ T6662]  ? __fget_files+0x3a0/0x420
[  117.784780][ T6662]  ? __fget_files+0x2a/0x420
[  117.784810][ T6662]  ksys_read+0x145/0x250
[  117.784834][ T6662]  ? __pfx_ksys_read+0x10/0x10
[  117.784853][ T6662]  ? rcu_is_watching+0x15/0xb0
[  117.784880][ T6662]  ? do_syscall_64+0xbe/0x3b0
[  117.784903][ T6662]  do_syscall_64+0xfa/0x3b0
[  117.784919][ T6662]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.784935][ T6662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.784951][ T6662]  ? clear_bhb_loop+0x60/0xb0
[  117.784971][ T6662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.784987][ T6662] RIP: 0033:0x7fd269b8d3bc
[  117.785005][ T6662] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  117.785019][ T6662] RSP: 002b:00007fd26aadd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  117.785037][ T6662] RAX: ffffffffffffffda RBX: 00007fd269db5fa0 RCX: 00007fd269b8d3bc
[  117.785049][ T6662] RDX: 000000000000000f RSI: 00007fd26aadd0a0 RDI: 0000000000000004
[  117.785059][ T6662] RBP: 00007fd26aadd090 R08: 0000000000000000 R09: 0000000000000000
[  117.785069][ T6662] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  117.785079][ T6662] R13: 0000000000000000 R14: 00007fd269db5fa0 R15: 00007fd269edfa28
[  117.785106][ T6662]  </TASK>
[  118.420532][ T6664] team0: Port device bond0 removed
[  118.458805][ T6669] fuse: Bad value for 'fd'
[  118.460560][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'.
[  118.530739][ T6668] chnl_net:caif_netlink_parms(): no params data found
[  118.945088][ T6676] syz.2.235 (6676): drop_caches: 2
[  118.968620][ T6675] syz.4.233 (6675): drop_caches: 2
[  119.110938][ T6679] bridge0: port 3(syz_tun) entered blocking state
[  119.119661][ T6679] bridge0: port 3(syz_tun) entered disabled state
[  119.127930][ T6679] syz_tun: entered allmulticast mode
[  119.142616][ T6679] syz_tun: entered promiscuous mode
[  119.159461][ T6679] bridge0: port 3(syz_tun) entered blocking state
[  119.166040][ T6679] bridge0: port 3(syz_tun) entered forwarding state
[  119.593380][ T6684] FAULT_INJECTION: forcing a failure.
[  119.593380][ T6684] name failslab, interval 1, probability 0, space 0, times 1
[  119.606204][ T6684] CPU: 1 UID: 0 PID: 6684 Comm: syz.0.238 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  119.606227][ T6684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.606240][ T6684] Call Trace:
[  119.606247][ T6684]  <TASK>
[  119.606255][ T6684]  dump_stack_lvl+0x189/0x250
[  119.606288][ T6684]  ? __pfx____ratelimit+0x10/0x10
[  119.606307][ T6684]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.606328][ T6684]  ? __pfx__printk+0x10/0x10
[  119.606354][ T6684]  ? migrate_enable+0x29c/0x3c0
[  119.606375][ T6684]  ? __lock_acquire+0xab9/0xd20
[  119.606399][ T6684]  should_fail_ex+0x414/0x560
[  119.606423][ T6684]  should_failslab+0xa8/0x100
[  119.606449][ T6684]  kmem_cache_alloc_noprof+0x73/0x3c0
[  119.606471][ T6684]  ? skb_clone+0x212/0x3a0
[  119.606487][ T6684]  ? run_filter+0x23/0x270
[  119.606515][ T6684]  skb_clone+0x212/0x3a0
[  119.606530][ T6684]  ? packet_rcv+0x567/0x1590
[  119.606554][ T6684]  packet_rcv+0x6d6/0x1590
[  119.606583][ T6684]  ? __pfx_packet_rcv+0x10/0x10
[  119.606607][ T6684]  __netif_receive_skb_core+0x3132/0x4180
[  119.606639][ T6684]  ? __kernel_text_address+0xd/0x40
[  119.606655][ T6684]  ? unwind_get_return_address+0x4d/0x90
[  119.606674][ T6684]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  119.606709][ T6684]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  119.606729][ T6684]  ? stack_trace_save+0x9c/0xe0
[  119.606758][ T6684]  ? __lock_acquire+0xab9/0xd20
[  119.606781][ T6684]  ? netif_receive_skb+0x115/0x790
[  119.606801][ T6684]  ? netif_receive_skb+0x115/0x790
[  119.606822][ T6684]  __netif_receive_skb+0x72/0x380
[  119.606847][ T6684]  ? netif_receive_skb+0x115/0x790
[  119.606863][ T6684]  netif_receive_skb+0x1cb/0x790
[  119.606879][ T6684]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  119.606898][ T6684]  ? __pfx_netif_receive_skb+0x10/0x10
[  119.606920][ T6684]  ? tun_rx_batched+0x160/0x730
[  119.606941][ T6684]  tun_rx_batched+0x1b9/0x730
[  119.606960][ T6684]  ? __lock_acquire+0xab9/0xd20
[  119.606982][ T6684]  ? __pfx_tun_rx_batched+0x10/0x10
[  119.607006][ T6684]  ? tun_get_user+0x2549/0x3ce0
[  119.607040][ T6684]  tun_get_user+0x298e/0x3ce0
[  119.607070][ T6684]  ? tun_get_user+0x693/0x3ce0
[  119.607088][ T6684]  ? tun_get_user+0x2549/0x3ce0
[  119.607119][ T6684]  ? aa_file_perm+0x11f/0xed0
[  119.607138][ T6684]  ? __pfx_tun_get_user+0x10/0x10
[  119.607159][ T6684]  ? aa_file_perm+0x3e7/0xed0
[  119.607191][ T6684]  ? ref_tracker_alloc+0x318/0x460
[  119.607207][ T6684]  ? __lock_acquire+0xab9/0xd20
[  119.607225][ T6684]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  119.607248][ T6684]  ? tun_get+0x1c/0x2f0
[  119.607273][ T6684]  ? tun_get+0x1c/0x2f0
[  119.607292][ T6684]  ? tun_get+0x1c/0x2f0
[  119.607316][ T6684]  tun_chr_write_iter+0x113/0x200
[  119.607341][ T6684]  vfs_write+0x548/0xa90
[  119.607368][ T6684]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  119.607389][ T6684]  ? __pfx_vfs_write+0x10/0x10
[  119.607422][ T6684]  ? __fget_files+0x2a/0x420
[  119.607447][ T6684]  ksys_write+0x145/0x250
[  119.607472][ T6684]  ? __pfx_ksys_write+0x10/0x10
[  119.607490][ T6684]  ? rcu_is_watching+0x15/0xb0
[  119.607513][ T6684]  ? do_syscall_64+0xbe/0x3b0
[  119.607537][ T6684]  do_syscall_64+0xfa/0x3b0
[  119.607554][ T6684]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.607571][ T6684]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.607588][ T6684]  ? clear_bhb_loop+0x60/0xb0
[  119.607609][ T6684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.607625][ T6684] RIP: 0033:0x7fd269b8d45f
[  119.607647][ T6684] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  119.607662][ T6684] RSP: 002b:00007fd26aadd000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  119.607687][ T6684] RAX: ffffffffffffffda RBX: 00007fd269db5fa0 RCX: 00007fd269b8d45f
[  119.607699][ T6684] RDX: 0000000000000046 RSI: 0000200000000200 RDI: 00000000000000c8
[  119.607710][ T6684] RBP: 00007fd26aadd090 R08: 0000000000000000 R09: 0000000000000000
[  119.607720][ T6684] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001
[  119.607730][ T6684] R13: 0000000000000000 R14: 00007fd269db5fa0 R15: 00007fd269edfa28
[  119.607759][ T6684]  </TASK>
[  120.580405][ T6696] FAULT_INJECTION: forcing a failure.
