last executing test programs:

1m19.462618077s ago: executing program 3 (id=3755):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000006180)='./mnt\x00', 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x8000002d)
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
read$FUSE(r4, &(0x7f0000000280)={0x2020}, 0x2020)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x10162, 0x0)
semctl$GETNCNT(0x0, 0x1, 0xe, 0x0)
memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc\xbe\xb6\xa7w\x9d\xf1\xe5V\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff05000700"], 0x6c}}, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000000301010100000000000028000200000008000840000000030c004a5072f020198008000200550a0008"], 0x28}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)

1m14.944957462s ago: executing program 3 (id=3765):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})

1m14.312051544s ago: executing program 3 (id=3769):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0x12, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
pipe(&(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async)
sigaltstack(&(0x7f0000000000)={0xffffffffffffffff}, &(0x7f0000000080)={&(0x7f0000000100)=""/9, 0x0, 0x9}) (async)
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x189)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async)
eventfd(0xff7ffff7)
prlimit64(0x0, 0x1, 0x0, 0x0) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYBLOB="4644c349e1625936adc102633e75efb15d7a17ed520d0c8481587b927d12e80d788d0ab8efbf4e950bf8698d00aab34d814c433708dc8bdb74874d06c2a5afa99fa990d689a1616e7b5700600c154cc4da19914dd87625b3b22e1e76650470f69feb4b81deb7959340fac5457ac3fbd5e1099126d92a8dcd2850bbf78e9caef19431d58723b4e0321b14ed9aad2d7275d2c6b71f61998572ebdb7084a30ac84752a9b11d1b12178f5a800e59322e1c47dad5cb587160909aacfc03c0056711793ccb890da2da0713215a20efa3a5ea07f40005fb57394eb93109f22fbde56f1a01a8dc1bb08c3dc89dd30d8a24eac7aa6a326f4bcc8e67117fdafbf7a5b5b16b5944057e986bb234c5238d73c00ccdcf739734316166878149c2c443535ca86f3099a5d72c1a253d995ecec9ff0cbd68fcfa89ae4216f879fa974798983ef72639614fefe2f1075bd1f184ba3245a3a32db38a87d1ab1c14c250a5f134897494ea0c74dbb1aa8ff4f432f4810cd229e3a1798f715a589d79a4f1b6023c63dc90e4dd8519e207e6148973293398120b5773b1ee257bfa6aa3cd6e68420c834b9285cf60d1289cc46cb59f418884f4d062409eca84c6152f96750dcf8a9e671d3df020238e06f82f3cf1965a9195724206ea3ebdbf6f77fd67da10d389e06ec882d566810f34aa5a87b8210241b4ebaa4a0c69a0be5acb4ef301206755678b646844aabd1827643e97a434698128ebfc1ed06ce2a552696bafb210adaca4c8e043a8fb5361e9483c2feff63d04573a4ddd48a53a7cf1ba1f6130e382b3d6d90d0681b21555652b16fb1ef1b0025762a3c0c5425e107b3871625253139d4650eae9e7f1fc6be92ae1c9d5c4b3e467243bd20e02fac6e9be2f114c70c57294f4e0a271ab317f30a8eda9710e7eb7acefb05edc28158ef66ee35a9cd67aecd848bcab01038877c7dd68e5fbcdcf7557584825ab171c39484d50779ad415a78cf4eb6f4e8b1fa83c5ba970903a524a4d9a3cfe478247fcb994c5578cac8de82e4363d737bfc6e0744faa197bc8aa80b753e39a488d85e2a9b91c466328a6a54c7d33fcf3bd86bcd1715aa9741079998484d23e3d0f022e78b8ffeb94a8f46fe9396439ea5a7a847f5a7c8d09d3ff50518fcfd543aef7ab9b38016e39e126fbeac7544f8624c0ea092f82bd353d6da69d9e847839f1fde2e4cc3c96d51ae955b809cefd05cac1f77b2e6c3686dfc7d4aa13205e811c225dd271ac2a8c9a08074010936b6bb3da27e10efbc96f1b39c47e515ddc9cfa5974952822e840b9a616f6a415e9c02b17f780fdc9b54c2091ac317bebe95e8b8a5922e3f12a35a1bf04ffcced333220f2cee3d84145a98f552279b6d88ce8defc7901d9d54d61473d8fad2a2a21dccd9b2a04a0a84ecbb6df25fb3a9bd68826e542dadef37788e40ab70303e5696aa85eae7f6e26d2e5a4b12a9a1cdf739bbd424dd20007cfb7439b1800a2c1c25f619e0926a8f4f081ee3a8ae12b404e78a719e9fc7cc1579ddc5ce0bf1911a53cc4bd2c55f5bfba8f3b23dbe7951160b827e31bb5572283dd9c92d5310107c823f60925472264e1ca3e9c1241b4289e69e76f1460e7dd1f47338c6b9c8a57c859d47d0ca60fa09b21c99f60418eeddb11a530cbe100702cacf1ce109e8c58df8fb250bf9fac2341daf1bbfe799964db2c1e3b9330f1601b085fbdd7fd1c65d3da5bf7748404acc7efe88526283a9efb352de6db8c13e98eb56e01e91759584a381a5d2d22ee83465ce0ffe97f5e890649f25b9198e8fb452545a2b86eb7e59cd9109eac1f42c3ee45575a620f4b29918186e1a6fbcfe5c0a6fb4b3d1f868c2dffbb667ea97b71980a0a8de9b23da10844a75e589dec00819d0ed768cd4402780e3f888d39a7963d1f485c1433a2b45a32c2a767e5723b23e335e170581a92041e3fe3b48c1001969456361759034044d7262582dd460df889bfae854ca5ed12f9e36cef6edd74e6f24684ddfb6c5f9b7651801844a77dda7d47c58a2796dd7400d19039fa63bda5691a986baf220592d08c95348cdc42f95cc3477307479769a6ed16b7c19d27e6fbcf3367eb1d7ae6effdb8cae5312e3961f7f0c636bca50aaf0f54c8ea88dc58a9ef33803b7436f544928ff35645d7c4ff03f7f58d95474a3261eadb8f629d4765b7f2d43459a144286469c08f106df890045b592ffd7e5cb17355c57e3d158e50fc1dc5f3f813750cfc3567587ec9d2e048993b13dc5e7dd5e0d163f8453bcb377d34d3a2681b8a9ff381626c2c1e1e2229ff6017190c1e03907026d50b4420c794607b8d388d2dc2618cb5b494e0b8da2f6f37b91ac6a0a6752f4b2ad2378fe7c4498fb18cf366ba13cd696c303411c34f2643f70c129c60347dd60d04620c16a122ac1f38f7969be3ed45911de79b41fcefca6db6ea2889dab1dc56f0be0d38f8d688282fe600511602769e9ebc6e1a883bd0f143e6d4bb6d095ed986cc5003015732542498b6afe0db35c85ab4894a77ffd10d9453c5a894522f9f7a86b1b5bb01708ef27174686ef41accf07ea5a6228feff0992c7b9f20d9eec53cd75de1152b8493cef8b489984fe2d968cbcbfd51e6351e4c424b9069295756dcc425b3df3119999de2a76f30716a4bf38a6111da36a28a8804f59a3da0a0a52f1b64757c8c0fac41aa8da5e5376bf6bacceb1b13d27f0119668ce828df3531252debc2671821745b220b4704cecc382a53d59dbf2c17d4b40501a542a10610026d535920645ae6ab66445e079c634849274542f7117bc6b13c15d67f97795693b47bf2771348ceaefac24eae5c8f2364e848cce67e222d1642dfe4bd0570531385afb59e65363c51de5d263b864d0656614a97c88b7fc8329899883f1ad69886ff1ea3e2e3aef3122624523dc8de0ce273e275fd2f09b8265b17627e25b5b7f4d67a75da8a7b0d6b801c7958eabf1ff3763954d2db614039d8a8c4dd603a6ab5c174ba30d221a9554187de1f5c7f9d2da0c429aad4bfafe1e71409590b00cce83bf01803ae6afc2bcd2d5a04fe30b11328ab68d0d5bc0c2b9d5c01faaab6a80b491ce839d9c578148f72881d9038b4faf80d335ca32cfed2d8f8eb1967c61273f68b53d292cf7fef3ea4f526a50d332f208f7d59807c73f2c969d5ce2d716e8d69efdaa2739eb354dfff7662354c0e364b8fab61aecd63944ea1377dfa87615af3d00c16752faf217cfdf3b22772a0882449ffdce15c424eee3e92a4119452696377ecba74aab7bfc9347d7685abf48021411a92ad5065de3baffe04191fcecaefabda4b8557399e27ad2e64f5c4547463f102b0aa7cbef4403b8a82b7c346ec44793aac043085d8f08888a01229951f3e0becba02dfb6fd1be91c304efcf923df567f2b1b63b221555082fd74d8f04b8ee112a7f39f0428a76c4d33f2c36d89700ac19455698a05df26f551dc841f74d6476ece6ef812ba601fdbb275e7147920abed65763ccae17a48295d83b3ba9dd4076689751c5784e5d9e195c74a3d4f93960c09692cbd1e806e4e0d3a242c3b798503ac2275b819e0c828569866723b220ef6c483232886a096a5054a32b2b530918f382d4ae3b422214094b837740edb7e696436c708a9934c452e075add79aea66ffd363b5cf4d59fb414efdc3ea8fc13b92eda7bff5fa08a5d5b933c84b712bc92586db36d7c7e0b6b34d549d7d924188f68e7e7ce9c51667610d0be1aa736dc41c62bcc631e7179c8a376abaf953ee1eecf68f6f2dc216e26e50e5bde6d055453ae34d3890e38b8cfa8b32cccc7c603bc9d22000a844520c537f311b7e3c3c5dc9df595a263aea403568b4739e0e8917740ef174d53413e3f38311214b53d4956c225251db1f683a2355d509bf58ded0b14f4714824b23fdedfc6795d65fbfc67e1c575585a7b8169f9c3e32f755861bedc729a8a478b69e6b88e4d606b49556a9af181f6017e8baf0dcc5ca6a84183642208ad3a22581848e5a2eb67959d58d8eae0aabad113681b73a076e747688949e29ce98f3bf34b02e961fe128a37a77568fc3e0f4e01d80858e2f59777871ed208881cd4e97971bd92a675d1fc2223f571c52a35bcdbe40a88a422277e1f2296b670e38b2c53eeef4e4f6a2bd1d658749c20cdd42e8c1f724004dd25ce19e0a0d9066e72b0bb671cc46d07a02fb9c9b46619e0f44abfcfa37dfb39fefb5dfe71e0ce7b6e93eb36441680216778ecd44b7a20a515693d5d6e8e352b36f30bbd747125d74673017981170d4e9b2ad7a095feb4f89aef91ff72d1a33302cd6fbc90bc4a507b388070d2457de25706bcc62f2cd48455ea67671b5b9fa3c6811737bae0d6bb62704aa7e833c186f97bafa70dd93f60321ffc3aae0f2fdf3afa2ba96241179dc83a4062765697ccb160cc6b356b58550370031ba29b4fd43a34982e6cf88b24c4b0e5a7de528a94aac709175700526bd1f70bb90676ca1b83ac7b8c872b39cdd4c908201312e2829cd6248e20cdf1ccd761cc0703df2a8e1327e590874f171f2d74b8ea7a067d8894378bab390d8c73eaf0bc269bf10e44e1c54849319c4de77d46b136df733b15e134d79fc49dac319ae00cb4dabac130b6a55adba4b370128236d763427de913983c485f6ca944afe57f2bd1213443d916622d933db7febe7ddf0f573665e35a17c5924b598652edb329dc84c75e8db7c3409734071f4422d79729a7a04d6eb45804ca6df9df06f46c58f4eddc46835c7b8668bbbc014a8785e45edb1a74898d4436f7938b28b76ff843bca95b3939c74209c18a47a706e29d8fd9e9d431e8b03f848a03c85d798126423b95b5aaae313ceb4a6d3a5fae8c8e290f539ea86231b02105537668d5f49fe7322494b388c9c9045f6d71bdb78108cbadcef165dd3d184acf5af8838d276e2f4cc1425dfb14001c565db4c12a605d63627ab84167e04104e83dbaf7c683a3582bbcbe8496639300576e553480385eeecffb022925ec018dfece77c48144400f554aa4475a0ee2b11ce8387217b660a0e748968e3be409cf2be2f95698f3093cafb2d4319fe15574c3042c2801c0809f60209a477ff430af15e2af27c5598b14f49835d578a4a864c13fde1eb74d676ed27604ea951f865326feb970fae57616e3d0acbda88b5ab4f2884fd67832a778b48fefd91c91cdffd0f1b71c2c5bcd05f7f44574d4ae3257bb45e49f18dcf270ea24c87631a8acec93574679bfe0ab8a64bd63ce879d2cdccb67958d059e2fdf49a87a2b80392a956f95d9c912baf10be64f6941391772b1793b5283a851d753d62b13cdf1a6dc0934ad5e062dfb57681d68f1825cea8dbd907069f4c49a4cac793ecea1063239b78e783b470158992bf6d3da2db73814e61d861e8ee4afb9f9fad05022d0ef466d5d56f6c4e601a71dc6823aa4d31ca951185d7e473d163abb738e26104780162d1388a2d8599ca18c533adb5b77369a8a8bba961f3a4790627837151ee910e0f0c32de823ce9ccd933ff3aa48c4ac81b4e664b5b82f77c4866e1a368f18bf51edff4c0ea1c32c5b83fc7bee7c90e0d26434d710fc3e03f2f6ac9841b4282db2fdc4b424ea938535e75dc76b4cd3ad2e15a74f59910044c409657e32ec5bccd3246f57904cfcfee2eb88a5e1b4f3c343ec20b73ddfabb04acaf5bb8051f2799bfcb44298cc05ce9413e88bd5c2fe2e9127766e0d0c93bb2566bcbc1153b40d0c921106d93ee863827ed00df2566bcf379925ff35f2c80a2347f9e738b76ad083e340150aabb652de06bb3c", @ANYRESHEX, @ANYRES8=r1, @ANYRES64=r2], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}}, 0x4000000) (async)
syz_usb_control_io$hid(r5, &(0x7f0000000280)={0x14, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f0000000b2e2b5aa40bf85edaca8300000000f2b4b25e22c8b9f6f7acdec7d1be13bfecc012a388a6526f6e649e40c7944a16bbf7"], 0x0}, 0x0) (async)
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSFLAG(r6, 0x4004480f, &(0x7f0000000000)=0x3) (async)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000480)=ANY=[], 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r7=>0x0})
r8 = syz_clone(0x25000000, 0x0, 0xfffffdae, 0x0, 0x0, 0x0)
syz_pidfd_open(r8, 0x0) (async)
r9 = syz_open_procfs(r8, &(0x7f0000000040)='smaps\x00')
read$FUSE(r9, &(0x7f0000006140)={0x2020}, 0x2020) (async)
timer_create(0x1, &(0x7f0000000440)={0x0, 0x7, 0x0, @thr={&(0x7f0000000140)="c4daf267f7e13f1bc2b639829348dd667aa0993f8aa8dc98af3093b48f853145476d65129d9fd4d000fc7e4b8a", &(0x7f0000000400)="d375da8806a455"}}, &(0x7f00000001c0)) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="003fcafb0535c41733000b00", @ANYRES32=r7, @ANYRESDEC=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
write$binfmt_misc(r2, &(0x7f0000000380)="9beea69202c783c5b1600b2c5a1780bc634e29bd8750aaf8e4ab17c4d5aac310f52a22456e69fd2a447d3ebcd206841a1db6bacbe76405b5103950ac1c2d28cb1d7a9ba492ab8b1fda68221ec6808d4eab4be819b43e4b28260f0ec10c083f344b4a2b1f64fdfa4a3eb6dedb5d03c8ef4d55282cd27a9fb8cdb0a21837", 0x7d) (async)
pipe(&(0x7f0000000080))

1m11.032656624s ago: executing program 3 (id=3771):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000501c0007800c0001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00038018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2000}, 0x18, 0x0)
r4 = openat$thread_pidfd(0xffffff9c, &(0x7f0000000100), 0x230000, 0x0)
pidfd_getfd(r4, r0, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
mmap(&(0x7f000009e000/0x10000)=nil, 0x10000, 0x1000002, 0x11, r1, 0x3000)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20000, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r7, 0xc0745645, &(0x7f0000000380)={0x5, [0x5, 0x203, 0xfffb, 0xf252, 0xb55, 0x7, 0x40, 0x1, 0x200, 0x8000, 0x9, 0x6, 0x5, 0x80, 0xff, 0x401, 0x75, 0x5, 0x6, 0x3, 0x8, 0x5, 0x3ff, 0x41, 0x1, 0x7, 0x2, 0x5, 0x9, 0x89, 0x0, 0xfb3d, 0x5, 0x80, 0x2, 0x9, 0x1, 0x1, 0x101, 0x0, 0x6, 0x6, 0x5, 0x0, 0x6, 0x9, 0x2, 0x101], 0xb})

1m10.388134559s ago: executing program 3 (id=3774):
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000240)=[{}], 0x1, &(0x7f0000000340), &(0x7f0000000380)={[0xd, 0x9]}, 0x8)
syz_usb_connect$cdc_ecm(0x1, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902600001010700000902b0ecb6020600000100000000052400ffff0d240f010000000000000000000524010108042402001524127704a317a88b045e4f01a607c0ffcb7e392a07240a00030708090582020000000000090503022000000000a9afeb5eaf717d57ea4305b192e69cd11fc30860dc362b2f4cde3e0125a0fefbcf60bf76d23808edf9dd0517cf5935a1f380397902dc3114c80f1a3aad9478402a4341abb1d91ba16ebc502bb5ea5ce1731bc68c1d55467e58"], &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})

1m9.699508479s ago: executing program 3 (id=3779):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000013c0), 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x2000)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
preadv2(r2, &(0x7f0000000340)=[{&(0x7f0000000380)=""/258, 0x102}], 0x1, 0x8, 0x0, 0x31)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f00000016c0), 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="34000000120001000000000000800000100000000c0000000000000000000000140035"], 0x34}], 0x1, 0x0, 0x0, 0x8001}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newrule={0x1c, 0x1e, 0x1, 0x0, 0x2, {0x2, 0x14, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x2810)
sendmmsg$alg(r6, &(0x7f0000000000)=[{0x0, 0x0, 0x0}], 0x1, 0x20002840)
recvmsg(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff6d, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/68, 0x51}], 0x1}, 0x40012040)
ioctl$SNDRV_PCM_IOCTL_XRUN(r4, 0x4148, 0x0) (fail_nth: 3)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r8, r8, 0x0)

