last executing test programs:

9.629386797s ago: executing program 0 (id=5304):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="000000000000000018000000000000008e0b"], 0x6fb})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0xa)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioctl$KVM_GET_SUPPORTED_CPUID(r4, 0xc008ae05, &(0x7f0000000040)=""/128)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0xb6d}]})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_wakeup_irq', 0x40, 0x101)
io_setup(0x6, &(0x7f00000007c0)=<r7=>0x0)
io_submit(r7, 0x2, &(0x7f0000000280)=[&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0xa, r6, 0x0, 0x4000, 0x7fe, 0x0, 0x0, r6}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x7, r6, 0x0, 0x0, 0x1, 0x0, 0x3, r6}])
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x8, 0x3, 0xd, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x5}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x2000001, 0x0, 0x2004cb, 0x0, 0x0, 0x68ff, 0x5, 0x0, 0x3], 0x1, 0x202})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x34, 0xb, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008801}, 0x48110)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.205232737s ago: executing program 0 (id=5306):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
execve(0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x80})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
connect$rds(r3, &(0x7f00000003c0)={0x2, 0x4e23, @broadcast}, 0x10)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4f3, 0x74d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0xba, 0x7}}}}}]}}]}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@bridge_getneigh={0x20, 0x1e, 0xd01, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0xa001, 0x45001}}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1, 0x0, 0x0, 0x2000000}, 0x20)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x19, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000084000000060a010400000000000000000100000008000b40000000005c000480340001800b000100657874686472000024000280080001400000000b080003400000000008000440000000300500020007000000240001800b0001007470726f78790000140002800800034000000016080001400000000a09"], 0xf8}}, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000001040)={{0x12, 0x1, 0x200, 0x29, 0x63, 0x90, 0x10, 0x1a86, 0x752d, 0x2d4d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x1, 0xe9, 0x11, 0xbd, 0x0, [], [{{0x9, 0x5, 0xc, 0x3, 0x10, 0x3, 0xf, 0x2}}]}}]}}]}}, 0x0)

5.985353012s ago: executing program 0 (id=5318):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
poll(&(0x7f0000002480)=[{r0, 0x4400}], 0x1, 0x3ff) (async)
poll(&(0x7f0000002480)=[{r0, 0x4400}], 0x1, 0x3ff)
write$FUSE_NOTIFY_RESEND(r0, &(0x7f00000046c0)={0x14}, 0x14) (async)
write$FUSE_NOTIFY_RESEND(r0, &(0x7f00000046c0)={0x14}, 0x14)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socket$kcm(0x10, 0x100000000002, 0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2)
openat$sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
creat(&(0x7f0000000380)='./file0\x00', 0x8a)
syz_open_procfs(0x0, &(0x7f0000000080)='net/kcm\x00') (async)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/kcm\x00')
lseek(r3, 0x2000, 0x0) (async)
lseek(r3, 0x2000, 0x0)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
socket$kcm(0x10, 0x5, 0x4) (async)
r5 = socket$kcm(0x10, 0x5, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f0000000100)=r6, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000440)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000500)=ANY=[@ANYBLOB="cf702e8cf675aaaaaaaaaabb86dd6000000000303afffe880000000000000000000000000001ff0200000000000000000000000000018900907800000000fe800000000000000000000000000000fe8000000000000000000000000000000201703b744dc5c6f6c4efdc989492e9d1e4e4629b439be3cfaa189ec359a46a6e1b2fecf03afc16dcdc53f8f77645d295b9b187302cfde592efdf25a11ed0d722f94cc7502e749006404ae6f1ebaf9c3e91c7535f1dfdc11c4e449cfb6c3480ca3bc06337a895b3888936a60523ef17b96cedb38166b8303542a86088a1d95aa3f55add3ac343c4dd0a42afb584b8261dc174be07556147bc90f888c07b7b20b49689c2279526e04c0ecfb379f95e0aad1d7db8ea7f2955095dfb"], 0x0)
r7 = syz_usb_connect(0x4, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io(r7, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="201006000000065f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x2c, &(0x7f0000000640)=ANY=[@ANYBLOB="40166c4297f619694c006ee2b45b00000061b3a5df7506155bdee8d4e55aefdcda42d15dd11490bca00f0000000000004392ac4d58c3e903fac233451b37220a2e152a9cd57bf11bd3a76498d7408995064dacd25a49c6d1804bdcafaf0fbdd1269dbee965f94f7ccb40a1a4"], 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x2c, &(0x7f0000000640)=ANY=[@ANYBLOB="40166c4297f619694c006ee2b45b00000061b3a5df7506155bdee8d4e55aefdcda42d15dd11490bca00f0000000000004392ac4d58c3e903fac233451b37220a2e152a9cd57bf11bd3a76498d7408995064dacd25a49c6d1804bdcafaf0fbdd1269dbee965f94f7ccb40a1a4"], 0x0, 0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x7)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) (async)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
read$FUSE(r8, 0x0, 0x0)
write$FUSE_INIT(r8, 0x0, 0x0)
syz_fuse_handle_req(r8, &(0x7f0000004700)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, 0x0)

5.878882618s ago: executing program 0 (id=5320):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000380)={'erspan0\x00', 0x0})
syz_usb_connect$uac1(0x0, 0xb0, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000206b1d010140000102030109029e0003010230000904000000010100000a24010600310201020b2407030100077cf5354e08240504032920ec082405024045cf7b0a2407010400008c8e58090401000001020000090c0101010102000009050109ff030803dd072501020cf7ff090402000001020000090402010101020000072401800f04000b24020101040901ec27ab08240201070405070905820910"], 0x0)

5.527961339s ago: executing program 4 (id=5321):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect(0x5, 0x164, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000080)=0x80000003)
r7 = dup2(r6, r6)
read$FUSE(r7, &(0x7f00000063c0)={0x2020}, 0x2020)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r8}, 0x18)
connect$can_j1939(r3, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0, 0x2}, 0x1}, 0x18)
sendmsg$can_j1939(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
r9 = fcntl$dupfd(r3, 0x406, r3)
socket$packet(0x11, 0x3, 0x300)
bind$can_j1939(r9, &(0x7f0000000380)={0x1d, r8, 0x2, {0x0, 0xff, 0x3}, 0xfe}, 0x18)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r9)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r10, 0x0, 0x3}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

4.241570074s ago: executing program 1 (id=5326):
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff28}, 0x50) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0) (async)
brk(0x400000ffc000) (async)
r3 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x80086601, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'gretap0\x00', &(0x7f0000000440)={'erspan0\x00', 0x0, 0x10, 0x80, 0xdd7, 0x2, {{0x18, 0x4, 0x1, 0x9, 0x60, 0x67, 0x0, 0x2, 0x4, 0x0, @local, @rand_addr=0x64010101, {[@timestamp_prespec={0x44, 0xc, 0x9, 0x3, 0x9, [{@multicast1, 0x2}]}, @cipso={0x86, 0x40, 0x0, [{0x5, 0x11, "61853379342bf9bc837101084905ae"}, {0x2, 0x6, "9b2f6985"}, {0x7, 0x6, "29d6b434"}, {0x2, 0x9, "4107220cb4ea41"}, {0x2, 0x8, "5c99b53f102e"}, {0x1, 0xc, "434c36e509a5c1062086"}]}]}}}}}) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}) (async)
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) (async)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) (async)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
writev(r8, &(0x7f0000000940)=[{0x0}, {0x0}, {&(0x7f0000000300)="7bd9a4c05ab5ea367a275ebe0ff68bbf53", 0x11}, {0x0}, {&(0x7f0000000840)="ce827518f8c45ecf391368d20c797d3555eb1504e0cb8f13f63d8bd6289d4cbbfa123a299dcabbed4c056d60b91aaa316cf1cf69491528a188b04f5540c74fde2d6d535fcc0eb3b3714d7286473ef89e4fb8b4d6baff09259745db9663ae370064", 0x61}], 0x5)

4.173936998s ago: executing program 1 (id=5327):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000050a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001"], 0x110}, 0x1, 0x0, 0x0, 0x10}, 0x0)

3.982989059s ago: executing program 1 (id=5328):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ppoll(&(0x7f0000000100)=[{r0, 0x1}], 0x1, 0x0, 0x0, 0x0)
write$P9_RSTATu(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="580400007d030000051703004000fffe0000000000000800000000000000000078a0090000000000000008000000000000001b00046e6f6465767b65766f6f7e2539c60005000037d93a8b92000000600275aff540c602007dfa673effeb09b5351f5bde05400097f7502e7b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e165e12cea48597c664646c9a70f3e49253371c0423877458ce943c5ef03b914651fa3b84f41696b90141623d7c143441930dff256f6e8d4835d9b3ba5a7744b50be209678378326184f4ac3e0c3681bb95075f3847d2b732cd9bd96fb984d84e69ba9922793d2638486d6780e0b852365f038b00c11c5d4590843bc72a59fa4a373129e32382a15cf6c885709fa1a73448d94de89651ec28c3bdcc3d3b959bd7ed071ab5a5be0fa291cf115abf084c7bdfa150cb8e4aae2d85457a9af02742343c13ae143cebf987b2248806b459b5a5fdd5aa5bb90a57ee1f4e3544bd6d1b4ca137975738080c468674a6b73a3df28256e070033212c277b1dc17581f4c6dddef3aae3ad6dcaedf4f67fdd3794832f894d106c9e8dfcd263cc09c05c15e6c4bfb0df6d5ad607ee0705eacc8a20aafefc22885fb61ef57bc80c3054027460f647d123d48a5ffc6738abe1c940099678452dca5cc176b6b66dca565ee78325b921646ea0d8600f1e2f7dfcd060d4b7fef2e0cdd3745e909a14aa035703e86dd95b3c824f3e7b24fb287fe8b3e3197732f2638aec8d6fa59da7c144b3a1245b2b35210a0e6c3ab21eea23a4de23f2718a08228f12648af5b29f91db227e7afa034df13c5fbf106b97a3002484b4abbf7168c3321833fee63399ad1ebb7dd07bd7748c8387f6d504bfb9882c928b4195baf7b835aa7006e4b3d8b751ece41fc818bc5eeee69732e2129143003c2c8934b204"], 0x458)

3.055401584s ago: executing program 1 (id=5331):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x7c, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x57, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0x0, 0xfd, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x7c}, 0x1, 0xb00000000000000, 0x0, 0xc0}, 0x0)

2.944980827s ago: executing program 1 (id=5332):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x4, 0x1)
inotify_init()
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000180)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x795, 0x3a, '/\\', 0x3a, '', 0x3a, './file0'}, 0x29)
syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f00000002c0)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, r5)
keyctl$read(0xb, r5, &(0x7f0000000000)=""/14, 0xe)
syz_io_uring_submit(r3, r4, &(0x7f0000000480)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000740)=[{0x0}, {0x0}], 0x2, 0x0, 0x3f0}, 0x0, 0x10, 0x1})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)

2.609587244s ago: executing program 0 (id=5333):
socket$inet(0x2, 0xa, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES8=r1, @ANYRES64=r0], 0x14}}, 0x0)

1.857409445s ago: executing program 2 (id=5339):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0xdc, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x58, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @empty}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @remote}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x31}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x6}, @CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00'}]}, @CTA_NAT_SRC={0x8c, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}]}]}, 0xdc}}, 0x0)

1.821979632s ago: executing program 2 (id=5341):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@binder={0x73622a85, 0x100a, 0x3}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@binder={0x73622a85, 0xb}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0xfc, 0x0, 0x0})

1.750379876s ago: executing program 2 (id=5342):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000000280))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc03fe}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0)
ioctl$KVM_SET_CLOCK(r4, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000000))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0x4c800}, 0x4000054)
socket(0x400000000010, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.522207818s ago: executing program 0 (id=5343):
syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="1a010000c166a0108304341276ff01020301090212000100a28cc2b249501c7a13624f70"], 0x0)
set_mempolicy(0x3, &(0x7f0000000100)=0x8000000000000001, 0x9)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x60) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001640)=ANY=[@ANYBLOB="300000003e000100fcff07000400000001000000040000000c00028008001080040008800c0002000000000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
sched_setattr(0x0, 0x0, 0x0) (rerun: 64)
r3 = socket$alg(0x26, 0x5, 0x0) (async)
r4 = socket(0x8000000010, 0x2, 0x0) (async)
r5 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
syz_usb_control_io$hid(r5, 0x0, 0x0) (rerun: 32)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r6, 0x5b02, 0x0) (async)
write(r4, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x0, {0x2, 0x4e20, @rand_addr=0x64010102}})
bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) (async, rerun: 64)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) (async, rerun: 64)
syz_usb_connect$uac1(0x0, 0xb0, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000206b1d010140000102030109029e0003010230000904000000010100000a24010600310201020b2407030100077cf5354e08240504"], 0x0) (async)
ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x8108551b, 0x0) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) (async)
accept4(r3, 0x0, 0x0, 0x0)

1.521892304s ago: executing program 4 (id=5344):
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x20040404}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback={0x63656563}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}}, 0x0)

1.300277445s ago: executing program 2 (id=5345):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r3 = fcntl$dupfd(r1, 0x0, r1)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))

1.197677994s ago: executing program 4 (id=5346):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x240182, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000000)=0xb79)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000002c00)=@buf={0x500, &(0x7f0000002bc0)})
r3 = socket$unix(0x1, 0x5, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r6, 0x0)
r7 = syz_io_uring_setup(0x1237, &(0x7f0000000400)={0x0, 0x2080fd, 0x2000, 0x3, 0x2b9}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000200)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000380)=0xab48371d50cd08ec)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_SHUTDOWN={0x22, 0x1, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r11}})
io_uring_enter(r7, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
r13 = dup2(r12, 0xffffffffffffffff)
openat(r13, &(0x7f00000000c0)='./file0\x00', 0x10803, 0x64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_ADD(r13, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000640)={0x1d8, 0x9, 0x6, 0x606, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x10001}, @IPSET_ATTR_ADT={0x58, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x67}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x88}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x7}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x3}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x1}}]}, @IPSET_ATTR_ADT={0x54, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0xffff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x7}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x99}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @IPSET_ATTR_ADT={0x3c, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}}]}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_COMMENT={0x5, 0x1a, '\x00'}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x1}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_ADT={0x30, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x1}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0xffffffffffffffd0}}]}, @IPSET_ATTR_ADT={0x5c, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x800}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x3}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @loopback}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x4040005}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b40)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2e, 0xffffffff, {0x0, 0x0, 0x0, r14, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x1, 0xfffffffd, 0x7fff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004081}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x121, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0x9, 0xa}, {0xfffa, 0xfff1}, {0x1, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x4041080)

1.149744788s ago: executing program 2 (id=5347):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x0, 0x4004804)

1.121495736s ago: executing program 1 (id=5348):
r0 = syz_io_uring_setup(0x24f1, &(0x7f0000000080)={0x0, 0x89aa, 0x10100, 0x0, 0xe6}, &(0x7f0000000300), &(0x7f0000000380))
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020207325000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0xfff, r0, 0x2d, {0x6, 0x5}, 0x6}, 0x1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x98, 0x37, 0x57, 0x20, 0x6e1, 0xa155, 0xb615, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x10, 0x20, 0x8, [{{0x9, 0x4, 0xa, 0x7, 0x1, 0x3, 0x0, 0x0, 0x4, [], [{{0x9, 0x5, 0xa, 0x3, 0x200, 0xd, 0x6, 0x5}}]}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0})

1.090130432s ago: executing program 2 (id=5349):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f0000000780)=[{{&(0x7f0000000300)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c00000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000844)
r3 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@fadd={0x58, 0x114, 0x6, {{0x4, 0x3634d4ca}, &(0x7f0000000140)=0x10000, &(0x7f0000000200)=0x3, 0x5, 0x400, 0x6, 0x5, 0x4, 0x5}}], 0x58}, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r6}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r10=>0x0)
io_pgetevents(r10, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000700)={0x77359400}, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)

750.632472ms ago: executing program 3 (id=5352):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x1001, 0x3}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@binder={0x73622a85, 0xb}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000100)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000c40)={0x4c, 0x0, &(0x7f0000000780)=[@transaction_sg={0x400c6313, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x200000000000000}], 0x0, 0x0, 0x0})