[  120.580405][ T6696] name failslab, interval 1, probability 0, space 0, times 0
[  120.643691][ T6706] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  120.711501][ T6696] CPU: 0 UID: 0 PID: 6696 Comm: syz.1.240 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  120.711525][ T6696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  120.711535][ T6696] Call Trace:
[  120.711542][ T6696]  <TASK>
[  120.711549][ T6696]  dump_stack_lvl+0x189/0x250
[  120.711573][ T6696]  ? __pfx____ratelimit+0x10/0x10
[  120.711588][ T6696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.711606][ T6696]  ? __pfx__printk+0x10/0x10
[  120.711634][ T6696]  ? __pfx___might_resched+0x10/0x10
[  120.711653][ T6696]  ? fs_reclaim_acquire+0x7d/0x100
[  120.711675][ T6696]  should_fail_ex+0x414/0x560
[  120.711699][ T6696]  should_failslab+0xa8/0x100
[  120.711725][ T6696]  __kmalloc_noprof+0xcb/0x4f0
[  120.711743][ T6696]  ? kfree+0x4d/0x440
[  120.711761][ T6696]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  120.711784][ T6696]  tomoyo_realpath_from_path+0xe3/0x5d0
[  120.711804][ T6696]  ? tomoyo_domain+0xd9/0x130
[  120.711828][ T6696]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  120.711852][ T6696]  tomoyo_path_number_perm+0x1e8/0x5a0
[  120.711879][ T6696]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.711920][ T6696]  ? __lock_acquire+0xab9/0xd20
[  120.711978][ T6696]  ? __fget_files+0x2a/0x420
[  120.711998][ T6696]  ? __fget_files+0x2a/0x420
[  120.712012][ T6696]  ? __fget_files+0x3a0/0x420
[  120.712026][ T6696]  ? __fget_files+0x2a/0x420
[  120.712045][ T6696]  security_file_ioctl+0xcb/0x2d0
[  120.712072][ T6696]  __se_sys_ioctl+0x47/0x170
[  120.712096][ T6696]  do_syscall_64+0xfa/0x3b0
[  120.712114][ T6696]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.712132][ T6696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.712149][ T6696]  ? clear_bhb_loop+0x60/0xb0
[  120.712170][ T6696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.712186][ T6696] RIP: 0033:0x7f691518e9a9
[  120.712202][ T6696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.712216][ T6696] RSP: 002b:00007f691604d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.712233][ T6696] RAX: ffffffffffffffda RBX: 00007f69153b6080 RCX: 00007f691518e9a9
[  120.712242][ T6696] RDX: 0000200000000040 RSI: 00000000c004ae0a RDI: 0000000000000004
[  120.712250][ T6696] RBP: 00007f691604d090 R08: 0000000000000000 R09: 0000000000000000
[  120.712257][ T6696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.712264][ T6696] R13: 0000000000000001 R14: 00007f69153b6080 R15: 00007f69154dfa28
[  120.712285][ T6696]  </TASK>
[  120.712291][ T6696] ERROR: Out of memory at tomoyo_realpath_from_path.
[  121.716669][ T6741] netlink: 56 bytes leftover after parsing attributes in process `syz.2.258'.
[  121.871485][ T6746] netlink: 24 bytes leftover after parsing attributes in process `syz.1.260'.
[  121.872886][ T5906] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  121.926447][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'.
[  121.929345][ T6750] binder: BINDER_SET_CONTEXT_MGR already set
[  121.950954][ T6750] binder: 6747:6750 ioctl 4018620d 200000000040 returned -16
[  122.117257][ T5906] usb 1-1: Using ep0 maxpacket: 32
[  122.129515][ T5906] usb 1-1: config 0 interface 0 has no altsetting 0
[  122.143019][ T5906] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  122.156753][ T6746] netlink: 'syz.1.260': attribute type 10 has an invalid length.
[  122.171309][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.182265][ T5906] usb 1-1: Product: syz
[  122.194146][ T5906] usb 1-1: Manufacturer: syz
[  122.198819][ T5906] usb 1-1: SerialNumber: syz
[  122.209093][ T5906] usb 1-1: config 0 descriptor??
[  122.219153][ T5906] gs_usb 1-1:0.0: Required endpoints not found
[  122.324202][ T6757] usb usb8: usbfs: process 6757 (syz.3.265) did not claim interface 0 before use
[  122.426901][ T6737] netlink: 136 bytes leftover after parsing attributes in process `syz.0.257'.
[  122.449931][ T6737] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  122.488575][ T5906] usb 1-1: USB disconnect, device number 6
[  122.833077][ T6771] netlink: 40 bytes leftover after parsing attributes in process `syz.4.270'.
[  123.066991][   T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  123.265577][   T24] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  123.287003][   T24] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  123.345887][   T24] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  123.369419][   T24] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  123.398944][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.462259][ T6772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  123.571656][ T6792] netlink: 11 bytes leftover after parsing attributes in process `syz.3.277'.
[  123.650120][ T6794] netlink: 40 bytes leftover after parsing attributes in process `syz.4.278'.
[  123.670148][ T6794] netlink: 40 bytes leftover after parsing attributes in process `syz.4.278'.
[  123.687755][ T6794] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  124.373188][   T24] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  124.461016][   T24] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input11
[  124.713251][   T24] usb 2-1: USB disconnect, device number 9
[  124.713338][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  125.342788][ T5921] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  125.785886][ T5921] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  125.813180][ T5921] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  125.843446][ T6830] xfrm0: entered promiscuous mode
[  125.849693][ T6830] xfrm0: entered allmulticast mode
[  125.920993][ T5921] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.067516][ T5921] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  126.124652][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.296718][ T5921] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  126.328431][ T5921] usb 3-1: invalid MIDI out EP 0
[  126.575149][ T6823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.585048][ T6823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  126.791437][ T5921] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  127.245841][ T6834] syz.1.289 (6834): drop_caches: 2
[  127.764509][   T30] audit: type=1326 audit(1752894600.435:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6845 comm="syz.3.293" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76fbf8e9a9 code=0x0
[  128.039083][ T6851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.294'.
[  128.069016][ T5928] usb 3-1: USB disconnect, device number 7
[  128.386768][ T6864] input: syz0 as /devices/virtual/input/input13
[  128.970381][ T6874] FAULT_INJECTION: forcing a failure.
[  128.970381][ T6874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.989308][ T6874] CPU: 0 UID: 0 PID: 6874 Comm: syz.2.302 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  128.989331][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.989347][ T6874] Call Trace:
[  128.989355][ T6874]  <TASK>
[  128.989362][ T6874]  dump_stack_lvl+0x189/0x250
[  128.989379][ T6874]  ? __pfx____ratelimit+0x10/0x10
[  128.989390][ T6874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.989401][ T6874]  ? __pfx__printk+0x10/0x10
[  128.989420][ T6874]  should_fail_ex+0x414/0x560
[  128.989433][ T6874]  _copy_to_user+0x31/0xb0
[  128.989448][ T6874]  simple_read_from_buffer+0xe1/0x170
[  128.989465][ T6874]  proc_fail_nth_read+0x1df/0x250
[  128.989477][ T6874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  128.989488][ T6874]  ? rw_verify_area+0x258/0x650
[  128.989500][ T6874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  128.989510][ T6874]  vfs_read+0x200/0x980
[  128.989525][ T6874]  ? __pfx___mutex_lock+0x10/0x10
[  128.989536][ T6874]  ? __pfx_vfs_read+0x10/0x10
[  128.989549][ T6874]  ? __fget_files+0x2a/0x420
[  128.989560][ T6874]  ? __fget_files+0x3a0/0x420
[  128.989568][ T6874]  ? __fget_files+0x2a/0x420
[  128.989581][ T6874]  ksys_read+0x145/0x250
[  128.989596][ T6874]  ? __pfx_ksys_read+0x10/0x10
[  128.989606][ T6874]  ? rcu_is_watching+0x15/0xb0
[  128.989621][ T6874]  ? do_syscall_64+0xbe/0x3b0
[  128.989634][ T6874]  do_syscall_64+0xfa/0x3b0
[  128.989643][ T6874]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.989653][ T6874]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.989662][ T6874]  ? clear_bhb_loop+0x60/0xb0
[  128.989674][ T6874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.989683][ T6874] RIP: 0033:0x7fed2bb8d3bc
[  128.989693][ T6874] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  128.989701][ T6874] RSP: 002b:00007fed2ca57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  128.989712][ T6874] RAX: ffffffffffffffda RBX: 00007fed2bdb5fa0 RCX: 00007fed2bb8d3bc
[  128.989719][ T6874] RDX: 000000000000000f RSI: 00007fed2ca570a0 RDI: 0000000000000004
[  128.989725][ T6874] RBP: 00007fed2ca57090 R08: 0000000000000000 R09: 0000000000000000
[  128.989731][ T6874] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001
[  128.989736][ T6874] R13: 0000000000000000 R14: 00007fed2bdb5fa0 R15: 00007fed2bedfa28
[  128.989751][ T6874]  </TASK>
[  129.355807][ T5906] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  129.697175][ T5906] usb 4-1: config 0 has no interfaces?
[  129.708662][ T5906] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  129.718161][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.759749][ T5906] usb 4-1: Product: syz
[  129.795842][ T5906] usb 4-1: Manufacturer: syz
[  129.824201][ T5906] usb 4-1: SerialNumber: syz
[  129.876252][ T5906] usb 4-1: config 0 descriptor??
[  129.957168][ T6890] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  130.093233][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.300'.
[  130.104466][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  130.278563][ T6895] process 'syz.1.307' launched './file2' with NULL argv: empty string added
[  130.359270][   T24] usb 1-1: Using ep0 maxpacket: 32
[  130.378544][ T6878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.388751][ T6878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.391140][   T24] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  130.430223][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.450502][   T24] usb 1-1: Product: syz
[  130.498228][   T24] usb 1-1: Manufacturer: syz
[  130.505375][   T24] usb 1-1: SerialNumber: syz
[  130.532725][ T5906] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  130.572742][ T5928] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  130.599400][   T24] usb 1-1: config 0 descriptor??