1m8.81236896s ago: executing program 32 (id=3779):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000013c0), 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x2000)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
preadv2(r2, &(0x7f0000000340)=[{&(0x7f0000000380)=""/258, 0x102}], 0x1, 0x8, 0x0, 0x31)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f00000016c0), 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="34000000120001000000000000800000100000000c0000000000000000000000140035"], 0x34}], 0x1, 0x0, 0x0, 0x8001}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newrule={0x1c, 0x1e, 0x1, 0x0, 0x2, {0x2, 0x14, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x2810)
sendmmsg$alg(r6, &(0x7f0000000000)=[{0x0, 0x0, 0x0}], 0x1, 0x20002840)
recvmsg(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff6d, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/68, 0x51}], 0x1}, 0x40012040)
ioctl$SNDRV_PCM_IOCTL_XRUN(r4, 0x4148, 0x0) (fail_nth: 3)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r8, r8, 0x0)

8.608057386s ago: executing program 5 (id=3892):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000040)
r0 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x2000009d)

8.335896325s ago: executing program 1 (id=3894):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000013c0), 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x2000)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
preadv2(r2, &(0x7f0000000340)=[{&(0x7f0000000380)=""/258, 0x102}], 0x1, 0x8, 0x0, 0x31)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000240), 0x1, 0x1294c3)
r5 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="34000000120001000000000000800000100000000c0000000000000000000000140035"], 0x34}], 0x1, 0x0, 0x0, 0x8001}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x503, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, {0xa}]}]}}}]}, 0x50}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newrule={0x1c, 0x1e, 0x1, 0x0, 0x2, {0x2, 0x14, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x2810)
sendmmsg$alg(r6, &(0x7f0000000000)=[{0x0, 0x0, 0x0}], 0x1, 0x20002840)
recvmsg(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff6d, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/68, 0x51}], 0x1}, 0x40012040)
ioctl$SNDRV_PCM_IOCTL_XRUN(r4, 0x4148, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
close_range(r9, r9, 0x0)

8.067275736s ago: executing program 5 (id=3896):
socket$rds(0x15, 0x5, 0x0)
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000480), 0x1, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/114, 0x72}], 0x1)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="820000000d060102000000000000000007000007050001000700000011000300686173683a6e65742c6e657400000000050001000700000011000300686173683a69702c706f727400000000120003006269746d61703a69702c6d616300000005000100070000007e3ec00500050002000000"], 0x70}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x8, 0x2, 0x9413}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)

7.765758659s ago: executing program 5 (id=3900):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100a600010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r2, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r5, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r5, 0xc008aec1, &(0x7f0000000180)=ANY=[])
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, 0x0, &(0x7f0000000040))
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4)
socket$inet(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

6.164717309s ago: executing program 1 (id=3905):
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="434a596143cc", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @address_reply={0x12, 0x0, 0x0, 0x4}}}}}, 0x0)

5.738402476s ago: executing program 1 (id=3907):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4000040)
r0 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x2000009d)

5.345035159s ago: executing program 1 (id=3910):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100a600010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r2, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r5, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r5, 0xc008aec1, &(0x7f0000000180)=ANY=[])
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4)
socket$inet(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.372822991s ago: executing program 4 (id=3914):
syz_clone3(&(0x7f0000000380)={0x201000, 0x0, 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.536732649s ago: executing program 2 (id=3916):
r0 = inotify_init1(0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x88040, 0x183)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000700)="1e", 0x1, 0x40011, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.423047787s ago: executing program 4 (id=3917):
r0 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, 0x0)

1.912268265s ago: executing program 5 (id=3918):
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000000)={0x4})

1.792428182s ago: executing program 4 (id=3920):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4605, &(0x7f00000011c0)={0x0, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x4}})

1.778366029s ago: executing program 2 (id=3921):
r0 = syz_open_dev$video(&(0x7f0000000100), 0x10000000000008, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0xa, {0x7ffffffc, 0xfff, 0x300}})

1.504794433s ago: executing program 5 (id=3923):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

1.488254366s ago: executing program 2 (id=3925):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="480000001900010025bd7000fedbdf250a801402fd03fe060010000008001700"], 0x48}}, 0x0)

1.488085243s ago: executing program 4 (id=3926):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x5, 0x0, &(0x7f0000000040))

1.288345216s ago: executing program 0 (id=3927):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x800000000, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x6, 0x34325842, 0x2, @stepwise={0x8000, 0x3, 0xb, 0x8, 0x7, 0x2}})

1.255399565s ago: executing program 0 (id=3928):
syz_emit_ethernet(0x46, &(0x7f0000000040)=ANY=[], 0x0)

1.169577773s ago: executing program 0 (id=3929):
r0 = socket(0x10, 0x80003, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x400, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000f00000e1000"}}}]}, 0x48}}, 0x0)

1.032771615s ago: executing program 4 (id=3930):
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='1-0'], 0x31)

1.032293034s ago: executing program 0 (id=3931):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r1, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x4000)

1.022239304s ago: executing program 1 (id=3932):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TCFLSH(r0, 0x8925, 0xffffffffffff7ffe)

1.020692948s ago: executing program 2 (id=3933):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x19)
ppoll(&(0x7f00000000c0)=[{r0, 0x2}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0)

912.772827ms ago: executing program 5 (id=3934):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4a, 0x0, 0x0)

912.5005ms ago: executing program 0 (id=3935):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280), 0x80100, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
pread64(r0, &(0x7f00000009c0)=""/179, 0xb3, 0x7fffffffffffffff)

746.871708ms ago: executing program 1 (id=3936):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000001c40)=[{0x0}, {0x0}, {&(0x7f0000000100)}, {0x0}, {&(0x7f0000000b80)="a7bedb9ed2e3a20d8886fb41b4c1192240659f5abc2c8b21b98c2cfa4c85b20eddd9e4224dd90f8862197a418cadc7482ff692115671f59de5539bc863efc759e0ff2d430b4b243b60665b492552b0280c2c14e5b9a0808d5a18e43f4ac6347922b78a65b764c8178fbe4b48950e167ee344ff491e425482c550baf915abf111dbdb0d13f58b61ab14b89b77cf2ac87fd7d1b220c1a5ee0fff741ee8c7a3f587fe526ef0fda581190314d1d8f7b05c72f2ebd6c33f15fdb55507bb496f1a780e72b37fc0b1647397bf20bac71ae17e3eb1c13854c60af33a993e3c5de2e96346bd618ff3088b5a6ba7847f648388ef96e5939974d5d40658b764113a7fe2707eda360ca51356123fa5119e94a1604bacdba59da4276a100cf6c03aeb574d2d16faf99d860b03a4d2184f9c6a822823f47e2d019a79bbff310fc4f4a2d99857df26b5a9182b78c2341f809509dc5dad5059aa6b145715a5e893411a4e839cc9f7f2e802f93652a1e417624068c75a022ce24a5b3fd08ffbf504c43361d9286eef712cc07be7729b8da69c87cb2cc6478c40c18ac636b878920574eca426324512d333f790cf2cd64a8effbd1b5ef1684f33513b9e12804425110347d5015dc34e0d8af10cb82d656173ac4c699f35bcf04fe75f4e15ec761e0136bd6b261cfaf96b079edc1644c3d80d3e06391d30a126b52d2cdd4a2f93728088bd2ef8a1492e9649b423185172ef6985519d03fff2d9df2a0e9c9ebb36062654ff8ec3aa5cb29c7276201d229fbb398ab88b305115fd41361b9d58339d8b6db46da1a82c9919d04d69999d0b044d006de6686d1a26c0a2103733a63783be564e54e803430d550e35483df8fa232e6f8f82ce109dbf095d9243bf26c2745b71445c8ded7968e005c66ca819e0185e0f7f05bf0ea0709de6043e16ecdc1081e14165ebbbf420278c6d0595115bf4d8f961bd12f6d75b523ee719b13150ba3062733e08e2926a8a07bdb7f303da98d3e35c4cdce417dca6920dd3104f0cb02ab22ea56114904797cb5cfa54da77988bd79dad8d95ee9bd2cb1d2860820454c34d2b27cddc13b89f79231e2a83cc4996875160b5de55133b1a6c0cf4381506c8f725cfc1b87c0d648d5eeac0011153f527e01c196f42e90e74d5c63d2b115d39fa76e89a749398d35fd12a2428b29e4410ec19f12a98c37fad6ac13e6da364bbb211a7664bdd9800f6aeb64a89b97728d0f4e3f6494ff0e8faacd970a7080719efaa7ada1c3eb4b902fa184ec3ca948caa0eaedfb5116ee60d0761e564181128220322df58658097528f1d6a8fae112f02764b424868447ad2f7825cabb744881913af41afc0cf4d3b41e15003d234d292a2dc0662e4be4cd462fd8782ffd09c9817bd250552074ed25288ba82eb9a56c73af9d2285c1c87585623310d52099d00c342d4bfdb016e06c2aef88c584ee3c30a4785be4562ebf1b4c230abc7f15a99ce276213a1a321c60b79c4219d777a75438e6ef6746c5c4becac00ad7830552be54c42356a3b541612b2dd82efea6a7800af05cb15ba4d018cae7453bc241ecdcd1a129273c759c8618dda90df93cd4103afab653db6772a054b5406bfbf9d7dcf82a7a0a6018c5a70cdf79247c440a3a735ab2c313cf5f01e9870816056024118af570b4e2a3f3376a0fef169661295096c8ff97e2522a789c3c3a1126d677e575f4f8555bd53af1a347a57cee6b3179ce2c0df6eca2cdf7f000712772da616ef30ca7fcac5c413410b16679b5ddf1b9ed7ccc676f0ed5211697497936c7b972c25b4c64984a8f55eec348c022b03ffbed539ab1a2e3f552074df484788b1560113291829cf6aa9a8a7c60b439bd5b6e6ab0b79ef47362e991cc8d1d1c829a81aa5a3fe3d0c38b946418677450307f3d872e231d13c07723e7234e1d6b237969fcd8c1884b5337120b632409c52ab702d83f867a6afe2c5d555c6f097a88bf211c5672872a243d515c64c6659b4e77e99e9f2e989b4756221aef808ef81beb68c41aa3ec4059bc61a42c12220a466ee5b09d9f0ceced7a9f5b50da2552419233d6fb86d917e1cd15dd44c7c193b3d5c614da99e763eb7ff898bdc825ee7d55e9277fefe9328cd26f8cdc3d1a704d8b4c5cee5dbedb1d3cb7526702f79c380e23d7d2f31460d427d707bf823a8c36ef2e36e6e1c0bc356a077bb97ecd08b4516aeff84f97a686980377077b27d191b543208750ed676a4cda72f2ac5dbdf33ec740bb05e813d1a89b7549eb36c278f63a1edcdff1bc5658edc774fd981e304cb35ad31be323f43ca2036ff8d30b97542dd258cd17b70a7e8345061fa32f6ec7a978f969a0bc876ed3f9a776468111dcf817fbbdc94ceed30821674c496aee0cccbdc1e5c25deca8814fe30e8f35afabe65920dc0f8120628758e967d473f7133096d9c4db828973937d045ed3622661cd3e9d5f62409a9221cb2da0c3cb7b90cdf08ee4fa0029828cd801e24479f8b7c933da32f3a8819ebbf684f2327a946f1631dda34062ce4496c7418d9968b598a4fcd77ad5769b4cc41331d0b911041c65132f4c3da5e7371d4f11266d284a3e1f86fdef3c3a648e8803e83efe023300a84fc8740d39b8ae5d8be97c623bbfbd1c441d2274e6f902cf22beb3220e8bebc8956b41683c4bac37a1104510484e2c2a06e584cec7295633eff7f4715e1107755063db6a0e61a4f90fa5ca49508add226a30985e242f60f09076c482c92b93774247ef9e8cd883471088db9c89ea1b83ead0df0992c5009fa49e0069b2af09a8cf2aa91762c8327dfa7cf32cff3af9fb702d543fd9aed6c8ffdc0dc95c21577e13b11479868debfe8681833c1233552f5d1f278031665bad6c6890da5065517be3e7c6835d64f332e808b6fc88e98a1fb3d0da902ddd6daff7a176dfeafaf97fa073a092c743a12a18db03747ce6ca313fad06a02925dfdfcb074714da8e23558f66d721b90cd40b644102af4b8d7f6d969d875f1a667ff0c49ee1189a49e394ff372183490ed00a8eb4f94f58fdaa22bf772bfdad964327e12fed4dd499b91c22567d2b456f2ccd3b6b1fd613135437fcb14142c45b3c17fbac03884c9f522ded7018bc3fccbad63a8bbd86fbcf65b2542239abe4e5c65acc0e20f9dcc69d665706b402fdcf67040fad611c0106dcdbf19c326011d14b87840a10229bc6d472f4d9ce10b73882c07076129eeb29196f79d17a616869861d55c2dafe2a1ef002f142e1757ce9e79b907ae7c68a0c5bbaacbfe747a3cfec4c2c5fdd3ae3ac2a10e978ac5d199170daa44674d9064cc8380cffd5f12d69657c47b9aedee00db4bac0249716d9abb2a7e1ad4bc10d9247673fc26a8fb347c8ca9056738d43aaa3b13b39ddea2d6f0d4732422849ce32eed07c6a0ca82e95d2e34c5f7e1a436552bd41fbb4d1d4e4b38239178d059802a9300a1182b79fd3f730b57a59120913cb940070be7afb72a8c7f1781e3f3809bb963b0fe4ffb5329bed94fdadcc02e787fb1d959a75e7911d676b012e694808f0a45bebc58b2c5403570bf41ecf2d188c2d3fcd0640c1b6da4b2d4e5370ad78f94ea39d27e2301829134734f8ebba8ea06bb769700739fba096a6316f64e835a2eae3c05c744a7d899c3990d49a7583a52ad545d74a1fe63dd6c92f8cdc65dd979a3e4da8860be06a70a6b21fd10a6dcadbe911796c7f1957fc0ddaf5b102353d11d9e7b4d87d25592f007287ac266f1e3b4f0645c7f4a68ab0c35742fc66cdba579215ca0bc78b1ef4e8a9220334c7a28f541cfcd3ebdfcfebce5fd3eaf10da6926a58abddf7b4b47e99802c6783bb6838a6e1334bc463df6b81b81994af8881523187dfd8e17b637d56e280a8791baebacd6c933e0e854d1aa29e3cf6b9ad0a37624993481c2ab90e97485ef2f2f11512fad9071afa59214eb21bda21d2814088de810fda9c0dded5f720c6a01fffa6d6becc4957befafe63af04cbf4ab1030f49de10564fcf0466ca4c72b4c3b85ac09e197d35a43b18189399abce5a1426f96c707b5e92b5b6db1e0e95228934a508c63fc5e5fbe8eb0dae6c940fb0a13dd34bd5372e1c5f526bdbee8d91fd002482e64bb6d21c254c0e999f84901a87219bafb264de987e0f2a700a082369880dea3c04e72d3ad3855b34b6d8228500cffaf8f3a1e2a3d415c17a56d2eb3e8b5c866b7016f8589aa6ca62be54129f9db22a7fb1170e6939d3e7fb1f5455d4f4349bc9c1f61fd37eeb2a5bf8f2c5eeb67ec1b14da14c1c3e178997a10a8806c0c6a5c33271b782ccfbcf216145de705ac312f248d80a6eee199d6b91b2de345ae2541099d0c0b4d34c5d04e05500eb9db95e1e693bc0e9a5ae893615cc0ceec230b5e9a2866ecf61a67b17dc32073452c29f7e5a722ffae57089d8d5869d9fe3d7f9f53cd4887aff5a68af0446a0fa19c88f4298bee8e77e7a2081fefa50b79aa8f849e2d6abcdd769bdcef2e4db14572ed2beeb13fb7af4bf0fa8a7e82be955d9cff00c2706ddfb5c7cbd69d8cf804301b0ce178c47ec407b90c755b3e8c961ae8d8c108968d33953d59e29b2e20f915d7a25e7be9ecaad2c97d18a3817799080661ae30d9659d1e4e01c704f1ac1b099adbc2661b297846e3ab5ee19261168df7403811adf09183cd36e94e0ba99e02aed4b4def5032ce13e4682427be1a26dd4d81057c9550ace4d1b9ec2bfdd6bc70056c8d965ed86a0b22cb2cebdd91a5886535e79d1ca83d7658b31ae537a7bf66a7d983d607317bf190ef9ccc613646a3f24c0fcc21d58df95caa9578a4c6b4eb65e206397e4957ecbadbbc6f48a0f487347c072e3ad79765b510cdbd4501bbaaf1d75939257bd23d330941a7a7936f17ccec3c20b837930d53a9537542400f4e45406b6bb9bb93d77b8a528b6104254cc7f093fd872fd84e2afc5c65638a0635f963c43ea5c726a42fc32cbaafe2341343c6dcbadac417bbc536561b539f9a2c30197fc2a51568fc55ea2593b9a2cf9ad6b1a4549b861de0a2f08d109e26e163d767a464beb41edab72a40801f46f567965d624547ebd99876a2bd37c75ccd505dfe9814e5ce2393e0f10d42fff10b5839c663ac69ddc495661abdf2d99310663ab3d634b95abfc60dfabea2ebf86e6429d94b3a59d32d4b13f1357b3cbcf959953a25193b0fee2a64ed5d73adfea808fbfeb2c7ed5296b4f09a31bc5ae55953a59eb7c717df86219bcadcdaab07327194945dc80886214d540f3b48dbf9560f95275e6b1b9da81ce6292ff115251709448215f4e6b916fc877fd1f2857bcdb58e60af7ce406aaf9d028f7ac1dfe33fe7edc3a6f0c7c30e37222a707cf061006d22fd9d834cf8327646c1f8205a8786a1c3c41859fa171e4b9bec2f514fda48068ed3deb40dc02aea7f7a376da00d46fefe7f0", 0xefb}, {&(0x7f0000001b80)}], 0x6, &(0x7f0000000140)=ANY=[@ANYRESDEC=r3, @ANYRESDEC=r3], 0x10b8}, 0xff4c)
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x77359400}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r5=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={r5, 0x2f2}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x18)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4008850)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

665.9924ms ago: executing program 2 (id=3937):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0xbf, &(0x7f00000020c0)=""/191}, 0x80)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4}}}}}}}, 0x0)

524.695959ms ago: executing program 2 (id=3938):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x0, 0xfffe, 0x100})