637.377643ms ago: executing program 3 (id=5353):
r0 = socket$inet(0x2, 0x2, 0x0)
sendmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000180)="d33f87fa7d134326ff27ea4076a5239e06c2f64aeea7e2cc65f473621f2abd056c7046dee6867ca2aa2e8bd120457bdd0e7a59a6ca4f8c65c6f4eb83f230ecb9dad6507f4e68df3c34974f6eacb88cf7651a55011dd9fe9b0f555b918911e100143ede16863521de90d9009f68918a983a80790963c1cf639fc6c3e255c0e971ac8abbc90a3d4a07d96c52528c8a36bb7609f8c404b0811a23124ef302d9d57be4c4cc340de7fe09080852d21ff85012aa097f7c55537a336113dded9c376e8005c6cfc2c675576766143b4b58d4bc30a448327c2fd007fbb0405c0d9f6a3be21b623e8ac234448708fe83cb378cddac07eec50f60f38067d09c84", 0xfb}, {&(0x7f0000000080)="7e838e8953e3d7bbc4c64123117be8388359bb960cd4ba2eec58ce201f20b63575a21c731d3bbf595e37f021191d2e74c1ec7466fdf09f39", 0x38}, {&(0x7f0000000280)="fab7294aeea3d5e1f5f2e7f1b41793c994a6394899c33100c739177964f02dee24e78454748a5ef8139c4daf5892feb28a2e120402ccd04b93c25b2573e17fe8255b3081e15a67579e61e448046fc08ade312464e8c25c400a35a5ff04a71473315d7348cd03cffe11068a549660cc4df078f12b8d7981705d20463d78a7fa5f50b3605197cc9136415cecf1d3d36f9140e5f9368606289587dad5ba5c57acecfcc8cefebe64edfba845fb488e393c1ad3023c63d01f3fbbb1221e18ebf2f000add4072f94abf92e5342d08b0b4166", 0xcf}, {&(0x7f0000000480)="a2b4b1003459abe4ecd2554c416a7feac8acb28a4dffe17169df425ac88472d2c4f43b1d73c3a441073cfb0d84bf8ea626609500921453cadcecc034d1d067959ec901fc6c016656f901a27d4580343b3a6d6e94977087c1b72bbd8aef54d8655e2977129021ee5d8bf49124f7f325ec4d3cc10739419272a8e2a1168bae74f77c76fdbe69e1b0442b33d56a35b57661235550a29d33908a840dde41dbabc2a0092cd5c569ea5312246453326f21a98102020d8e8ec04e74a67b5f5738d35fef1bf1db300611b04bc0aec136733655233aba20f8b2b25151e413056331183f4e54583579daf7f46c4aaccaa95c4e69c70415384c030387e6300616f4fb", 0xfd}, {&(0x7f00000000c0)="f40080a65503aed09824053fa27a92b899da233106fa286dab622abdb356a5cb439d69e22f96325da03ae73e0a08e07f712e301e39d6012f043b818316824359deb23e410881d9622ad06c27056e5503b6d747848af5554a2eb4c569bf6892b02372f0c8502d7d5b7ce61715591073f91b939e1a2f033e2a1ce453c915190d43", 0x80}], 0x5, &(0x7f0000000780)=[{0xf8, 0x109, 0x0, "85669e416a1ad2a05ed49736df4b6834ca5cb0aabd1881a2646ca803e8fd0c2f009346f47eb734bd7c87a0c27cf652e4fa50bb8504cededa2282aa991a5dde3f5d2f9071fc4c4287a4729493c41d82c152687a87237d7c38bce8f651e9bb19d76375b397225b0477ecfd7ec1e00c96f74dc75bf2928fbabc6123ce24a8ae11544cacb3d28bcc12dd97609ac16cf875d1e35f8cef20e04bc78dd4fe2807b9d6aaaf1e73c9010156ded8db2ea62f732359de0a1de3424d6fdaeaf82047ef2e7284c4564a89725e38705bc4aaed3611d2dcd16bf8b867d77cdd36d9411d830007d33f525a5dd6"}, {0xe0, 0x3a, 0x80000000, "e238ed57b111ded445466718f2d788a3bf34a4b1c391c2cf691b6fd117e8c94c1b0567436686d407b4cd99d85d90e96805961d1851aff2292624d4c172ed610866f2706c914755acda129553a1ed450ae79df7470c08206c942b8c3b31e88db455ac066ebbb62438e99ec8692e533737b38bcfd7c61bafc9476c03302a97c59a037fe06ce8c5eecbfe21e315127cb8a0cfc95d00201d7a0bd6ca4a83ffe6e4b43cc7a5adbcd3248de2204882a26bac26069a46101992fe19deb9112d6aebefe9fe73cbff7bdc4ed24425db"}, {0xa0, 0x10d, 0x2, "517362d128275de32a6bd7454b4b0a18b43b1e2c5ccef375b44c6f8a04d2db99de7606a484a34740b45d780a96f8c6b82cd4fa8f3f2122fd4be87a4b53671e75eae8e0034982e89c0859ccfd9de7e2f3cb129c3194ebdbf91d561e50d2dcaec7f17c2951e3825f421cf87c1929080ee1a2dd7085a20aecd6ccfdd50181860e87c14b94d6f6f7e81db606524d0260"}, {0x48, 0x10b, 0x8, "166ef452971620415c14f9d01f7d13d2631d93e85e48e85968801c724b54013c599758e1f8fe97a0a541756cc09ed967f67608"}, {0x80, 0x11, 0x8, "e5a7623f441444adc4f2f04478972276e5660464bd14a18dbdc48d524fe60f30a2cc47414e659d96952703f3c84c510605e706cf1d381e98a1c2d64bb39730f5d0d56f3776188a17d7181df64b9bb9edc8c6694797acfb7925b326616b4b04cc8c5d1eeb637cecd498f91d9704af29"}], 0x340}}], 0x1, 0x20000880)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x60240)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064d1, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000040)=[0x0]})
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

622.504089ms ago: executing program 3 (id=5354):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1ff}, [@map_val={0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000500)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6400, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)

547.077344ms ago: executing program 3 (id=5355):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000000280))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc03fe}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x14, r6, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0)
ioctl$KVM_SET_CLOCK(r4, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000000))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0x4c800}, 0x4000054)
socket(0x400000000010, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

359.575235ms ago: executing program 3 (id=5356):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x106}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_FD0={0x8, 0x1, @udp6=r1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

245.419289ms ago: executing program 4 (id=5357):
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x7}}}, 0x24}}, 0x10048080)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xfff3}, {}, {0x8, 0xffe5}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xfff3, 0x4}}]}}]}, 0x38}}, 0x4004001)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

173.770214ms ago: executing program 4 (id=5358):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ustat(0x1, &(0x7f0000000000))
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="bc010000190001000000000000000000fc020000000000000000000000000000e00000020000000000000000000000000000000300000000020000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff04010500fe800000000000000000000000000013000000003200000000000000ac1414aa000000000000000000000000000000000000ff00000000000000000001000000fc020000000000000000000000000000000000003200000000000000fc010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000003c0000000200000000000000000000000000000000000000000000000103000000000000000000000000000000000000000000000000ffff64010101000004d43c00"], 0x1bc}}, 0x50)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000200)={0x1})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0})
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r1, {r3, r4}}, './file0\x00'})
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x4e21, 0x9, 0x4e22, 0x8, 0xa, 0x20, 0x0, 0x72, 0x0, r3}, {0x4, 0x5, 0x5, 0x3f6ccfaf, 0x9, 0x4, 0x552, 0x2}, {0x9, 0x1, 0x7fffffff, 0x200}, 0x3, 0x0, 0x2, 0x1, 0x3, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x80}, 0x4d5, 0x33}, 0x2, @in=@loopback, 0x3503, 0x4, 0x0, 0x3, 0x9, 0x5, 0x5}}, 0xe8)

68.250692ms ago: executing program 3 (id=5359):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x0, 0x4004804)

0s ago: executing program 4 (id=5360):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_open_dev$vbi(0x0, 0x0, 0x2)
accept4(r2, 0x0, &(0x7f0000000200), 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2$watch_queue(0x0, 0x80)
prctl$PR_GET_ENDIAN(0x13, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000000680)={0x9, {"a2e3ad214fc752f91b29090942f70e0dd038e7ff7fc6e5539b324c078b089b34313b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd736d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25987969a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e89198f595dc4d470e01002a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d0db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="38000000010201"], 0x38}}, 0x0)
recvmmsg(r0, &(0x7f0000002d00), 0x0, 0x20, 0x0)
r6 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r7, 0x8004f50c, &(0x7f0000000000))
ftruncate(r6, 0x74c893df)

kernel console output (not intermixed with test programs):