[  130.630764][   T24] usb 1-1: no audio or video endpoints found
[  130.742779][ T5906] usb 2-1: Using ep0 maxpacket: 16
[  130.762907][ T5906] usb 2-1: unable to get BOS descriptor or descriptor too short
[  130.791223][ T5906] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.827460][ T5921] usb 1-1: USB disconnect, device number 7
[  130.900305][ T5906] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  131.049116][ T5906] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  131.089065][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.102802][   T24] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  131.130513][ T5906] usb 2-1: Product: syz
[  131.140015][ T5906] usb 2-1: Manufacturer: syz
[  131.151770][ T5906] usb 2-1: SerialNumber: syz
[  131.254284][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  131.263507][   T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  131.272538][   T24] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  131.297240][   T24] usb 5-1: config 1 has no interface number 1
[  131.311776][   T24] usb 5-1: config 1 interface 2 has no altsetting 0
[  131.338302][   T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.347946][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.358046][   T24] usb 5-1: Product: syz
[  131.467675][ T6895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.478561][ T6895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.497730][   T10] IPVS: starting estimator thread 0...
[  131.550682][   T24] usb 5-1: Manufacturer: syz
[  131.602973][ T6903] IPVS: using max 50 ests per chain, 120000 per kthread
[  131.616317][   T24] usb 5-1: SerialNumber: syz
[  131.847840][   T24] usb 5-1: 2:1 : sample bitwidth 10 in over sample bytes 1
[  131.859906][   T24] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  131.953250][   T24] usb 5-1: selecting invalid altsetting 0
[  132.089764][   T24] usb 5-1: USB disconnect, device number 5
[  132.137582][ T6056] udevd[6056]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  132.175209][ T5928] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  132.252426][  T977] usb 4-1: USB disconnect, device number 8
[  132.347646][ T6910] ptrace attach of "./syz-executor exec"[5867] was attempted by "./syz-executor exec"[6910]
[  132.382711][ T5928] usb 1-1: Using ep0 maxpacket: 8
[  132.402089][ T5928] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  132.494727][ T5928] usb 1-1: config 0 has no interface number 0
[  132.553184][ T5928] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  132.641228][ T5928] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  132.745247][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.751740][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  132.758260][ T5928] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  132.765906][ T6916] syz.3.313 (6916): drop_caches: 2
[  132.872410][ T5928] usb 1-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  133.189685][ T5928] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  133.199300][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.220687][ T5928] usb 1-1: Product: syz
[  133.238551][ T5928] usb 1-1: Manufacturer: syz
[  133.253845][ T5928] usb 1-1: SerialNumber: syz
[  133.271240][ T5928] usb 1-1: config 0 descriptor??
[  133.480948][ T5928] iowarrior 1-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  133.576985][ T5906] usb 2-1: USB disconnect, device number 10
[  133.697616][ T6908] netlink: 60 bytes leftover after parsing attributes in process `syz.0.312'.
[  134.063760][ T2151] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  134.244884][ T2151] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  134.284508][ T2151] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  134.356975][ T2151] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  134.384372][ T6943] netlink: 24 bytes leftover after parsing attributes in process `syz.2.320'.
[  134.408522][ T2151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.438000][ T6945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.320'.
[  134.464797][ T2151] usb 5-1: config 0 descriptor??
[  134.490467][ T2151] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  134.734315][ T6945] netlink: 'syz.2.320': attribute type 10 has an invalid length.
[  134.760708][ T2151] usb 1-1: USB disconnect, device number 8
[  134.813150][ T5859] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  134.962865][ T5859] usb 4-1: Using ep0 maxpacket: 8
[  134.972105][ T5859] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  134.986522][ T5859] usb 4-1: config 9 has no interfaces?
[  134.997013][ T5859] usb 4-1: New USB device found, idVendor=06cd, idProduct=0119, bcdDevice=e6.d0
[  135.006170][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.017243][ T5859] usb 4-1: Product: syz
[  135.021457][ T5859] usb 4-1: Manufacturer: syz
[  135.026393][ T5859] usb 4-1: SerialNumber: syz
[  135.463172][ T5906] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  135.652805][ T5906] usb 3-1: Using ep0 maxpacket: 32
[  135.662413][ T5906] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  135.672030][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.680129][ T5906] usb 3-1: Product: syz
[  135.684673][ T5906] usb 3-1: Manufacturer: syz
[  135.689280][ T5906] usb 3-1: SerialNumber: syz
[  135.697824][ T5906] usb 3-1: config 0 descriptor??
[  135.709507][ T5906] usb 3-1: no audio or video endpoints found
[  135.734134][ T2151] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  135.892980][ T2151] usb 1-1: Using ep0 maxpacket: 32
[  135.900764][ T2151] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.918101][ T2151] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  135.918822][ T5906] usb 3-1: USB disconnect, device number 9
[  135.928567][ T2151] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  135.957618][ T2151] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  135.973125][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  135.981322][ T2151] usb 1-1: SerialNumber: syz
[  135.996002][ T6965] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  136.005792][ T2151] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  136.228579][ T2151] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  136.254196][ T2151] usb 1-1: USB disconnect, device number 9
[  136.860891][   T24] usb 5-1: USB disconnect, device number 6
[  136.933705][ T2151] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  137.160570][ T5859] usb 4-1: USB disconnect, device number 9
[  137.164774][ T2151] usb 3-1: config 0 has no interfaces?
[  137.190299][ T2151] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  137.206240][ T2151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.262123][ T2151] usb 3-1: Product: syz
[  137.272247][ T2151] usb 3-1: Manufacturer: syz
[  137.302600][ T2151] usb 3-1: SerialNumber: syz
[  137.372374][ T2151] usb 3-1: config 0 descriptor??
[  137.604336][   T30] audit: type=1326 audit(1752894610.075:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.1.326" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f691518e9a9 code=0x0
[  137.801897][ T6969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'.
[  138.093497][ T6969] pimreg: entered allmulticast mode
[  138.138796][ T6993] =======================================================
[  138.138796][ T6993] WARNING: The mand mount option has been deprecated and
[  138.138796][ T6993]          and is ignored by this kernel. Remove the mand
[  138.138796][ T6993]          option from the mount to silence this warning.
[  138.138796][ T6993] =======================================================
[  138.173830][    C0] vkms_vblank_simulate: vblank timer overrun
[  138.276008][ T6993] fuse: Bad value for 'fd'
[  138.685774][ T7003] netlink: 36 bytes leftover after parsing attributes in process `syz.0.332'.
[  139.003933][ T5913] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  139.353181][ T5913] usb 2-1: Using ep0 maxpacket: 32
[  139.376489][ T5913] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  139.388283][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.405318][ T5913] usb 2-1: Product: syz
[  139.417511][ T5913] usb 2-1: Manufacturer: syz
[  139.427799][ T5913] usb 2-1: SerialNumber: syz
[  139.442414][ T5913] usb 2-1: config 0 descriptor??
[  139.454850][ T5913] usb 2-1: no audio or video endpoints found
[  139.529670][ T2151] usb 3-1: USB disconnect, device number 10
[  139.538159][ T7011] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  139.545387][ T7011] IPv6: NLM_F_CREATE should be set when creating new route
[  139.653016][ T5913] usb 2-1: USB disconnect, device number 11
[  140.645095][ T5913] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  140.660761][   T30] audit: type=1326 audit(1752894613.335:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7022 comm="syz.4.340" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f81f098e9a9 code=0x0
[  140.733554][ T5913] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  141.216495][ T7037] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  141.262932][   T30] audit: type=1326 audit(1752894613.935:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.2.342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  141.499418][ T7035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'.
[  141.570033][ T7044] program syz.0.337 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  141.580054][ T7044] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  141.952789][ T2151] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  142.335152][ T2151] usb 3-1: Using ep0 maxpacket: 16
[  142.360531][ T2151] usb 3-1: unable to get BOS descriptor or descriptor too short
[  142.372007][ T2151] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.462315][ T2151] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  142.570249][ T2151] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  142.583205][ T2151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.602285][ T2151] usb 3-1: Product: syz
[  142.606596][ T2151] usb 3-1: Manufacturer: syz
[  142.627232][ T2151] usb 3-1: SerialNumber: syz
[  143.006847][ T7047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.017070][ T7047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.032087][ T5928] IPVS: starting estimator thread 0...