62.286347ms ago: executing program 4 (id=3939):
syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00000001390403040101000000000001000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0)

0s ago: executing program 0 (id=3940):
syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "000000013904030401feffff7f0000010000e0efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

52][T19191]  should_fail_ex+0x414/0x560
[ 1283.261787][T19191]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1283.261820][T19191]  should_failslab+0xa8/0x100
[ 1283.261850][T19191]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1283.261878][T19191]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1283.261911][T19191]  __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1283.261951][T19191]  __nf_unregister_net_hook+0x4f6/0x700
[ 1283.261988][T19191]  nf_unregister_net_hooks+0xcb/0x140
[ 1283.262014][T19191]  ? __pfx_nft_masq_ipv4_destroy+0x10/0x10
[ 1283.262042][T19191]  nf_defrag_ipv4_disable+0x95/0xe0
[ 1283.262067][T19191]  nf_ct_netns_put+0x3c1/0x520
[ 1283.262094][T19191]  ? __pfx_nft_masq_ipv4_destroy+0x10/0x10
[ 1283.262121][T19191]  nf_tables_rule_destroy+0x119/0x1c0
[ 1283.262162][T19191]  nf_tables_newrule+0x24ae/0x2890
[ 1283.262210][T19191]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1283.262242][T19191]  ? nfnl_pernet+0x23/0x240
[ 1283.262284][T19191]  ? __nla_parse+0x40/0x60
[ 1283.262312][T19191]  nfnetlink_rcv+0x1132/0x2520
[ 1283.262382][T19191]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1283.262435][T19191]  ? ref_tracker_free+0x63a/0x7d0
[ 1283.262504][T19191]  ? __netlink_deliver_tap+0x807/0x850
[ 1283.262542][T19191]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1283.262568][T19191]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1283.262611][T19191]  netlink_unicast+0x75b/0x8d0
[ 1283.262645][T19191]  netlink_sendmsg+0x805/0xb30
[ 1283.262680][T19191]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1283.262708][T19191]  ? __import_iovec+0x5d4/0x7f0
[ 1283.262731][T19191]  ? aa_sock_msg_perm+0x94/0x160
[ 1283.262762][T19191]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1283.262792][T19191]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1283.262843][T19191]  __sock_sendmsg+0x21c/0x270
[ 1283.262881][T19191]  ____sys_sendmsg+0x505/0x830
[ 1283.262916][T19191]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1283.262964][T19191]  ___sys_sendmsg+0x21f/0x2a0
[ 1283.262996][T19191]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1283.263067][T19191]  ? __fget_files+0x2a/0x420
[ 1283.263096][T19191]  ? __fget_files+0x3a0/0x420
[ 1283.263137][T19191]  __sys_sendmsg+0x164/0x220
[ 1283.263168][T19191]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1283.263213][T19191]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1283.263250][T19191]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1283.263286][T19191]  __do_fast_syscall_32+0xb6/0x2b0
[ 1283.263310][T19191]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1283.263348][T19191]  do_fast_syscall_32+0x34/0x80
[ 1283.263371][T19191]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1283.263397][T19191] RIP: 0023:0xf707e539
[ 1283.263416][T19191] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1283.263435][T19191] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1283.263459][T19191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1283.263475][T19191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1283.263488][T19191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1283.263501][T19191] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1283.263515][T19191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1283.263547][T19191]  </TASK>
[ 1283.264372][   T24] usb 4-1: config 2 has an invalid interface number: 70 but max is 1
[ 1283.327511][ T5940] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1283.328239][   T24] usb 4-1: config 2 has an invalid interface number: 28 but max is 1
[ 1283.678214][   T24] usb 4-1: config 2 has no interface number 0
[ 1283.684449][   T24] usb 4-1: config 2 has no interface number 1
[ 1283.690851][   T24] usb 4-1: config 2 interface 28 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1283.702669][   T24] usb 4-1: config 2 interface 28 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[ 1283.714236][   T24] usb 4-1: config 2 interface 28 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1283.725937][   T24] usb 4-1: config 2 interface 28 altsetting 1 endpoint 0x9 has an invalid bInterval 128, changing to 7
[ 1283.832732][   T24] usb 4-1: config 2 interface 28 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1283.851222][   T24] usb 4-1: config 2 interface 28 altsetting 1 has a duplicate endpoint with address 0xA, skipping
[ 1283.864766][   T24] usb 4-1: config 2 interface 28 altsetting 1 endpoint 0xB has invalid maxpacket 1007, setting to 64
[ 1283.877411][ T5940] usb 2-1: Using ep0 maxpacket: 32
[ 1283.880286][   T24] usb 4-1: config 2 interface 28 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1283.902912][   T24] usb 4-1: config 2 interface 28 altsetting 1 has a duplicate endpoint with address 0x4, skipping
[ 1283.920219][   T24] usb 4-1: config 2 interface 70 has no altsetting 0
[ 1283.927194][   T24] usb 4-1: config 2 interface 28 has no altsetting 0
[ 1283.937936][ T5940] usb 2-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1283.941654][   T24] usb 4-1: New USB device found, idVendor=19d2, idProduct=1246, bcdDevice=c5.3e
[ 1284.073929][ T5940] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1284.113017][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.600738][T19195] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3615'.
[ 1284.632918][ T5940] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1284.800380][ T5940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1284.826667][ T5940] usb 2-1: Product: syz
[ 1284.918068][ T5940] usb 2-1: Manufacturer: syz
[ 1284.922836][ T5940] usb 2-1: SerialNumber: syz
[ 1284.953550][   T24] usb 4-1: string descriptor 0 read error: -71
[ 1284.982348][   T24] option 4-1:2.70: GSM modem (1-port) converter detected
[ 1285.063736][ T5940] usb 2-1: config 0 descriptor??
[ 1285.066052][   T24] rndis_host 4-1:2.28: skipping garbage
[ 1285.103330][   T24] usb 4-1: bad CDC descriptors
[ 1285.163106][   T24] usb 4-1: USB disconnect, device number 85
[ 1285.171270][   T24] option 4-1:2.70: device disconnected
[ 1285.385096][T19204] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1285.409239][T19189] binder: 19183:19189 ioctl 4018620d 0 returned -22
[ 1285.428355][T19189] binder: 19183:19189 ioctl c0306201 80000100 returned -11
[ 1285.446210][T19189] fuse: Bad value for 'fd'
[ 1285.882712][T19213] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1285.936560][T19214] loop6: detected capacity change from 0 to 7
[ 1285.952033][ T5970] Dev loop6: unable to read RDB block 7
[ 1285.963304][ T5970]  loop6: unable to read partition table
[ 1285.973290][ T5970] loop6: partition table beyond EOD, truncated
[ 1285.990621][T19214] Dev loop6: unable to read RDB block 7
[ 1286.000419][T19214]  loop6: unable to read partition table
[ 1286.010301][T19214] loop6: partition table beyond EOD, truncated
[ 1286.016778][T19214] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1286.300248][T19220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3623'.
[ 1286.605274][T19226] loop4: detected capacity change from 0 to 7
[ 1286.639607][ T5970] Dev loop4: unable to read RDB block 7
[ 1286.719091][ T5970]  loop4: unable to read partition table
[ 1286.738115][ T5970] loop4: partition table beyond EOD, truncated
[ 1286.753001][T19226] Dev loop4: unable to read RDB block 7
[ 1286.762663][T19226]  loop4: unable to read partition table
[ 1286.796344][T19226] loop4: partition table beyond EOD, truncated
[ 1286.843702][ T5940] usb 2-1: USB disconnect, device number 96
[ 1286.857662][T19226] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1286.869086][T19230] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3627'.
[ 1287.122166][T19234] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1287.297491][ T5973] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 1287.358183][T19248] loop6: detected capacity change from 0 to 7
[ 1287.374888][T19248] Dev loop6: unable to read RDB block 7
[ 1287.383789][T19248]  loop6: unable to read partition table
[ 1287.390600][T19248] loop6: partition table beyond EOD, truncated
[ 1287.400114][T19248] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1287.440961][ T5973] usb 1-1: device descriptor read/64, error -71
[ 1287.456027][T19253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3636'.
[ 1287.615580][T19258] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1287.625833][T19258] FAULT_INJECTION: forcing a failure.
[ 1287.625833][T19258] name failslab, interval 1, probability 0, space 0, times 0
[ 1287.638889][T19258] CPU: 0 UID: 0 PID: 19258 Comm: syz.1.3638 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1287.638919][T19258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1287.638933][T19258] Call Trace:
[ 1287.638941][T19258]  <TASK>
[ 1287.638951][T19258]  dump_stack_lvl+0x189/0x250
[ 1287.638984][T19258]  ? __pfx____ratelimit+0x10/0x10
[ 1287.639019][T19258]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1287.639044][T19258]  ? __pfx__printk+0x10/0x10
[ 1287.639081][T19258]  ? __pfx___might_resched+0x10/0x10
[ 1287.639113][T19258]  should_fail_ex+0x414/0x560
[ 1287.639150][T19258]  should_failslab+0xa8/0x100
[ 1287.639182][T19258]  __kmalloc_cache_node_noprof+0x73/0x3d0
[ 1287.639209][T19258]  ? __get_vm_area_node+0x13f/0x300
[ 1287.639241][T19258]  __get_vm_area_node+0x13f/0x300
[ 1287.639275][T19258]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1287.639307][T19258]  ? copy_process+0x544/0x3b80
[ 1287.639346][T19258]  ? percpu_ref_get_many+0x19/0x140
[ 1287.639377][T19258]  ? percpu_ref_get_many+0x19/0x140
[ 1287.639423][T19258]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1287.639457][T19258]  ? memcpy_and_pad+0x48/0x80
[ 1287.639504][T19258]  __vmalloc_node_noprof+0xc2/0x110
[ 1287.639533][T19258]  ? copy_process+0x544/0x3b80
[ 1287.639557][T19258]  ? copy_process+0x544/0x3b80
[ 1287.639584][T19258]  dup_task_struct+0x3e7/0x860
[ 1287.639608][T19258]  copy_process+0x544/0x3b80
[ 1287.639649][T19258]  ? __pfx_copy_process+0x10/0x10
[ 1287.639678][T19258]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1287.639696][T19258]  vhost_task_create+0x1c4/0x290
[ 1287.639720][T19258]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1287.639738][T19258]  ? __pfx_vhost_task_create+0x10/0x10
[ 1287.639760][T19258]  ? is_bpf_text_address+0x26/0x2b0
[ 1287.639784][T19258]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1287.639821][T19258]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1287.639842][T19258]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1287.639871][T19258]  ? __mutex_trylock_common+0x153/0x260
[ 1287.639895][T19258]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1287.639916][T19258]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1287.639939][T19258]  ? rcu_is_watching+0x15/0xb0
[ 1287.639957][T19258]  ? look_up_lock_class+0x74/0x170
[ 1287.639984][T19258]  ? register_lock_class+0x51/0x320
[ 1287.640005][T19258]  ? __lock_acquire+0xab9/0xd20
[ 1287.640043][T19258]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1287.640069][T19258]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1287.640090][T19258]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1287.640127][T19258]  ? __lock_acquire+0xab9/0xd20
[ 1287.640169][T19258]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1287.640192][T19258]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1287.640214][T19258]  ? __fget_files+0x3a0/0x420
[ 1287.640234][T19258]  ? __fget_files+0x2a/0x420
[ 1287.640257][T19258]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1287.640276][T19258]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1287.640296][T19258]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1287.640314][T19258]  ? __fget_files+0x3a0/0x420
[ 1287.640340][T19258]  ? fput+0xa0/0xd0
[ 1287.640362][T19258]  ? ksys_write+0x22a/0x250
[ 1287.640385][T19258]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1287.640410][T19258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1287.640436][T19258]  __do_fast_syscall_32+0xb6/0x2b0
[ 1287.640452][T19258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1287.640479][T19258]  do_fast_syscall_32+0x34/0x80
[ 1287.640502][T19258]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1287.640521][T19258] RIP: 0023:0xf707e539
[ 1287.640535][T19258] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1287.640549][T19258] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1287.640566][T19258] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ae80
[ 1287.640577][T19258] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1287.640587][T19258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1287.640596][T19258] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1287.640605][T19258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1287.640626][T19258]  </TASK>
[ 1287.640831][T19258] syz.1.3638: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[ 1287.702192][ T5973] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 1287.708598][T19258] ,cpuset=
[ 1287.869655][ T5973] usb 1-1: device descriptor read/64, error -71
[ 1287.875802][T19258] /,mems_allowed=0-1
[ 1288.089397][T19258] CPU: 1 UID: 0 PID: 19258 Comm: syz.1.3638 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1288.089427][T19258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1288.089461][T19258] Call Trace:
[ 1288.089471][T19258]  <TASK>
[ 1288.089481][T19258]  dump_stack_lvl+0x189/0x250
[ 1288.089519][T19258]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1288.089557][T19258]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1288.089585][T19258]  ? __pfx__printk+0x10/0x10
[ 1288.089615][T19258]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1288.089646][T19258]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1288.089684][T19258]  warn_alloc+0x214/0x310
[ 1288.089722][T19258]  ? __pfx_warn_alloc+0x10/0x10
[ 1288.089754][T19258]  ? __get_vm_area_node+0x13f/0x300
[ 1288.089787][T19258]  ? __get_vm_area_node+0x2b5/0x300
[ 1288.089822][T19258]  __vmalloc_node_range_noprof+0x326/0x12f0
[ 1288.089865][T19258]  ? percpu_ref_get_many+0x19/0x140
[ 1288.089895][T19258]  ? percpu_ref_get_many+0x19/0x140
[ 1288.089941][T19258]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1288.089976][T19258]  ? memcpy_and_pad+0x48/0x80
[ 1288.090013][T19258]  __vmalloc_node_noprof+0xc2/0x110
[ 1288.090043][T19258]  ? copy_process+0x544/0x3b80
[ 1288.090066][T19258]  ? copy_process+0x544/0x3b80
[ 1288.090094][T19258]  dup_task_struct+0x3e7/0x860
[ 1288.090128][T19258]  copy_process+0x544/0x3b80
[ 1288.090186][T19258]  ? __pfx_copy_process+0x10/0x10
[ 1288.090228][T19258]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1288.090253][T19258]  vhost_task_create+0x1c4/0x290
[ 1288.090286][T19258]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1288.090312][T19258]  ? __pfx_vhost_task_create+0x10/0x10
[ 1288.090344][T19258]  ? is_bpf_text_address+0x26/0x2b0
[ 1288.090378][T19258]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1288.090437][T19258]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1288.090472][T19258]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1288.090519][T19258]  ? __mutex_trylock_common+0x153/0x260
[ 1288.090552][T19258]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1288.090581][T19258]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1288.090614][T19258]  ? rcu_is_watching+0x15/0xb0
[ 1288.090640][T19258]  ? look_up_lock_class+0x74/0x170
[ 1288.090676][T19258]  ? register_lock_class+0x51/0x320
[ 1288.090704][T19258]  ? __lock_acquire+0xab9/0xd20
[ 1288.090759][T19258]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1288.090798][T19258]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1288.090827][T19258]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1288.090879][T19258]  ? __lock_acquire+0xab9/0xd20
[ 1288.090920][T19258]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1288.090955][T19258]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1288.090986][T19258]  ? __fget_files+0x3a0/0x420
[ 1288.091014][T19258]  ? __fget_files+0x2a/0x420
[ 1288.091048][T19258]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1288.091076][T19258]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1288.091104][T19258]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1288.091131][T19258]  ? __fget_files+0x3a0/0x420
[ 1288.091168][T19258]  ? fput+0xa0/0xd0
[ 1288.091202][T19258]  ? ksys_write+0x22a/0x250
[ 1288.091236][T19258]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1288.091273][T19258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1288.091309][T19258]  __do_fast_syscall_32+0xb6/0x2b0
[ 1288.091334][T19258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1288.091372][T19258]  do_fast_syscall_32+0x34/0x80
[ 1288.091396][T19258]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1288.091423][T19258] RIP: 0023:0xf707e539
[ 1288.091442][T19258] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1288.091462][T19258] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1288.091485][T19258] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ae80
[ 1288.091501][T19258] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1288.091523][T19258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1288.091536][T19258] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1288.091550][T19258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1288.091583][T19258]  </TASK>
[ 1288.091721][T19258] Mem-Info:
[ 1288.510881][ T5973] usb usb1-port1: attempt power cycle
[ 1288.518665][T19258] active_anon:7010 inactive_anon:0 isolated_anon:0
[ 1288.518665][T19258]  active_file:12525 inactive_file:40338 isolated_file:0
[ 1288.518665][T19258]  unevictable:768 dirty:296 writeback:0
[ 1288.518665][T19258]  slab_reclaimable:10837 slab_unreclaimable:103596
[ 1288.518665][T19258]  mapped:30856 shmem:2658 pagetables:1281
[ 1288.518665][T19258]  sec_pagetables:0 bounce:0
[ 1288.518665][T19258]  kernel_misc_reclaimable:0
[ 1288.518665][T19258]  free:1303747 free_pcp:14736 free_cma:0
[ 1288.566924][T19258] Node 0 active_anon:28040kB inactive_anon:0kB active_file:49984kB inactive_file:161156kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:123344kB dirty:1184kB writeback:0kB shmem:9096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12280kB pagetables:5008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1288.640678][T19258] Node 1 active_anon:0kB inactive_anon:0kB active_file:116kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:28kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1288.694300][T19258] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1288.724058][T19258] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1288.730060][T19258] Node 0 DMA32 free:1293592kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27788kB inactive_anon:0kB active_file:49984kB inactive_file:159596kB unevictable:1536kB writepending:1188kB present:3129332kB managed:2558408kB mlocked:0kB bounce:0kB free_pcp:45380kB local_pcp:21228kB free_cma:0kB
[ 1288.814395][T19258] lowmem_reserve[]: 0 0 1 1 1
[ 1288.824091][T19270] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3642'.
[ 1288.827395][T19258] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1560kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1288.886045][ T5973] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 1288.926922][T19258] lowmem_reserve[]: 0 0 0 0 0
[ 1288.932651][ T5973] usb 1-1: device descriptor read/8, error -71
[ 1288.941510][T19258] Node 1 Normal free:3908712kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:116kB inactive_file:196kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12224kB local_pcp:0kB free_cma:0kB
[ 1288.953759][T19273] loop4: detected capacity change from 0 to 7
[ 1289.132673][T19258] lowmem_reserve[]: 0 0 0 0 0
[ 1289.142102][T19273] Dev loop4: unable to read RDB block 7
[ 1289.148176][T19258] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1289.165420][T19273]  loop4: unable to read partition table
[ 1289.186154][T19258] Node 0 DMA32: 841*4kB (UME) 507*8kB (UME) 80*16kB (UME) 235*32kB (UM) 158*64kB (UME) 87*128kB (UME) 36*256kB (UME) 20*512kB (UME) 32*1024kB (UM) 8*2048kB (U) 290*4096kB (UM) = 1293916kB
[ 1289.195313][T19273] loop4: partition table beyond EOD, 