with driver usbhid failed with error -71
[ 1057.317788][T18869] usb 4-1: USB disconnect, device number 54
[ 1057.360341][   T24] vhci_hcd: vhci_device speed not set
[ 1057.366913][ T5916] usb 3-1: USB disconnect, device number 58
[ 1057.559605][   T43] usb 2-1: USB disconnect, device number 49
[ 1057.585277][T21189] usb usb8: usbfs: process 21189 (syz.4.4882) did not claim interface 0 before use
[ 1057.704682][ T5916] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[ 1057.753374][T21191] FAULT_INJECTION: forcing a failure.
[ 1057.753374][T21191] name failslab, interval 1, probability 0, space 0, times 0
[ 1057.767404][T21191] CPU: 1 UID: 0 PID: 21191 Comm: syz.1.4883 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1057.767430][T21191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1057.767440][T21191] Call Trace:
[ 1057.767446][T21191]  <TASK>
[ 1057.767454][T21191]  dump_stack_lvl+0x189/0x250
[ 1057.767482][T21191]  ? __pfx____ratelimit+0x10/0x10
[ 1057.767508][T21191]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1057.767533][T21191]  ? __pfx__printk+0x10/0x10
[ 1057.767557][T21191]  ? __pfx___might_resched+0x10/0x10
[ 1057.767582][T21191]  ? fs_reclaim_acquire+0x7d/0x100
[ 1057.767607][T21191]  should_fail_ex+0x414/0x560
[ 1057.767633][T21191]  should_failslab+0xa8/0x100
[ 1057.767654][T21191]  __kmalloc_noprof+0xcb/0x4f0
[ 1057.767671][T21191]  ? snd_pcm_hw_refine+0x967/0x1640
[ 1057.767697][T21191]  snd_pcm_hw_refine+0x967/0x1640
[ 1057.767734][T21191]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[ 1057.767803][T21191]  snd_pcm_hw_param_first+0x3e9/0xaf0
[ 1057.767831][T21191]  ? trace_hw_mask_param+0x8a/0x200
[ 1057.767855][T21191]  snd_pcm_hw_params+0x549/0x1c90
[ 1057.767881][T21191]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1057.767912][T21191]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[ 1057.767949][T21191]  snd_pcm_oss_change_params_locked+0x21cb/0x3e40
[ 1057.768011][T21191]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1057.768033][T21191]  ? snd_pcm_oss_write+0x28f/0x11a0
[ 1057.768059][T21191]  ? aa_file_perm+0x3e7/0xed0
[ 1057.768095][T21191]  snd_pcm_oss_write+0x2fb/0x11a0
[ 1057.768137][T21191]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1057.768161][T21191]  ? bpf_lsm_file_permission+0x9/0x20
[ 1057.768184][T21191]  ? security_file_permission+0x75/0x290
[ 1057.768202][T21191]  ? rw_verify_area+0x258/0x650
[ 1057.768224][T21191]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1057.768248][T21191]  vfs_write+0x27e/0xa90
[ 1057.768276][T21191]  ? __pfx_vfs_write+0x10/0x10
[ 1057.768299][T21191]  ? __fget_files+0x2a/0x420
[ 1057.768317][T21191]  ? __fget_files+0x2a/0x420
[ 1057.768331][T21191]  ? __fget_files+0x3a0/0x420
[ 1057.768345][T21191]  ? __fget_files+0x2a/0x420
[ 1057.768367][T21191]  ksys_write+0x145/0x250
[ 1057.768383][T21191]  ? __pfx_ksys_write+0x10/0x10
[ 1057.768401][T21191]  ? do_syscall_64+0xbe/0x3b0
[ 1057.768424][T21191]  do_syscall_64+0xfa/0x3b0
[ 1057.768443][T21191]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1057.768462][T21191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1057.768476][T21191]  ? clear_bhb_loop+0x60/0xb0
[ 1057.768494][T21191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1057.768508][T21191] RIP: 0033:0x7fba2af8e929
[ 1057.768522][T21191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1057.768534][T21191] RSP: 002b:00007fba2be6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1057.768550][T21191] RAX: ffffffffffffffda RBX: 00007fba2b1b5fa0 RCX: 00007fba2af8e929
[ 1057.768561][T21191] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000003
[ 1057.768571][T21191] RBP: 00007fba2be6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1057.768581][T21191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1057.768590][T21191] R13: 0000000000000000 R14: 00007fba2b1b5fa0 R15: 00007fba2b2dfa28
[ 1057.768614][T21191]  </TASK>
[ 1058.081350][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1059.042958][T21211] batadv_slave_1: entered allmulticast mode
[ 1059.094356][T21210] batadv_slave_1: left allmulticast mode
[ 1059.286020][T21214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4890'.
[ 1059.680787][T21223] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4893'.
[ 1060.186268][T21239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4899'.
[ 1060.209735][T21239] macsec2: entered allmulticast mode
[ 1060.720197][T18869] usb 4-1: new full-speed USB device number 55 using dummy_hcd
[ 1060.748276][T21249] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4902'.
[ 1060.800850][T21249] vlan3: entered promiscuous mode
[ 1060.824403][T21249] team0: entered promiscuous mode
[ 1060.840278][T21249] team_slave_0: entered promiscuous mode
[ 1061.020517][T21249] team_slave_1: entered promiscuous mode
[ 1061.051479][T18869] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1061.076517][T18869] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1061.133311][T18869] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1061.153557][T18869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1061.174154][T18869] usb 4-1: SerialNumber: syz
[ 1061.186225][T18869] usb 4-1: bad CDC descriptors
[ 1061.203518][T18869] usb-storage 4-1:1.0: USB Mass Storage device detected
[ 1061.216582][T18869] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1061.394788][T18869] usb 4-1: USB disconnect, device number 55
[ 1062.340339][T18869] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1062.388198][T21270] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1062.522732][T18869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1062.532917][T18869] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1062.549298][T18869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.567543][T18869] usb 3-1: config 0 descriptor??
[ 1062.797016][T21285] Cannot find add_set index 0 as target
[ 1063.055692][T18869] logitech-djreceiver 0003:046D:C71F.0029: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.2-1/input0
[ 1063.197500][T21304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4912'.
[ 1063.232304][   T43] usb 3-1: USB disconnect, device number 59
[ 1063.271734][T21304] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1063.321160][   T24] usb 5-1: new low-speed USB device number 46 using dummy_hcd
[ 1063.491718][   T24] usb 5-1: device descriptor read/64, error -71
[ 1063.780135][   T24] usb 5-1: new low-speed USB device number 47 using dummy_hcd
[ 1063.783773][T21314] netlink: 'syz.2.4921': attribute type 12 has an invalid length.
[ 1063.910069][   T24] usb 5-1: device descriptor read/64, error -71
[ 1064.040665][   T24] usb usb5-port1: attempt power cycle
[ 1064.280175][   T43] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1064.390195][   T24] usb 5-1: new low-speed USB device number 48 using dummy_hcd
[ 1064.451923][   T24] usb 5-1: device descriptor read/8, error -71
[ 1064.476136][   T43] usb 3-1: config 0 has no interfaces?
[ 1064.487841][T21332] sctp: [Deprecated]: syz.0.4924 (pid 21332) Use of int in maxseg socket option.
[ 1064.487841][T21332] Use struct sctp_assoc_value instead
[ 1064.512888][T21332] netlink: 'syz.0.4924': attribute type 10 has an invalid length.
[ 1064.521764][T21332] team0: Device veth0_vlan is up. Set it down before adding it as a team port
[ 1064.773224][   T24] usb 5-1: new low-speed USB device number 49 using dummy_hcd
[ 1064.830094][   T24] usb 5-1: device descriptor read/8, error -71
[ 1064.975193][   T24] usb usb5-port1: unable to enumerate USB device
[ 1064.989572][   T43] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1065.032719][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1065.140236][T21338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4926'.
[ 1065.245058][T21343] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4929'.
[ 1065.285669][T21344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4928'.
[ 1065.300093][   T43] usb 3-1: Product: syz
[ 1065.321437][   T43] usb 3-1: Manufacturer: syz
[ 1065.336051][   T43] usb 3-1: SerialNumber: syz
[ 1065.402409][   T43] usb 3-1: config 0 descriptor??
[ 1065.920276][T18869] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1066.084423][T18869] usb 4-1: Using ep0 maxpacket: 8
[ 1066.126538][T18869] usb 4-1: config 0 has an invalid interface number: 117 but max is 2
[ 1066.147328][T18869] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 1066.236011][T18869] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 1066.260008][T18869] usb 4-1: config 0 has an invalid interface number: 204 but max is 2
[ 1066.286600][T21351] netlink: 'syz.4.4932': attribute type 12 has an invalid length.
[ 1066.303517][T18869] usb 4-1: config 0 has an invalid interface number: 96 but max is 2
[ 1066.327699][T18869] usb 4-1: config 0 has an invalid interface number: 135 but max is 2
[ 1066.358736][T18869] usb 4-1: config 0 has an invalid descriptor of length 142, skipping remainder of the config
[ 1066.460799][T18869] usb 4-1: config 0 has 5 interfaces, different from the descriptor's value: 3
[ 1066.529640][T18869] usb 4-1: config 0 has no interface number 0
[ 1066.545126][T21353] team0: Device gtp0 is of different type
[ 1066.568303][T18869] usb 4-1: config 0 has no interface number 1
[ 1066.618222][T18869] usb 4-1: config 0 has no interface number 3
[ 1066.660467][T18869] usb 4-1: config 0 has no interface number 4
[ 1066.693934][T18869] usb 4-1: config 0 interface 117 altsetting 100 has an invalid descriptor for endpoint zero, skipping
[ 1066.757968][T18869] usb 4-1: config 0 interface 117 altsetting 100 endpoint 0xD has invalid maxpacket 512, setting to 64
[ 1066.820210][T18869] usb 4-1: config 0 interface 117 altsetting 100 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[ 1066.831606][   T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1066.974865][T18869] usb 4-1: config 0 interface 117 altsetting 100 has an invalid descriptor for endpoint zero, skipping
[ 1066.986345][   T30] kauditd_printk_skb: 44 callbacks suppressed
[ 1066.986358][   T30] audit: type=1326 audit(1751211018.707:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.019563][ T5901] usb 3-1: USB disconnect, device number 60
[ 1067.046167][   T10] usb 5-1: Using ep0 maxpacket: 32
[ 1067.100217][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1067.111304][T18869] usb 4-1: config 0 interface 117 altsetting 100 has a duplicate endpoint with address 0xE, skipping
[ 1067.122613][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1067.133040][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1067.142093][T18869] usb 4-1: config 0 interface 117 altsetting 100 has a duplicate endpoint with address 0x1, skipping
[ 1067.153889][   T30] audit: type=1326 audit(1751211018.707:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.195521][   T10] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1067.209292][T18869] usb 4-1: config 0 interface 117 altsetting 100 has an invalid descriptor for endpoint zero, skipping
[ 1067.221224][T18869] usb 4-1: too many endpoints for config 0 interface 204 altsetting 84: 125, using maximum allowed: 30
[ 1067.237718][   T30] audit: type=1326 audit(1751211018.707:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.261208][T21363] xt_hashlimit: max too large, truncated to 1048576
[ 1067.282948][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1067.293025][T18869] usb 4-1: config 0 interface 204 altsetting 84 has 0 endpoint descriptors, different from the interface descriptor's value: 125
[ 1067.307108][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1067.316014][   T10] usb 5-1: Product: syz
[ 1067.321015][   T10] usb 5-1: Manufacturer: syz
[ 1067.325766][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[ 1067.337104][   T30] audit: type=1326 audit(1751211018.707:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.362602][   T10] usb 5-1: SerialNumber: syz
[ 1067.375583][T18869] usb 4-1: config 0 interface 96 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1067.386983][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0xB, skipping
[ 1067.397852][   T30] audit: type=1326 audit(1751211018.707:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.421780][T18869] usb 4-1: config 0 interface 96 altsetting 9 bulk endpoint 0x5 has invalid maxpacket 16
[ 1067.431914][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[ 1067.443022][   T30] audit: type=1326 audit(1751211018.707:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.465781][T18869] usb 4-1: config 0 interface 96 altsetting 9 has an endpoint descriptor with address 0xAF, changing to 0x8F
[ 1067.477625][T18869] usb 4-1: config 0 interface 96 altsetting 9 endpoint 0x8F has invalid maxpacket 57205, setting to 1024
[ 1067.489551][T18869] usb 4-1: config 0 interface 96 altsetting 9 bulk endpoint 0x8F has invalid maxpacket 1024
[ 1067.499769][   T30] audit: type=1326 audit(1751211018.707:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.499863][   T30] audit: type=1326 audit(1751211018.707:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.531550][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[ 1067.556757][   T30] audit: type=1326 audit(1751211018.737:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fba2af8d290 code=0x7ffc0000
[ 1067.579793][T18869] usb 4-1: config 0 interface 96 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1067.591330][T16252] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1067.591359][   T30] audit: type=1326 audit(1751211018.737:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21357 comm="syz.1.4935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1067.601725][   T10] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[ 1067.628927][   T10] cdc_ncm 5-1:1.0: bind() failure
[ 1067.636413][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[ 1067.650175][T18869] usb 4-1: config 0 interface 96 altsetting 9 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1067.664749][   T10] usb 5-1: USB disconnect, device number 50
[ 1067.673674][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x8E, skipping
[ 1067.691317][T18869] usb 4-1: config 0 interface 96 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[ 1067.705317][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0xB, skipping
[ 1067.716338][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[ 1067.728443][T18869] usb 4-1: config 0 interface 96 altsetting 9 has a duplicate endpoint with address 0x2, skipping
[ 1067.739449][T18869] usb 4-1: config 0 interface 96 altsetting 9 has 15 endpoint descriptors, different from the interface descriptor's value: 13
[ 1067.759431][T18869] usb 4-1: config 0 interface 135 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[ 1067.773066][T16252] usb 2-1: Using ep0 maxpacket: 8
[ 1067.781100][T18869] usb 4-1: too many endpoints for config 0 interface 2 altsetting 2: 165, using maximum allowed: 30
[ 1067.794868][T18869] usb 4-1: config 0 interface 2 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 165
[ 1067.809760][T18869] usb 4-1: config 0 interface 117 has no altsetting 0
[ 1067.819021][T18869] usb 4-1: config 0 interface 204 has no altsetting 0
[ 1067.826473][T16252] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 1067.835705][T16252] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1067.844069][T16252] usb 2-1: Product: syz
[ 1067.848244][T16252] usb 2-1: Manufacturer: syz
[ 1067.853496][T18869] usb 4-1: config 0 interface 96 has no altsetting 0
[ 1067.860874][T18869] usb 4-1: config 0 interface 135 has no altsetting 0
[ 1067.867664][T18869] usb 4-1: config 0 interface 2 has no altsetting 0
[ 1067.874403][T16252] usb 2-1: SerialNumber: syz
[ 1067.881642][T16252] usb 2-1: config 0 descriptor??
[ 1067.893447][T16252] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 1067.904087][T18869] usb 4-1: New USB device found, idVendor=08ca, idProduct=2016, bcdDevice=75.8c
[ 1067.913247][T18869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1067.921370][T18869] usb 4-1: Product: syz
[ 1067.925580][T18869] usb 4-1: Manufacturer: 倰
[ 1067.930371][T18869] usb 4-1: SerialNumber: syz
[ 1067.937953][T18869] usb 4-1: config 0 descriptor??
[ 1068.195868][T18869] usb 4-1: USB disconnect, device number 56
[ 1068.407190][T21375] netlink: 'syz.0.4942': attribute type 27 has an invalid length.
[ 1068.417032][   T43] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1068.421579][T21375] netlink: 'syz.0.4942': attribute type 3 has an invalid length.
[ 1068.434967][T21375] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4942'.
[ 1068.494758][T21364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1068.506614][T21364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1068.516331][T21364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1068.527394][T21364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1068.550818][   T10] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1068.570312][   T43] usb 5-1: Using ep0 maxpacket: 32
[ 1068.570824][T16252] gspca_sq930x: reg_w 0305 fd00 failed -71
[ 1068.579628][   T43] usb 5-1: config 7 has an invalid interface number: 136 but max is 2
[ 1068.592757][   T43] usb 5-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[ 1068.601537][   T43] usb 5-1: config 7 has an invalid interface number: 131 but max is 2
[ 1068.609703][   T43] usb 5-1: config 7 has an invalid interface number: 221 but max is 2
[ 1068.621244][   T43] usb 5-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[ 1068.631427][   T43] usb 5-1: config 7 has an invalid interface number: 74 but max is 2
[ 1068.639601][   T43] usb 5-1: config 7 has an invalid descriptor of length 90, skipping remainder of the config
[ 1068.655176][   T43] usb 5-1: config 7 has 4 interfaces, different from the descriptor's value: 3
[ 1068.664227][   T43] usb 5-1: config 7 has no interface number 0
[ 1068.670770][   T43] usb 5-1: config 7 has no interface number 1
[ 1068.676858][   T43] usb 5-1: config 7 has no interface number 2
[ 1068.684159][   T43] usb 5-1: config 7 has no interface number 3
[ 1068.690375][   T43] usb 5-1: config 7 interface 136 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[ 1068.701342][   T43] usb 5-1: config 7 interface 136 altsetting 1 has an endpoint descriptor with address 0x58, changing to 0x8
[ 1068.712971][   T43] usb 5-1: config 7 interface 136 altsetting 1 endpoint 0x8 has an invalid bInterval 43, changing to 7
[ 1068.721997][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1068.724552][   T43] usb 5-1: config 7 interface 136 altsetting 1 endpoint 0x8 has invalid maxpacket 9780, setting to 1024
[ 1068.746333][   T43] usb 5-1: config 7 interface 136 altsetting 1 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1068.754417][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1068.756855][   T43] usb 5-1: config 7 interface 136 altsetting 1 has a duplicate endpoint with address 0xE, skipping
[ 1068.784044][   T10] usb 3-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1068.792663][   T43] usb 5-1: config 7 interface 136 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 32
[ 1068.794297][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1068.805720][   T43] usb 5-1: config 7 interface 136 altsetting 1 has 10 endpoint descriptors, different from the interface descriptor's value: 14
[ 1068.827225][T21377] netlink: 'syz.3.4943': attribute type 12 has an invalid length.
[ 1068.828685][   T43] usb 5-1: too many endpoints for config 7 interface 131 altsetting 136: 249, using maximum allowed: 30
[ 1068.836995][   T10] usb 3-1: config 0 descriptor??
[ 1068.851427][   T43] usb 5-1: config 7 interface 131 altsetting 136 has a duplicate endpoint with address 0x5, skipping
[ 1068.851460][   T43] usb 5-1: config 7 interface 131 altsetting 136 endpoint 0x3 has invalid maxpacket 1007, setting to 64
[ 1068.851488][   T43] usb 5-1: config 7 interface 131 altsetting 136 has an endpoint descriptor with address 0xD3, changing to 0x83
[ 1068.886578][   T43] usb 5-1: config 7 interface 131 altsetting 136 has a duplicate endpoint with address 0x83, skipping
[ 1068.906201][   T43] usb 5-1: config 7 interface 131 altsetting 136 has a duplicate endpoint with address 0x4, skipping
[ 1068.917640][   T43] usb 5-1: config 7 interface 131 altsetting 136 has 6 endpoint descriptors, different from the interface descriptor's value: 249
[ 1068.935682][   T43] usb 5-1: config 7 interface 74 altsetting 4 has a duplicate endpoint with address 0xF, skipping
[ 1068.946656][   T43] usb 5-1: config 7 interface 74 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1068.962116][   T43] usb 5-1: config 7 interface 74 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[ 1068.976595][   T43] usb 5-1: config 7 interface 136 has no altsetting 0