[  143.112830][ T5859] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  143.152761][ T7061] IPVS: using max 51 ests per chain, 122400 per kthread
[  143.285295][ T5859] usb 2-1: Using ep0 maxpacket: 16
[  143.339883][ T5859] usb 2-1: unable to get BOS descriptor or descriptor too short
[  143.387569][ T5859] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.427350][ T5859] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  143.634274][ T5859] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  143.654153][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.695812][ T5859] usb 2-1: Product: syz
[  143.955696][ T5859] usb 2-1: Manufacturer: syz
[  143.975161][ T5859] usb 2-1: SerialNumber: syz
[  144.320494][ T5928] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  144.512699][ T5928] usb 1-1: Using ep0 maxpacket: 32
[  144.612011][ T7060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.628112][ T7060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.657294][ T5928] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  144.685730][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.795583][ T5928] usb 1-1: Product: syz
[  144.805275][ T5928] usb 1-1: Manufacturer: syz
[  144.817662][ T5928] usb 1-1: SerialNumber: syz
[  144.856798][ T5928] usb 1-1: config 0 descriptor??
[  144.881475][ T5928] usb 1-1: no audio or video endpoints found
[  145.089867][ T2151] usb 3-1: USB disconnect, device number 11
[  145.112399][ T5921] usb 1-1: USB disconnect, device number 10
[  145.340393][ T7071] netlink: 16 bytes leftover after parsing attributes in process `syz.2.351'.
[  146.019894][   T30] audit: type=1326 audit(1752894618.695:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7083 comm="syz.0.355" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd269b8e9a9 code=0x0
[  146.041355][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.135771][ T5906] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  146.176092][ T7090] netlink: 20 bytes leftover after parsing attributes in process `syz.2.356'.
[  146.225709][ T7090] bridge1: entered promiscuous mode
[  146.316648][ T5906] usb 4-1: Using ep0 maxpacket: 16
[  146.338893][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.513279][ T5906] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  146.522715][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.535171][ T5906] usb 4-1: config 0 descriptor??
[  146.810616][ T5906] usbhid 4-1:0.0: can't add hid device: -71
[  146.853285][ T5906] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  146.865990][ T5906] usb 4-1: USB disconnect, device number 10
[  147.331434][ T5859] usb 2-1: USB disconnect, device number 12
[  147.627974][ T7111] FAULT_INJECTION: forcing a failure.
[  147.627974][ T7111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.742787][ T7111] CPU: 0 UID: 0 PID: 7111 Comm: syz.0.360 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  147.742806][ T7111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.742812][ T7111] Call Trace:
[  147.742817][ T7111]  <TASK>
[  147.742822][ T7111]  dump_stack_lvl+0x189/0x250
[  147.742839][ T7111]  ? __pfx____ratelimit+0x10/0x10
[  147.742850][ T7111]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.742861][ T7111]  ? __pfx__printk+0x10/0x10
[  147.742874][ T7111]  ? __might_fault+0xb0/0x130
[  147.742892][ T7111]  should_fail_ex+0x414/0x560
[  147.742905][ T7111]  _copy_from_user+0x2d/0xb0
[  147.742919][ T7111]  do_sys_poll+0x242/0x1070
[  147.742941][ T7111]  ? __pfx_do_sys_poll+0x10/0x10
[  147.742957][ T7111]  ? __lock_acquire+0xab9/0xd20
[  147.743000][ T7111]  ? ktime_get_ts64+0xa2/0x3d0
[  147.743016][ T7111]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  147.743043][ T7111]  ? __pfx_timespec64_add_safe+0x10/0x10
[  147.743058][ T7111]  __se_sys_poll+0x128/0x320
[  147.743073][ T7111]  ? __pfx___se_sys_poll+0x10/0x10
[  147.743084][ T7111]  ? rcu_is_watching+0x15/0xb0
[  147.743098][ T7111]  ? do_syscall_64+0xbe/0x3b0
[  147.743110][ T7111]  do_syscall_64+0xfa/0x3b0
[  147.743120][ T7111]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.743130][ T7111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.743139][ T7111]  ? clear_bhb_loop+0x60/0xb0
[  147.743150][ T7111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.743160][ T7111] RIP: 0033:0x7fd269b8e9a9
[  147.743169][ T7111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.743177][ T7111] RSP: 002b:00007fd26aadd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  147.743189][ T7111] RAX: ffffffffffffffda RBX: 00007fd269db5fa0 RCX: 00007fd269b8e9a9
[  147.743196][ T7111] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000200000000000
[  147.743202][ T7111] RBP: 00007fd26aadd090 R08: 0000000000000000 R09: 0000000000000000
[  147.743215][ T7111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.743224][ T7111] R13: 0000000000000000 R14: 00007fd269db5fa0 R15: 00007fd269edfa28
[  147.743250][ T7111]  </TASK>
[  148.367457][ T7119] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  148.552768][ T5859] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  148.793170][ T5859] usb 2-1: Using ep0 maxpacket: 16
[  148.861626][ T5859] usb 2-1: unable to get BOS descriptor or descriptor too short
[  148.993438][ T5859] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  149.020159][ T5859] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  149.199145][ T5859] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  149.246769][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.274662][ T5859] usb 2-1: Product: syz
[  149.279266][ T5859] usb 2-1: Manufacturer: syz
[  149.283943][ T5859] usb 2-1: SerialNumber: syz
[  149.639703][ T7117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.649418][ T7117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.834233][ T2151] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  149.908910][ T7132] netlink: 52 bytes leftover after parsing attributes in process `syz.3.366'.
[  149.928205][ T7132] netlink: 52 bytes leftover after parsing attributes in process `syz.3.366'.
[  149.985096][ T7132] netlink: 52 bytes leftover after parsing attributes in process `syz.3.366'.
[  150.025186][ T2151] usb 3-1: Using ep0 maxpacket: 32
[  150.052356][ T2151] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  150.061669][ T2151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.075684][ T2151] usb 3-1: Product: syz
[  150.085777][ T2151] usb 3-1: Manufacturer: syz
[  150.116975][ T2151] usb 3-1: SerialNumber: syz
[  150.138667][ T2151] usb 3-1: config 0 descriptor??
[  150.192041][ T2151] usb 3-1: no audio or video endpoints found
[  150.395141][ T2151] usb 3-1: USB disconnect, device number 12
[  150.964521][  T977] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  151.112998][   T30] audit: type=1326 audit(1752894623.755:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7140 comm="syz.3.369" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f76fbf8e9a9 code=0x0
[  151.179900][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.370'.
[  151.188839][ T7137] dummy0: entered promiscuous mode
[  151.226222][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.370'.
[  151.251441][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.370'.
[  151.251671][ T7137] vlan2: entered promiscuous mode
[  151.461062][  T977] usb 5-1: unable to get BOS descriptor or descriptor too short
[  151.478479][  T977] usb 5-1: unable to read config index 0 descriptor/start: -71
[  151.499596][  T977] usb 5-1: can't read configurations, error -71
[  151.546788][ T5859] usb 2-1: USB disconnect, device number 13
[  151.562793][ T5921] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  151.725417][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  151.735190][ T5921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.752474][ T5921] usb 3-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice= b.8c
[  151.762255][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.804709][ T5921] usb 3-1: Product: syz
[  151.808908][ T5921] usb 3-1: Manufacturer: syz
[  151.858244][ T5921] usb 3-1: SerialNumber: syz
[  151.868100][ T7157] netlink: 40 bytes leftover after parsing attributes in process `syz.1.372'.
[  152.110675][ T5921] empeg 3-1:1.0: empeg converter detected
[  152.156442][ T5921] empeg 3-1:1.0: probe with driver empeg failed with error -71
[  152.206737][ T5921] usb 3-1: USB disconnect, device number 13
[  152.563143][ T5859] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  152.757306][ T5859] usb 4-1: config 0 has no interfaces?
[  152.766638][ T5859] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  152.776265][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.786278][ T5859] usb 4-1: Product: syz
[  152.790423][ T5859] usb 4-1: Manufacturer: syz
[  152.795285][ T5859] usb 4-1: SerialNumber: syz
[  152.813007][ T2151] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  152.813007][  T977] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  152.846246][ T5859] usb 4-1: config 0 descriptor??
[  153.147658][ T2151] usb 2-1: Using ep0 maxpacket: 32
[  153.162495][ T2151] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  153.176436][  T977] usb 1-1: config 0 has no interfaces?
[  153.182223][ T2151] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.199062][ T2151] usb 2-1: Product: syz
[  153.220084][ T2151] usb 2-1: Manufacturer: syz
[  153.353220][ T5859] usb 4-1: USB disconnect, device number 11
[  153.436164][  T977] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  153.472758][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.472823][ T2151] usb 2-1: SerialNumber: syz
[  153.501108][  T977] usb 1-1: Product: syz
[  153.507855][  T977] usb 1-1: Manufacturer: syz
[  153.526341][  T977] usb 1-1: SerialNumber: syz
[  153.542300][ T2151] usb 2-1: config 0 descriptor??
[  153.615363][ T2151] usb 2-1: no audio or video endpoints found
[  153.649592][  T977] usb 1-1: config 0 descriptor??
[  153.744273][   T30] audit: type=1326 audit(1752894626.415:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7188 comm="syz.2.384" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  153.764228][ T2151] usb 2-1: USB disconnect, device number 14
[  154.001905][ T7182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'.