[ 1289.212003][T19258] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1289.237454][ T5973] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1289.239930][T19273] truncated
[ 1289.251566][T19276] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3644'.
[ 1289.256388][T19273] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1289.278664][T19258] Node 1 Normal: 166*4kB (UME) 40*8kB (UME) 33*16kB (UE) 254*32kB (UME) 83*64kB (UME) 18*128kB (UE) 5*256kB (UM) 2*512kB (M) 2*1024kB (UM) 2*2048kB (M) 948*4096kB (ME) = 3908712kB
[ 1289.283915][ T5973] usb 1-1: device descriptor read/8, error -71
[ 1289.306076][T19258] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1289.315861][T19258] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1289.329473][T19276] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1289.431321][T19258] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1289.444150][   T24] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1289.472436][T19279] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3645'.
[ 1289.491327][T19279] FAULT_INJECTION: forcing a failure.
[ 1289.491327][T19279] name failslab, interval 1, probability 0, space 0, times 0
[ 1289.504244][T19258] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1289.525861][T19258] 55518 total pagecache pages
[ 1289.535197][T19258] 0 pages in swap cache
[ 1289.543297][T19279] CPU: 1 UID: 0 PID: 19279 Comm: syz.3.3645 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1289.543325][T19279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1289.543339][T19279] Call Trace:
[ 1289.543348][T19279]  <TASK>
[ 1289.543358][T19279]  dump_stack_lvl+0x189/0x250
[ 1289.543391][T19279]  ? __pfx____ratelimit+0x10/0x10
[ 1289.543425][T19279]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1289.543453][T19279]  ? __pfx__printk+0x10/0x10
[ 1289.543491][T19279]  ? __pfx___might_resched+0x10/0x10
[ 1289.543523][T19279]  should_fail_ex+0x414/0x560
[ 1289.543560][T19279]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1289.543593][T19279]  should_failslab+0xa8/0x100
[ 1289.543625][T19279]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1289.543654][T19279]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1289.543688][T19279]  __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1289.543730][T19279]  __nf_unregister_net_hook+0x4f6/0x700
[ 1289.543769][T19279]  nf_unregister_net_hooks+0xcb/0x140
[ 1289.543796][T19279]  ? __pfx_nft_masq_ipv4_destroy+0x10/0x10
[ 1289.543825][T19279]  nf_defrag_ipv4_disable+0x95/0xe0
[ 1289.543851][T19279]  nf_ct_netns_put+0x3c1/0x520
[ 1289.543879][T19279]  ? __pfx_nft_masq_ipv4_destroy+0x10/0x10
[ 1289.543907][T19279]  nf_tables_rule_destroy+0x119/0x1c0
[ 1289.543951][T19279]  nf_tables_newrule+0x24ae/0x2890
[ 1289.544002][T19279]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1289.544037][T19279]  ? nfnl_pernet+0x23/0x240
[ 1289.544082][T19279]  ? __nla_parse+0x40/0x60
[ 1289.544116][T19279]  nfnetlink_rcv+0x1132/0x2520
[ 1289.544189][T19279]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1289.544255][T19279]  ? ref_tracker_free+0x63a/0x7d0
[ 1289.544324][T19279]  ? __netlink_deliver_tap+0x807/0x850
[ 1289.544363][T19279]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1289.544388][T19279]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1289.544419][T19279]  netlink_unicast+0x75b/0x8d0
[ 1289.544454][T19279]  netlink_sendmsg+0x805/0xb30
[ 1289.544493][T19279]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1289.544524][T19279]  ? __import_iovec+0x5d4/0x7f0
[ 1289.544548][T19279]  ? aa_sock_msg_perm+0x94/0x160
[ 1289.544589][T19279]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1289.544623][T19279]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1289.544651][T19279]  __sock_sendmsg+0x21c/0x270
[ 1289.544690][T19279]  ____sys_sendmsg+0x505/0x830
[ 1289.544726][T19279]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1289.544774][T19279]  ___sys_sendmsg+0x21f/0x2a0
[ 1289.544806][T19279]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1289.544878][T19279]  ? __fget_files+0x2a/0x420
[ 1289.544907][T19279]  ? __fget_files+0x3a0/0x420
[ 1289.544948][T19279]  __sys_sendmsg+0x164/0x220
[ 1289.544979][T19279]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1289.545025][T19279]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1289.545062][T19279]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1289.545098][T19279]  __do_fast_syscall_32+0xb6/0x2b0
[ 1289.545140][T19279]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1289.545180][T19279]  do_fast_syscall_32+0x34/0x80
[ 1289.545203][T19279]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1289.545230][T19279] RIP: 0023:0xf70ee539
[ 1289.545256][T19279] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1289.545276][T19279] RSP: 002b:00000000f50de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1289.545301][T19279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1289.545317][T19279] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1289.545331][T19279] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1289.545345][T19279] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1289.545359][T19279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1289.545394][T19279]  </TASK>
[ 1289.545595][T19258] Free swap  = 124996kB
[ 1289.938005][ T5973] usb usb1-port1: unable to enumerate USB device
[ 1289.945848][T19258] Total swap = 124996kB
[ 1289.950200][T19258] 2097051 pages RAM
[ 1289.954045][T19258] 0 pages HighMem/MovableOnly
[ 1289.958856][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1289.964225][T19258] 425407 pages reserved
[ 1289.969221][T19258] 0 pages cma reserved
[ 1290.005040][   T24] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1290.015819][   T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1290.077561][   T24] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1290.142762][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.165541][   T24] usb 5-1: Product: syz
[ 1290.173647][   T24] usb 5-1: Manufacturer: syz
[ 1290.188740][   T24] usb 5-1: SerialNumber: syz
[ 1290.228008][   T24] usb 5-1: config 0 descriptor??
[ 1290.461744][T19274] binder: 19266:19274 ioctl 4018620d 0 returned -22
[ 1290.473268][ T5973] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1290.502039][T19274] binder: 19266:19274 ioctl c0306201 80000100 returned -11
[ 1290.530193][T19274] fuse: Bad value for 'fd'
[ 1290.603910][T19290] IPVS: set_ctl: invalid protocol: 107 224.0.0.2:20002
[ 1290.650773][ T5973] usb 1-1: config 0 has an invalid interface number: 169 but max is 0
[ 1290.659644][ T5973] usb 1-1: config 0 has no interface number 0
[ 1290.671367][ T5973] usb 1-1: New USB device found, idVendor=05ac, idProduct=9222, bcdDevice= f.a9
[ 1290.681429][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.712107][ T5973] usb 1-1: Product: syz
[ 1290.725659][ T5973] usb 1-1: Manufacturer: syz
[ 1290.778595][ T5973] usb 1-1: SerialNumber: syz
[ 1290.796816][ T5973] usb 1-1: config 0 descriptor??
[ 1290.806256][ T5973] appledisplay 1-1:0.169: Could not find int-in endpoint
[ 1290.815465][ T5973] usbhid 1-1:0.169: couldn't find an input interrupt endpoint
[ 1291.164299][ T5973] usb 1-1: USB disconnect, device number 127
[ 1291.746837][T19295] loop6: detected capacity change from 0 to 7
[ 1291.761307][T19295] Dev loop6: unable to read RDB block 7
[ 1291.795596][T19297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3652'.
[ 1291.824805][T19295]  loop6: unable to read partition table
[ 1291.869364][T19295] loop6: partition table beyond EOD, truncated
[ 1291.914059][T19295] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1292.024505][T19301] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1292.305686][T19308] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3657'.
[ 1292.473259][T19312] netlink: 904 bytes leftover after parsing attributes in process `syz.2.3659'.
[ 1292.853002][   T24] usb 5-1: USB disconnect, device number 86
[ 1293.126240][T19322] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1293.158415][T19322] FAULT_INJECTION: forcing a failure.
[ 1293.158415][T19322] name failslab, interval 1, probability 0, space 0, times 0
[ 1293.171296][T19322] CPU: 0 UID: 0 PID: 19322 Comm: syz.0.3662 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1293.171326][T19322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.171340][T19322] Call Trace:
[ 1293.171349][T19322]  <TASK>
[ 1293.171359][T19322]  dump_stack_lvl+0x189/0x250
[ 1293.171391][T19322]  ? __pfx____ratelimit+0x10/0x10
[ 1293.171426][T19322]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1293.171459][T19322]  ? __pfx__printk+0x10/0x10
[ 1293.171494][T19322]  ? __pfx___might_resched+0x10/0x10
[ 1293.171519][T19322]  ? fs_reclaim_acquire+0x7d/0x100
[ 1293.171555][T19322]  should_fail_ex+0x414/0x560
[ 1293.171592][T19322]  should_failslab+0xa8/0x100
[ 1293.171623][T19322]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1293.171650][T19322]  ? alloc_vmap_area+0x26a/0x1490
[ 1293.171682][T19322]  alloc_vmap_area+0x26a/0x1490
[ 1293.171728][T19322]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1293.171754][T19322]  ? __kasan_kmalloc+0x93/0xb0
[ 1293.171782][T19322]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[ 1293.171810][T19322]  ? __get_vm_area_node+0x13f/0x300
[ 1293.171836][T19322]  ? copy_process+0x544/0x3b80
[ 1293.171865][T19322]  __get_vm_area_node+0x1f8/0x300
[ 1293.171900][T19322]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1293.171931][T19322]  ? copy_process+0x544/0x3b80
[ 1293.171968][T19322]  ? percpu_ref_get_many+0x19/0x140
[ 1293.171999][T19322]  ? percpu_ref_get_many+0x19/0x140
[ 1293.172045][T19322]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1293.172079][T19322]  ? memcpy_and_pad+0x48/0x80
[ 1293.172139][T19322]  __vmalloc_node_noprof+0xc2/0x110
[ 1293.172169][T19322]  ? copy_process+0x544/0x3b80
[ 1293.172194][T19322]  ? copy_process+0x544/0x3b80
[ 1293.172224][T19322]  dup_task_struct+0x3e7/0x860
[ 1293.172257][T19322]  copy_process+0x544/0x3b80
[ 1293.172316][T19322]  ? __pfx_copy_process+0x10/0x10
[ 1293.172358][T19322]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1293.172383][T19322]  vhost_task_create+0x1c4/0x290
[ 1293.172414][T19322]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1293.172440][T19322]  ? __pfx_vhost_task_create+0x10/0x10
[ 1293.172469][T19322]  ? is_bpf_text_address+0x26/0x2b0
[ 1293.172504][T19322]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1293.172556][T19322]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1293.172586][T19322]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1293.172624][T19322]  ? __mutex_trylock_common+0x153/0x260
[ 1293.172656][T19322]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1293.172685][T19322]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1293.172715][T19322]  ? rcu_is_watching+0x15/0xb0
[ 1293.172741][T19322]  ? look_up_lock_class+0x74/0x170
[ 1293.172777][T19322]  ? register_lock_class+0x51/0x320
[ 1293.172808][T19322]  ? __lock_acquire+0xab9/0xd20
[ 1293.172864][T19322]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1293.172902][T19322]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1293.172932][T19322]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1293.172984][T19322]  ? __lock_acquire+0xab9/0xd20
[ 1293.173029][T19322]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1293.173064][T19322]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1293.173096][T19322]  ? __fget_files+0x3a0/0x420
[ 1293.173133][T19322]  ? __fget_files+0x2a/0x420
[ 1293.173167][T19322]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1293.173196][T19322]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1293.173225][T19322]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1293.173252][T19322]  ? __fget_files+0x3a0/0x420
[ 1293.173289][T19322]  ? fput+0xa0/0xd0
[ 1293.173323][T19322]  ? ksys_write+0x22a/0x250
[ 1293.173357][T19322]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1293.173395][T19322]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.173432][T19322]  __do_fast_syscall_32+0xb6/0x2b0
[ 1293.173457][T19322]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.173496][T19322]  do_fast_syscall_32+0x34/0x80
[ 1293.173518][T19322]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1293.173545][T19322] RIP: 0023:0xf707e539
[ 1293.173566][T19322] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1293.173587][T19322] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1293.173611][T19322] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ae80
[ 1293.173627][T19322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1293.173641][T19322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1293.173654][T19322] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1293.173669][T19322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1293.173701][T19322]  </TASK>
[ 1293.996316][T19327] loop6: detected capacity change from 0 to 7
[ 1294.127658][T19327] Dev loop6: unable to read RDB block 7
[ 1294.134112][T19327]  loop6: AHDI p3 p4
[ 1294.167487][T19327] loop6: partition table partially beyond EOD, truncated
[ 1294.182338][T19327] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1294.780015][T19333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3665'.
[ 1294.961762][T19336] loop6: detected capacity change from 0 to 7
[ 1294.983275][T19336] Dev loop6: unable to read RDB block 7
[ 1295.030104][T19336]  loop6: unable to read partition table
[ 1295.045839][T19336] loop6: partition table beyond EOD, truncated
[ 1295.054603][T19336] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1295.167772][ T5942] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1295.245946][T19339] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1295.319554][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1295.364144][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1295.414783][ T5942] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1295.472224][ T5942] usb 1-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00
[ 1295.502180][ T5942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1295.566799][ T5942] usb 1-1: config 0 descriptor??
[ 1295.977457][ T5973] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1296.104241][ T5942] belkin 0003:050D:3201.0020: global environment stack underflow
[ 1296.117237][ T5942] belkin 0003:050D:3201.0020: item 0 4 1 11 parsing failed
[ 1296.127647][ T5973] usb 2-1: Using ep0 maxpacket: 32
[ 1296.152500][ T5942] belkin 0003:050D:3201.0020: parse failed
[ 1296.155812][T19358] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3673'.
[ 1296.167507][ T5942] belkin 0003:050D:3201.0020: probe with driver belkin failed with error -22
[ 1296.172220][ T5973] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[ 1296.193176][ T5973] usb 2-1: config 0 has no interface number 0
[ 1296.201510][ T5973] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1296.216545][ T5973] usb 2-1: config 0 interface 85 has no altsetting 0
[ 1296.239550][ T5973] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1296.261094][ T5973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1296.279272][ T5973] usb 2-1: Product: syz
[ 1296.288411][ T5973] usb 2-1: Manufacturer: syz
[ 1296.293101][ T5973] usb 2-1: SerialNumber: syz
[ 1296.329320][T12393] usb 1-1: USB disconnect, device number 2
[ 1296.353309][ T5973] usb 2-1: config 0 descriptor??
[ 1296.741358][T19366] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1296.754180][T19366] FAULT_INJECTION: forcing a failure.
[ 1296.754180][T19366] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1296.776088][T19366] CPU: 0 UID: 0 PID: 19366 Comm: syz.4.3677 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1296.776120][T19366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1296.776135][T19366] Call Trace:
[ 1296.776144][T19366]  <TASK>
[ 1296.776155][T19366]  dump_stack_lvl+0x189/0x250
[ 1296.776188][T19366]  ? __pfx____ratelimit+0x10/0x10
[ 1296.776225][T19366]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1296.776252][T19366]  ? __pfx__printk+0x10/0x10
[ 1296.776285][T19366]  ? fs_reclaim_acquire+0x7d/0x100
[ 1296.776327][T19366]  should_fail_ex+0x414/0x560
[ 1296.776366][T19366]  prepare_alloc_pages+0x213/0x610
[ 1296.776408][T19366]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1296.776446][T19366]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1296.776492][T19366]  ? policy_nodemask+0x27c/0x720
[ 1296.776517][T19366]  ? __lock_acquire+0xab9/0xd20
[ 1296.776545][T19366]  alloc_pages_bulk_noprof+0x560/0x710
[ 1296.776587][T19366]  ? alloc_pages_noprof+0xbe/0x190
[ 1296.776621][T19366]  kasan_populate_vmalloc+0xba/0x1a0
[ 1296.776651][T19366]  alloc_vmap_area+0xd51/0x1490
[ 1296.776698][T19366]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1296.776725][T19366]  ? __kasan_kmalloc+0x93/0xb0
[ 1296.776753][T19366]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[ 1296.776781][T19366]  ? __get_vm_area_node+0x13f/0x300
[ 1296.776808][T19366]  ? copy_process+0x544/0x3b80
[ 1296.776837][T19366]  __get_vm_area_node+0x1f8/0x300
[ 1296.776872][T19366]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1296.776903][T19366]  ? copy_process+0x544/0x3b80
[ 1296.776942][T19366]  ? percpu_ref_get_many+0x19/0x140
[ 1296.776973][T19366]  ? percpu_ref_get_many+0x19/0x140
[ 1296.777020][T19366]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1296.777060][T19366]  ? memcpy_and_pad+0x48/0x80
[ 1296.777098][T19366]  __vmalloc_node_noprof+0xc2/0x110
[ 1296.777128][T19366]  ? copy_process+0x544/0x3b80
[ 1296.777153][T19366]  ? copy_process+0x544/0x3b80
[ 1296.777183][T19366]  dup_task_struct+0x3e7/0x860
[ 1296.777219][T19366]  copy_process+0x544/0x3b80
[ 1296.777280][T19366]  ? __pfx_copy_process+0x10/0x10
[ 1296.777319][T19366]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1296.777344][T19366]  vhost_task_create+0x1c4/0x290
[ 1296.777376][T19366]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1296.777401][T19366]  ? __pfx_vhost_task_create+0x10/0x10
[ 1296.777430][T19366]  ? is_bpf_text_address+0x26/0x2b0
[ 1296.777465][T19366]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1296.777519][T19366]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1296.777551][T19366]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1296.777592][T19366]  ? __mutex_trylock_common+0x153/0x260
[ 1296.777626][T19366]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1296.777655][T19366]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1296.777689][T19366]  ? rcu_is_watching+0x15/0xb0
[ 1296.777715][T19366]  ? look_up_lock_class+0x74/0x170
[ 1296.777752][T19366]  ? register_lock_class+0x51/0x320
[ 1296.777782][T19366]  ? __lock_acquire+0xab9/0xd20
[ 1296.777838][T19366]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1296.777877][T19366]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1296.777908][T19366]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1296.777961][T19366]  ? __lock_acquire+0xab9/0xd20
[ 1296.778006][T19366]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1296.778041][T19366]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1296.778079][T19366]  ? __fget_files+0x3a0/0x420
[ 1296.778109][T19366]  ? __fget_files+0x2a/0x420
[ 1296.778143][T19366]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1296.778172][T19366]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1296.778201][T19366]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1296.778227][T19366]  ? __fget_files+0x3a0/0x420
[ 1296.778265][T19366]  ? fput+0xa0/0xd0
[ 1296.778298][T19366]  ? ksys_write+0x22a/0x250
[ 1296.778333][T19366]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1296.778371][T19366]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1296.778408][T19366]  __do_fast_syscall_32+0xb6/0x2b0
[ 1296.778433][T19366]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1296.778470][T19366]  do_fast_syscall_32+0x34/0x80
[ 1296.778491][T19366]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1296.778517][T19366] RIP: 0023:0xf7fa6539
[ 1296.778536][T19366] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1296.778556][T19366] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1296.778578][T19366] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ae80
[ 1296.778594][T19366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1296.778607][T19366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1296.778618][T19366] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1296.778633][T19366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1296.778666][T19366]  </TASK>
[ 1296.986818][ T5973] appletouch 2-1:0.85: Geyser mode initialized.