[ 1068.986395][   T43] usb 5-1: config 7 interface 131 has no altsetting 0
[ 1068.994854][   T43] usb 5-1: config 7 interface 74 has no altsetting 0
[ 1069.024382][   T43] usb 5-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=3f.ee
[ 1069.050637][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.060348][   T43] usb 5-1: Manufacturer: 멆誔祇푱鴧孿ꓟ㙨客齿麥헓憟㑼㍩ഓﰚ別邂筽嫊맺቟ఘ鍅㯡ۯ僩꾗ꨑ젝వᦗ猵⍛껳뙎뀰𤋮∽疡Ⱎၙ辬❤䃾ἇ潩劙硠託彭뿊䋆㌫똸█㎵દ柚ඣ딼ා쌧薑췤ɟ枹譠ř욷͊麟䰥ｚ臣裢잖୧썻ڢ쪳빴䀘錜㠏㦢卡할攅茙ଇ햒뉯헯젲땮Ϸ
[ 1069.137569][   T43] usb 5-1: SerialNumber: syz
[ 1069.156389][T21369] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1069.185554][T21369] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1069.446875][   T43] powermate 5-1:7.136: probe with driver powermate failed with error -5
[ 1069.492716][   T43] powermate 5-1:7.131: probe with driver powermate failed with error -5
[ 1069.499986][T16252] gspca_sq930x: Unknown sensor
[ 1069.513213][   T10] usbhid 3-1:0.0: can't add hid device: -71
[ 1069.519359][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1069.522869][   T43] powermate 5-1:7.221: probe with driver powermate failed with error -22
[ 1069.539572][T16252] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[ 1069.555541][   T10] usb 3-1: USB disconnect, device number 61
[ 1069.575164][   T43] powermate 5-1:7.74: probe with driver powermate failed with error -22
[ 1069.581805][T16252] usb 2-1: USB disconnect, device number 50
[ 1069.618586][T21402] netlink: 'syz.0.4954': attribute type 12 has an invalid length.
[ 1069.641518][   T43] usb 5-1: USB disconnect, device number 51
[ 1070.221049][T21418] program syz.0.4957 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1070.313368][T21419] program syz.0.4957 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1071.006952][T21436] netlink: 'syz.3.4965': attribute type 12 has an invalid length.
[ 1071.550990][T21448] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4969'.
[ 1071.635039][T21451] FAULT_INJECTION: forcing a failure.
[ 1071.635039][T21451] name failslab, interval 1, probability 0, space 0, times 0
[ 1071.665113][T21451] CPU: 0 UID: 0 PID: 21451 Comm: syz.0.4970 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1071.665139][T21451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1071.665151][T21451] Call Trace:
[ 1071.665158][T21451]  <TASK>
[ 1071.665166][T21451]  dump_stack_lvl+0x189/0x250
[ 1071.665196][T21451]  ? __pfx____ratelimit+0x10/0x10
[ 1071.665220][T21451]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1071.665245][T21451]  ? __pfx__printk+0x10/0x10
[ 1071.665269][T21451]  ? __pfx___might_resched+0x10/0x10
[ 1071.665296][T21451]  should_fail_ex+0x414/0x560
[ 1071.665321][T21451]  should_failslab+0xa8/0x100
[ 1071.665342][T21451]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1071.665367][T21451]  ? sk_prot_alloc+0x57/0x220
[ 1071.665391][T21451]  sk_prot_alloc+0x57/0x220
[ 1071.665409][T21451]  ? sk_alloc+0x24/0x370
[ 1071.665429][T21451]  sk_alloc+0x3a/0x370
[ 1071.665454][T21451]  inet_create+0x76b/0x1000
[ 1071.665475][T21451]  ? inet_create+0x97/0x1000
[ 1071.665495][T21451]  __sock_create+0x4b3/0x9f0
[ 1071.665532][T21451]  udp_sock_create4+0xbe/0x4b0
[ 1071.665561][T21451]  ? __pfx_udp_sock_create4+0x10/0x10
[ 1071.665593][T21451]  gtp_create_sock+0x237/0x370
[ 1071.665621][T21451]  ? __pfx_gtp_create_sock+0x10/0x10
[ 1071.665667][T21451]  ? rcu_is_watching+0x15/0xb0
[ 1071.665692][T21451]  ? trace_kmalloc+0x1f/0xd0
[ 1071.665707][T21451]  ? __kmalloc_noprof+0x29b/0x4f0
[ 1071.665723][T21451]  ? gtp_newlink+0x283/0xf30
[ 1071.665749][T21451]  gtp_newlink+0x6ae/0xf30
[ 1071.665776][T21451]  ? __pfx_gtp_newlink+0x10/0x10
[ 1071.665801][T21451]  rtnl_newlink_create+0x310/0xb00
[ 1071.665836][T21451]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1071.665863][T21451]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1071.665880][T21451]  ? rtnl_newlink+0x8db/0x1c70
[ 1071.665901][T21451]  ? __pfx___mutex_lock+0x10/0x10
[ 1071.665936][T21451]  ? ns_capable+0x8a/0xf0
[ 1071.665963][T21451]  rtnl_newlink+0x16d6/0x1c70
[ 1071.665983][T21451]  ? netlink_sendmsg+0x805/0xb30
[ 1071.666015][T21451]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1071.666052][T21451]  ? kasan_quarantine_put+0xdd/0x220
[ 1071.666074][T21451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1071.666104][T21451]  ? nlmon_xmit+0xb0/0x100
[ 1071.666125][T21451]  ? kmem_cache_free+0x18f/0x400
[ 1071.666150][T21451]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1071.666174][T21451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1071.666198][T21451]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1071.666223][T21451]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1071.666251][T21451]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1071.666287][T21451]  ? __lock_acquire+0xab9/0xd20
[ 1071.666335][T21451]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1071.666351][T21451]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1071.666371][T21451]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1071.666388][T21451]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1071.666402][T21451]  ? ref_tracker_free+0x63a/0x7d0
[ 1071.666421][T21451]  ? __copy_skb_header+0xa7/0x550
[ 1071.666444][T21451]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1071.666465][T21451]  ? __skb_clone+0x63/0x7a0
[ 1071.666491][T21451]  netlink_rcv_skb+0x208/0x470
[ 1071.666511][T21451]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1071.666528][T21451]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1071.666558][T21451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1071.666576][T21451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1071.666599][T21451]  netlink_unicast+0x75b/0x8d0
[ 1071.666627][T21451]  netlink_sendmsg+0x805/0xb30
[ 1071.666656][T21451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1071.666680][T21451]  ? aa_sock_msg_perm+0x94/0x160
[ 1071.666704][T21451]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1071.666725][T21451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1071.666746][T21451]  __sock_sendmsg+0x219/0x270
[ 1071.666775][T21451]  ____sys_sendmsg+0x505/0x830
[ 1071.666802][T21451]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1071.666844][T21451]  ? import_iovec+0x74/0xa0
[ 1071.666866][T21451]  ___sys_sendmsg+0x21f/0x2a0
[ 1071.666890][T21451]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1071.666949][T21451]  ? __fget_files+0x2a/0x420
[ 1071.666968][T21451]  ? __fget_files+0x3a0/0x420
[ 1071.666999][T21451]  __x64_sys_sendmsg+0x19b/0x260
[ 1071.667023][T21451]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1071.667055][T21451]  ? __pfx_ksys_write+0x10/0x10
[ 1071.667070][T21451]  ? rcu_is_watching+0x15/0xb0
[ 1071.667100][T21451]  ? do_syscall_64+0xbe/0x3b0
[ 1071.667129][T21451]  do_syscall_64+0xfa/0x3b0
[ 1071.667152][T21451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1071.667175][T21451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1071.667193][T21451]  ? clear_bhb_loop+0x60/0xb0
[ 1071.667215][T21451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1071.667233][T21451] RIP: 0033:0x7fc5ec18e929
[ 1071.667250][T21451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1071.667265][T21451] RSP: 002b:00007fc5ed0c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1071.667284][T21451] RAX: ffffffffffffffda RBX: 00007fc5ec3b5fa0 RCX: 00007fc5ec18e929
[ 1071.667296][T21451] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1071.667307][T21451] RBP: 00007fc5ed0c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1071.667317][T21451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1071.667328][T21451] R13: 0000000000000000 R14: 00007fc5ec3b5fa0 R15: 00007fc5ec4dfa28
[ 1071.667355][T21451]  </TASK>
[ 1072.344289][   T30] kauditd_printk_skb: 143 callbacks suppressed
[ 1072.344308][   T30] audit: type=1326 audit(1751211024.067:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.375156][   T30] audit: type=1326 audit(1751211024.067:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.397839][   T30] audit: type=1326 audit(1751211024.067:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.423154][   T30] audit: type=1326 audit(1751211024.067:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.448142][   T30] audit: type=1326 audit(1751211024.067:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.454070][T21470] netlink: 'syz.2.4977': attribute type 12 has an invalid length.
[ 1072.471005][   T30] audit: type=1326 audit(1751211024.067:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.471057][   T30] audit: type=1326 audit(1751211024.067:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.471096][   T30] audit: type=1326 audit(1751211024.067:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.471135][   T30] audit: type=1326 audit(1751211024.067:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.471175][   T30] audit: type=1326 audit(1751211024.067:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21467 comm="syz.0.4976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1072.777476][T21476] FAULT_INJECTION: forcing a failure.
[ 1072.777476][T21476] name failslab, interval 1, probability 0, space 0, times 0
[ 1072.811636][T21476] CPU: 1 UID: 0 PID: 21476 Comm: syz.0.4978 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1072.811663][T21476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1072.811675][T21476] Call Trace:
[ 1072.811682][T21476]  <TASK>
[ 1072.811691][T21476]  dump_stack_lvl+0x189/0x250
[ 1072.811730][T21476]  ? __pfx____ratelimit+0x10/0x10
[ 1072.811756][T21476]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1072.811781][T21476]  ? __pfx__printk+0x10/0x10
[ 1072.811807][T21476]  ? __pfx___might_resched+0x10/0x10
[ 1072.811830][T21476]  ? fs_reclaim_acquire+0x7d/0x100
[ 1072.811853][T21476]  should_fail_ex+0x414/0x560
[ 1072.811879][T21476]  should_failslab+0xa8/0x100
[ 1072.811900][T21476]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1072.811918][T21476]  ? find_css_set+0x9d3/0x15e0
[ 1072.811948][T21476]  find_css_set+0x9d3/0x15e0
[ 1072.811988][T21476]  ? __pfx_find_css_set+0x10/0x10
[ 1072.812045][T21476]  cgroup_migrate_prepare_dst+0x130/0x700
[ 1072.812082][T21476]  cgroup_attach_task+0x5ae/0x970
[ 1072.812112][T21476]  ? cgroup_attach_task+0x1fb/0x970
[ 1072.812138][T21476]  ? __pfx_cgroup_attach_task+0x10/0x10
[ 1072.812161][T21476]  ? _raw_spin_unlock+0x28/0x50
[ 1072.812195][T21476]  ? cgroup_attach_permissions+0x4f0/0x9e0
[ 1072.812231][T21476]  __cgroup_procs_write+0x2a7/0x300
[ 1072.812269][T21476]  cgroup_procs_write+0x27/0x50
[ 1072.812290][T21476]  ? __pfx_cgroup_procs_write+0x10/0x10
[ 1072.812313][T21476]  cgroup_file_write+0x39b/0x740
[ 1072.812343][T21476]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1072.812380][T21476]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1072.812400][T21476]  kernfs_fop_write_iter+0x378/0x4f0
[ 1072.812455][T21476]  vfs_write+0x548/0xa90
[ 1072.812486][T21476]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1072.812513][T21476]  ? __pfx_vfs_write+0x10/0x10
[ 1072.812549][T21476]  ? __fget_files+0x2a/0x420
[ 1072.812580][T21476]  ksys_write+0x145/0x250
[ 1072.812600][T21476]  ? __pfx_ksys_write+0x10/0x10
[ 1072.812615][T21476]  ? rcu_is_watching+0x15/0xb0
[ 1072.812646][T21476]  ? do_syscall_64+0xbe/0x3b0
[ 1072.812675][T21476]  do_syscall_64+0xfa/0x3b0
[ 1072.812698][T21476]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1072.812727][T21476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1072.812744][T21476]  ? clear_bhb_loop+0x60/0xb0
[ 1072.812766][T21476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1072.812784][T21476] RIP: 0033:0x7fc5ec18e929
[ 1072.812802][T21476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1072.812818][T21476] RSP: 002b:00007fc5ed0c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1072.812838][T21476] RAX: ffffffffffffffda RBX: 00007fc5ec3b5fa0 RCX: 00007fc5ec18e929
[ 1072.812852][T21476] RDX: 0000000000000012 RSI: 00002000000005c0 RDI: 0000000000000004
[ 1072.812865][T21476] RBP: 00007fc5ed0c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1072.812876][T21476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1072.812887][T21476] R13: 0000000000000000 R14: 00007fc5ec3b5fa0 R15: 00007fc5ec4dfa28
[ 1072.812917][T21476]  </TASK>
[ 1073.680124][   T10] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1073.880726][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1073.928855][T21481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1073.951066][T21481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1075.335689][T21520] netlink: 'syz.1.4990': attribute type 12 has an invalid length.
[ 1075.667313][T21534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4992'.
[ 1075.952045][T21538] netlink: 312 bytes leftover after parsing attributes in process `syz.3.4994'.
[ 1076.102013][ T5916] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[ 1076.120851][ T5916] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[ 1076.407976][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1076.417640][   T10] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1076.519212][   T10] usb 3-1: can't read configurations, error -71
[ 1077.070256][T21560] openvswitch: netlink: Flow key attribute not present in set flow.
[ 1077.155488][T21561] syz.4.4997: attempt to access beyond end of device
[ 1077.155488][T21561] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1077.364244][T21573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5003'.
[ 1077.470130][   T43] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1077.680022][   T43] usb 2-1: Using ep0 maxpacket: 32
[ 1077.686980][   T43] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[ 1077.697194][   T43] usb 2-1: config 0 has no interface number 0
[ 1077.705067][   T43] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 528
[ 1077.722491][   T43] usb 2-1: New USB device found, idVendor=0403, idProduct=e548, bcdDevice=ad.d6
[ 1077.732135][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.740659][   T43] usb 2-1: Product: syz
[ 1077.744971][   T43] usb 2-1: Manufacturer: syz
[ 1077.749648][   T43] usb 2-1: SerialNumber: syz
[ 1077.761039][   T43] usb 2-1: config 0 descriptor??
[ 1077.771803][T21565] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1077.781903][   T43] ftdi_sio 2-1:0.151: FTDI USB Serial Device converter detected
[ 1077.793504][   T43] ftdi_sio ttyUSB0: unknown device type: 0xadd6
[ 1077.989257][   T43] usb 2-1: USB disconnect, device number 51
[ 1077.997248][   T43] ftdi_sio 2-1:0.151: device disconnected
[ 1078.081212][   T10] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1078.240716][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1078.256199][   T10] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[ 1078.266474][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1078.277189][   T10] usb 3-1: config 0 has no interface number 0
[ 1078.287052][   T10] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1078.307231][   T10] usb 3-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1078.333211][   T10] usb 3-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c
[ 1078.344625][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1078.453713][   T10] usb 3-1: Product: syz
[ 1078.462655][   T10] usb 3-1: Manufacturer: syz
[ 1078.479783][   T10] usb 3-1: SerialNumber: syz
[ 1078.517652][   T10] usb 3-1: config 0 descriptor??
[ 1078.535295][   T10] cypress_m8 3-1:0.35: Nokia CA-42 V2 Adapter converter detected
[ 1078.550200][   T43] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1078.573264][   T10] nokiaca42v2 ttyUSB0: required endpoint is missing
[ 1078.710119][   T43] usb 2-1: Using ep0 maxpacket: 16
[ 1078.731615][   T43] usb 2-1: config 0 has no interfaces?
[ 1078.738460][   T43] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1078.750887][   T10] usb 3-1: USB disconnect, device number 64
[ 1078.765167][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1078.780657][   T10] cypress_m8 3-1:0.35: device disconnected
[ 1078.802361][   T43] usb 2-1: SerialNumber: syz
[ 1078.823177][   T43] usb 2-1: config 0 descriptor??
[ 1079.200412][ T5916] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1079.556657][ T5916] usb 4-1: config 0 has no interfaces?
[ 1079.570535][ T5916] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1079.693450][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1079.702572][   T43] usb 2-1: USB disconnect, device number 52
[ 1079.726523][T21610] No such timeout policy "syz1"
[ 1079.792912][ T5916] usb 4-1: Product: syz
[ 1079.914461][ T5916] usb 4-1: Manufacturer: syz
[ 1079.919544][ T5916] usb 4-1: SerialNumber: syz
[ 1080.306335][ T5916] usb 4-1: config 0 descriptor??
[ 1080.644562][T21620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5017'.
[ 1080.723122][T21603] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1080.987000][T21625] Cannot find add_set index 0 as target
[ 1081.798303][T21642] binder: BINDER_SET_CONTEXT_MGR already set
[ 1081.819986][T21642] binder: 21641:21642 ioctl 4018620d 200000000280 returned -16
[ 1081.923793][T16252] usb 4-1: USB disconnect, device number 57
[ 1081.966751][T21642] binder: 21641:21642 ioctl 4008af20 200000000600 returned -22
[ 1082.017852][T21644] binder: 21641:21644 ioctl 3ba0 2000000002c0 returned -22
[ 1082.052965][T21642] binder: 21641:21642 ioctl c0306201 200000000c40 returned -22
[ 1082.172511][   T30] kauditd_printk_skb: 10 callbacks suppressed
[ 1082.172525][   T30] audit: type=1326 audit(1751211033.887:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.312250][   T30] audit: type=1326 audit(1751211033.887:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.486435][T21655] program syz.0.5027 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1082.501045][   T30] audit: type=1326 audit(1751211033.887:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.590347][   T30] audit: type=1326 audit(1751211033.887:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.613664][   T30] audit: type=1326 audit(1751211033.887:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.650093][   T30] audit: type=1326 audit(1751211033.937:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.809135][   T30] audit: type=1326 audit(1751211033.937:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.831602][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1082.853170][   T30] audit: type=1326 audit(1751211033.967:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1082.977814][   T30] audit: type=1326 audit(1751211033.967:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1083.006478][   T43] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1083.016653][T21660] netlink: 'syz.0.5027': attribute type 10 has an invalid length.
[ 1083.367807][   T30] audit: type=1326 audit(1751211033.967:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21648 comm="syz.3.5025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f209db8e929 code=0x7ffc0000
[ 1083.385542][T21660] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 1083.422928][   T43] usb 5-1: config 0 has no interfaces?
[ 1083.430669][   T43] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1083.440182][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1083.450200][   T43] usb 5-1: Product: syz
[ 1083.454424][   T43] usb 5-1: Manufacturer: syz
[ 1083.459031][   T43] usb 5-1: SerialNumber: syz
[ 1083.473934][   T43] usb 5-1: config 0 descriptor??
[ 1083.606868][T21660] bond0: (slave hsr0): Error -95 calling set_mac_address
[ 1083.693128][T21661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1083.702694][T21661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1084.144468][T21655] syz.0.5027 (21655): drop_caches: 2
[ 1085.220378][   T10] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1085.370369][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1085.413439][   T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1085.451539][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1085.485831][   T10] usb 3-1: Product: syz
[ 1085.518150][   T10] usb 3-1: Manufacturer: syz
[ 1085.553703][T16252] usb 5-1: USB disconnect, device number 52
[ 1085.581962][   T10] usb 3-1: SerialNumber: syz
[ 1085.660692][   T10] usb 3-1: config 0 descriptor??
[ 1085.701993][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1085.770860][T21705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5041'.
[ 1085.990147][T16252] usb 5-1: new full-speed USB device number 53 using dummy_hcd