[  154.020010][ T7200] input: syz0 as /devices/virtual/input/input14
[  154.246821][ T7203] netlink: 24 bytes leftover after parsing attributes in process `syz.4.387'.
[  154.710182][ T7218] xt_recent: Unsupported userspace flags (000000de)
[  154.773078][ T2151] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  154.932914][ T2151] usb 4-1: Using ep0 maxpacket: 8
[  155.028021][ T2151] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  155.038584][ T2151] usb 4-1: config 9 has no interfaces?
[  155.046684][ T2151] usb 4-1: New USB device found, idVendor=06cd, idProduct=0119, bcdDevice=e6.d0
[  155.057794][ T2151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.082830][ T2151] usb 4-1: Product: syz
[  155.087214][ T2151] usb 4-1: Manufacturer: syz
[  155.092808][ T2151] usb 4-1: SerialNumber: syz
[  155.228313][ T7226] netlink: 16 bytes leftover after parsing attributes in process `syz.1.394'.
[  155.249480][ T7226] bond0: entered promiscuous mode
[  155.261469][ T7226] bond0: left promiscuous mode
[  155.357991][ T5914] usb 1-1: USB disconnect, device number 11
[  155.873216][   T30] audit: type=1326 audit(1752894628.555:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7238 comm="syz.0.401" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd269b8e9a9 code=0x0
[  155.962893][ T5859] usb 5-1: new low-speed USB device number 9 using dummy_hcd
[  155.992186][ T7249] loop7: detected capacity change from 0 to 1
[  156.061319][ T7250] syz.1.403 (7250): drop_caches: 2
[  156.154546][ T5859] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  156.171357][ T5859] usb 5-1: config 0 has no interface number 0
[  156.179321][ T5859] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  156.209460][ T5859] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  156.231038][ T5859] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  156.254282][ T5859] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  156.269730][  T977] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  156.278526][ T5859] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  156.294974][ T5859] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  156.316168][ T5859] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  156.325539][ T5859] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.357590][ T5859] usb 5-1: config 0 descriptor??
[  156.370688][ T7235] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  156.378573][ T7235] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  156.403455][ T5859] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  156.422940][  T977] usb 3-1: device descriptor read/64, error -71
[  156.621883][ T5921] usb 5-1: USB disconnect, device number 9
[  156.627762][    C1] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[  156.650244][ T5921] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  156.659407][ T7253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.405'.
[  156.668716][  T977] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  156.712278][ T7253] hsr0: entered promiscuous mode
[  156.812952][  T977] usb 3-1: device descriptor read/64, error -71
[  156.859139][ T7256] netlink: 24 bytes leftover after parsing attributes in process `syz.0.406'.
[  156.903830][ T7257] ldusb: No device or device unplugged -19
[  156.919067][ T7235] block device autoloading is deprecated and will be removed.
[  156.928015][ T7235] syz.4.399: attempt to access beyond end of device
[  156.928015][ T7235] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  156.951783][  T977] usb usb3-port1: attempt power cycle
[  157.007647][ T7260] netlink: 12 bytes leftover after parsing attributes in process `syz.1.407'.
[  157.060285][ T7260] 8021q: adding VLAN 0 to HW filter on device bond1
[  157.305139][ T2151] usb 4-1: USB disconnect, device number 12
[  157.306217][  T977] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  157.404516][  T977] usb 3-1: device descriptor read/8, error -71
[  157.692810][  T977] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  157.735408][  T977] usb 3-1: device descriptor read/8, error -71
[  157.772886][ T2151] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  157.895949][ T7282] netlink: 8 bytes leftover after parsing attributes in process `syz.4.412'.
[  157.915690][ T7282] pimreg: entered allmulticast mode
[  158.119165][  T977] usb usb3-port1: unable to enumerate USB device
[  158.194697][ T2151] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  158.204089][ T2151] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.220313][ T2151] usb 4-1: config 0 descriptor??
[  158.243498][ T2151] gspca_main: cpia1-2.14.0 probing 0813:0001
[  158.402968][ T5914] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  158.639876][ T5914] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  158.653754][ T5914] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  158.663398][ T2151] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  158.670902][ T5914] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  158.680799][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.883170][ T2151] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0)
[  159.239764][ T5914] usb 4-1: USB disconnect, device number 13
[  159.325997][   T30] audit: type=1326 audit(1752894632.005:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.2.415" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  159.393710][ T7295] syz.0.416 (7295): /proc/7294/oom_adj is deprecated, please use /proc/7294/oom_score_adj instead.
[  159.433802][ T7295] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.544120][ T7298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'.
[  159.559827][ T7298] chnl_net:caif_netlink_parms(): no params data found
[  160.143216][  T977] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  160.304088][  T977] usb 4-1: device descriptor read/64, error -71
[  160.552775][  T977] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  160.686369][  T977] usb 4-1: device descriptor read/64, error -71
[  160.822772][ T5914] usb 2-1: USB disconnect, device number 15
[  160.922758][  T977] usb usb4-port1: attempt power cycle
[  161.460380][  T977] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  161.462437][ T5914] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  161.603178][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.427'.
[  161.632837][  T977] usb 4-1: device descriptor read/8, error -71
[  161.714579][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.831545][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.901248][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  161.950646][ T5914] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  161.966036][  T977] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  161.979290][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.032785][  T977] usb 4-1: device descriptor read/8, error -71
[  162.064358][ T5914] usb 2-1: config 0 descriptor??
[  162.166946][  T977] usb usb4-port1: unable to enumerate USB device
[  162.497214][ T5914] usbhid 2-1:0.0: can't add hid device: -71
[  162.509486][ T5914] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  162.525756][ T5914] usb 2-1: USB disconnect, device number 16
[  163.182174][   T30] audit: type=1326 audit(1752894635.855:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.431" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f691518e9a9 code=0x0
[  163.856422][ T7367] syz.2.436 (7367): drop_caches: 2
[  164.667510][ T2151] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  164.844861][ T2151] usb 5-1: config 0 has no interfaces?
[  164.862228][ T2151] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  164.881733][ T2151] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.925144][ T2151] usb 5-1: Product: syz
[  164.933320][ T2151] usb 5-1: Manufacturer: syz
[  164.945480][ T2151] usb 5-1: SerialNumber: syz
[  165.066390][ T2151] usb 5-1: config 0 descriptor??
[  165.503728][ T7395] usb usb8: usbfs: process 7395 (syz.2.446) did not claim interface 0 before use
[  165.737704][ T7397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.445'.
[  166.390989][ T7408] syz.0.449 (7408): drop_caches: 2
[  166.436245][ T5859] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  166.502824][  T977] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  166.593515][ T5859] usb 3-1: Using ep0 maxpacket: 8
[  166.600895][ T5859] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  166.617409][ T5859] usb 3-1: config 9 has no interfaces?
[  166.675707][ T5859] usb 3-1: New USB device found, idVendor=06cd, idProduct=0119, bcdDevice=e6.d0
[  166.685742][  T977] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  166.694228][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.793836][ T5859] usb 3-1: Product: syz
[  166.798866][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  166.812865][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  166.829474][ T5859] usb 3-1: Manufacturer: syz
[  166.841906][ T5859] usb 3-1: SerialNumber: syz
[  166.855442][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  166.899393][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  166.910617][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  166.932723][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  166.951187][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  166.969830][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.012405][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.102299][ T5921] usb 5-1: USB disconnect, device number 10
[  167.103962][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  167.117437][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.150338][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.174857][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  167.183829][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.209277][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.251445][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  167.280942][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.338816][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.373154][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  167.392925][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.429920][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.465686][  T977] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  167.475518][  T977] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  167.487747][  T977] usb 4-1: config 0 interface 0 has no altsetting 0
[  167.505248][  T977] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  167.515396][  T977] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  167.524703][  T977] usb 4-1: Product: syz
[  167.529199][  T977] usb 4-1: Manufacturer: syz
[  167.534684][  T977] usb 4-1: SerialNumber: syz
[  167.560086][  T977] usb 4-1: config 0 descriptor??
[  167.578564][  T977] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  167.665935][   T30] audit: type=1326 audit(1752894640.345:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.4.450" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f81f098e9a9 code=0x0
[  167.782465][ T7406] binder: BINDER_SET_CONTEXT_MGR already set
[  167.788628][ T7406] binder: 7405:7406 ioctl 4018620d 200000000040 returned -16
[  167.849050][    C0] usb 4-1: yurex_control_callback - control failed: -71
[  167.892820][  T977] usb 4-1: USB disconnect, device number 18
[  167.908449][  T977] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  169.010754][ T5859] usb 3-1: USB disconnect, device number 18
[  169.882713][ T5921] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  170.109294][ T5921] usb 3-1: unable to get BOS descriptor or descriptor too short
[  170.124981][ T5921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.137881][ T5921] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  170.200362][ T5921] usb 3-1: config 1 has no interface number 1
[  170.332189][ T5914] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  170.386307][ T5921] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  170.418247][   T30] audit: type=1326 audit(1752894643.095:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.0.464" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd269b8e9a9 code=0x0
[  170.720131][ T5921] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  170.734337][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.742570][ T5921] usb 3-1: Product: syz
[  170.747362][ T5921] usb 3-1: Manufacturer: syz
[  170.796026][ T5914] usb 4-1: config 0 has no interfaces?