[ 1296.989771][ T5973] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input140
[ 1296.998805][T12393] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1297.241174][ T5942] usb 2-1: USB disconnect, device number 97
[ 1297.243240][    C1] appletouch 2-1:0.85: atp_complete: usb_submit_urb failed with result -19
[ 1297.332758][ T5942] appletouch 2-1:0.85: input: appletouch disconnected
[ 1297.333024][T19375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3680'.
[ 1297.409222][T12393] usb 3-1: config 0 has an invalid interface number: 48 but max is 0
[ 1297.436951][T12393] usb 3-1: config 0 has no interface number 0
[ 1297.467942][T12393] usb 3-1: too many endpoints for config 0 interface 48 altsetting 48: 48, using maximum allowed: 30
[ 1297.480138][T12393] usb 3-1: config 0 interface 48 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[ 1297.493496][T12393] usb 3-1: config 0 interface 48 has no altsetting 0
[ 1297.501522][T12393] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1297.513885][T12393] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1297.551199][T12393] usb 3-1: config 0 descriptor??
[ 1297.684093][T19382] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3682'.
[ 1297.764720][T12393] usb 3-1: string descriptor 0 read error: -32
[ 1297.773559][T12393] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1297.795723][T19384] loop6: detected capacity change from 0 to 7
[ 1297.805864][ T5906] Dev loop6: unable to read RDB block 7
[ 1297.812468][ T5906]  loop6: unable to read partition table
[ 1297.820339][ T5906] loop6: partition table beyond EOD, truncated
[ 1297.832130][T19384] Dev loop6: unable to read RDB block 7
[ 1297.838035][T19384]  loop6: unable to read partition table
[ 1297.844210][T19384] loop6: partition table beyond EOD, truncated
[ 1297.853695][T19384] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1298.507382][   T24] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1298.700882][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1298.735119][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1298.799176][   T24] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[ 1298.812379][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1298.950571][   T24] usb 5-1: Product: syz
[ 1298.961329][   T24] usb 5-1: Manufacturer: syz
[ 1298.966286][   T24] usb 5-1: SerialNumber: syz
[ 1299.015827][   T24] usb 5-1: config 0 descriptor??
[ 1299.267931][ T5942] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1299.318539][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1299.484836][T19401] pimreg: entered allmulticast mode
[ 1299.556135][ T5942] usb 2-1: config 0 has an invalid interface number: 16 but max is 0
[ 1299.585259][T19406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1299.595304][T19406] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1299.698158][ T5942] usb 2-1: config 0 has no interface number 0
[ 1299.724341][ T5942] usb 2-1: config 0 interface 16 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1299.852394][ T5942] usb 2-1: config 0 interface 16 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1299.873595][T12393] gspca_stv06xx: I2C: Read error writing address: -71
[ 1299.884977][T12393] usb 3-1: USB disconnect, device number 81
[ 1299.897583][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1299.980319][ T5942] usb 2-1: config 0 interface 16 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1300.121165][ T5973] usb 5-1: USB disconnect, device number 87
[ 1300.150389][ T5942] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[ 1300.183696][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1300.247358][    T9] usb 1-1: Using ep0 maxpacket: 16
[ 1300.294345][ T5942] usb 2-1: config 0 descriptor??
[ 1300.320027][T19408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1300.330448][T19408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1300.830118][ T5942] uclogic 0003:28BD:0905.0021: interface is invalid, ignoring
[ 1300.922305][T19412] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1301.082809][T19397] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1301.105881][ T5942] usb 2-1: USB disconnect, device number 98
[ 1301.217801][T19418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3692'.
[ 1302.678174][T19428] loop6: detected capacity change from 0 to 7
[ 1302.734080][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1302.744010][    T9] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1302.752320][    T9] usb 1-1: can't read configurations, error -71
[ 1302.780125][T19428] Dev loop6: unable to read RDB block 7
[ 1302.832011][T19428]  loop6: unable to read partition table
[ 1302.838865][T19431] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3698'.
[ 1302.849073][T19428] loop6: partition table beyond EOD, truncated
[ 1302.862703][T19428] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1303.018383][T19437] netlink: 'syz.0.3700': attribute type 1 has an invalid length.
[ 1303.141946][T19434] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1303.245791][T19434] FAULT_INJECTION: forcing a failure.
[ 1303.245791][T19434] name failslab, interval 1, probability 0, space 0, times 0
[ 1303.307989][T19434] CPU: 1 UID: 0 PID: 19434 Comm: syz.2.3697 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1303.308022][T19434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1303.308037][T19434] Call Trace:
[ 1303.308047][T19434]  <TASK>
[ 1303.308057][T19434]  dump_stack_lvl+0x189/0x250
[ 1303.308090][T19434]  ? __pfx____ratelimit+0x10/0x10
[ 1303.308126][T19434]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1303.308154][T19434]  ? __pfx__printk+0x10/0x10
[ 1303.308187][T19434]  ? __pfx___might_resched+0x10/0x10
[ 1303.308213][T19434]  ? fs_reclaim_acquire+0x7d/0x100
[ 1303.308251][T19434]  should_fail_ex+0x414/0x560
[ 1303.308288][T19434]  ? __kvm_mmu_topup_memory_cache+0x45e/0x610
[ 1303.308313][T19434]  should_failslab+0xa8/0x100
[ 1303.308363][T19434]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1303.308394][T19434]  ? __kvm_mmu_topup_memory_cache+0x45e/0x610
[ 1303.308427][T19434]  __kvm_mmu_topup_memory_cache+0x45e/0x610
[ 1303.308467][T19434]  mmu_topup_memory_caches+0x21/0x170
[ 1303.308494][T19434]  kvm_mmu_load+0x9d/0x21f0
[ 1303.308520][T19434]  ? kvm_lapic_sync_to_vapic+0x2a3/0x830
[ 1303.308551][T19434]  ? __pfx_kvm_lapic_sync_to_vapic+0x10/0x10
[ 1303.308580][T19434]  ? vmx_update_cr8_intercept+0x151/0x340
[ 1303.308622][T19434]  vcpu_run+0x4833/0x6f70
[ 1303.308730][T19434]  ? __pfx_vcpu_run+0x10/0x10
[ 1303.308769][T19434]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1303.308809][T19434]  ? rcu_is_watching+0x15/0xb0
[ 1303.308844][T19434]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1303.308888][T19434]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1303.308920][T19434]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1303.308949][T19434]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1303.308983][T19434]  ? rcu_is_watching+0x15/0xb0
[ 1303.309007][T19434]  ? look_up_lock_class+0x74/0x170
[ 1303.309042][T19434]  ? register_lock_class+0x51/0x320
[ 1303.309071][T19434]  ? __lock_acquire+0xab9/0xd20
[ 1303.309124][T19434]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1303.309160][T19434]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1303.309190][T19434]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1303.309241][T19434]  ? __lock_acquire+0xab9/0xd20
[ 1303.309285][T19434]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1303.309318][T19434]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1303.309350][T19434]  ? __fget_files+0x3a0/0x420
[ 1303.309379][T19434]  ? __fget_files+0x2a/0x420
[ 1303.309413][T19434]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1303.309442][T19434]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1303.309471][T19434]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1303.309497][T19434]  ? __fget_files+0x3a0/0x420
[ 1303.309535][T19434]  ? fput+0xa0/0xd0
[ 1303.309568][T19434]  ? ksys_write+0x22a/0x250
[ 1303.309608][T19434]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1303.309644][T19434]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1303.309679][T19434]  __do_fast_syscall_32+0xb6/0x2b0
[ 1303.309703][T19434]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1303.309746][T19434]  do_fast_syscall_32+0x34/0x80
[ 1303.309770][T19434]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1303.309797][T19434] RIP: 0023:0xf70ce539
[ 1303.309817][T19434] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1303.309836][T19434] RSP: 002b:00000000f50be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1303.309861][T19434] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000ae80
[ 1303.309876][T19434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1303.309890][T19434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1303.309904][T19434] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1303.309917][T19434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1303.309950][T19434]  </TASK>
[ 1303.366165][T19448] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1303.667481][ T5957] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1303.927647][ T5957] usb 4-1: Using ep0 maxpacket: 8
[ 1303.936850][ T5957] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1303.963695][ T5957] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1303.974505][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.994562][ T5957] usb 4-1: config 0 descriptor??
[ 1304.019488][ T5957] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1304.027394][T12393] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1304.066427][T19463] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3707'.
[ 1304.114822][T19463] bridge1: port 1(ip6gretap1) entered blocking state
[ 1304.125023][T19463] bridge1: port 1(ip6gretap1) entered disabled state
[ 1304.144659][T19463] ip6gretap1: entered allmulticast mode
[ 1304.165257][T19463] ip6gretap1: entered promiscuous mode
[ 1304.200096][T12393] usb 5-1: Using ep0 maxpacket: 32
[ 1304.212580][T12393] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1304.232705][T12393] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1304.294759][T19464] ip6tnl1: entered promiscuous mode
[ 1304.335634][ T5957] gspca_vc032x: reg_w err -71
[ 1304.362008][T12393] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1304.377642][T12393] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1304.385864][ T5957] vc032x 4-1:0.0: probe with driver vc032x failed with error -71
[ 1304.385937][T12393] usb 5-1: Product: syz
[ 1304.398982][T12393] usb 5-1: Manufacturer: syz
[ 1304.465660][ T5957] usb 4-1: USB disconnect, device number 86
[ 1304.519050][T12393] usb 5-1: SerialNumber: syz
[ 1304.596978][T12393] usb 5-1: config 0 descriptor??
[ 1304.866008][T19459] binder: 19446:19459 ioctl c0306201 80000100 returned -11
[ 1304.885042][T19459] fuse: Bad value for 'fd'
[ 1304.957870][ T5957] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1305.140115][ T5957] usb 4-1: Using ep0 maxpacket: 16
[ 1305.174361][T19472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1305.185541][T19472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1305.308961][T19475] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1305.324968][T19475] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1305.504650][T19475] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.520233][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.526945][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1305.533837][T19475] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.546492][T19475] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.556381][T19475] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.954989][T19475] bond1: left promiscuous mode
[ 1305.966697][T19475] vxcan3: left promiscuous mode
[ 1306.027868][T19481] loop6: detected capacity change from 0 to 7
[ 1306.096601][T19481] Dev loop6: unable to read RDB block 7
[ 1306.137797][T19481]  loop6: unable to read partition table
[ 1306.152225][T19481] loop6: partition table beyond EOD, truncated
[ 1306.210701][T19481] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1306.544444][T19484] loop4: detected capacity change from 0 to 7
[ 1306.650412][T19484] Dev loop4: unable to read RDB block 7
[ 1306.656323][T19484]  loop4: unable to read partition table
[ 1306.671210][T19484] loop4: partition table beyond EOD, truncated
[ 1306.705027][T19484] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1307.243332][ T5942] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1307.447604][ T5942] usb 1-1: Using ep0 maxpacket: 32
[ 1307.460829][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 17, changing to 8
[ 1307.487503][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1307.525609][ T5942] usb 1-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[ 1307.561064][ T5942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1307.601138][ T5942] usb 1-1: config 0 descriptor??
[ 1307.687662][T12393] usb 5-1: USB disconnect, device number 88
[ 1308.035117][ T5942] waltop 0003:172F:0500.0022: item fetching failed at offset 5/7
[ 1308.183607][ T5973] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1308.288416][ T5942] waltop 0003:172F:0500.0022: probe with driver waltop failed with error -22
[ 1308.527591][ T5973] usb 3-1: Using ep0 maxpacket: 32
[ 1308.541529][ T5973] usb 3-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1308.555742][ T5973] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1308.603475][ T5973] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1308.612959][ T5973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1308.621523][ T5973] usb 3-1: Product: syz
[ 1308.625900][ T5973] usb 3-1: Manufacturer: syz
[ 1308.631581][ T5973] usb 3-1: SerialNumber: syz
[ 1308.651569][ T5973] usb 3-1: config 0 descriptor??
[ 1308.917523][T19499] fuse: Bad value for 'fd'
[ 1309.400305][T19486] netlink: 'syz.1.3714': attribute type 2 has an invalid length.
[ 1309.968485][T12393] usb 1-1: USB disconnect, device number 5
[ 1309.998569][ T5957] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1310.118380][ T5957] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1310.135353][ T5957] usb 4-1: can't read configurations, error -71
[ 1310.157867][T19509] loop6: detected capacity change from 0 to 7
[ 1310.165872][T19509] Dev loop6: unable to read RDB block 7
[ 1310.182938][T19509]  loop6: unable to read partition table
[ 1310.191081][T19509] loop6: partition table beyond EOD, truncated
[ 1310.198848][T19509] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1310.337780][  T977] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1310.531267][  T977] usb 2-1: Using ep0 maxpacket: 16
[ 1310.558153][  T977] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1310.600366][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1310.655607][  T977] usb 2-1: Product: syz
[ 1310.693801][  T977] usb 2-1: Manufacturer: syz
[ 1310.771417][  T977] usb 2-1: SerialNumber: syz
[ 1311.303947][T19507] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3720'.
[ 1311.486015][  T977] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[ 1311.596953][T19524] pimreg: left allmulticast mode
[ 1311.650297][  T977] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1311.724232][ T5957] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1311.847690][  T977] usb 2-1: USB disconnect, device number 99
[ 1311.933675][ T5957] usb 1-1: New USB device found, idVendor=0733, idProduct=0401, bcdDevice=be.ef
[ 1311.975330][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1311.997153][ T5957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1312.057792][ T5957] usb 1-1: config 0 descriptor??
[ 1312.200383][ T5957] gspca_main: spca501-2.14.0 probing 0733:0401
[ 1312.887385][ T5957] gspca_spca501: reg write: error -71
[ 1312.895549][ T5957] spca501 1-1:0.0: Reg write failed for 0x00,0x02,0x01
[ 1312.903220][ T5957] spca501 1-1:0.0: probe with driver spca501 failed with error -22
[ 1312.921684][T19533] FAULT_INJECTION: forcing a failure.
[ 1312.921684][T19533] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1312.952837][ T5957] usb 1-1: USB disconnect, device number 6
[ 1312.995864][T19533] CPU: 1 UID: 0 PID: 19533 Comm: syz.4.3728 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1312.995901][T19533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1312.995916][T19533] Call Trace:
[ 1312.995926][T19533]  <TASK>
[ 1312.995936][T19533]  dump_stack_lvl+0x189/0x250
[ 1312.995969][T19533]  ? __pfx____ratelimit+0x10/0x10
[ 1312.996005][T19533]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1312.996031][T19533]  ? __pfx__printk+0x10/0x10
[ 1312.996061][T19533]  ? __might_fault+0xb0/0x130
[ 1312.996100][T19533]  should_fail_ex+0x414/0x560
[ 1312.996137][T19533]  _copy_from_user+0x2d/0xb0
[ 1312.996163][T19533]  get_compat_msghdr+0xad/0x4a0
[ 1312.996198][T19533]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1312.996241][T19533]  ___sys_sendmsg+0x193/0x2a0
[ 1312.996274][T19533]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1312.996342][T19533]  ? __fget_files+0x2a/0x420
[ 1312.996372][T19533]  ? __fget_files+0x3a0/0x420
[ 1312.996411][T19533]  __sys_sendmsg+0x164/0x220
[ 1312.996440][T19533]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1312.996483][T19533]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1312.996520][T19533]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1312.996556][T19533]  __do_fast_syscall_32+0xb6/0x2b0
[ 1312.996579][T19533]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1312.996614][T19533]  do_fast_syscall_32+0x34/0x80
[ 1312.996637][T19533]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1312.996665][T19533] RIP: 0023:0xf7fa6539
[ 1312.996684][T19533] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1312.996716][T19533] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1312.996741][T19533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1312.996757][T19533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1312.996770][T19533] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1312.996784][T19533] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1312.996798][T19533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1312.996828][T19533]  </TASK>
[ 1313.539618][T19536] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3727'.
[ 1313.748332][    C1] raw-gadget.1 gadget.2: ignoring, device is not running
[ 1313.758943][    C1] raw-gadget.1 gadget.2: ignoring, device is not running
[ 1313.777801][    C1] raw-gadget.1 gadget.2: ignoring, device is not running
[ 1314.081977][ T5973] usb 3-1: USB disconnect, device number 82
[ 1315.146138][T19553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3734'.
[ 1315.261016][T19555] loop6: detected capacity change from 0 to 7
[ 1315.513240][T19561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3735'.
[ 1315.522757][T19561] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check.
[ 1315.687663][T19555] Dev loop6: unable to read RDB block 7
[ 1315.693326][T19555]  loop6: AHDI p3 p4
[ 1315.767542][T19555] loop6: partition table partially beyond EOD, truncated
[ 1315.781908][T19555] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1316.138267][T19564] loop4: detected capacity change from 0 to 7
[ 1316.154141][T19564] Dev loop4: unable to read RDB block 7
[ 1316.267691][T19564]  loop4: unable to read partition table
[ 1316.276914][T19564] loop4: partition table beyond EOD, truncated
[ 1316.304232][T19564] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1316.750787][T19568] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1317.434684][ T5973] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1317.833224][ T5973] usb 1-1: Using ep0 maxpacket: 32
[ 1317.906970][ T5973] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1317.924449][T19578] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1317.932398][T19578] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.953720][ T5973] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1317.990189][ T5973] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1318.007524][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1318.031249][ T5973] usb 1-1: Product: syz
[ 1318.035487][ T5973] usb 1-1: Manufacturer: syz
[ 1318.092019][ T5973] usb 1-1: SerialNumber: syz
[ 1318.156263][ T5973] usb 1-1: config 0 descriptor??
[ 1318.425443][T19572] binder: 19569:19572 ioctl c0306201 80000100 returned -11
[ 1318.471109][T19572] fuse: Bad value for 'fd'