[ 1086.151811][T16252] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1086.163378][T16252] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[ 1086.173058][T16252] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1086.205529][T16252] usb 5-1: config 0 descriptor??
[ 1086.541107][ T5894] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1086.618268][T21717] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.5048'.
[ 1086.628172][T16252] hid (null): unknown global tag 0xe
[ 1086.634685][T16252] hid (null): unknown global tag 0xd
[ 1086.662795][T16252] elecom 0003:056E:00E6.002B: unknown global tag 0xe
[ 1086.679238][T16252] elecom 0003:056E:00E6.002B: item 0 0 1 14 parsing failed
[ 1086.687849][T16252] elecom 0003:056E:00E6.002B: probe with driver elecom failed with error -22
[ 1086.746231][T21688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1086.756464][T21688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.800683][ T5894] usb 4-1: too many configurations: 9, using maximum allowed: 8
[ 1086.811416][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1086.875062][T21132] usb 5-1: USB disconnect, device number 53
[ 1086.887764][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1086.897394][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1086.917388][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1086.926103][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1086.945311][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1086.959045][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.015389][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.035695][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.065249][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.094580][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.130743][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.178981][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.239794][T21723] netlink: 'syz.0.5050': attribute type 6 has an invalid length.
[ 1087.250266][T21723] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5050'.
[ 1087.260016][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.268940][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.323468][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.344799][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.417781][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.440649][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.470072][T21132] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1087.536180][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.583704][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.593983][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.603051][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.636029][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.682339][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.697634][T21132] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[ 1087.750427][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.766430][T21132] usb 2-1: config 0 has no interface number 0
[ 1087.773781][T21132] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[ 1087.794343][T21132] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x82 has an invalid bInterval 142, changing to 11
[ 1087.816396][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1087.829718][T21132] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid maxpacket 58879, setting to 1024
[ 1087.848370][T21132] usb 2-1: New USB device found, idVendor=203e, idProduct=8888, bcdDevice=a8.71
[ 1087.857600][T21132] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1087.870262][T21132] usb 2-1: Product: syz
[ 1087.876976][T21132] usb 2-1: Manufacturer: syz
[ 1087.885549][T21132] usb 2-1: SerialNumber: syz
[ 1087.904290][T21132] usb 2-1: config 0 descriptor??
[ 1087.919165][T21724] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1087.928950][T21724] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1087.952020][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1087.967334][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.969384][T21132] usb-storage 2-1:0.133: USB Mass Storage device detected
[ 1087.986451][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.996005][ T5894] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1088.015637][T21731] netlink: 'syz.0.5052': attribute type 10 has an invalid length.
[ 1088.023910][ T5894] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1088.046589][T21731] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1088.102971][ T5894] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1088.115600][ T5894] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1088.127254][ T5894] usb 4-1: Product: syz
[ 1088.131996][ T5894] usb 4-1: Manufacturer: syz
[ 1088.136792][ T5894] usb 4-1: SerialNumber: syz
[ 1088.146725][ T5894] usb 4-1: config 0 descriptor??
[ 1088.157067][ T5894] yurex 4-1:0.0: Could not find endpoints
[ 1088.466239][T21132] usb 3-1: USB disconnect, device number 65
[ 1088.476723][ T5894] usb 4-1: USB disconnect, device number 58
[ 1089.409193][T21756] FAULT_INJECTION: forcing a failure.
[ 1089.409193][T21756] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1089.424229][T21756] CPU: 0 UID: 0 PID: 21756 Comm: syz.3.5059 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1089.424253][T21756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1089.424263][T21756] Call Trace:
[ 1089.424270][T21756]  <TASK>
[ 1089.424278][T21756]  dump_stack_lvl+0x189/0x250
[ 1089.424307][T21756]  ? __pfx____ratelimit+0x10/0x10
[ 1089.424329][T21756]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1089.424353][T21756]  ? __pfx__printk+0x10/0x10
[ 1089.424371][T21756]  ? __might_fault+0xb0/0x130
[ 1089.424399][T21756]  should_fail_ex+0x414/0x560
[ 1089.424425][T21756]  _copy_from_user+0x2d/0xb0
[ 1089.424443][T21756]  get_timespec64+0x8e/0x1a0
[ 1089.424466][T21756]  ? __pfx_get_timespec64+0x10/0x10
[ 1089.424487][T21756]  ? arch_do_signal_or_restart+0x2d2/0x750
[ 1089.424509][T21756]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1089.424540][T21756]  __se_sys_io_pgetevents+0xd0/0x430
[ 1089.424568][T21756]  ? __pfx___se_sys_io_pgetevents+0x10/0x10
[ 1089.424588][T21756]  ? rcu_is_watching+0x15/0xb0
[ 1089.424619][T21756]  ? __x64_sys_io_pgetevents+0x21/0xf0
[ 1089.424641][T21756]  do_syscall_64+0xfa/0x3b0
[ 1089.424666][T21756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.424684][T21756]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1089.424701][T21756]  ? clear_bhb_loop+0x60/0xb0
[ 1089.424723][T21756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.424740][T21756] RIP: 0033:0x7f209db8e929
[ 1089.424756][T21756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1089.424772][T21756] RSP: 002b:00007f209ea34038 EFLAGS: 00000246 ORIG_RAX: 000000000000014d
[ 1089.424791][T21756] RAX: ffffffffffffffda RBX: 00007f209ddb6080 RCX: 00007f209db8e929
[ 1089.424805][T21756] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 00007f209e9fa000
[ 1089.424816][T21756] RBP: 00007f209ea34090 R08: 0000200000000700 R09: 0000000000000000
[ 1089.424828][T21756] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[ 1089.424840][T21756] R13: 0000000000000000 R14: 00007f209ddb6080 R15: 00007f209dedfa28
[ 1089.424869][T21756]  </TASK>
[ 1089.658394][T21749] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1090.273499][ T5916] usb 2-1: USB disconnect, device number 53
[ 1090.426971][T21772] FAULT_INJECTION: forcing a failure.
[ 1090.426971][T21772] name failslab, interval 1, probability 0, space 0, times 0
[ 1090.473851][T21772] CPU: 0 UID: 0 PID: 21772 Comm: syz.1.5062 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1090.473869][T21772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1090.473875][T21772] Call Trace:
[ 1090.473880][T21772]  <TASK>
[ 1090.473885][T21772]  dump_stack_lvl+0x189/0x250
[ 1090.473905][T21772]  ? __pfx____ratelimit+0x10/0x10
[ 1090.473920][T21772]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1090.473934][T21772]  ? __pfx__printk+0x10/0x10
[ 1090.473948][T21772]  ? __pfx___might_resched+0x10/0x10
[ 1090.473962][T21772]  ? fs_reclaim_acquire+0x7d/0x100
[ 1090.473977][T21772]  should_fail_ex+0x414/0x560
[ 1090.473992][T21772]  should_failslab+0xa8/0x100
[ 1090.474004][T21772]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1090.474014][T21772]  ? register_netdevice+0x58b/0x1ae0
[ 1090.474029][T21772]  register_netdevice+0x58b/0x1ae0
[ 1090.474046][T21772]  ? kasan_save_track+0x4f/0x80
[ 1090.474059][T21772]  ? kasan_save_track+0x3e/0x80
[ 1090.474071][T21772]  ? __kasan_kmalloc+0x93/0xb0
[ 1090.474079][T21772]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1090.474091][T21772]  ? rtnl_create_link+0x31f/0xd10
[ 1090.474103][T21772]  ? rtnl_newlink_create+0x25c/0xb00
[ 1090.474113][T21772]  ? rtnl_newlink+0x16d6/0x1c70
[ 1090.474121][T21772]  ? rtnetlink_rcv_msg+0x7cf/0xb70
[ 1090.474130][T21772]  ? __pfx_register_netdevice+0x10/0x10
[ 1090.474141][T21772]  ? __sock_sendmsg+0x219/0x270
[ 1090.474153][T21772]  ? ____sys_sendmsg+0x505/0x830
[ 1090.474163][T21772]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1090.474172][T21772]  ? __x64_sys_sendmsg+0x19b/0x260
[ 1090.474183][T21772]  ? do_syscall_64+0xfa/0x3b0
[ 1090.474196][T21772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.474213][T21772]  macsec_newlink+0x6be/0x11b0
[ 1090.474230][T21772]  ? __pfx_macsec_handle_frame+0x10/0x10
[ 1090.474250][T21772]  ? __pfx_macsec_newlink+0x10/0x10
[ 1090.474263][T21772]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1090.474276][T21772]  ? rcu_is_watching+0x15/0xb0
[ 1090.474289][T21772]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1090.474301][T21772]  ? trace_kmalloc+0x1f/0xd0
[ 1090.474309][T21772]  ? __kvmalloc_node_noprof+0x331/0x5f0
[ 1090.474319][T21772]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1090.474334][T21772]  ? validate_linkmsg+0x765/0x950
[ 1090.474352][T21772]  ? __pfx_macsec_newlink+0x10/0x10
[ 1090.474366][T21772]  rtnl_newlink_create+0x310/0xb00
[ 1090.474380][T21772]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1090.474395][T21772]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1090.474405][T21772]  ? rtnl_newlink+0x8db/0x1c70
[ 1090.474416][T21772]  ? __pfx___mutex_lock+0x10/0x10
[ 1090.474436][T21772]  ? ns_capable+0x8a/0xf0
[ 1090.474452][T21772]  rtnl_newlink+0x16d6/0x1c70
[ 1090.474462][T21772]  ? netlink_sendmsg+0x805/0xb30
[ 1090.474480][T21772]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1090.474502][T21772]  ? kasan_quarantine_put+0xdd/0x220
[ 1090.474517][T21772]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1090.474533][T21772]  ? nlmon_xmit+0xb0/0x100
[ 1090.474546][T21772]  ? kmem_cache_free+0x18f/0x400
[ 1090.474559][T21772]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1090.474573][T21772]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1090.474587][T21772]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1090.474600][T21772]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1090.474616][T21772]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1090.474636][T21772]  ? __lock_acquire+0xab9/0xd20
[ 1090.474668][T21772]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1090.474677][T21772]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1090.474689][T21772]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1090.474698][T21772]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1090.474706][T21772]  ? ref_tracker_free+0x63a/0x7d0
[ 1090.474719][T21772]  ? __copy_skb_header+0xa7/0x550
[ 1090.474732][T21772]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1090.474744][T21772]  ? __skb_clone+0x63/0x7a0
[ 1090.474760][T21772]  netlink_rcv_skb+0x208/0x470
[ 1090.474771][T21772]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1090.474781][T21772]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1090.474799][T21772]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1090.474809][T21772]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1090.474822][T21772]  netlink_unicast+0x75b/0x8d0
[ 1090.474838][T21772]  netlink_sendmsg+0x805/0xb30
[ 1090.474854][T21772]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1090.474867][T21772]  ? aa_sock_msg_perm+0x94/0x160
[ 1090.474879][T21772]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1090.474892][T21772]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1090.474903][T21772]  __sock_sendmsg+0x219/0x270
[ 1090.474918][T21772]  ____sys_sendmsg+0x505/0x830
[ 1090.474933][T21772]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1090.474949][T21772]  ? import_iovec+0x74/0xa0
[ 1090.474961][T21772]  ___sys_sendmsg+0x21f/0x2a0
[ 1090.474973][T21772]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1090.475004][T21772]  ? __fget_files+0x2a/0x420
[ 1090.475015][T21772]  ? __fget_files+0x3a0/0x420
[ 1090.475031][T21772]  __x64_sys_sendmsg+0x19b/0x260
[ 1090.475044][T21772]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1090.475060][T21772]  ? __pfx_ksys_write+0x10/0x10
[ 1090.475068][T21772]  ? rcu_is_watching+0x15/0xb0
[ 1090.475085][T21772]  ? do_syscall_64+0xbe/0x3b0
[ 1090.475101][T21772]  do_syscall_64+0xfa/0x3b0
[ 1090.475114][T21772]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1090.475126][T21772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.475136][T21772]  ? clear_bhb_loop+0x60/0xb0
[ 1090.475148][T21772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.475157][T21772] RIP: 0033:0x7fba2af8e929
[ 1090.475168][T21772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1090.475177][T21772] RSP: 002b:00007fba2be6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1090.475189][T21772] RAX: ffffffffffffffda RBX: 00007fba2b1b5fa0 RCX: 00007fba2af8e929
[ 1090.475196][T21772] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 1090.475203][T21772] RBP: 00007fba2be6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1090.475209][T21772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1090.475215][T21772] R13: 0000000000000000 R14: 00007fba2b1b5fa0 R15: 00007fba2b2dfa28
[ 1090.475231][T21772]  </TASK>
[ 1091.109634][T21775] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5063'.
[ 1091.118789][T21775] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5063'.
[ 1091.128073][T21775] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5063'.
[ 1091.137410][T21775] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5063'.
[ 1091.277597][T21780] netlink: 'syz.2.5066': attribute type 1 has an invalid length.
[ 1091.285579][T21780] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1091.317007][T21782] gretap0: entered promiscuous mode
[ 1091.545136][T21782] macsec3: entered promiscuous mode
[ 1091.559341][T21782] gretap0: left promiscuous mode
[ 1091.690256][   T43] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1091.714932][T21793] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5068'.
[ 1091.852788][T21797] netlink: 'syz.0.5070': attribute type 12 has an invalid length.
[ 1091.880668][   T43] usb 5-1: Using ep0 maxpacket: 16
[ 1091.888592][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1091.962015][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1091.986107][   T43] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1092.005402][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1092.041848][   T43] usb 5-1: config 0 descriptor??
[ 1092.461743][T21805] loop6: detected capacity change from 0 to 524287999
[ 1092.630179][ T5916] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[ 1092.744331][   T43] usbhid 5-1:0.0: can't add hid device: -32
[ 1092.750538][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[ 1092.770487][ T5916] usb 3-1: device descriptor read/64, error -71
[ 1092.950340][   T24] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1093.011618][T21823] netlink: 'syz.0.5079': attribute type 1 has an invalid length.
[ 1093.031068][ T5916] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[ 1093.106071][T21823] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1093.130001][   T24] usb 4-1: Using ep0 maxpacket: 32
[ 1093.138598][T21825] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1093.151788][   T24] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[ 1093.170148][   T24] usb 4-1: config 0 has no interface number 0
[ 1093.180388][ T5916] usb 3-1: device descriptor read/64, error -71
[ 1093.191462][   T24] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1093.194527][T21825] bond2: (slave gtp0): The slave device specified does not support setting the MAC address
[ 1093.220381][   T24] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 1093.239331][   T24] usb 4-1: config 0 interface 126 has no altsetting 0
[ 1093.279699][   T24] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 1093.290239][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.305739][ T5916] usb usb3-port1: attempt power cycle
[ 1093.322730][   T24] usb 4-1: Product: syz
[ 1093.326512][T21825] bond2: (slave gtp0): Error -95 calling set_mac_address
[ 1093.333244][   T24] usb 4-1: Manufacturer: syz
[ 1093.343876][   T24] usb 4-1: SerialNumber: syz
[ 1093.362534][   T24] usb 4-1: config 0 descriptor??
[ 1093.376231][T21821] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1093.391780][T21821] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1093.670358][ T5916] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[ 1093.720842][ T5916] usb 3-1: device descriptor read/8, error -71
[ 1093.816020][T21841] binder: 21837:21841 unknown command 1078485782
[ 1093.851298][   T24] ir_usb 4-1:0.126: IR Dongle converter detected
[ 1093.859132][T21841] binder: 21837:21841 ioctl c0306201 2000000001c0 returned -22
[ 1093.974927][ T5894] usb 5-1: USB disconnect, device number 54
[ 1094.055546][   T24] usb 4-1: IR Dongle converter now attached to ttyUSB0
[ 1094.080258][ T5916] usb 3-1: new full-speed USB device number 69 using dummy_hcd
[ 1094.111100][ T5916] usb 3-1: device descriptor read/8, error -71
[ 1094.235712][ T5916] usb usb3-port1: unable to enumerate USB device
[ 1094.320027][   T24] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1094.478782][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1094.488984][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1094.543114][   T24] usb 2-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[ 1094.552612][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.565086][   T24] usb 2-1: config 0 descriptor??
[ 1094.940065][T16252] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1094.996632][   T24] kye 0003:0458:4018.002C: unbalanced collection at end of report description
[ 1095.028818][   T24] kye 0003:0458:4018.002C: parse failed
[ 1095.036899][   T24] kye 0003:0458:4018.002C: probe with driver kye failed with error -22
[ 1095.068710][T21856] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5090'.
[ 1095.110052][T16252] usb 5-1: Using ep0 maxpacket: 8
[ 1095.123209][T16252] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1095.146432][T16252] usb 5-1: config 248 has an invalid interface number: 242 but max is 0
[ 1095.156145][T16252] usb 5-1: config 248 has no interface number 0
[ 1095.163020][T16252] usb 5-1: config 248 interface 242 has no altsetting 0
[ 1095.184153][T16252] usb 5-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=4c.13
[ 1095.193397][T16252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1095.195633][   T24] usb 2-1: USB disconnect, device number 54
[ 1095.204684][T16252] usb 5-1: Product: syz
[ 1095.214273][T16252] usb 5-1: SerialNumber: syz
[ 1095.728012][ T5894] usb 4-1: USB disconnect, device number 59
[ 1095.766600][ T5894] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[ 1095.801974][ T5894] ir_usb 4-1:0.126: device disconnected
[ 1096.015375][T21878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5098'.
[ 1096.068098][T21878] macsec2: entered promiscuous mode
[ 1096.142130][T21878] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[ 1096.223976][T21878] macsec2: entered allmulticast mode
[ 1096.233045][T21878] mac80211_hwsim hwsim20 wlan0: entered allmulticast mode
[ 1096.492446][T16252] quatech2 5-1:248.242: Quatech 2nd gen USB to Serial Driver converter detected
[ 1096.526344][T16252] usb 5-1: qt2_attach - failed to power on unit: -71
[ 1096.562978][T16252] quatech2 5-1:248.242: probe with driver quatech2 failed with error -71
[ 1096.590959][T16252] usb 5-1: USB disconnect, device number 55
[ 1096.629197][T21898] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5104'.