[  170.817679][ T5914] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  170.835161][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.845150][ T5921] usb 3-1: SerialNumber: syz
[  170.854865][ T5914] usb 4-1: Product: syz
[  170.868173][ T5914] usb 4-1: Manufacturer: syz
[  170.902038][ T5914] usb 4-1: SerialNumber: syz
[  170.962251][ T5914] usb 4-1: config 0 descriptor??
[  171.115305][ T7450] netlink: 'syz.2.458': attribute type 1 has an invalid length.
[  171.271478][ T7450] 8021q: adding VLAN 0 to HW filter on device bond1
[  171.596409][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.461'.
[  171.683956][ T7479] bond1: (slave gretap1): making interface the new active one
[  171.696145][ T7479] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  172.363951][ T2151] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  172.443062][ T5859] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  172.532835][ T2151] usb 2-1: Using ep0 maxpacket: 16
[  172.553087][ T2151] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.605971][ T2151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  172.644762][ T2151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  172.655244][ T2151] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  172.663859][ T5859] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  172.665554][ T2151] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  172.690713][ T2151] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  172.700099][ T2151] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  172.712763][ T2151] usb 2-1: Manufacturer: syz
[  172.737840][ T5859] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  172.741343][ T2151] usb 2-1: config 0 descriptor??
[  172.793156][ T7479] syz.2.458 (7479) used greatest stack depth: 20040 bytes left
[  172.810943][ T5859] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.841365][ T5859] usb 1-1: Product: syz
[  172.855413][ T5859] usb 1-1: Manufacturer: syz
[  172.868458][ T5906] usb 4-1: USB disconnect, device number 19
[  173.008501][ T5859] usb 1-1: SerialNumber: syz
[  173.054792][ T5859] usb 1-1: config 0 descriptor??
[  173.232825][ T2151] rc_core: IR keymap rc-hauppauge not found
[  173.238797][ T2151] Registered IR keymap rc-empty
[  173.278380][ T7497] netlink: 'syz.0.472': attribute type 2 has an invalid length.
[  173.291599][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.385326][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.408724][ T7498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.428739][ T2151] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  173.442249][ T7507] netlink: 'syz.2.474': attribute type 3 has an invalid length.
[  173.457569][ T7498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.512830][ T5906] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  173.516241][ T2151] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input15
[  173.521978][ T7507] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.474'.
[  173.598326][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.623381][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.646162][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.688994][ T5859] usb 1-1: USB disconnect, device number 12
[  173.723348][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.733850][ T5921] usb 3-1: USB disconnect, device number 19
[  173.760690][ T5906] usb 4-1: config 0 has no interfaces?
[  173.776947][ T5906] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  173.799058][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.829144][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.851143][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.872714][ T5906] usb 4-1: Product: syz
[  173.886066][ T5906] usb 4-1: Manufacturer: syz
[  173.907525][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.932993][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.942379][ T5906] usb 4-1: SerialNumber: syz
[  173.956472][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  173.983628][ T5906] usb 4-1: config 0 descriptor??
[  173.984530][ T2151] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.040524][ T2151] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  174.075963][ T2151] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  174.116484][ T6055] udevd[6055]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  174.170833][ T2151] usb 2-1: USB disconnect, device number 17
[  174.217521][ T7505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.473'.
[  174.345229][ T7520] netlink: 4 bytes leftover after parsing attributes in process `syz.4.476'.
[  174.859101][   T30] audit: type=1326 audit(1752894647.515:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7523 comm="syz.2.478" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  175.792857][ T2151] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  175.867414][ T7544] netlink: 36 bytes leftover after parsing attributes in process `syz.2.483'.
[  175.962184][ T2151] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[  175.976048][ T2151] usb 1-1: config 0 has an invalid interface number: 12 but max is 2
[  176.012710][ T2151] usb 1-1: config 0 has no interface number 0
[  176.029950][ T5921] usb 4-1: USB disconnect, device number 20
[  176.063485][ T2151] usb 1-1: config 0 has no interface number 1
[  176.090411][ T2151] usb 1-1: config 0 interface 12 has no altsetting 0
[  176.130820][ T2151] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  176.185045][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.247500][ T7552] fuse: Unknown parameter 'grou00000000000000000000'
[  176.281118][ T7553] syz.1.484 (7553): drop_caches: 2
[  176.304299][ T2151] usb 1-1: config 0 descriptor??
[  176.505694][ T7556] syz.3.485 (7556): drop_caches: 2
[  177.056536][ T7561] input: syz0 as /devices/virtual/input/input16
[  177.243695][ T7514] udevd[7514]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory
[  177.579245][   T30] audit: type=1326 audit(1752894650.255:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7565 comm="syz.2.492" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  177.895393][ T7576] ip6gretap0: entered promiscuous mode
[  177.929838][ T7576] ip6gretap0: left promiscuous mode
[  178.224433][ T7583] netlink: 40 bytes leftover after parsing attributes in process `syz.1.497'.
[  178.282425][ T7583] netlink: 40 bytes leftover after parsing attributes in process `syz.1.497'.
[  178.343461][ T7583] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  178.581325][ T7593] fuse: Unknown parameter 'group_i00000000000000000000'
[  178.611189][ T2151] usb 1-1: Could not set interface, error -71
[  178.686690][ T2151] usb 1-1: USB disconnect, device number 13
[  178.713145][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  178.915923][   T24] usb 5-1: config 0 has no interfaces?
[  178.928965][   T24] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  178.958313][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.990700][   T24] usb 5-1: Product: syz
[  179.019388][   T24] usb 5-1: Manufacturer: syz
[  179.038757][   T24] usb 5-1: SerialNumber: syz
[  179.088250][   T24] usb 5-1: config 0 descriptor??
[  179.261681][ T7614] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[  179.278071][ T5859] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  179.288431][ T7616] vlan1: entered allmulticast mode
[  179.308057][ T7616] veth0_vlan: entered allmulticast mode
[  179.355717][ T7585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.496'.
[  179.464918][ T5859] usb 4-1: Using ep0 maxpacket: 32
[  179.492083][ T5859] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  179.510017][ T5859] usb 4-1: config 0 has no interface number 0
[  179.520112][   T30] audit: type=1326 audit(1752894652.195:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7618 comm="syz.2.508" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed2bb8e9a9 code=0x0
[  179.547136][ T5859] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  179.560935][ T5859] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  179.570864][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.579214][ T5859] usb 4-1: Product: syz
[  179.583795][ T5859] usb 4-1: Manufacturer: syz
[  179.588477][ T5859] usb 4-1: SerialNumber: syz
[  179.598146][ T5859] usb 4-1: config 0 descriptor??
[  179.639841][ T5859] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  179.650231][ T5859] em28xx 4-1:0.132: Video interface 132 found:
[  179.902708][   T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  180.042996][ T5859] em28xx 4-1:0.132: chip ID is em2884
[  180.054963][   T24] usb 2-1: config 0 has no interfaces?
[  180.067460][   T24] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  180.076771][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.087090][   T24] usb 2-1: Product: syz
[  180.095827][   T24] usb 2-1: Manufacturer: syz
[  180.101828][   T24] usb 2-1: SerialNumber: syz
[  180.128254][   T24] usb 2-1: config 0 descriptor??
[  180.322184][ T7634] fuse: Unknown parameter 'group_i00000000000000000000'
[  180.345700][ T7631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.510'.
[  181.382761][ T5859] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  181.513802][ T5906] usb 5-1: USB disconnect, device number 11
[  181.528319][ T5859] em28xx 4-1:0.132: board has no eeprom
[  181.561984][ T7637] mmap: syz.0.513 (7637) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  181.649294][ T5859] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  181.703378][ T5859] em28xx 4-1:0.132: analog set to bulk mode.
[  181.765697][ T5928] em28xx 4-1:0.132: Registering V4L2 extension
[  181.858996][ T7656] netlink: 52 bytes leftover after parsing attributes in process `syz.4.517'.
[  181.909911][ T7656] netlink: 52 bytes leftover after parsing attributes in process `syz.4.517'.
[  181.932983][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  181.953174][ T7656] netlink: 52 bytes leftover after parsing attributes in process `syz.4.517'.