[ 1319.007391][ T5942] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1319.194920][ T5942] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1319.596791][ T5942] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1319.632380][ T5942] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1319.724120][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1319.785383][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1319.928026][T19578] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1319.997452][ T5957] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1320.120770][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1320.120790][   T30] audit: type=1326 audit(1751935523.929:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1320.237500][ T5957] usb 5-1: Using ep0 maxpacket: 32
[ 1320.336103][ T5957] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1320.355797][ T5957] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1320.420089][ T5973] usb 1-1: USB disconnect, device number 7
[ 1320.439109][   T30] audit: type=1326 audit(1751935523.929:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1320.653584][ T5957] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1320.740097][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1320.756801][ T5957] usb 5-1: Product: syz
[ 1320.763516][ T5957] usb 5-1: Manufacturer: syz
[ 1320.768324][ T5957] usb 5-1: SerialNumber: syz
[ 1320.770083][   T30] audit: type=1326 audit(1751935523.929:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=254 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1320.776802][ T5957] usb 5-1: config 0 descriptor??
[ 1320.889109][T19600] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3745'.
[ 1320.964144][   T30] audit: type=1326 audit(1751935523.929:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.066751][T19578] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1321.104089][   T30] audit: type=1326 audit(1751935523.929:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.133216][T19578] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1321.157865][T19578] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1321.179863][T19578] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1321.191845][   T30] audit: type=1326 audit(1751935523.929:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.224660][T19594] binder: 19591:19594 ioctl c0306201 80000100 returned -11
[ 1321.235957][T19594] fuse: Bad value for 'fd'
[ 1321.335799][   T30] audit: type=1326 audit(1751935523.929:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.392923][   T30] audit: type=1326 audit(1751935523.929:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.480320][   T30] audit: type=1326 audit(1751935523.939:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1321.575349][T19608] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3747'.
[ 1321.716233][T19610] pimreg: entered allmulticast mode
[ 1321.724603][T19610] pimreg: left allmulticast mode
[ 1321.809766][   T30] audit: type=1326 audit(1751935523.939:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19586 comm="syz.2.3742" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ce539 code=0x7ffc0000
[ 1322.967644][ T5942] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1323.139667][ T5942] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1323.237448][ T5942] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1323.314815][ T5942] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1323.399542][ T5942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1323.425476][ T5942] usb 1-1: SerialNumber: syz
[ 1323.487589][ T5973] usb 3-1: USB disconnect, device number 83
[ 1323.857904][T19620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3751'.
[ 1323.937935][ T5942] usb 1-1: 0:2 : does not exist
[ 1323.950376][ T5942] usb 1-1: unit 5: unexpected type 0x0d
[ 1323.986321][ T5942] usb 1-1: USB disconnect, device number 8
[ 1324.114663][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1324.189945][ T5957] usb 5-1: USB disconnect, device number 89
[ 1324.649799][T19625] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1324.677150][T19629] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1325.147653][T19638] loop6: detected capacity change from 0 to 7
[ 1325.157036][ T5906] Dev loop6: unable to read RDB block 7
[ 1325.171849][ T5906]  loop6: AHDI p3 p4
[ 1325.176279][ T5906] loop6: partition table partially beyond EOD, truncated
[ 1325.185769][ T5906] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1325.202935][T19638] Dev loop6: unable to read RDB block 7
[ 1325.213460][T19638]  loop6: AHDI p3 p4
[ 1325.219154][T19638] loop6: partition table partially beyond EOD, truncated
[ 1325.228724][T19638] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1325.535386][T19646] loop4: detected capacity change from 0 to 7
[ 1325.545679][T19646] Dev loop4: unable to read RDB block 7
[ 1325.553267][T19646]  loop4: unable to read partition table
[ 1325.559965][T19646] loop4: partition table beyond EOD, truncated
[ 1325.566479][T19646] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1325.688634][T19652] loop6: detected capacity change from 0 to 7
[ 1325.723758][T19652] Dev loop6: unable to read RDB block 7
[ 1326.074159][T19653] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3761'.
[ 1326.154171][T19652]  loop6: unable to read partition table
[ 1326.214445][T19652] loop6: partition table beyond EOD, truncated
[ 1326.266325][T19652] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1326.325507][T19657] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3762'.
[ 1326.968745][  T977] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[ 1327.677412][  T977] usb 1-1: Using ep0 maxpacket: 32
[ 1327.897776][T12393] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1328.345401][T12393] usb 3-1: config 0 has no interfaces?
[ 1328.362125][T12393] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1328.386949][  T977] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1328.634422][T12393] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1328.687155][  T977] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1328.737710][T12393] usb 3-1: Product: syz
[ 1328.742755][T12393] usb 3-1: Manufacturer: syz
[ 1328.752401][T12393] usb 3-1: SerialNumber: syz
[ 1328.765255][  T977] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1328.779686][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1328.790815][  T977] usb 1-1: Product: syz
[ 1329.056879][T12393] usb 3-1: config 0 descriptor??
[ 1329.087571][  T977] usb 1-1: Manufacturer: syz
[ 1329.102601][  T977] usb 1-1: SerialNumber: syz
[ 1329.171248][  T977] usb 1-1: config 0 descriptor??
[ 1329.226481][   T59] bridge_slave_1: left allmulticast mode
[ 1329.294152][   T59] bridge_slave_1: left promiscuous mode
[ 1329.308000][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1329.485899][   T59] bridge_slave_0: left allmulticast mode
[ 1329.516299][   T59] bridge_slave_0: left promiscuous mode
[ 1329.536311][T19661] binder: 19658:19661 ioctl c0306201 80000100 returned -11
[ 1329.550948][T19661] fuse: Bad value for 'fd'
[ 1329.649555][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1330.557663][    T9] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1330.708021][    T9] usb 4-1: device descriptor read/64, error -71
[ 1330.740206][  T977] usb 1-1: USB disconnect, device number 9
[ 1331.132805][    T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1331.313532][    T9] usb 4-1: device descriptor read/64, error -71
[ 1331.414284][   T59] batman_adv: batadv0: Interface deactivated: macvlan2
[ 1331.459712][  T977] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 1331.489223][   T59] batman_adv: batadv0: Removing interface: macvlan2
[ 1331.518084][    T9] usb usb4-port1: attempt power cycle
[ 1331.654550][  T977] usb 1-1: Using ep0 maxpacket: 16
[ 1331.690217][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1331.720526][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1331.811576][  T977] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1331.830953][  T977] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1331.875021][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.892596][    T9] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1331.943845][  T977] usb 1-1: config 0 descriptor??
[ 1331.950334][    T9] usb 4-1: device descriptor read/8, error -71
[ 1332.090521][   T59] bond1 (unregistering): (slave vlan1): Releasing active interface
[ 1332.227727][    T9] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1332.284124][    T9] usb 4-1: device descriptor read/8, error -71
[ 1332.419056][    T9] usb usb4-port1: unable to enumerate USB device
[ 1332.904516][   T59] team0: Port device bond0 removed
[ 1332.917236][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1332.938633][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1332.952536][   T59] bond0 (unregistering): Released all slaves
[ 1333.430047][   T59] bond1 (unregistering): Released all slaves
[ 1333.458252][T19668] pimreg: entered allmulticast mode
[ 1333.491514][T19692] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1333.746239][  T977] usbhid 1-1:0.0: can't add hid device: -71
[ 1333.782336][  T977] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1333.862998][  T977] usb 1-1: USB disconnect, device number 10
[ 1333.909420][   T59] tipc: Disabling bearer <udp:syz2>
[ 1333.916705][   T59] tipc: Left network mode
[ 1334.084442][T19697] loop6: detected capacity change from 0 to 7
[ 1334.103456][T12393] usb 3-1: USB disconnect, device number 84
[ 1334.110604][T19697] Dev loop6: unable to read RDB block 7
[ 1334.128836][T19697]  loop6: AHDI p3 p4
[ 1334.135034][T19697] loop6: partition table partially beyond EOD, truncated
[ 1334.146669][T19697] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1334.309691][T19699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3776'.
[ 1334.332135][T19699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3776'.
[ 1335.188212][T12393] usb 5-1: new full-speed USB device number 90 using dummy_hcd
[ 1335.275170][   T59] hsr_slave_0: left promiscuous mode
[ 1335.303044][   T59] hsr_slave_1: left promiscuous mode
[ 1335.314340][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1335.330678][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1335.353141][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1335.374399][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1335.411892][T12393] usb 5-1: config 4 has an invalid interface number: 231 but max is 0
[ 1335.432856][T12393] usb 5-1: config 4 has no interface number 0
[ 1335.453964][   T59] veth1_macvtap: left promiscuous mode
[ 1335.468294][   T59] veth0_macvtap: left promiscuous mode
[ 1335.486077][T12393] usb 5-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[ 1335.497782][T12393] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1335.515175][T12393] usb 5-1: Product: syz
[ 1335.520302][T12393] usb 5-1: Manufacturer: syz
[ 1335.525188][T12393] usb 5-1: SerialNumber: syz
[ 1335.590519][T12393] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[ 1335.857462][T19716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1335.914973][T19716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1335.929628][T19719] FAULT_INJECTION: forcing a failure.
[ 1335.929628][T19719] name failslab, interval 1, probability 0, space 0, times 0
[ 1335.981533][T19719] CPU: 1 UID: 0 PID: 19719 Comm: syz.0.3784 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1335.981568][T19719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1335.981591][T19719] Call Trace:
[ 1335.981604][T19719]  <TASK>
[ 1335.981615][T19719]  dump_stack_lvl+0x189/0x250
[ 1335.981659][T19719]  ? __pfx____ratelimit+0x10/0x10
[ 1335.981696][T19719]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1335.981730][T19719]  ? __pfx__printk+0x10/0x10
[ 1335.981774][T19719]  ? __pfx___might_resched+0x10/0x10
[ 1335.981802][T19719]  ? fs_reclaim_acquire+0x7d/0x100
[ 1335.981841][T19719]  should_fail_ex+0x414/0x560
[ 1335.981886][T19719]  should_failslab+0xa8/0x100
[ 1335.981925][T19719]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1335.981957][T19719]  ? nl80211_prepare_wdev_dump+0x2c3/0x6a0
[ 1335.982007][T19719]  nl80211_prepare_wdev_dump+0x2c3/0x6a0
[ 1335.982041][T19719]  nl80211_dump_station+0x123/0x6e0
[ 1335.982072][T19719]  ? do_fast_syscall_32+0x34/0x80
[ 1335.982095][T19719]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1335.982145][T19719]  ? __pfx_nl80211_dump_station+0x10/0x10
[ 1335.982204][T19719]  ? trace_kmalloc+0x1f/0xd0
[ 1335.982228][T19719]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1335.982266][T19719]  ? __build_skb_around+0x257/0x3e0
[ 1335.982308][T19719]  genl_dumpit+0x10b/0x1b0
[ 1335.982354][T19719]  netlink_dump+0x62d/0xe20
[ 1335.982395][T19719]  ? __pfx_netlink_dump+0x10/0x10
[ 1335.982448][T19719]  ? genl_start+0x499/0x6c0
[ 1335.982504][T19719]  __netlink_dump_start+0x5cb/0x7e0
[ 1335.982546][T19719]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[ 1335.982596][T19719]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1335.982644][T19719]  ? genl_get_cmd+0x7d9/0x910
[ 1335.982684][T19719]  ? __pfx_genl_start+0x10/0x10
[ 1335.982715][T19719]  ? __pfx_genl_dumpit+0x10/0x10
[ 1335.982751][T19719]  ? __pfx_genl_done+0x10/0x10
[ 1335.982806][T19719]  genl_rcv_msg+0x5da/0x790
[ 1335.982853][T19719]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1335.982890][T19719]  ? __pfx_nl80211_dump_station+0x10/0x10
[ 1335.982938][T19719]  netlink_rcv_skb+0x208/0x470
[ 1335.983015][T19719]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1335.983057][T19719]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1335.983104][T19719]  ? down_read+0x1ad/0x2e0
[ 1335.983144][T19719]  genl_rcv+0x28/0x40
[ 1335.983180][T19719]  netlink_unicast+0x75b/0x8d0
[ 1335.983218][T19719]  netlink_sendmsg+0x805/0xb30
[ 1335.983258][T19719]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1335.983300][T19719]  ? __import_iovec+0x5d4/0x7f0
[ 1335.983329][T19719]  ? aa_sock_msg_perm+0x94/0x160
[ 1335.983367][T19719]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1335.983402][T19719]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1335.983445][T19719]  __sock_sendmsg+0x21c/0x270
[ 1335.983486][T19719]  ____sys_sendmsg+0x505/0x830
[ 1335.983523][T19719]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1335.983594][T19719]  ___sys_sendmsg+0x21f/0x2a0
[ 1335.983627][T19719]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1335.983703][T19719]  ? __fget_files+0x2a/0x420
[ 1335.983742][T19719]  ? __fget_files+0x3a0/0x420
[ 1335.983790][T19719]  __sys_sendmsg+0x164/0x220
[ 1335.983828][T19719]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1335.983883][T19719]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1335.983921][T19719]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1335.984022][T19719]  __do_fast_syscall_32+0xb6/0x2b0
[ 1335.984048][T19719]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1335.984105][T19719]  do_fast_syscall_32+0x34/0x80
[ 1335.984129][T19719]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1335.984162][T19719] RIP: 0023:0xf707e539
[ 1335.984183][T19719] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1335.984211][T19719] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1335.984242][T19719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1335.984259][T19719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1335.984272][T19719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1335.984290][T19719] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1335.984304][T19719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1335.984338][T19719]  </TASK>
[ 1336.564974][T12393] vp7045: USB control message 'out' went wrong.
[ 1336.635449][T12393] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1336.662753][T12393] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[ 1336.771272][   T59] pimreg (unregistering): left allmulticast mode
[ 1337.307763][T12393] usb 5-1: USB disconnect, device number 90
[ 1337.817805][ T5844] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[ 1338.198808][   T59] pim6reg (unregistering): left allmulticast mode
[ 1338.212549][ T5844] usb 1-1: Using ep0 maxpacket: 32
[ 1338.270605][ T5844] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1338.459454][ T5844] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1338.959005][ T5844] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1338.990104][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1339.004993][ T5844] usb 1-1: Product: syz
[ 1339.005498][T13378] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1339.010090][ T5844] usb 1-1: Manufacturer: syz
[ 1339.026257][ T5844] usb 1-1: SerialNumber: syz
[ 1339.127409][T13378] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1339.137519][T13378] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1339.164580][T13378] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1339.179425][ T5942] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1339.199068][T13378] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1339.407668][ T5844] usb 1-1: config 0 descriptor??
[ 1339.509199][ T5942] usb 5-1: config 0 has no interfaces?
[ 1339.589262][ T5942] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1339.627381][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1339.815268][T19723] fuse: Bad value for 'fd'
[ 1339.847456][ T5942] usb 5-1: Product: syz
[ 1339.859620][ T5942] usb 5-1: Manufacturer: syz
[ 1339.899865][ T5942] usb 5-1: SerialNumber: syz
[ 1339.938979][ T5942] usb 5-1: config 0 descriptor??
[ 1340.768661][T19734] loop4: detected capacity change from 0 to 7
[ 1340.841442][T19734] Dev loop4: unable to read RDB block 7
[ 1340.859476][T19734]  loop4: unable to read partition table
[ 1340.877925][T19734] loop4: partition table beyond EOD, truncated
[ 1340.937545][T19734] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1341.429320][T17611] Bluetooth: hci2: command tx timeout
[ 1341.482620][ T5844] usb 1-1: USB disconnect, device number 11
[ 1341.514673][T19737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3789'.
[ 1342.032612][ T5844] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1342.256253][ T5844] usb 2-1: Using ep0 maxpacket: 16
[ 1342.318236][ T5844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1342.332735][ T5844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1342.364700][ T5844] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1342.391279][ T5844] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1342.444107][ T5844] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1342.483040][ T5844] usb 2-1: config 0 descriptor??
[ 1342.522380][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1342.699663][   T59] team0 (unregistering): Port device team_slave_0 removed
[ 1343.507941][T17611] Bluetooth: hci2: command tx timeout
[ 1344.145235][T19731] pimreg: entered allmulticast mode
[ 1344.281646][ T5844] usbhid 2-1:0.0: can't add hid device: -71
[ 1344.338381][ T5844] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1344.403046][ T5844] usb 2-1: USB disconnect, device number 100
[ 1344.544022][T19752] loop6: detected capacity change from 0 to 7
[ 1344.565393][T19752] Dev loop6: unable to read RDB block 7
[ 1344.609885][   T43] usb 5-1: USB disconnect, device number 91
[ 1344.629135][T19752]  loop6: AHDI p3 p4
[ 1344.653100][T19752] loop6: partition table partially beyond EOD, truncated
[ 1344.660846][T19754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3791'.
[ 1344.677487][  T977] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 1344.677568][T19754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3791'.
[ 1344.746129][T19752] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1344.863799][  T977] usb 1-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config
[ 1344.883095][  T977] usb 1-1: config 48 interface 0 altsetting 98 endpoint 0x4 has an invalid bInterval 0, changing to 7
[ 1344.917854][  T977] usb 1-1: config 48 interface 0 altsetting 98 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1344.938949][  T977] usb 1-1: config 48 interface 0 altsetting 98 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1344.984774][  T977] usb 1-1: config 48 interface 0 has no altsetting 0
[ 1345.026696][  T977] usb 1-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f
[ 1345.048395][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1345.135095][  T977] usb 1-1: Product: syz
[ 1345.179318][  T977] usb 1-1: Manufacturer: syz
[ 1345.187104][  T977] usb 1-1: SerialNumber: syz
[ 1345.486091][T19730] chnl_net:caif_netlink_parms(): no params data found
[ 1345.509641][T19750] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1345.563031][T19750] sg_write: data in/out 221/42 bytes for SCSI command 0x0-- guessing data in;