[ 1096.770529][T18869] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1097.031964][T18869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1097.050034][T18869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1097.088333][T18869] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1097.147393][T18869] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1097.170027][   T24] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1097.170055][T18869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1097.336784][T18869] usb 3-1: config 0 descriptor??
[ 1097.499473][T21904] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1097.548345][   T24] usb 5-1: config 0 has no interfaces?
[ 1097.764371][   T24] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1097.765808][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.773899][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.836563][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.866712][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.890021][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.932454][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.947214][   T24] usb 5-1: Product: syz
[ 1097.953713][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.962618][   T24] usb 5-1: Manufacturer: syz
[ 1097.972331][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.977942][   T24] usb 5-1: SerialNumber: syz
[ 1097.980607][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.992314][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1097.999807][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.023758][T21910] netlink: 'syz.1.5106': attribute type 2 has an invalid length.
[ 1098.037962][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.039535][   T24] usb 5-1: config 0 descriptor??
[ 1098.058531][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.077888][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.079520][T21915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5108'.
[ 1098.127773][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.139257][T18869] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[ 1098.160070][ T5894] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 1098.209384][T18869] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1098.297001][T18869] usb 3-1: USB disconnect, device number 70
[ 1098.342370][ T5894] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1098.369357][ T5894] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1098.393765][ T5894] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1098.406172][T21918] fido_id[21918]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1098.421580][ T5894] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1098.449777][ T5894] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1098.477803][ T5894] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1098.488274][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1098.591179][ T5894] usb 4-1: Product: syz
[ 1098.601371][ T5894] usb 4-1: Manufacturer: syz
[ 1098.625982][ T5894] cdc_wdm 4-1:1.0: skipping garbage
[ 1098.637770][ T5894] cdc_wdm 4-1:1.0: skipping garbage
[ 1098.659065][ T5894] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1098.677293][ T5894] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1098.839675][T21912] cdc_wdm 4-1:1.0: Error submitting int urb - -90
[ 1098.862930][T21912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1098.876743][T21912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1098.888147][ T5894] usb 4-1: USB disconnect, device number 60
[ 1100.066655][T21942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5116'.
[ 1100.682104][   T24] usb 5-1: USB disconnect, device number 56
[ 1100.856180][T21954] loop0: detected capacity change from 0 to 1
[ 1100.876517][T15971] Dev loop0: unable to read RDB block 1
[ 1100.882224][T15971]  loop0: unable to read partition table
[ 1100.906012][T15971] loop0: partition table beyond EOD, truncated
[ 1101.006380][T21959] netlink: 'syz.2.5120': attribute type 12 has an invalid length.
[ 1101.514498][T21971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1101.536145][T21971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1101.681961][T21980] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1101.681961][T21980] The task syz.3.5126 (21980) triggered the difference, watch for misbehavior.
[ 1101.712154][T21981] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1102.039755][T21985] kvm: pic: non byte write
[ 1102.087565][T21985] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[ 1102.118563][T21991] vxcan0: tx drop: invalid da for name 0x0000000000000003
[ 1102.162956][T21993] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5129'.
[ 1102.525921][T22004] netlink: 'syz.0.5132': attribute type 12 has an invalid length.
[ 1102.537131][T22002] program syz.1.5134 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1102.546957][T22005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5133'.
[ 1102.563759][T22005] fuse: Unknown parameter ''
[ 1103.018180][T22018] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5139'.
[ 1103.239526][T22026] binder: 22025:22026 ioctl c0306201 200000000540 returned -22
[ 1103.461139][T22037] netlink: 'syz.2.5145': attribute type 12 has an invalid length.
[ 1104.342480][   T43] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1104.500046][   T43] usb 5-1: Using ep0 maxpacket: 32
[ 1104.512185][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1104.601192][   T43] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[ 1104.634401][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.751082][   T43] usb 5-1: config 0 descriptor??
[ 1104.985276][T22050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1105.030184][T22076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1105.047018][T22050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1105.086557][T22076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1105.166253][   T43] steelseries 0003:1038:1410.002E: missing HID_OUTPUT_REPORT 0
[ 1105.357427][   T43] usb 5-1: USB disconnect, device number 57
[ 1105.393432][T22091] binder: 22090:22091 unknown command 0
[ 1105.399317][T22091] binder: 22090:22091 ioctl c0306201 200000000c40 returned -22
[ 1105.853059][T22098] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5166'.
[ 1106.051976][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.073555][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.102800][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.126104][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.162785][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.192701][T22111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5170'.
[ 1106.355063][T22119] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1106.432952][T18869] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1106.590147][T18869] usb 3-1: Using ep0 maxpacket: 16
[ 1106.600191][T18869] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1106.612247][T18869] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1106.623786][T18869] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1106.647802][T18869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.656484][T18869] usb 3-1: Product: syz
[ 1106.662506][T18869] usb 3-1: Manufacturer: syz
[ 1106.667161][T18869] usb 3-1: SerialNumber: syz
[ 1106.735861][T22131] netlink: 'syz.4.5178': attribute type 10 has an invalid length.
[ 1106.752924][T22131] batadv0: entered promiscuous mode
[ 1106.780561][T22131] batadv0: entered allmulticast mode
[ 1106.791179][T22131] bridge0: port 4(batadv0) entered blocking state
[ 1106.810942][T22131] bridge0: port 4(batadv0) entered disabled state
[ 1106.819630][T22131] bridge0: port 4(batadv0) entered blocking state
[ 1106.826235][T22131] bridge0: port 4(batadv0) entered forwarding state
[ 1106.841581][T22134] FAULT_INJECTION: forcing a failure.
[ 1106.841581][T22134] name failslab, interval 1, probability 0, space 0, times 0
[ 1106.862405][T22134] CPU: 1 UID: 0 PID: 22134 Comm: syz.1.5179 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1106.862433][T22134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1106.862444][T22134] Call Trace:
[ 1106.862452][T22134]  <TASK>
[ 1106.862461][T22134]  dump_stack_lvl+0x189/0x250
[ 1106.862490][T22134]  ? __pfx____ratelimit+0x10/0x10
[ 1106.862516][T22134]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1106.862540][T22134]  ? __pfx__printk+0x10/0x10
[ 1106.862575][T22134]  should_fail_ex+0x414/0x560
[ 1106.862602][T22134]  should_failslab+0xa8/0x100
[ 1106.862623][T22134]  __kmalloc_noprof+0xcb/0x4f0
[ 1106.862641][T22134]  ? dev_prep_valid_name+0x193/0x610
[ 1106.862670][T22134]  dev_prep_valid_name+0x193/0x610
[ 1106.862695][T22134]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1106.862717][T22134]  ? __pfx___might_resched+0x10/0x10
[ 1106.862742][T22134]  ? __pfx_dev_prep_valid_name+0x10/0x10
[ 1106.862775][T22134]  ? __raw_spin_lock_init+0x45/0x100
[ 1106.862798][T22134]  register_netdevice+0x542/0x1ae0
[ 1106.862820][T22134]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1106.862850][T22134]  ? kasan_save_track+0x4f/0x80
[ 1106.862872][T22134]  ? kasan_save_track+0x3e/0x80
[ 1106.862894][T22134]  ? __kasan_kmalloc+0x93/0xb0
[ 1106.862910][T22134]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1106.862930][T22134]  ? rtnl_create_link+0x31f/0xd10
[ 1106.862951][T22134]  ? rtnl_newlink_create+0x25c/0xb00
[ 1106.862976][T22134]  ? rtnl_newlink+0x16d6/0x1c70
[ 1106.862992][T22134]  ? rtnetlink_rcv_msg+0x7cf/0xb70
[ 1106.863009][T22134]  ? __pfx_register_netdevice+0x10/0x10
[ 1106.863027][T22134]  ? __sock_sendmsg+0x219/0x270
[ 1106.863047][T22134]  ? ____sys_sendmsg+0x505/0x830
[ 1106.863065][T22134]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1106.863081][T22134]  ? __x64_sys_sendmsg+0x19b/0x260
[ 1106.863099][T22134]  ? do_syscall_64+0xfa/0x3b0
[ 1106.863120][T22134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1106.863151][T22134]  macsec_newlink+0x6be/0x11b0
[ 1106.863178][T22134]  ? __pfx_macsec_handle_frame+0x10/0x10
[ 1106.863213][T22134]  ? __pfx_macsec_newlink+0x10/0x10
[ 1106.863238][T22134]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1106.863261][T22134]  ? rcu_is_watching+0x15/0xb0
[ 1106.863284][T22134]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1106.863303][T22134]  ? trace_kmalloc+0x1f/0xd0
[ 1106.863316][T22134]  ? __kvmalloc_node_noprof+0x331/0x5f0
[ 1106.863334][T22134]  ? alloc_netdev_mqs+0xc9e/0x11e0
[ 1106.863360][T22134]  ? validate_linkmsg+0x765/0x950
[ 1106.863390][T22134]  ? __pfx_macsec_newlink+0x10/0x10
[ 1106.863418][T22134]  rtnl_newlink_create+0x310/0xb00
[ 1106.863452][T22134]  ? __mutex_lock+0x51b/0xe80
[ 1106.863479][T22134]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1106.863495][T22134]  ? rtnl_newlink+0x8db/0x1c70
[ 1106.863514][T22134]  ? __pfx___mutex_lock+0x10/0x10
[ 1106.863547][T22134]  ? ns_capable+0x8a/0xf0
[ 1106.863576][T22134]  rtnl_newlink+0x16d6/0x1c70
[ 1106.863595][T22134]  ? netlink_sendmsg+0x805/0xb30
[ 1106.863625][T22134]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1106.863665][T22134]  ? kasan_quarantine_put+0xdd/0x220
[ 1106.863689][T22134]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1106.863717][T22134]  ? nlmon_xmit+0xb0/0x100
[ 1106.863737][T22134]  ? kmem_cache_free+0x18f/0x400
[ 1106.863760][T22134]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1106.863786][T22134]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1106.863809][T22134]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1106.863832][T22134]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1106.863860][T22134]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1106.863893][T22134]  ? __lock_acquire+0xab9/0xd20
[ 1106.863941][T22134]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1106.863964][T22134]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1106.863987][T22134]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1106.864004][T22134]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1106.864019][T22134]  ? ref_tracker_free+0x63a/0x7d0
[ 1106.864038][T22134]  ? __copy_skb_header+0xa7/0x550
[ 1106.864061][T22134]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1106.864082][T22134]  ? __skb_clone+0x63/0x7a0
[ 1106.864110][T22134]  netlink_rcv_skb+0x208/0x470
[ 1106.864131][T22134]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1106.864151][T22134]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1106.864181][T22134]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1106.864197][T22134]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1106.864220][T22134]  netlink_unicast+0x75b/0x8d0
[ 1106.864247][T22134]  netlink_sendmsg+0x805/0xb30
[ 1106.864276][T22134]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1106.864298][T22134]  ? aa_sock_msg_perm+0x94/0x160
[ 1106.864320][T22134]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1106.864341][T22134]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1106.864361][T22134]  __sock_sendmsg+0x219/0x270
[ 1106.864386][T22134]  ____sys_sendmsg+0x505/0x830
[ 1106.864413][T22134]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1106.864440][T22134]  ? import_iovec+0x74/0xa0
[ 1106.864461][T22134]  ___sys_sendmsg+0x21f/0x2a0
[ 1106.864484][T22134]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1106.864528][T22134]  ? __fget_files+0x2a/0x420
[ 1106.864545][T22134]  ? __fget_files+0x3a0/0x420
[ 1106.864574][T22134]  __x64_sys_sendmsg+0x19b/0x260
[ 1106.864598][T22134]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1106.864629][T22134]  ? __pfx_ksys_write+0x10/0x10
[ 1106.864639][T22134]  ? rcu_is_watching+0x15/0xb0
[ 1106.864656][T22134]  ? do_syscall_64+0xbe/0x3b0
[ 1106.864672][T22134]  do_syscall_64+0xfa/0x3b0
[ 1106.864685][T22134]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1106.864704][T22134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1106.864723][T22134]  ? clear_bhb_loop+0x60/0xb0
[ 1106.864745][T22134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1106.864763][T22134] RIP: 0033:0x7fba2af8e929
[ 1106.864780][T22134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1106.864790][T22134] RSP: 002b:00007fba2be6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1106.864802][T22134] RAX: ffffffffffffffda RBX: 00007fba2b1b5fa0 RCX: 00007fba2af8e929
[ 1106.864810][T22134] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 1106.864816][T22134] RBP: 00007fba2be6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1106.864822][T22134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1106.864829][T22134] R13: 0000000000000000 R14: 00007fba2b1b5fa0 R15: 00007fba2b2dfa28
[ 1106.864847][T22134]  </TASK>
[ 1107.475755][T18869] usb 3-1: 0:2 : does not exist
[ 1107.488170][T18869] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[ 1107.517956][T20031] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1107.520267][T18869] usb 3-1: USB disconnect, device number 71
[ 1107.527748][T20031] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1107.627292][T16639] udevd[16639]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1108.489990][   T10] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1108.714402][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1108.728002][T22162] binder: BINDER_SET_CONTEXT_MGR already set
[ 1108.735773][T22162] binder: 22161:22162 ioctl 4018620d 200000000040 returned -16
[ 1108.816231][T22155] __nla_validate_parse: 29 callbacks suppressed
[ 1108.816279][T22155] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5187'.
[ 1108.917775][T22155] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5187'.
[ 1108.947614][T22163] binder: 22161:22163 ioctl c0306201 200000000c40 returned -22
[ 1108.985322][T22167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1109.047532][T22167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1110.084663][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 1110.084684][   T30] audit: type=1326 audit(1751211061.767:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1110.494714][   T30] audit: type=1326 audit(1751211061.767:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1110.528076][   T30] audit: type=1326 audit(1751211061.767:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1110.869442][   T30] audit: type=1326 audit(1751211061.767:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.050809][   T30] audit: type=1326 audit(1751211061.767:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.192593][   T30] audit: type=1326 audit(1751211061.767:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.295620][   T30] audit: type=1326 audit(1751211061.907:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.395950][   T30] audit: type=1326 audit(1751211061.907:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.460876][   T30] audit: type=1326 audit(1751211061.917:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.512941][   T30] audit: type=1326 audit(1751211061.917:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22181 comm="syz.0.5196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5ec18e929 code=0x7ffc0000
[ 1111.678219][T22197] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5201'.
[ 1111.718993][T22197] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5201'.
[ 1111.765446][T22197] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5201'.
[ 1111.794670][T22197] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5201'.
[ 1111.804422][ T5894] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1111.837879][T22201] program syz.3.5198 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1111.957403][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1111.997463][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1112.026364][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1112.040469][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1112.062259][   T10] usb 2-1: can't read configurations, error -71
[ 1112.114236][ T5894] usb 3-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[ 1112.150942][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1112.214839][ T5894] usb 3-1: config 0 descriptor??
[ 1112.436666][T22220] netlink: 'syz.1.5208': attribute type 1 has an invalid length.
[ 1112.467599][T22222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5209'.
[ 1112.477957][T22222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5209'.
[ 1112.489362][T22224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5210'.
[ 1112.513898][T22220] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1112.581055][T22226] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1112.600978][T22226] bond2: (slave gtp0): The slave device specified does not support setting the MAC address
[ 1112.635240][T22226] bond2: (slave gtp0): Error -95 calling set_mac_address
[ 1112.652441][T22230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5207'.
[ 1112.800926][T16252] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 1112.885034][ T5894] usbhid 3-1:0.0: can't add hid device: -71
[ 1112.896635][ T5894] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1113.399245][T16252] usb 4-1: Using ep0 maxpacket: 8
[ 1113.422146][ T5894] usb 3-1: USB disconnect, device number 72
[ 1113.429527][T16252] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1113.442518][T16252] usb 4-1: config 179 has no interface number 0
[ 1113.459775][T16252] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1113.473457][T16252] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1113.487318][T16252] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1113.501205][T16252] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1113.514778][T16252] usb 4-1: config 179 interface 65 has no altsetting 0
[ 1113.524517][T16252] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1113.537781][T16252] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.595764][T16252] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input48
[ 1113.700241][   T10] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1113.791597][T16252] usb 4-1: USB disconnect, device number 61
[ 1113.798668][T16252] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[ 1113.880189][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1113.919322][T22234] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5212'.
[ 1113.964851][T22234] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5212'.
[ 1114.016081][T22238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1114.047385][T22238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1115.459984][   T43] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1115.627972][   T43] usb 3-1: Using ep0 maxpacket: 16