[  181.978817][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  182.052542][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  182.153157][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  182.522258][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  182.551628][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  182.579846][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  182.598575][ T2151] usb 2-1: USB disconnect, device number 18
[  182.631670][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  182.725232][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  182.748813][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  182.829427][ T5928] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  182.843077][ T5859] usb 4-1: USB disconnect, device number 21
[  182.850306][ T5859] em28xx 4-1:0.132: Disconnecting em28xx
[  182.904614][ T5928] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  182.952698][ T5928] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  182.990031][ T5928] em28xx 4-1:0.132: No AC97 audio processor
[  183.129905][ T5928] usb 4-1: Decoder not found
[  183.152681][ T5928] em28xx 4-1:0.132: failed to create media graph
[  183.162834][ T5928] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  183.175425][ T7683] FAULT_INJECTION: forcing a failure.
[  183.175425][ T7683] name failslab, interval 1, probability 0, space 0, times 0
[  183.192697][ T7683] CPU: 0 UID: 0 PID: 7683 Comm: syz.1.521 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  183.192721][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.192731][ T7683] Call Trace:
[  183.192738][ T7683]  <TASK>
[  183.192746][ T7683]  dump_stack_lvl+0x189/0x250
[  183.192771][ T7683]  ? __pfx____ratelimit+0x10/0x10
[  183.192790][ T7683]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.192811][ T7683]  ? __pfx__printk+0x10/0x10
[  183.192838][ T7683]  ? __pfx___might_resched+0x10/0x10
[  183.192857][ T7683]  ? fs_reclaim_acquire+0x7d/0x100
[  183.192877][ T7683]  should_fail_ex+0x414/0x560
[  183.192901][ T7683]  should_failslab+0xa8/0x100
[  183.192925][ T7683]  __kmalloc_noprof+0xcb/0x4f0
[  183.192948][ T7683]  ? new_nbp+0x29/0x440
[  183.192973][ T7683]  new_nbp+0x29/0x440
[  183.192991][ T7683]  ? mutex_is_locked+0x17/0x50
[  183.193016][ T7683]  br_add_if+0x28e/0xec0
[  183.193035][ T7683]  ? apparmor_capable+0x137/0x1b0
[  183.193059][ T7683]  ? bpf_lsm_capable+0x9/0x20
[  183.193092][ T7683]  br_ioctl_stub+0x6aa/0xc80
[  183.193114][ T7683]  ? trace_contention_end+0x39/0x120
[  183.193139][ T7683]  ? __pfx_br_ioctl_stub+0x10/0x10
[  183.193168][ T7683]  ? sock_ioctl+0x4b4/0x790
[  183.193194][ T7683]  ? __lock_acquire+0xab9/0xd20
[  183.193228][ T7683]  ? __pfx_br_ioctl_stub+0x10/0x10
[  183.193248][ T7683]  sock_ioctl+0x4d8/0x790
[  183.193270][ T7683]  ? __pfx_sock_ioctl+0x10/0x10
[  183.193289][ T7683]  ? __fget_files+0x2a/0x420
[  183.193305][ T7683]  ? __fget_files+0x3a0/0x420
[  183.193319][ T7683]  ? __fget_files+0x2a/0x420
[  183.193339][ T7683]  ? bpf_lsm_file_ioctl+0x9/0x20
[  183.193359][ T7683]  ? __pfx_sock_ioctl+0x10/0x10
[  183.193377][ T7683]  __se_sys_ioctl+0xf9/0x170
[  183.193408][ T7683]  do_syscall_64+0xfa/0x3b0
[  183.193427][ T7683]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.193445][ T7683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.193462][ T7683]  ? clear_bhb_loop+0x60/0xb0
[  183.193483][ T7683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.193500][ T7683] RIP: 0033:0x7f691518e9a9
[  183.193516][ T7683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.193531][ T7683] RSP: 002b:00007f691606e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  183.193550][ T7683] RAX: ffffffffffffffda RBX: 00007f69153b5fa0 RCX: 00007f691518e9a9
[  183.193563][ T7683] RDX: 0000200000000000 RSI: 00000000000089a2 RDI: 000000000000000d
[  183.193575][ T7683] RBP: 00007f691606e090 R08: 0000000000000000 R09: 0000000000000000
[  183.193586][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.193596][ T7683] R13: 0000000000000000 R14: 00007f69153b5fa0 R15: 00007f69154dfa28
[  183.193625][ T7683]  </TASK>
[  183.534236][ T5928] em28xx 4-1:0.132: Remote control support is not available for this card.
[  183.543176][ T5859] em28xx 4-1:0.132: Closing input extension
[  183.549419][ T5859] ==================================================================
[  183.557492][ T5859] BUG: KASAN: slab-use-after-free in media_device_unregister+0x141/0x400
[  183.565925][ T5859] Read of size 8 at addr ffff88807b788210 by task kworker/0:3/5859
[  183.573828][ T5859] 
[  183.576159][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: kworker/0:3 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  183.576184][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.576197][ T5859] Workqueue: usb_hub_wq hub_event
[  183.576225][ T5859] Call Trace:
[  183.576232][ T5859]  <TASK>
[  183.576240][ T5859]  dump_stack_lvl+0x189/0x250
[  183.576263][ T5859]  ? rcu_is_watching+0x15/0xb0
[  183.576284][ T5859]  ? __kasan_check_byte+0x12/0x40
[  183.576310][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.576330][ T5859]  ? rcu_is_watching+0x15/0xb0
[  183.576360][ T5859]  ? lock_release+0x4b/0x3e0
[  183.576382][ T5859]  ? __virt_addr_valid+0x1c8/0x5c0
[  183.576405][ T5859]  ? __virt_addr_valid+0x4a5/0x5c0
[  183.576429][ T5859]  print_report+0xca/0x230
[  183.576446][ T5859]  ? media_device_unregister+0x141/0x400
[  183.576463][ T5859]  kasan_report+0x118/0x150
[  183.576488][ T5859]  ? media_device_unregister+0x141/0x400
[  183.576509][ T5859]  media_device_unregister+0x141/0x400
[  183.576531][ T5859]  em28xx_release_resources+0xac/0x240
[  183.576554][ T5859]  em28xx_usb_disconnect+0x19f/0x2f0
[  183.576581][ T5859]  usb_unbind_interface+0x26e/0x8f0
[  183.576608][ T5859]  ? __pfx_usb_unbind_interface+0x10/0x10
[  183.576629][ T5859]  device_release_driver_internal+0x4d9/0x7c0
[  183.576650][ T5859]  bus_remove_device+0x34d/0x410
[  183.576672][ T5859]  device_del+0x511/0x8e0
[  183.576695][ T5859]  ? kfree+0x18e/0x440
[  183.576715][ T5859]  ? __pfx_device_del+0x10/0x10
[  183.576736][ T5859]  ? kobject_put+0x446/0x480
[  183.576760][ T5859]  usb_disable_device+0x3e9/0x8a0
[  183.576785][ T5859]  usb_disconnect+0x330/0x950
[  183.576808][ T5859]  hub_event+0x1cdb/0x4a00
[  183.576840][ T5859]  ? do_raw_spin_lock+0x121/0x290
[  183.576864][ T5859]  ? register_lock_class+0x51/0x320
[  183.576888][ T5859]  ? __pfx_hub_event+0x10/0x10
[  183.576910][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  183.576932][ T5859]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.576948][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  183.576967][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  183.576987][ T5859]  process_scheduled_works+0xae1/0x17b0
[  183.577018][ T5859]  ? __pfx_process_scheduled_works+0x10/0x10
[  183.577045][ T5859]  worker_thread+0x8a0/0xda0
[  183.577083][ T5859]  kthread+0x70e/0x8a0
[  183.577108][ T5859]  ? __pfx_worker_thread+0x10/0x10
[  183.577128][ T5859]  ? __pfx_kthread+0x10/0x10
[  183.577151][ T5859]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.577168][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.577185][ T5859]  ? __pfx_kthread+0x10/0x10
[  183.577207][ T5859]  ret_from_fork+0x3fc/0x770
[  183.577227][ T5859]  ? __pfx_ret_from_fork+0x10/0x10
[  183.577248][ T5859]  ? __switch_to_asm+0x39/0x70
[  183.577269][ T5859]  ? __switch_to_asm+0x33/0x70
[  183.577289][ T5859]  ? __pfx_kthread+0x10/0x10
[  183.577313][ T5859]  ret_from_fork_asm+0x1a/0x30
[  183.577342][ T5859]  </TASK>
[  183.577354][ T5859] 
[  183.855061][ T5859] Allocated by task 5928:
[  183.859383][ T5859]  kasan_save_track+0x3e/0x80
[  183.864059][ T5859]  __kasan_kmalloc+0x93/0xb0
[  183.868644][ T5859]  __kmalloc_cache_noprof+0x230/0x3d0
[  183.874009][ T5859]  em28xx_v4l2_init+0x10b/0x2e70