[ 1345.563031][T19750]    program syz.0.3800 not setting count and/or reply_len properly
[ 1345.587625][T17611] Bluetooth: hci2: command tx timeout
[ 1345.701045][T19759] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1345.871185][T19774] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1345.966690][T19730] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1345.991574][T19730] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1346.015390][T19730] bridge_slave_0: entered allmulticast mode
[ 1346.040994][T19730] bridge_slave_0: entered promiscuous mode
[ 1346.145658][T19730] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1346.164087][T19730] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1346.175573][T19730] bridge_slave_1: entered allmulticast mode
[ 1346.191619][T19730] bridge_slave_1: entered promiscuous mode
[ 1346.423964][T19730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1346.449365][T19730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1346.884958][T19730] team0: Port device team_slave_0 added
[ 1346.894756][ T5844] usb 2-1: new full-speed USB device number 101 using dummy_hcd
[ 1346.942828][T19730] team0: Port device team_slave_1 added
[ 1347.071625][ T5844] usb 2-1: not running at top speed; connect to a high speed hub
[ 1347.097855][ T5844] usb 2-1: config 1 has an invalid interface number: 78 but max is 0
[ 1347.120488][ T5844] usb 2-1: config 1 has no interface number 0
[ 1347.129379][ T5844] usb 2-1: config 1 interface 78 has no altsetting 0
[ 1347.171503][ T5844] usb 2-1: string descriptor 0 read error: -22
[ 1347.186945][T19730] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1347.210098][ T5844] usb 2-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=ec.57
[ 1347.236158][T19730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1347.326500][ T5844] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1347.379880][T19730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1347.565188][T12393] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1347.606750][  T977] usb 1-1: USB disconnect, device number 12
[ 1347.659205][ T5844] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
[ 1347.659642][ T5844] usb 2-1: selecting invalid altsetting 0
[ 1347.677699][T17611] Bluetooth: hci2: command tx timeout
[ 1347.694634][T19730] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1347.694653][T19730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1347.694691][T19730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1347.751646][T12393] usb 5-1: Using ep0 maxpacket: 32
[ 1347.858785][T12393] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1347.858820][T12393] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1347.872767][    T9] usb 2-1: USB disconnect, device number 101
[ 1347.874960][ T2341] pvrusb2: control-write URB failure, status=-71
[ 1347.874996][ T2341] pvrusb2: Device being rendered inoperable
[ 1348.012257][ T2341] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1348.012323][ T2341] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1348.025126][T12393] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1348.025164][T12393] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1348.025189][T12393] usb 5-1: Product: syz
[ 1348.025208][T12393] usb 5-1: Manufacturer: syz
[ 1348.025226][T12393] usb 5-1: SerialNumber: syz
[ 1348.124626][T12393] usb 5-1: config 0 descriptor??
[ 1348.398753][T19786] binder: 19782:19786 ioctl c0306201 80000100 returned -11
[ 1348.420969][T19786] fuse: Bad value for 'fd'
[ 1349.980588][T19730] hsr_slave_0: entered promiscuous mode
[ 1350.156735][T19730] hsr_slave_1: entered promiscuous mode
[ 1350.317444][    T9] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1350.345907][T19730] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1350.951765][T19730] Cannot create hsr debugfs directory
[ 1350.998930][    T9] usb 2-1: config 0 has no interfaces?
[ 1351.127592][    T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1351.563379][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1351.817492][    T9] usb 2-1: Product: syz
[ 1351.822905][    T9] usb 2-1: Manufacturer: syz
[ 1351.887498][    T9] usb 2-1: SerialNumber: syz
[ 1351.950370][    T9] usb 2-1: config 0 descriptor??
[ 1352.109178][T19807] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3805'.
[ 1352.939091][   T59] bridge_slave_1: left allmulticast mode
[ 1352.962370][   T59] bridge_slave_1: left promiscuous mode
[ 1352.999326][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1353.506732][   T59] bridge_slave_0: left allmulticast mode
[ 1353.529202][   T59] bridge_slave_0: left promiscuous mode
[ 1353.562498][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1354.400112][T12393] usb 5-1: USB disconnect, device number 92
[ 1354.942622][T19822] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1356.734168][T19845] loop4: detected capacity change from 0 to 7
[ 1356.761766][T19845] Dev loop4: unable to read RDB block 7
[ 1356.769442][T19845]  loop4: unable to read partition table
[ 1356.776011][T19845] loop4: partition table beyond EOD, truncated
[ 1356.803414][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1356.812775][T19845] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1356.829581][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1356.842537][   T59] bond0 (unregistering): Released all slaves
[ 1356.921416][T19812] pimreg: entered allmulticast mode
[ 1356.950942][T19833] kthread_run failed with err -4
[ 1357.311404][T19856] binder: 19849:19856 ioctl c0306201 0 returned -14
[ 1357.562133][T19848] loop7: detected capacity change from 0 to 7
[ 1357.582158][T18129] usb 2-1: USB disconnect, device number 102
[ 1357.657549][T19848] Dev loop7: unable to read RDB block 7
[ 1357.749476][T19848]  loop7: AHDI p1 p2 p3
[ 1357.781972][T19848] loop7: partition table partially beyond EOD, truncated
[ 1357.831484][T19848] loop7: p1 start 926365495 is beyond EOD, truncated
[ 1357.909060][T19848] loop7: p2 size 116 extends beyond EOD, truncated
[ 1358.033517][    T9] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1358.387792][    T9] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[ 1358.494202][    T9] usb 3-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1358.559043][    T9] usb 3-1: config 2 interface 0 has no altsetting 0
[ 1358.575081][    T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[ 1358.606922][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1358.636681][    T9] usb 3-1: Product: syz
[ 1358.681302][    T9] usb 3-1: Manufacturer: syz
[ 1358.698006][T19866] loop6: detected capacity change from 0 to 7
[ 1358.714016][T19866] Dev loop6: unable to read RDB block 7
[ 1358.727538][    T9] usb 3-1: SerialNumber: syz
[ 1358.734471][T19866]  loop6: AHDI p3 p4
[ 1358.744109][T19866] loop6: partition table partially beyond EOD, truncated
[ 1358.778663][T19866] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1358.815052][   T59] hsr_slave_0: left promiscuous mode
[ 1358.832549][   T59] hsr_slave_1: left promiscuous mode
[ 1358.947950][   T43] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1358.980540][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1359.073482][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1359.078712][T19875] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3819'.
[ 1359.119129][ T5957] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1359.148732][   T43] usb 2-1: too many configurations: 9, using maximum allowed: 8
[ 1359.206428][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.220694][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.248325][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.271751][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.300471][ T5957] usb 5-1: Using ep0 maxpacket: 32
[ 1359.308863][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.336887][ T5957] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1359.358526][    T9] usb 3-1: USB disconnect, device number 85
[ 1359.375830][ T5957] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1359.387780][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.415011][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.447897][ T5942] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[ 1359.466579][ T5957] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1359.481424][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1359.512029][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.532695][ T5957] usb 5-1: Product: syz
[ 1359.538243][ T5957] usb 5-1: Manufacturer: syz
[ 1359.543054][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.553940][ T5957] usb 5-1: SerialNumber: syz
[ 1359.563812][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.584936][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.603189][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.613108][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.632725][ T5957] usb 5-1: config 0 descriptor??
[ 1359.643643][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.668774][ T5942] usb 1-1: Using ep0 maxpacket: 16
[ 1359.685743][ T5942] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1359.714068][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.722208][ T5942] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1359.734796][ T5942] usb 1-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1359.750155][ T5942] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1359.759575][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.770083][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.782140][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.793555][ T5942] usb 1-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[ 1359.803625][ T5942] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1359.814072][ T5942] usb 1-1: Product: syz
[ 1359.823181][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.840045][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1359.856054][ T5942] usb 1-1: Manufacturer: syz
[ 1359.865199][ T5942] usb 1-1: SerialNumber: syz
[ 1359.872675][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1359.895922][   T43] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1359.924899][T19871] binder: 19868:19871 ioctl c0306201 80000100 returned -11
[ 1359.955127][T19871] fuse: Bad value for 'fd'
[ 1360.018311][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1360.032602][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1360.058704][   T43] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1360.088646][   T43] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1360.136504][   T43] usb 2-1: Product: syz
[ 1360.154933][   T43] usb 2-1: Manufacturer: syz
[ 1360.180907][   T43] usb 2-1: SerialNumber: syz
[ 1360.260647][   T43] usb 2-1: config 0 descriptor??
[ 1360.292413][   T43] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[ 1361.140763][ T5973] usb 2-1: USB disconnect, device number 103
[ 1361.151295][ T5973] yurex 2-1:0.0: USB YUREX #0 now disconnected
[ 1361.671663][T19897] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1362.260199][T19903] loop6: detected capacity change from 0 to 7
[ 1362.370070][T19903] Dev loop6: unable to read RDB block 7
[ 1362.378955][T19903]  loop6: unable to read partition table
[ 1362.447598][T19903] loop6: partition table beyond EOD, truncated
[ 1362.495179][T19903] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1362.637507][ T5957] usb 5-1: USB disconnect, device number 93
[ 1363.053921][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1363.231492][   T59] team0 (unregistering): Port device team_slave_0 removed
[ 1363.247698][T12393] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1363.428501][T12393] usb 2-1: config 0 has no interfaces?
[ 1363.441132][T12393] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1363.454117][T12393] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1363.467503][T12393] usb 2-1: Product: syz
[ 1363.483499][T12393] usb 2-1: Manufacturer: syz
[ 1363.533251][T12393] usb 2-1: SerialNumber: syz
[ 1363.563376][T12393] usb 2-1: config 0 descriptor??
[ 1364.944471][ T5942] usbhid 1-1:1.0: couldn't find an input interrupt endpoint
[ 1364.971936][ T5942] usb 1-1: USB disconnect, device number 13
[ 1365.627491][T12393] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1365.797520][T12393] usb 5-1: Using ep0 maxpacket: 8
[ 1365.811992][T12393] usb 5-1: config 0 has an invalid interface number: 122 but max is 0
[ 1365.962005][T12393] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1365.987551][T12393] usb 5-1: config 0 has no interface number 0
[ 1366.009851][T19730] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1366.109895][T12393] usb 5-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[ 1366.181064][T12393] usb 5-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 8
[ 1366.211393][T19730] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1366.293584][T12393] usb 5-1: config 0 interface 122 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 1023
[ 1366.345382][T12393] usb 5-1: config 0 interface 122 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1366.358544][T19730] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1366.410228][T19730] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1366.423467][T12393] usb 5-1: config 0 interface 122 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1366.458624][T12393] usb 5-1: config 0 interface 122 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 8
[ 1366.587370][ T5957] usb 2-1: USB disconnect, device number 104
[ 1366.607373][T12393] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[ 1366.616523][T12393] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1366.682705][T12393] usb 5-1: Product: syz
[ 1366.696360][T12393] usb 5-1: Manufacturer: syz
[ 1366.741563][T12393] usb 5-1: SerialNumber: syz
[ 1366.791099][T12393] usb 5-1: config 0 descriptor??
[ 1366.838453][T19919] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1366.855530][T19919] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1366.962505][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1366.969477][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1367.057723][T19730] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1367.158664][T12393] usb 5-1: NFC: intf ffff888059d99000 id ffffffff8eb52f00
[ 1367.196465][T19730] 8021q: adding VLAN 0 to HW filter on device team0
[ 1367.444534][T12393] nfcmrvl 5-1:0.122: NFC: registered with nci successfully
[ 1367.467057][ T7077] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1367.467157][T12393] usb 5-1: USB disconnect, device number 94
[ 1367.474427][ T7077] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1367.485789][T12393] usb 5-1: NFC: intf ffff888059d99000
[ 1367.548333][ T5844] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[ 1367.888531][ T5844] usb 1-1: Using ep0 maxpacket: 32
[ 1367.948252][ T5844] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1368.128991][ T5844] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1368.165410][ T5844] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1368.175880][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1368.193118][ T5844] usb 1-1: Product: syz
[ 1368.530025][ T5844] usb 1-1: Manufacturer: syz
[ 1368.559286][T19973] loop6: detected capacity change from 0 to 7
[ 1368.647447][ T5844] usb 1-1: SerialNumber: syz
[ 1368.655411][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1368.662749][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1368.713691][ T5844] usb 1-1: config 0 descriptor??
[ 1368.955927][T19973] Dev loop6: unable to read RDB block 7
[ 1369.089774][T19973]  loop6: unable to read partition table
[ 1369.095929][T19973] loop6: partition table beyond EOD, truncated
[ 1369.148030][T19973] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1369.188843][T19956] binder: 19952:19956 ioctl c0306201 80000100 returned -11
[ 1369.201087][T19956] fuse: Bad value for 'fd'
[ 1370.162395][T19730] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1370.666283][ T5844] usb 1-1: USB disconnect, device number 14
[ 1370.858676][T19730] veth0_vlan: entered promiscuous mode
[ 1371.032647][T19989] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3838'.
[ 1371.226085][T19730] veth1_vlan: entered promiscuous mode
[ 1371.654013][T19730] veth0_macvtap: entered promiscuous mode
[ 1371.727176][T19730] veth1_macvtap: entered promiscuous mode
[ 1371.983372][T19730] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1372.043580][T19730] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1372.539942][T19730] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1372.649262][T19730] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1372.753842][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 1372.945917][T19730] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1372.971585][T19730] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1373.152759][   T43] usb 1-1: config 0 has no interfaces?
[ 1373.727541][   T43] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1373.801051][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1373.902820][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1374.112781][ T7076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1374.153365][ T7076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1374.171687][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1374.554760][   T43] usb 1-1: Product: syz
[ 1374.565872][   T43] usb 1-1: Manufacturer: syz
[ 1374.592838][   T43] usb 1-1: SerialNumber: syz
[ 1374.611493][   T43] usb 1-1: config 0 descriptor??
[ 1374.933802][T20008] pimreg: entered allmulticast mode
[ 1374.987562][T20008] pimreg: left allmulticast mode
[ 1375.790170][   T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1376.307391][   T43] usb 6-1: Using ep0 maxpacket: 32
[ 1376.328148][T20029] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3844'.
[ 1376.349297][   T43] usb 6-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1376.400331][   T43] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1376.457032][   T43] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1376.598595][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1376.667411][ T5973] usb 1-1: USB disconnect, device number 15
[ 1376.735701][   T43] usb 6-1: Product: syz
[ 1376.777712][   T43] usb 6-1: Manufacturer: syz
[ 1376.782398][   T43] usb 6-1: SerialNumber: syz
[ 1377.454033][   T43] usb 6-1: config 0 descriptor??
[ 1377.674761][T20041] bridge0: port 3(vlan3) entered blocking state
[ 1377.705079][T20041] bridge0: port 3(vlan3) entered disabled state
[ 1377.745808][T20041] vlan3: entered allmulticast mode
[ 1377.792601][T20041] bond0: entered allmulticast mode
[ 1377.815995][T20041] bond_slave_0: entered allmulticast mode
[ 1377.852894][T20041] bond_slave_1: entered allmulticast mode
[ 1377.881369][T20023] binder: 20018:20023 ioctl c0306201 80000100 returned -11
[ 1377.897437][ T5957] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 1377.910131][T20023] fuse: Bad value for 'fd'
[ 1377.941275][T20041] vlan3: entered promiscuous mode
[ 1377.946465][T20041] bond0: entered promiscuous mode
[ 1378.037169][T20041] bond_slave_0: entered promiscuous mode
[ 1378.093771][ T5957] usb 1-1: Using ep0 maxpacket: 32
[ 1378.128373][ T5957] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1378.145210][ T5957] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1378.238496][T20041] bond_slave_1: entered promiscuous mode
[ 1378.296666][ T5957] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1378.444704][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1378.545551][ T5957] usb 1-1: Product: syz
[ 1378.619929][ T5957] usb 1-1: Manufacturer: syz
[ 1378.645477][ T5957] usb 1-1: SerialNumber: syz
[ 1378.737406][ T5957] usb 1-1: config 0 descriptor??
[ 1379.027184][T20037] binder: 20035:20037 ioctl c0306201 80000100 returned -11
[ 1379.163227][T20067] fuse: Bad value for 'fd'
[ 1379.647480][T20060] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3849'.
[ 1380.100127][   T43] usb 6-1: USB disconnect, device number 2
[ 1380.601395][ T5957] usb 1-1: USB disconnect, device number 16
[ 1380.721603][T20073] unsupported nla_type 61704
[ 1380.888788][T20079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3854'.
[ 1380.899431][T20079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3854'.
[ 1380.917755][T20079] netlink: 'syz.0.3854': attribute type 18 has an invalid length.
[ 1381.524212][T20077] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3852'.
[ 1383.177449][ T5844] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1383.247540][ T5957] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 1383.527327][ T5957] usb 1-1: Using ep0 maxpacket: 16