[ 1115.656313][   T43] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x2 has an invalid bInterval 48, changing to 9
[ 1115.709151][   T43] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1115.745354][   T43] usb 3-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.40
[ 1115.781262][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.806699][   T43] usb 3-1: Product: 딈ㅄ駫⮔혨鞊뙀걦잺䃞븽斈潫㪒奁含偦화ꌲⲉ㉫밡뵨곀쾳
[ 1115.833896][   T43] usb 3-1: Manufacturer: ௻ཛྷ믨﮼缦쳋췪ય㐻樶뾹氋廇黔榗쫄洍Ბ㴗곜쨛곬Ὀ篗ၐᎩ챂〸튲ꦑឈꬽẝ䄘儍꧅℀㇑쇚﭂⩇㧕쇕ꖨ랗안ヽ諀ᩋ哙㮶᪎ᢗ僮皓爘倪勚
[ 1115.887961][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.894647][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.976577][   T43] usb 3-1: SerialNumber: syz
[ 1116.074026][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1116.156900][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1116.190372][   T10] usb 2-1: can't read configurations, error -71
[ 1116.305583][T22264] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1116.461782][   T43] usbhid 3-1:1.0: can't add hid device: -71
[ 1116.480055][   T43] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[ 1116.525571][   T43] usb 3-1: USB disconnect, device number 73
[ 1116.840663][T15771] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1117.025011][T15771] usb 4-1: Using ep0 maxpacket: 32
[ 1117.045003][T15771] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[ 1117.070199][T15771] usb 4-1: config 0 has no interface number 0
[ 1117.094029][T15771] usb 4-1: config 0 interface 12 has no altsetting 0
[ 1117.147964][T15771] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1117.198799][T15771] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.254660][T15771] usb 4-1: Product: syz
[ 1117.258937][T15771] usb 4-1: Manufacturer: syz
[ 1117.282830][T15771] usb 4-1: SerialNumber: syz
[ 1117.789146][T15771] usb 4-1: config 0 descriptor??
[ 1118.881573][T15771] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1118.890035][T15771] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[ 1118.916307][T15771] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1118.967052][T15771] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[ 1119.050533][T15771] usb 4-1: USB disconnect, device number 62
[ 1119.090529][T22279] tipc: Started in network mode
[ 1119.114317][T22279] tipc: Node identity -:, cluster identity 4711
[ 1119.125050][T22279] tipc: Enabling of bearer <udp:s�> rejected, failed to enable media
[ 1119.172556][T22274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1119.181494][T22274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1119.270354][   T10] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1119.287095][T22285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5231'.
[ 1119.299746][T22285] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5231'.
[ 1120.454333][   T10] usb 2-1: device descriptor read/64, error -71
[ 1120.700017][   T10] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1120.981764][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1121.060875][T22294] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5233'.
[ 1121.096240][T22294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1121.109764][T22294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1121.862853][T22327] Cannot find del_set index 6 as target
[ 1121.920854][T18869] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1122.082704][T18869] usb 3-1: Using ep0 maxpacket: 16
[ 1122.097907][T18869] usb 3-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1122.123056][T18869] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1122.186464][T18869] usb 3-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00
[ 1122.290708][T18869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.375378][T18869] usb 3-1: config 0 descriptor??
[ 1122.630100][   T43] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[ 1122.721024][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1122.734093][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1122.783758][   T43] usb 4-1: device descriptor read/64, error -71
[ 1122.812854][   T10] usb 2-1: can't read configurations, error -71
[ 1122.843501][   T10] usb usb2-port1: attempt power cycle
[ 1123.041430][   T43] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1123.100041][   T24] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1123.186144][   T43] usb 4-1: device descriptor read/64, error -71
[ 1123.260855][   T24] usb 5-1: Using ep0 maxpacket: 8
[ 1123.290770][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1123.305564][   T24] usb 5-1: config 248 has an invalid interface number: 242 but max is 0
[ 1123.314432][   T43] usb usb4-port1: attempt power cycle
[ 1123.322329][   T24] usb 5-1: config 248 has no interface number 0
[ 1123.333822][   T24] usb 5-1: config 248 interface 242 has no altsetting 0
[ 1123.368451][   T24] usb 5-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=4c.13
[ 1123.381384][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.391686][   T24] usb 5-1: Product: syz
[ 1123.406446][   T24] usb 5-1: SerialNumber: syz
[ 1123.680172][   T43] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1123.787525][   T43] usb 4-1: device descriptor read/8, error -71
[ 1124.060148][   T43] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1124.117278][   T43] usb 4-1: device descriptor read/8, error -71
[ 1124.230272][   T43] usb usb4-port1: unable to enumerate USB device
[ 1124.352199][T22354] binder: 22353:22354 ioctl c0306201 200000000c40 returned -22
[ 1125.094048][   T30] kauditd_printk_skb: 57 callbacks suppressed
[ 1125.094068][   T30] audit: type=1326 audit(1751211076.777:1616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.122678][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.146649][   T30] audit: type=1326 audit(1751211076.777:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.169160][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.177736][   T30] audit: type=1326 audit(1751211076.777:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.225860][   T30] audit: type=1326 audit(1751211076.787:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.299242][   T30] audit: type=1326 audit(1751211076.787:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.321722][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.358153][T18869] usbhid 3-1:0.0: can't add hid device: -71
[ 1125.384616][T18869] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1125.411872][   T30] audit: type=1326 audit(1751211076.787:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.481179][   T30] audit: type=1326 audit(1751211076.787:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.503631][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.511861][T18869] usb 3-1: USB disconnect, device number 74
[ 1125.734714][   T24] quatech2 5-1:248.242: Quatech 2nd gen USB to Serial Driver converter detected
[ 1125.770627][   T24] usb 5-1: qt2_attach - failed to power on unit: -71
[ 1125.777662][   T24] quatech2 5-1:248.242: probe with driver quatech2 failed with error -71
[ 1125.801706][   T30] audit: type=1326 audit(1751211076.787:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1125.851490][   T24] usb 5-1: USB disconnect, device number 58
[ 1126.006106][   T30] audit: type=1326 audit(1751211076.787:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1126.201157][   T30] audit: type=1326 audit(1751211076.787:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22359 comm="syz.1.5253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fba2af8e929 code=0x7ffc0000
[ 1126.380134][T21132] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1126.408707][   T24] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1126.640205][T21132] usb 2-1: Using ep0 maxpacket: 16
[ 1126.652039][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1126.705518][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1126.727008][T22381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5258'.
[ 1126.738991][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1126.786831][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1126.803333][T22386] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5254'.
[ 1127.123337][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.189745][T22392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1127.199348][T22392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1127.297926][   T24] usb 5-1: config 0 descriptor??
[ 1127.752688][T22374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1127.764611][T22374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1127.970693][   T24] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1128.603942][T16252] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1128.760463][T16252] usb 3-1: Using ep0 maxpacket: 16
[ 1128.768829][T16252] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1128.894750][T16252] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1128.915020][T16252] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1128.982382][T16252] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1129.036556][T16252] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1129.095252][T16252] usb 3-1: config 0 descriptor??
[ 1129.249723][T21132] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1129.313419][T21132] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1129.339275][T21132] usb 2-1: can't read configurations, error -71
[ 1129.545658][T16252] HID 045e:07da: Invalid code 65791 type 1
[ 1129.583943][T16252] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0030/input/input49
[ 1129.662453][T16252] microsoft 0003:045E:07DA.0030: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[ 1129.911888][T18869] usb 5-1: USB disconnect, device number 59
[ 1131.280091][   T10] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1131.439989][T21132] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1131.505059][ T5916] usb 3-1: USB disconnect, device number 75
[ 1131.670104][   T10] usb 2-1: Using ep0 maxpacket: 8
[ 1131.795903][T21132] usb 5-1: Using ep0 maxpacket: 16
[ 1131.803293][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1131.867511][T22448] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5276'.
[ 1131.918461][T22454] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5279'.
[ 1132.000049][T22454] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5279'.
[ 1132.015090][T22454] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5279'.
[ 1132.015090][   T10] usb 2-1: config 248 has an invalid interface number: 242 but max is 0
[ 1132.015114][   T10] usb 2-1: config 248 has no interface number 0
[ 1132.065052][   T10] usb 2-1: config 248 interface 242 has no altsetting 0
[ 1132.074142][T22448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1132.093151][T22454] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5279'.
[ 1132.184818][   T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=4c.13
[ 1132.198143][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.212177][   T10] usb 2-1: Product: syz
[ 1132.220243][T22448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1132.228106][ T5916] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1132.260490][   T10] usb 2-1: SerialNumber: syz
[ 1132.400536][ T5916] usb 3-1: Using ep0 maxpacket: 16
[ 1132.417780][ T5916] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1132.429676][ T5916] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1132.444412][T22459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5282'.
[ 1132.528905][ T5916] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1132.559030][ T5916] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[ 1132.587184][ T5916] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[ 1133.296727][ T5916] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1133.318099][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1133.339519][ T5916] usb 3-1: SerialNumber: syz
[ 1133.443272][T22456] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1133.496670][T22456] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1133.555653][ T5916] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1133.760817][ T5916] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[ 1133.868119][ T5916] usb 3-1: USB disconnect, device number 76
[ 1134.467824][   T10] quatech2 2-1:248.242: Quatech 2nd gen USB to Serial Driver converter detected
[ 1134.504534][   T10] usb 2-1: qt2_attach - failed to power on unit: -71
[ 1134.530533][   T10] quatech2 2-1:248.242: probe with driver quatech2 failed with error -71
[ 1134.594171][   T10] usb 2-1: USB disconnect, device number 64
[ 1135.254491][T22474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5287'.
[ 1135.265821][T22476] FAULT_INJECTION: forcing a failure.
[ 1135.265821][T22476] name failslab, interval 1, probability 0, space 0, times 0
[ 1135.289163][T22476] CPU: 0 UID: 0 PID: 22476 Comm: syz.1.5286 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1135.289190][T22476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1135.289203][T22476] Call Trace:
[ 1135.289210][T22476]  <TASK>
[ 1135.289218][T22476]  dump_stack_lvl+0x189/0x250
[ 1135.289245][T22476]  ? __pfx____ratelimit+0x10/0x10
[ 1135.289269][T22476]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1135.289301][T22476]  ? __pfx__printk+0x10/0x10
[ 1135.289325][T22476]  ? __pfx___might_resched+0x10/0x10
[ 1135.289350][T22476]  ? fs_reclaim_acquire+0x7d/0x100
[ 1135.289373][T22476]  should_fail_ex+0x414/0x560
[ 1135.289398][T22476]  should_failslab+0xa8/0x100
[ 1135.289418][T22476]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1135.289438][T22476]  ? kobject_set_name_vargs+0x61/0x110
[ 1135.289469][T22476]  kstrdup+0x42/0x100
[ 1135.289493][T22476]  kobject_set_name_vargs+0x61/0x110
[ 1135.289521][T22476]  dev_set_name+0xd4/0x120
[ 1135.289551][T22476]  ? __pfx_dev_set_name+0x10/0x10
[ 1135.289581][T22476]  ? device_initialize+0x24b/0x440
[ 1135.289601][T22476]  netdev_register_kobject+0xb7/0x2f0
[ 1135.289629][T22476]  register_netdevice+0x126c/0x1ae0
[ 1135.289653][T22476]  ? __pfx_gtp_create_sock+0x10/0x10
[ 1135.289690][T22476]  ? __pfx_register_netdevice+0x10/0x10
[ 1135.289721][T22476]  ? trace_kmalloc+0x1f/0xd0
[ 1135.289735][T22476]  ? __kmalloc_noprof+0x29b/0x4f0
[ 1135.289751][T22476]  ? gtp_newlink+0x283/0xf30
[ 1135.289778][T22476]  gtp_newlink+0xa2d/0xf30
[ 1135.289804][T22476]  ? __pfx_gtp_newlink+0x10/0x10
[ 1135.289827][T22476]  rtnl_newlink_create+0x310/0xb00
[ 1135.289855][T22476]  ? __pfx_aa_get_newest_label+0x10/0x10
[ 1135.289878][T22476]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1135.289894][T22476]  ? rtnl_newlink+0x8db/0x1c70
[ 1135.289913][T22476]  ? __pfx___mutex_lock+0x10/0x10
[ 1135.289947][T22476]  ? ns_capable+0x8a/0xf0
[ 1135.289975][T22476]  rtnl_newlink+0x16d6/0x1c70
[ 1135.289995][T22476]  ? netlink_sendmsg+0x805/0xb30
[ 1135.290025][T22476]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1135.290063][T22476]  ? kasan_quarantine_put+0xdd/0x220
[ 1135.290087][T22476]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1135.290117][T22476]  ? nlmon_xmit+0xb0/0x100
[ 1135.290138][T22476]  ? kmem_cache_free+0x18f/0x400
[ 1135.290164][T22476]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1135.290188][T22476]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1135.290212][T22476]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1135.290236][T22476]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1135.290265][T22476]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1135.290305][T22476]  ? __lock_acquire+0xab9/0xd20
[ 1135.290355][T22476]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1135.290372][T22476]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1135.290394][T22476]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1135.290411][T22476]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1135.290427][T22476]  ? ref_tracker_free+0x63a/0x7d0
[ 1135.290446][T22476]  ? __copy_skb_header+0xa7/0x550
[ 1135.290469][T22476]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1135.290490][T22476]  ? __skb_clone+0x63/0x7a0
[ 1135.290519][T22476]  netlink_rcv_skb+0x208/0x470
[ 1135.290540][T22476]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1135.290559][T22476]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1135.290590][T22476]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1135.290609][T22476]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1135.290634][T22476]  netlink_unicast+0x75b/0x8d0
[ 1135.290662][T22476]  netlink_sendmsg+0x805/0xb30
[ 1135.290691][T22476]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1135.290713][T22476]  ? aa_sock_msg_perm+0x94/0x160
[ 1135.290736][T22476]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1135.290758][T22476]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1135.290779][T22476]  __sock_sendmsg+0x219/0x270
[ 1135.290808][T22476]  ____sys_sendmsg+0x505/0x830
[ 1135.290836][T22476]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1135.290867][T22476]  ? import_iovec+0x74/0xa0
[ 1135.290888][T22476]  ___sys_sendmsg+0x21f/0x2a0
[ 1135.290912][T22476]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1135.290969][T22476]  ? __fget_files+0x2a/0x420
[ 1135.290988][T22476]  ? __fget_files+0x3a0/0x420
[ 1135.291017][T22476]  __x64_sys_sendmsg+0x19b/0x260
[ 1135.291040][T22476]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1135.291071][T22476]  ? __pfx_ksys_write+0x10/0x10
[ 1135.291086][T22476]  ? rcu_is_watching+0x15/0xb0
[ 1135.291117][T22476]  ? do_syscall_64+0xbe/0x3b0
[ 1135.291145][T22476]  do_syscall_64+0xfa/0x3b0
[ 1135.291168][T22476]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1135.291191][T22476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1135.291208][T22476]  ? clear_bhb_loop+0x60/0xb0
[ 1135.291229][T22476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1135.291244][T22476] RIP: 0033:0x7fba2af8e929
[ 1135.291261][T22476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1135.291283][T22476] RSP: 002b:00007fba2be6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1135.291303][T22476] RAX: ffffffffffffffda RBX: 00007fba2b1b5fa0 RCX: 00007fba2af8e929
[ 1135.291317][T22476] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1135.291326][T22476] RBP: 00007fba2be6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1135.291335][T22476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1135.291346][T22476] R13: 0000000000000000 R14: 00007fba2b1b5fa0 R15: 00007fba2b2dfa28
[ 1135.291376][T22476]  </TASK>
[ 1135.953526][T22478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5288'.
[ 1136.317607][T22486] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5291'.
[ 1136.326881][T22486] tipc: Bearer <eth:wg1>: already 2 bearers with priority 10
[ 1136.335024][T22486] tipc: Bearer <eth:wg1>: trying with adjusted priority
[ 1136.342524][T22486] tipc: Enabled bearer <eth:wg1>, priority 9
[ 1136.648555][T21132] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1136.659669][T21132] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1136.668993][T21132] usb 5-1: can't read configurations, error -71
[ 1136.784296][T22500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5297'.
[ 1137.490217][ T5916] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1137.650024][T21132] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1137.776119][ T5916] usb 4-1: config 0 has no interfaces?
[ 1137.807911][ T5916] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1137.839967][T21132] usb 5-1: Using ep0 maxpacket: 8
[ 1137.867031][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.975567][ T5916] usb 4-1: Product: syz
[ 1137.979766][ T5916] usb 4-1: Manufacturer: syz
[ 1137.990300][T16252] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[ 1138.084911][ T5916] usb 4-1: SerialNumber: syz
[ 1138.149014][T16252] usb 3-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[ 1138.176304][ T5916] usb 4-1: config 0 descriptor??
[ 1138.187929][T16252] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1138.263875][T21132] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1138.290673][T21132] usb 5-1: config 248 has an invalid interface number: 242 but max is 0
[ 1138.300013][T16252] usb 3-1: too many endpoints for config 1 interface 1 altsetting 48: 120, using maximum allowed: 30
[ 1138.309432][T21132] usb 5-1: config 248 has no interface number 0
[ 1138.315142][T16252] usb 3-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120
[ 1138.317176][T21132] usb 5-1: config 248 interface 242 has no altsetting 0
[ 1138.349483][T16252] usb 3-1: config 1 interface 1 has no altsetting 0