[  183.878936][ T5859]  em28xx_init_extension+0x120/0x1c0
[  183.884210][ T5859]  process_scheduled_works+0xae1/0x17b0
[  183.889744][ T5859]  worker_thread+0x8a0/0xda0
[  183.894325][ T5859]  kthread+0x70e/0x8a0
[  183.898386][ T5859]  ret_from_fork+0x3fc/0x770
[  183.902962][ T5859]  ret_from_fork_asm+0x1a/0x30
[  183.907716][ T5859] 
[  183.910026][ T5859] Freed by task 5928:
[  183.913990][ T5859]  kasan_save_track+0x3e/0x80
[  183.918656][ T5859]  kasan_save_free_info+0x46/0x50
[  183.923668][ T5859]  __kasan_slab_free+0x62/0x70
[  183.928422][ T5859]  kfree+0x18e/0x440
[  183.932309][ T5859]  em28xx_v4l2_init+0x1683/0x2e70
[  183.937336][ T5859]  em28xx_init_extension+0x120/0x1c0
[  183.942618][ T5859]  process_scheduled_works+0xae1/0x17b0
[  183.948158][ T5859]  worker_thread+0x8a0/0xda0
[  183.952739][ T5859]  kthread+0x70e/0x8a0
[  183.956801][ T5859]  ret_from_fork+0x3fc/0x770
[  183.961378][ T5859]  ret_from_fork_asm+0x1a/0x30
[  183.966133][ T5859] 
[  183.968452][ T5859] The buggy address belongs to the object at ffff88807b788000
[  183.968452][ T5859]  which belongs to the cache kmalloc-8k of size 8192
[  183.982492][ T5859] The buggy address is located 528 bytes inside of
[  183.982492][ T5859]  freed 8192-byte region [ffff88807b788000, ffff88807b78a000)
[  183.996374][ T5859] 
[  183.998690][ T5859] The buggy address belongs to the physical page:
[  184.005092][ T5859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b788
[  184.013931][ T5859] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  184.022442][ T5859] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  184.029988][ T5859] page_type: f5(slab)
[  184.033966][ T5859] raw: 00fff00000000040 ffff88801a442280 dead000000000122 0000000000000000
[  184.042553][ T5859] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  184.051145][ T5859] head: 00fff00000000040 ffff88801a442280 dead000000000122 0000000000000000
[  184.059807][ T5859] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  184.068465][ T5859] head: 00fff00000000003 ffffea0001ede201 00000000ffffffff 00000000ffffffff
[  184.077127][ T5859] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  184.085781][ T5859] page dumped because: kasan: bad access detected
[  184.092190][ T5859] page_owner tracks the page as allocated
[  184.097890][ T5859] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5928, tgid 5928 (kworker/0:5), ts 181775120300, free_ts 181687621752
[  184.119333][ T5859]  post_alloc_hook+0x240/0x2a0
[  184.124094][ T5859]  get_page_from_freelist+0x21e4/0x22c0
[  184.129627][ T5859]  __alloc_frozen_pages_noprof+0x181/0x370
[  184.135423][ T5859]  alloc_pages_mpol+0x232/0x4a0
[  184.140274][ T5859]  allocate_slab+0x8a/0x3b0
[  184.144771][ T5859]  ___slab_alloc+0xbfc/0x1480
[  184.149436][ T5859]  __kmalloc_cache_noprof+0x296/0x3d0
[  184.154799][ T5859]  em28xx_v4l2_init+0x10b/0x2e70
[  184.159725][ T5859]  em28xx_init_extension+0x120/0x1c0
[  184.164999][ T5859]  process_scheduled_works+0xae1/0x17b0
[  184.170536][ T5859]  worker_thread+0x8a0/0xda0
[  184.175120][ T5859]  kthread+0x70e/0x8a0
[  184.179194][ T5859]  ret_from_fork+0x3fc/0x770
[  184.183781][ T5859]  ret_from_fork_asm+0x1a/0x30
[  184.188543][ T5859] page last free pid 7642 tgid 7636 stack trace:
[  184.194860][ T5859]  __free_frozen_pages+0xc71/0xe70
[  184.199969][ T5859]  __slab_free+0x326/0x400
[  184.204378][ T5859]  qlist_free_all+0x97/0x140
[  184.208963][ T5859]  kasan_quarantine_reduce+0x148/0x160
[  184.214417][ T5859]  __kasan_slab_alloc+0x22/0x80
[  184.219265][ T5859]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  184.224718][ T5859]  getname_flags+0xb8/0x540
[  184.229208][ T5859]  do_sys_openat2+0xbc/0x1c0
[  184.233788][ T5859]  __x64_sys_openat+0x138/0x170
[  184.238633][ T5859]  do_syscall_64+0xfa/0x3b0
[  184.243137][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.249023][ T5859] 
[  184.251333][ T5859] Memory state around the buggy address:
[  184.256957][ T5859]  ffff88807b788100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  184.265015][ T5859]  ffff88807b788180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  184.273068][ T5859] >ffff88807b788200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  184.281117][ T5859]                          ^
[  184.285691][ T5859]  ffff88807b788280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  184.293741][ T5859]  ffff88807b788300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  184.301788][ T5859] ==================================================================
[  184.313911][ T5859] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  184.321134][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: kworker/0:3 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) 
[  184.333204][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  184.343272][ T5859] Workqueue: usb_hub_wq hub_event
[  184.348328][ T5859] Call Trace:
[  184.351587][ T5859]  <TASK>
[  184.354500][ T5859]  dump_stack_lvl+0x99/0x250
[  184.359077][ T5859]  ? __asan_memcpy+0x40/0x70
[  184.363652][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.368833][ T5859]  ? __pfx__printk+0x10/0x10
[  184.373407][ T5859]  panic+0x2db/0x790
[  184.377282][ T5859]  ? __pfx_panic+0x10/0x10
[  184.381679][ T5859]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  184.387551][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  184.393861][ T5859]  ? print_memory_metadata+0x314/0x400
[  184.399299][ T5859]  ? media_device_unregister+0x141/0x400
[  184.404914][ T5859]  check_panic_on_warn+0x89/0xb0
[  184.409837][ T5859]  ? media_device_unregister+0x141/0x400
[  184.415448][ T5859]  end_report+0x78/0x160
[  184.419677][ T5859]  kasan_report+0x129/0x150
[  184.424167][ T5859]  ? media_device_unregister+0x141/0x400
[  184.429782][ T5859]  media_device_unregister+0x141/0x400
[  184.435221][ T5859]  em28xx_release_resources+0xac/0x240
[  184.440661][ T5859]  em28xx_usb_disconnect+0x19f/0x2f0
[  184.445931][ T5859]  usb_unbind_interface+0x26e/0x8f0
[  184.451121][ T5859]  ? __pfx_usb_unbind_interface+0x10/0x10
[  184.456824][ T5859]  device_release_driver_internal+0x4d9/0x7c0
[  184.462877][ T5859]  bus_remove_device+0x34d/0x410
[  184.467798][ T5859]  device_del+0x511/0x8e0
[  184.472108][ T5859]  ? kfree+0x18e/0x440
[  184.476158][ T5859]  ? __pfx_device_del+0x10/0x10
[  184.480992][ T5859]  ? kobject_put+0x446/0x480
[  184.485571][ T5859]  usb_disable_device+0x3e9/0x8a0
[  184.490592][ T5859]  usb_disconnect+0x330/0x950
[  184.495253][ T5859]  hub_event+0x1cdb/0x4a00
[  184.499661][ T5859]  ? do_raw_spin_lock+0x121/0x290
[  184.504683][ T5859]  ? register_lock_class+0x51/0x320
[  184.509899][ T5859]  ? __pfx_hub_event+0x10/0x10
[  184.514678][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  184.520406][ T5859]  ? _raw_spin_unlock_irq+0x23/0x50
[  184.525608][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  184.531349][ T5859]  ? process_scheduled_works+0x9ef/0x17b0
[  184.537090][ T5859]  process_scheduled_works+0xae1/0x17b0
[  184.542661][ T5859]  ? __pfx_process_scheduled_works+0x10/0x10
[  184.548659][ T5859]  worker_thread+0x8a0/0xda0
[  184.553269][ T5859]  kthread+0x70e/0x8a0
[  184.557361][ T5859]  ? __pfx_worker_thread+0x10/0x10
[  184.562484][ T5859]  ? __pfx_kthread+0x10/0x10
[  184.567093][ T5859]  ? _raw_spin_unlock_irq+0x23/0x50
[  184.572290][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  184.577497][ T5859]  ? __pfx_kthread+0x10/0x10
[  184.582099][ T5859]  ret_from_fork+0x3fc/0x770
[  184.586693][ T5859]  ? __pfx_ret_from_fork+0x10/0x10
[  184.591803][ T5859]  ? __switch_to_asm+0x39/0x70
[  184.596576][ T5859]  ? __switch_to_asm+0x33/0x70
[  184.601350][ T5859]  ? __pfx_kthread+0x10/0x10
[  184.605952][ T5859]  ret_from_fork_asm+0x1a/0x30
[  184.610721][ T5859]  </TASK>
[  184.613963][ T5859] Kernel Offset: disabled
[  184.618269][ T5859] Rebooting in 86400 seconds..