[ 1383.546897][ T5957] usb 1-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config
[ 1383.581963][ T5957] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1383.659623][T18129] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1383.741539][ T5844] usb 3-1: config 0 has no interfaces?
[ 1383.753802][ T5957] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1383.780568][ T5844] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1383.809116][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1383.831077][ T5957] usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
[ 1383.837357][ T5844] usb 3-1: Product: syz
[ 1383.865051][T20118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3859'.
[ 1383.877417][ T5957] usb 1-1: Manufacturer: syz
[ 1383.899678][ T5957] usb 1-1: config 0 descriptor??
[ 1383.907391][T18129] usb 6-1: Using ep0 maxpacket: 32
[ 1383.912711][ T5844] usb 3-1: Manufacturer: syz
[ 1383.933157][ T5844] usb 3-1: SerialNumber: syz
[ 1383.944245][T18129] usb 6-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30
[ 1383.980172][ T5844] usb 3-1: config 0 descriptor??
[ 1383.993327][T18129] usb 6-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1384.018107][T18129] usb 6-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1384.092141][T18129] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1384.100164][T18129] usb 6-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[ 1384.111194][T18129] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1384.212383][T18129] usb 6-1: config 0 descriptor??
[ 1384.233528][   T24] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1384.384655][T20126] pimreg: left allmulticast mode
[ 1384.507492][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1384.539565][   T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1384.561270][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1384.635089][   T24] usb 5-1: config 0 descriptor??
[ 1384.763234][T18129] zeroplus 0003:0C12:0030.0023: hidraw0: USB HID v0.03 Device [HID 0c12:0030] on usb-dummy_hcd.5-1/input0
[ 1384.793024][T18129] zeroplus 0003:0C12:0030.0023: no inputs found
[ 1384.856924][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1385.081122][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1385.156298][   T43] usb 6-1: USB disconnect, device number 3
[ 1385.166622][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1385.316479][   T24] usb 5-1: media controller created
[ 1385.403079][T20129] fido_id[20129]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1385.509926][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1385.818825][   T24] az6027: usb out operation failed. (-71)
[ 1385.850368][   T24] az6027: usb out operation failed. (-71)
[ 1385.879690][   T24] stb0899_attach: Driver disabled by Kconfig
[ 1385.934926][   T24] az6027: no front-end attached
[ 1385.934926][   T24] 
[ 1386.026828][   T24] az6027: usb out operation failed. (-71)
[ 1386.050908][ T5957] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1386.148323][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1386.164896][ T5957] usb 1-1: USB disconnect, device number 17
[ 1386.179887][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input141
[ 1386.262033][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[ 1386.299827][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1386.339690][   T24] usb 5-1: USB disconnect, device number 95
[ 1386.517700][    T9] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1386.556144][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1386.579277][ T5957] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[ 1386.709587][ T5973] usb 3-1: USB disconnect, device number 86
[ 1386.727428][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1386.743196][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1386.776034][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1386.810997][ T5957] usb 1-1: config 0 interface 0 altsetting 10 endpoint 0x6 has invalid wMaxPacketSize 0
[ 1386.816463][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1386.844297][ T5957] usb 1-1: config 0 interface 0 altsetting 10 endpoint 0xB has invalid wMaxPacketSize 0
[ 1386.883080][    T9] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1386.903222][ T5957] usb 1-1: config 0 interface 0 altsetting 10 bulk endpoint 0xB has invalid maxpacket 0
[ 1386.912985][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1386.932511][ T5957] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1386.966588][ T5957] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=4c.b3
[ 1386.980135][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1386.983649][    T9] usb 2-1: config 0 descriptor??
[ 1386.997376][ T5957] usb 1-1: Product: syz
[ 1387.005499][ T5957] usb 1-1: Manufacturer: syz
[ 1387.011314][ T5957] usb 1-1: SerialNumber: syz
[ 1387.057611][   T43] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1387.091313][ T5957] usb 1-1: config 0 descriptor??
[ 1387.119228][ T5957] ir_toy 1-1:0.0: required endpoints not found
[ 1387.287376][   T43] usb 6-1: Using ep0 maxpacket: 8
[ 1387.294777][   T43] usb 6-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1387.323120][T20140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1387.333110][T20140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1387.348047][ T5957] usb 1-1: USB disconnect, device number 18
[ 1387.365071][   T43] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1387.388282][   T43] usb 6-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[ 1387.404145][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1387.485886][   T43] usb 6-1: config 0 descriptor??
[ 1387.527968][    T9] usbhid 2-1:0.0: can't add hid device: -71
[ 1387.550581][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1387.601870][    T9] usb 2-1: USB disconnect, device number 105
[ 1388.141762][T20152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1388.167765][T20152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1388.736735][T20160] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3868'.
[ 1388.933605][   T43] usbhid 6-1:0.0: can't add hid device: -71
[ 1388.972563][   T43] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1389.089003][T20182] loop6: detected capacity change from 0 to 7
[ 1389.108329][   T43] usb 6-1: USB disconnect, device number 4
[ 1389.181572][T20182] Dev loop6: unable to read RDB block 7
[ 1389.230844][T20184] loop4: detected capacity change from 0 to 7
[ 1389.243537][T20182]  loop6: unable to read partition table
[ 1389.317746][T20182] loop6: partition table beyond EOD, truncated
[ 1389.326558][T20182] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1389.341855][T20184] Dev loop4: unable to read RDB block 7
[ 1389.373678][T20184]  loop4: unable to read partition table
[ 1389.820881][T20184] loop4: partition table beyond EOD, truncated
[ 1389.836503][T20184] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1390.917541][   T43] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 1391.094674][   T43] usb 1-1: config 0 has no interfaces?
[ 1391.315749][   T43] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1391.326940][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.335718][   T43] usb 1-1: Product: syz
[ 1391.340329][   T43] usb 1-1: Manufacturer: syz
[ 1391.345046][   T43] usb 1-1: SerialNumber: syz
[ 1391.443717][   T43] usb 1-1: config 0 descriptor??
[ 1391.775802][T20199] pimreg: entered allmulticast mode
[ 1391.784802][T20199] pimreg: left allmulticast mode
[ 1392.874823][T20225] pimreg: entered allmulticast mode
[ 1392.890527][T20225] pimreg: left allmulticast mode
[ 1393.207350][T18129] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1393.387322][T18129] usb 5-1: Using ep0 maxpacket: 16
[ 1393.426749][T18129] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1393.650125][T18129] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1393.669268][T18129] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1393.686135][T18129] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1393.695587][T18129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1393.738027][T18129] usb 5-1: config 0 descriptor??
[ 1393.814173][    T9] usb 1-1: USB disconnect, device number 19
[ 1394.048522][ T5844] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1394.267892][ T5844] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1394.282274][T18129] usbhid 5-1:0.0: can't add hid device: -71
[ 1394.292095][ T5844] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1394.301860][T18129] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1394.321817][T20243] netlink: 'syz.0.3885': attribute type 31 has an invalid length.
[ 1394.332970][ T5844] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1394.377540][ T5844] usb 2-1: config 0 descriptor??
[ 1394.384798][T18129] usb 5-1: USB disconnect, device number 96
[ 1394.644550][ T5844] ath6kl: Failed to submit usb control message: -71
[ 1394.996628][ T5844] ath6kl: unable to send the bmi data to the device: -71
[ 1395.146427][ T5844] ath6kl: Unable to send get target info: -71
[ 1395.515064][ T5844] ath6kl: Failed to init ath6kl core: -71
[ 1395.526913][ T5844] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1395.758221][ T5844] usb 2-1: USB disconnect, device number 106
[ 1395.907438][ T5973] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1396.043899][T20265] loop6: detected capacity change from 0 to 7
[ 1396.051634][T20265] Dev loop6: unable to read RDB block 7
[ 1396.057390][T20265]  loop6: AHDI p3 p4
[ 1396.061559][T20265] loop6: partition table partially beyond EOD, truncated
[ 1396.072956][T20265] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 1396.167509][ T5973] usb 5-1: Using ep0 maxpacket: 16
[ 1396.228663][ T5973] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1396.281185][ T5973] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1396.350434][ T5973] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1396.407629][ T5973] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1396.416759][ T5973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1396.460937][ T5973] usb 5-1: config 0 descriptor??
[ 1396.577388][   T43] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1396.712114][T20260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1396.726088][T20260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1396.745000][T20260] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3890'.
[ 1396.761203][   T43] usb 2-1: Using ep0 maxpacket: 16
[ 1396.778730][T20260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1396.792465][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1396.832328][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1396.856986][T20260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1397.080132][T20260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1397.117476][   T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1397.288923][T20294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3901'.
[ 1397.363875][T20260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1397.382766][   T43] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1397.397502][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1397.427651][   T43] usb 2-1: config 0 descriptor??
[ 1397.508384][ T5973] usbhid 5-1:0.0: can't add hid device: -71
[ 1397.515481][ T5973] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1397.533941][T20295] pimreg: entered allmulticast mode
[ 1397.793918][ T5973] usb 5-1: USB disconnect, device number 97
[ 1397.859041][T20300] pimreg: left allmulticast mode
[ 1398.139043][   T43] usbhid 2-1:0.0: can't add hid device: -71
[ 1398.145142][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1398.220379][T20304] loop4: detected capacity change from 0 to 7
[ 1398.236619][   T43] usb 2-1: USB disconnect, device number 107
[ 1398.248169][T20304] Dev loop4: unable to read RDB block 7
[ 1398.254491][T20304]  loop4: unable to read partition table
[ 1398.264778][T20304] loop4: partition table beyond EOD, truncated
[ 1398.272638][T20304] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1399.034897][T17611] Bluetooth: hci0: ISO packet for unknown connection handle 0
[ 1399.159470][T20333] binder: 20327:20333 ioctl 40046210 0 returned -14
[ 1399.432505][T20340] pimreg: left allmulticast mode
[ 1400.788862][T20350] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3912'.
[ 1400.801018][T20350] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3912'.
[ 1403.160371][T20407] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3925'.
[ 1404.443103][T17833] ------------[ cut here ]------------
[ 1404.449093][T17833] WARNING: CPU: 0 PID: 17833 at kernel/softirq.c:387 __local_bh_enable_ip+0x180/0x1c0
[ 1404.458734][T17833] Modules linked in:
[ 1404.463431][T17833] CPU: 0 UID: 0 PID: 17833 Comm: krxrpcio/7001 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1404.474242][T17833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1404.484792][T17833] RIP: 0010:__local_bh_enable_ip+0x180/0x1c0
[ 1404.490879][T17833] Code: 48 3b 44 24 48 75 57 48 8d 65 e0 5b 41 5c 41 5e 41 5f 5d e9 82 41 ec 09 cc 90 0f 0b 90 e9 f9 fe ff ff e8 53 00 00 00 eb 9f 90 <0f> 0b 90 e9 24 ff ff ff 48 c7 c1 30 17 a2 8f 80 e1 07 80 c1 03 38
[ 1404.510811][T17833] RSP: 0018:ffffc900049cf4c0 EFLAGS: 00010046
[ 1404.518328][T17833] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000000
[ 1404.526471][T17833] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff89de65e3
[ 1404.534589][T17833] RBP: ffffc900049cf548 R08: ffff8880b863bf03 R09: 1ffff110170c77e0
[ 1404.542613][T17833] R10: dffffc0000000000 R11: ffffed10170c77e1 R12: ffff8880b863bf00
[ 1404.550631][T17833] R13: ffff8880765bad70 R14: dffffc0000000000 R15: 1ffff92000939e98
[ 1404.558640][T17833] FS:  0000000000000000(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000
[ 1404.567603][T17833] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1404.575021][T17833] CR2: 00000000f7465008 CR3: 0000000030942000 CR4: 00000000003526f0
[ 1404.583091][T17833] Call Trace:
[ 1404.586400][T17833]  <TASK>
[ 1404.589366][T17833]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1404.595394][T17833]  ? do_raw_spin_unlock+0x122/0x240
[ 1404.600903][T17833]  ? rt_set_nexthop+0x693/0xa80
[ 1404.606054][T17833]  rt_set_nexthop+0x693/0xa80
[ 1404.610789][T17833]  ip_route_output_key_hash_rcu+0x18f6/0x23a0
[ 1404.616958][T17833]  ? ip_route_output_key_hash+0xde/0x2e0
[ 1404.622720][T17833]  ip_route_output_key_hash+0x1b9/0x2e0
[ 1404.628388][T17833]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1404.634576][T17833]  ? make_kuid+0x1d9/0x680
[ 1404.639075][T17833]  ? lockdep_unlock+0x89/0x120
[ 1404.644167][T17833]  ? __pfx_make_kuid+0x10/0x10
[ 1404.649002][T17833]  ip_route_output_flow+0x2a/0x150
[ 1404.654277][T17833]  rxrpc_init_peer+0x50a/0xc60
[ 1404.659125][T17833]  ? __pfx_rxrpc_init_peer+0x10/0x10
[ 1404.664442][T17833]  ? __lock_acquire+0xab9/0xd20
[ 1404.669341][T17833]  ? do_raw_spin_lock+0x121/0x290
[ 1404.674568][T17833]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1404.680087][T17833]  rxrpc_new_incoming_peer+0x281/0x5a0
[ 1404.685602][T17833]  rxrpc_new_incoming_call+0x612/0x14f0
[ 1404.691297][T17833]  rxrpc_io_thread+0x18b2/0x2cd0
[ 1404.696266][T17833]  ? rxrpc_io_thread+0x1171/0x2cd0
[ 1404.701459][T17833]  ? __pfx_rxrpc_io_thread+0x10/0x10
[ 1404.706934][T17833]  ? do_raw_spin_lock+0x121/0x290
[ 1404.712031][T17833]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1404.718125][T17833]  ? __kthread_parkme+0x1a1/0x200
[ 1404.723182][T17833]  kthread+0x70e/0x8a0
[ 1404.727325][T17833]  ? __pfx_rxrpc_io_thread+0x10/0x10
[ 1404.732726][T17833]  ? __pfx_kthread+0x10/0x10
[ 1404.737431][T17833]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1404.742780][T17833]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1404.748117][T17833]  ? __pfx_kthread+0x10/0x10
[ 1404.752757][T17833]  ret_from_fork+0x3fc/0x770
[ 1404.757383][T17833]  ? __pfx_ret_from_fork+0x10/0x10
[ 1404.762529][T17833]  ? __switch_to_asm+0x39/0x70
[ 1404.767331][T17833]  ? __switch_to_asm+0x33/0x70
[ 1404.772132][T17833]  ? __pfx_kthread+0x10/0x10
[ 1404.776759][T17833]  ret_from_fork_asm+0x1a/0x30
[ 1404.781669][T17833]  </TASK>
[ 1404.784721][T17833] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1404.792621][T17833] CPU: 0 UID: 0 PID: 17833 Comm: krxrpcio/7001 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[ 1404.803623][T17833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1404.814122][T17833] Call Trace:
[ 1404.817537][T17833]  <TASK>
[ 1404.820500][T17833]  dump_stack_lvl+0x99/0x250
[ 1404.825135][T17833]  ? __asan_memcpy+0x40/0x70
[ 1404.829849][T17833]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1404.835361][T17833]  ? __pfx__printk+0x10/0x10
[ 1404.840113][T17833]  panic+0x2db/0x790
[ 1404.844055][T17833]  ? __pfx_panic+0x10/0x10
[ 1404.848591][T17833]  ? show_trace_log_lvl+0x4fb/0x550
[ 1404.855178][T17833]  ? ret_from_fork_asm+0x1a/0x30
[ 1404.860172][T17833]  __warn+0x31b/0x4b0
[ 1404.864201][T17833]  ? __local_bh_enable_ip+0x180/0x1c0
[ 1404.869708][T17833]  ? __local_bh_enable_ip+0x180/0x1c0
[ 1404.875117][T17833]  report_bug+0x2be/0x4f0
[ 1404.879491][T17833]  ? __local_bh_enable_ip+0x180/0x1c0
[ 1404.885201][T17833]  ? __local_bh_enable_ip+0x180/0x1c0
[ 1404.891737][T17833]  ? __local_bh_enable_ip+0x182/0x1c0
[ 1404.897150][T17833]  handle_bug+0x84/0x160
[ 1404.902939][T17833]  exc_invalid_op+0x1a/0x50
[ 1404.907497][T17833]  asm_exc_invalid_op+0x1a/0x20
[ 1404.912722][T17833] RIP: 0010:__local_bh_enable_ip+0x180/0x1c0
[ 1404.919373][T17833] Code: 48 3b 44 24 48 75 57 48 8d 65 e0 5b 41 5c 41 5e 41 5f 5d e9 82 41 ec 09 cc 90 0f 0b 90 e9 f9 fe ff ff e8 53 00 00 00 eb 9f 90 <0f> 0b 90 e9 24 ff ff ff 48 c7 c1 30 17 a2 8f 80 e1 07 80 c1 03 38
[ 1404.939546][T17833] RSP: 0018:ffffc900049cf4c0 EFLAGS: 00010046
[ 1404.945705][T17833] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000000
[ 1404.953942][T17833] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff89de65e3
[ 1404.962819][T17833] RBP: ffffc900049cf548 R08: ffff8880b863bf03 R09: 1ffff110170c77e0
[ 1404.971169][T17833] R10: dffffc0000000000 R11: ffffed10170c77e1 R12: ffff8880b863bf00
[ 1404.979166][T17833] R13: ffff8880765bad70 R14: dffffc0000000000 R15: 1ffff92000939e98
[ 1404.987176][T17833]  ? rt_set_nexthop+0x693/0xa80
[ 1404.992066][T17833]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1404.997919][T17833]  ? do_raw_spin_unlock+0x122/0x240
[ 1405.003182][T17833]  ? rt_set_nexthop+0x693/0xa80
[ 1405.008198][T17833]  rt_set_nexthop+0x693/0xa80
[ 1405.013014][T17833]  ip_route_output_key_hash_rcu+0x18f6/0x23a0
[ 1405.019854][T17833]  ? ip_route_output_key_hash+0xde/0x2e0
[ 1405.025947][T17833]  ip_route_output_key_hash+0x1b9/0x2e0
[ 1405.031751][T17833]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1405.037975][T17833]  ? make_kuid+0x1d9/0x680
[ 1405.042626][T17833]  ? lockdep_unlock+0x89/0x120
[ 1405.048395][T17833]  ? __pfx_make_kuid+0x10/0x10
[ 1405.053221][T17833]  ip_route_output_flow+0x2a/0x150
[ 1405.058390][T17833]  rxrpc_init_peer+0x50a/0xc60
[ 1405.065318][T17833]  ? __pfx_rxrpc_init_peer+0x10/0x10
[ 1405.072094][T17833]  ? __lock_acquire+0xab9/0xd20
[ 1405.079649][T17833]  ? do_raw_spin_lock+0x121/0x290
[ 1405.086323][T17833]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1405.092635][T17833]  rxrpc_new_incoming_peer+0x281/0x5a0
[ 1405.101686][T17833]  rxrpc_new_incoming_call+0x612/0x14f0
[ 1405.108521][T17833]  rxrpc_io_thread+0x18b2/0x2cd0
[ 1405.114120][T17833]  ? rxrpc_io_thread+0x1171/0x2cd0
[ 1405.121726][T17833]  ? __pfx_rxrpc_io_thread+0x10/0x10
[ 1405.127349][T17833]  ? do_raw_spin_lock+0x121/0x290
[ 1405.132521][T17833]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1405.138988][T17833]  ? __kthread_parkme+0x1a1/0x200
[ 1405.144404][T17833]  kthread+0x70e/0x8a0
[ 1405.148507][T17833]  ? __pfx_rxrpc_io_thread+0x10/0x10
[ 1405.154162][T17833]  ? __pfx_kthread+0x10/0x10
[ 1405.158893][T17833]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1405.164128][T17833]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1405.169363][T17833]  ? __pfx_kthread+0x10/0x10
[ 1405.174008][T17833]  ret_from_fork+0x3fc/0x770
[ 1405.178648][T17833]  ? __pfx_ret_from_fork+0x10/0x10
[ 1405.183794][T17833]  ? __switch_to_asm+0x39/0x70
[ 1405.188593][T17833]  ? __switch_to_asm+0x33/0x70
[ 1405.193441][T17833]  ? __pfx_kthread+0x10/0x10
[ 1405.198081][T17833]  ret_from_fork_asm+0x1a/0x30
[ 1405.202898][T17833]  </TASK>
[ 1405.206228][T17833] Kernel Offset: disabled
[ 1405.210696][T17833] Rebooting in 86400 seconds..