[ 1138.375975][T16252] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1138.385380][T16252] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.397361][T16252] usb 3-1: Product: syz
[ 1138.426079][T16252] usb 3-1: Manufacturer: syz
[ 1138.449283][T21132] usb 5-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=4c.13
[ 1138.459084][T21132] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.467607][T21132] usb 5-1: Product: syz
[ 1138.467639][T16252] usb 3-1: SerialNumber: syz
[ 1138.472246][T21132] usb 5-1: SerialNumber: syz
[ 1138.523544][T16252] usb 3-1: selecting invalid altsetting 1
[ 1138.537516][T22526] bond0: left promiscuous mode
[ 1138.544616][T16252] usb 3-1: selecting invalid altsetting 0
[ 1138.552771][T22526] bond0: left allmulticast mode
[ 1138.564838][T16252] usb 3-1: selecting invalid altsetting 0
[ 1138.746888][T22526] team0: Port device bond0 removed
[ 1138.756039][T22529] netlink: 'syz.1.5303': attribute type 10 has an invalid length.
[ 1138.783381][T22530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5302'.
[ 1138.798465][T16252] cdc_ncm 3-1:1.0: bind() failure
[ 1138.813843][T22529] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1138.835892][T22529] bond0: entered promiscuous mode
[ 1138.854044][T22529] bond0: entered allmulticast mode
[ 1138.875481][T22529] team0: Port device bond0 added
[ 1138.906540][T22530] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1138.915415][T22530] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1138.924997][T22530] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1138.933835][T22530] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1138.960815][T22530] vxlan1: entered promiscuous mode
[ 1139.668126][T22538] binder: 22536:22538 ioctl 540f 200000000180 returned -22
[ 1140.087717][ T5916] usb 4-1: USB disconnect, device number 67
[ 1140.769243][T16252] usb 3-1: selecting invalid altsetting 0
[ 1140.785291][T16252] usbtest 3-1:1.1: probe with driver usbtest failed with error -22
[ 1140.867970][T16252] usb 3-1: USB disconnect, device number 77
[ 1141.367360][T21132] quatech2 5-1:248.242: Quatech 2nd gen USB to Serial Driver converter detected
[ 1141.385084][T21132] usb 5-1: qt2_attach - failed to power on unit: -71
[ 1141.395072][T21132] quatech2 5-1:248.242: probe with driver quatech2 failed with error -71
[ 1141.443201][T21132] usb 5-1: USB disconnect, device number 61
[ 1141.454895][T22552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5309'.
[ 1141.741168][T22563] misc userio: No port type given on /dev/userio
[ 1141.748237][T22563] misc userio: The device must be registered before sending interrupts
[ 1142.467185][T16252] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1142.601646][T22575] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1142.653813][T16252] usb 2-1: Using ep0 maxpacket: 32
[ 1142.760112][T16252] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[ 1142.815603][T16252] usb 2-1: config 0 has no interface number 0
[ 1142.837889][T16252] usb 2-1: New USB device found, idVendor=0df6, idProduct=0064, bcdDevice=f8.0c
[ 1142.910289][T16252] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1142.918339][T16252] usb 2-1: Product: syz
[ 1142.966840][T16252] usb 2-1: Manufacturer: syz
[ 1142.971764][T16252] usb 2-1: SerialNumber: syz
[ 1143.013042][T16252] usb 2-1: config 0 descriptor??
[ 1143.280198][T22569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1143.289996][   T24] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1143.301149][T22569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1143.322534][T22569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1143.331433][T22569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1143.353241][T22569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1143.438828][T22569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1143.447534][   T30] kauditd_printk_skb: 28 callbacks suppressed
[ 1143.447550][   T30] audit: type=1800 audit(1751211095.157:1654): pid=22594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5322" name=06 dev="tmpfs" ino=2576 res=0 errno=0
[ 1143.494315][T22596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5321'.
[ 1143.599342][   T24] usb 3-1: config 0 has no interfaces?
[ 1143.618039][   T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1143.632401][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.666388][   T24] usb 3-1: Product: syz
[ 1143.681704][   T24] usb 3-1: Manufacturer: syz
[ 1143.739684][   T24] usb 3-1: SerialNumber: syz
[ 1143.762299][ T5916] usb 2-1: USB disconnect, device number 65
[ 1143.775095][   T24] usb 3-1: config 0 descriptor??
[ 1144.054456][T22602] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5325'.
[ 1144.067494][T22602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5325'.
[ 1144.252995][T22605] bridge_slave_0: left allmulticast mode
[ 1144.253015][T22605] bridge_slave_0: left promiscuous mode
[ 1144.253148][T22605] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1144.287580][T22605] bridge_slave_1: left allmulticast mode
[ 1144.287599][T22605] bridge_slave_1: left promiscuous mode
[ 1144.287719][T22605] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1144.298430][T22605] $H�: (slave bond_slave_0): Releasing backup interface
[ 1144.298842][T22605] bond_slave_0: left promiscuous mode
[ 1144.318545][T22605] $H�: (slave bond_slave_1): Releasing backup interface
[ 1144.334034][T22605] bond_slave_1: left promiscuous mode
[ 1144.337609][T22605] team_slave_0: left allmulticast mode
[ 1144.392731][T22605] team_slave_0: left promiscuous mode
[ 1144.402424][T22605] team0: Port device team_slave_0 removed
[ 1144.403224][T22605] team_slave_1: left allmulticast mode
[ 1144.448044][T22605] team_slave_1: left promiscuous mode
[ 1144.481283][T22605] team0: Port device team_slave_1 removed
[ 1144.590996][T22605] team0: Port device bridge1 removed
[ 1144.678184][T22605] team0: Port device bridge2 removed
[ 1145.926166][T16252] usb 3-1: USB disconnect, device number 78
[ 1146.774592][T22652] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1146.877772][T22656] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5339'.
[ 1146.963828][T22660] binder: 22659:22660 ioctl c0306201 200000000140 returned -14
[ 1147.101160][   T30] audit: type=1326 audit(1751211098.827:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.143503][   T30] audit: type=1326 audit(1751211098.827:1656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.192763][   T30] audit: type=1326 audit(1751211098.827:1657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.227418][   T30] audit: type=1326 audit(1751211098.827:1658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.283032][   T30] audit: type=1326 audit(1751211098.977:1659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.284743][T22669] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5344'.
[ 1147.335868][   T30] audit: type=1326 audit(1751211098.987:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.364078][   T30] audit: type=1326 audit(1751211099.037:1661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.364123][   T30] audit: type=1326 audit(1751211099.037:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.462619][   T30] audit: type=1326 audit(1751211099.037:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22662 comm="syz.2.5342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f023f78e929 code=0x7ffc0000
[ 1147.910171][T18869] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1147.926107][T22687] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1148.023226][T22689] binder: 22688:22689 ioctl c0306201 200000000c40 returned -22
[ 1148.040329][T18869] usb 2-1: device descriptor read/64, error -71
[ 1148.290407][T18869] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1148.399240][T22697] netlink: 'syz.3.5356': attribute type 1 has an invalid length.
[ 1148.430432][T18869] usb 2-1: device descriptor read/64, error -71
[ 1148.472768][T22697] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1148.492846][T22699] gtp0: entered promiscuous mode
[ 1148.504599][T22699] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1148.516768][T22699] bond2: (slave gtp0): The slave device specified does not support setting the MAC address
[ 1148.530752][T22699] bond2: (slave gtp0): Error -95 calling set_mac_address
[ 1148.540482][T18869] usb usb2-port1: attempt power cycle
[ 1148.716687][T22679] BUG: Bad page state in process syz.2.5349  pfn:6ec01
[ 1148.732975][T22679] page does not match folio
[ 1148.737910][T22679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x6ec01
[ 1148.763279][T22679] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1148.771706][T22679] raw: 00fff00000000000 ffffea0001bb0000 00000000ffffffff ffffffffffffffff
[ 1148.791686][T22679] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1148.802775][T22679] page dumped because: nonzero pincount
[ 1148.815577][T22679] page_owner tracks the page as allocated
[ 1148.822577][T22679] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 22679, tgid 22679 (syz.2.5349), ts 1147694462780, free_ts 1144503839364
[ 1148.845265][T22679]  post_alloc_hook+0x240/0x2a0
[ 1148.851831][T22679]  get_page_from_freelist+0x21e4/0x22c0
[ 1148.880390][T18869] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1148.894780][T22679]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1148.901497][T22679]  alloc_pages_mpol+0x232/0x4a0
[ 1148.901608][T18869] usb 2-1: device descriptor read/8, error -71
[ 1148.913248][T22679]  alloc_pages_noprof+0xa9/0x190
[ 1148.918196][T22679]  folio_alloc_noprof+0x1e/0x30
[ 1148.959183][T22710] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5360'.
[ 1148.992748][T22679]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1148.998417][T22679]  page_cache_ra_order+0x5e5/0xc70
[ 1149.004922][T22679]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1149.012589][T22679]  filemap_fault+0x62a/0x1200
[ 1149.017437][T22679]  __do_fault+0x135/0x390
[ 1149.022595][T22679]  __handle_mm_fault+0x198b/0x5620
[ 1149.027839][T22679]  handle_mm_fault+0x40a/0x8e0
[ 1149.035070][T22679]  do_user_addr_fault+0xa81/0x1390
[ 1149.040968][T22679]  exc_page_fault+0x76/0xf0
[ 1149.047843][T22679]  asm_exc_page_fault+0x26/0x30
[ 1149.055123][T22679] page last free pid 20031 tgid 20031 stack trace:
[ 1149.062691][T22679]  free_unref_folios+0xc66/0x14d0
[ 1149.068842][T22679]  folios_put_refs+0x559/0x640
[ 1149.076869][T22679]  release_pages+0x4b4/0x520
[ 1149.082433][T22679]  io_free_region+0xb4/0x270
[ 1149.088922][T22679]  io_ring_ctx_free+0x2b0/0x500
[ 1149.096801][T22679]  io_ring_exit_work+0x8c4/0x930
[ 1149.103447][T22679]  process_scheduled_works+0xae1/0x17b0
[ 1149.109630][T22679]  worker_thread+0x8a0/0xda0
[ 1149.117531][T22679]  kthread+0x70e/0x8a0
[ 1149.122800][T22679]  ret_from_fork+0x3fc/0x770
[ 1149.127797][T22679]  ret_from_fork_asm+0x1a/0x30
[ 1149.137416][T22679] Modules linked in:
[ 1149.142863][T22679] CPU: 1 UID: 0 PID: 22679 Comm: syz.2.5349 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1149.142887][T22679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1149.142899][T22679] Call Trace:
[ 1149.142908][T22679]  <TASK>
[ 1149.142915][T22679]  dump_stack_lvl+0x189/0x250
[ 1149.142936][T22679]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.142951][T22679]  ? __pfx_print_modules+0x10/0x10
[ 1149.142965][T22679]  ? percpu_ref_put+0x19/0x180
[ 1149.142978][T22679]  ? percpu_ref_put+0xf9/0x180
[ 1149.142990][T22679]  bad_page+0x180/0x1c0
[ 1149.143005][T22679]  free_tail_page_prepare+0x2c3/0x4f0
[ 1149.143017][T22679]  __free_frozen_pages+0x8aa/0xe70
[ 1149.143033][T22679]  __folio_put+0x21b/0x2c0
[ 1149.143045][T22679]  ? __pfx___folio_put+0x10/0x10
[ 1149.143061][T22679]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1149.143071][T22679]  ? shmem_mapping+0xd/0x50
[ 1149.143087][T22679]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1149.143101][T22679]  ? __filemap_fdatawait_range+0x1d2/0x230
[ 1149.143116][T22679]  ? __pfx_workingset_update_node+0x10/0x10
[ 1149.143137][T22679]  ? folio_mapping+0x16f/0x240
[ 1149.143161][T22679]  ? truncate_cleanup_folio+0x34a/0x430
[ 1149.143187][T22679]  truncate_inode_pages_range+0x28a/0xda0
[ 1149.143222][T22679]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1149.143270][T22679]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1149.143295][T22679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.143326][T22679]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1149.143344][T22679]  blkdev_flush_mapping+0x108/0x270
[ 1149.143360][T22679]  ? bdev_release+0x40f/0x650
[ 1149.143374][T22679]  bdev_release+0x417/0x650
[ 1149.143392][T22679]  ? __pfx_blkdev_release+0x10/0x10
[ 1149.143401][T22679]  blkdev_release+0x15/0x20
[ 1149.143410][T22679]  __fput+0x44c/0xa70
[ 1149.143429][T22679]  task_work_run+0x1d1/0x260
[ 1149.143443][T22679]  ? __pfx_task_work_run+0x10/0x10
[ 1149.143460][T22679]  do_exit+0x6b5/0x22e0
[ 1149.143477][T22679]  ? try_to_wake_up+0x7e5/0x1290
[ 1149.143489][T22679]  ? __pfx_do_exit+0x10/0x10
[ 1149.143505][T22679]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1149.143518][T22679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.143533][T22679]  do_group_exit+0x21c/0x2d0
[ 1149.143547][T22679]  __x64_sys_exit_group+0x3f/0x40
[ 1149.143558][T22679]  x64_sys_call+0x21ba/0x21c0
[ 1149.143568][T22679]  do_syscall_64+0xfa/0x3b0
[ 1149.143585][T22679]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.143595][T22679]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1149.143605][T22679]  ? clear_bhb_loop+0x60/0xb0
[ 1149.143616][T22679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.143625][T22679] RIP: 0033:0x7f023f78e929
[ 1149.143635][T22679] Code: Unable to access opcode bytes at 0x7f023f78e8ff.
[ 1149.143640][T22679] RSP: 002b:00007f023fadfd88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1149.143652][T22679] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f023f78e929
[ 1149.143659][T22679] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 1149.143665][T22679] RBP: 00007f023fadfdec R08: 000000173fadfe7f R09: 00000000000927c0
[ 1149.143672][T22679] R10: 0000000000000194 R11: 0000000000000246 R12: 00000000000001d1
[ 1149.143678][T22679] R13: 00000000000927c0 R14: 00000000001182cb R15: 00007f023fadfe40
[ 1149.143693][T22679]  </TASK>
[ 1149.143704][T22679] Disabling lock debugging due to kernel taint
[ 1149.156381][T18869] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1149.173042][T22679] BUG: Bad page state in process syz.2.5349  pfn:6ec00
[ 1149.501401][T18869] usb 2-1: device descriptor read/8, error -71
[ 1149.512412][T22679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6ec00
[ 1149.521453][T22679] head: order:0 mapcount:0 entire_mapcount:1 nr_pages_mapped:0 pincount:0
[ 1149.531099][T22679] flags: 0xfff0000000004d(locked|referenced|uptodate|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1149.541395][T22679] raw: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000
[ 1149.550404][T22679] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1149.559197][T22679] head: 00fff0000000004d dead000000000100 dead000000000122 0000000000000000
[ 1149.568179][T22679] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1149.590244][T22679] head: 00fff00000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1149.600380][T22679] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[ 1149.744497][T18869] usb usb2-port1: unable to enumerate USB device
[ 1149.751979][T22679] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 1149.760920][T22679] page_owner tracks the page as allocated
[ 1149.766749][T22679] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 22679, tgid 22679 (syz.2.5349), ts 1147694462780, free_ts 1144503839364
[ 1149.788965][T22679]  post_alloc_hook+0x240/0x2a0
[ 1149.794992][T22679]  get_page_from_freelist+0x21e4/0x22c0
[ 1149.803017][T22679]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1149.811192][T22679]  alloc_pages_mpol+0x232/0x4a0
[ 1149.818381][T22679]  alloc_pages_noprof+0xa9/0x190
[ 1149.824395][T22679]  folio_alloc_noprof+0x1e/0x30
[ 1149.830452][T22679]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1149.837267][T22679]  page_cache_ra_order+0x5e5/0xc70
[ 1149.844966][T22679]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1149.851685][T22679]  filemap_fault+0x62a/0x1200
[ 1149.858691][T22679]  __do_fault+0x135/0x390
[ 1149.864789][T22679]  __handle_mm_fault+0x198b/0x5620
[ 1149.871279][T22679]  handle_mm_fault+0x40a/0x8e0
[ 1149.876131][T22679]  do_user_addr_fault+0xa81/0x1390
[ 1149.883703][T22679]  exc_page_fault+0x76/0xf0
[ 1149.889412][T22679]  asm_exc_page_fault+0x26/0x30
[ 1149.895145][T22679] page last free pid 20031 tgid 20031 stack trace:
[ 1149.903953][T22679]  free_unref_folios+0xc66/0x14d0
[ 1149.910473][T22679]  folios_put_refs+0x559/0x640
[ 1149.915346][T22679]  release_pages+0x4b4/0x520
[ 1149.922160][T22679]  io_free_region+0xb4/0x270
[ 1149.929066][T22679]  io_ring_ctx_free+0x2b0/0x500
[ 1149.936466][T22679]  io_ring_exit_work+0x8c4/0x930
[ 1149.946448][T22679]  process_scheduled_works+0xae1/0x17b0
[ 1149.952638][T22679]  worker_thread+0x8a0/0xda0
[ 1149.957246][T22679]  kthread+0x70e/0x8a0
[ 1149.962446][T22679]  ret_from_fork+0x3fc/0x770
[ 1149.967047][T22679]  ret_from_fork_asm+0x1a/0x30
[ 1149.972094][T22679] Modules linked in:
[ 1149.976036][T22679] CPU: 1 UID: 0 PID: 22679 Comm: syz.2.5349 Tainted: G    B               6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[ 1149.976053][T22679] Tainted: [B]=BAD_PAGE
[ 1149.976057][T22679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1149.976064][T22679] Call Trace:
[ 1149.976069][T22679]  <TASK>
[ 1149.976074][T22679]  dump_stack_lvl+0x189/0x250
[ 1149.976094][T22679]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.976108][T22679]  ? __pfx_print_modules+0x10/0x10
[ 1149.976122][T22679]  bad_page+0x180/0x1c0
[ 1149.976136][T22679]  __free_frozen_pages+0xe17/0xe70
[ 1149.976148][T22679]  __folio_put+0x21b/0x2c0
[ 1149.976160][T22679]  ? __pfx___folio_put+0x10/0x10
[ 1149.976171][T22679]  delete_from_page_cache_batch+0x84c/0x9b0
[ 1149.976181][T22679]  ? shmem_mapping+0xd/0x50
[ 1149.976194][T22679]  ? __pfx_delete_from_page_cache_batch+0x10/0x10
[ 1149.976208][T22679]  ? __filemap_fdatawait_range+0x1d2/0x230
[ 1149.976218][T22679]  ? __pfx_workingset_update_node+0x10/0x10
[ 1149.976231][T22679]  ? folio_mapping+0x16f/0x240
[ 1149.976243][T22679]  ? truncate_cleanup_folio+0x34a/0x430
[ 1149.976256][T22679]  truncate_inode_pages_range+0x28a/0xda0
[ 1149.976272][T22679]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 1149.976290][T22679]  ? smp_call_function_many_cond+0xbc5/0x12d0
[ 1149.976305][T22679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.976325][T22679]  ? __pfx_has_bh_in_lru+0x10/0x10
[ 1149.976337][T22679]  blkdev_flush_mapping+0x108/0x270
[ 1149.976352][T22679]  ? bdev_release+0x40f/0x650
[ 1149.976365][T22679]  bdev_release+0x417/0x650
[ 1149.976379][T22679]  ? __pfx_blkdev_release+0x10/0x10
[ 1149.976387][T22679]  blkdev_release+0x15/0x20
[ 1149.976396][T22679]  __fput+0x44c/0xa70
[ 1149.976410][T22679]  task_work_run+0x1d1/0x260
[ 1149.976422][T22679]  ? __pfx_task_work_run+0x10/0x10
[ 1149.976435][T22679]  do_exit+0x6b5/0x22e0
[ 1149.976448][T22679]  ? try_to_wake_up+0x7e5/0x1290
[ 1149.976459][T22679]  ? __pfx_do_exit+0x10/0x10
[ 1149.976471][T22679]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1149.976483][T22679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.976495][T22679]  do_group_exit+0x21c/0x2d0
[ 1149.976507][T22679]  __x64_sys_exit_group+0x3f/0x40
[ 1149.976518][T22679]  x64_sys_call+0x21ba/0x21c0
[ 1149.976528][T22679]  do_syscall_64+0xfa/0x3b0
[ 1149.976542][T22679]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.976557][T22679]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1149.976567][T22679]  ? clear_bhb_loop+0x60/0xb0
[ 1149.976577][T22679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.976586][T22679] RIP: 0033:0x7f023f78e929
[ 1149.976595][T22679] Code: Unable to access opcode bytes at 0x7f023f78e8ff.
[ 1149.976601][T22679] RSP: 002b:00007f023fadfd88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1149.976612][T22679] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f023f78e929
[ 1149.976620][T22679] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 1149.976626][T22679] RBP: 00007f023fadfdec R08: 000000173fadfe7f R09: 00000000000927c0
[ 1149.976632][T22679] R10: 0000000000000194 R11: 0000000000000246 R12: 00000000000001d1
[ 1149.976638][T22679] R13: 00000000000927c0 R14: 00000000001182cb R15: 00007f023fadfe40
[ 1149.976648][T22679]  </TASK>
[ 1150.279730][    C1] vkms_vblank_simulate: vblank timer overrun