last executing test programs:

4.32839724s ago: executing program 2 (id=1327):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r3, 0x5, 0x7ff}, 0xc) (fail_nth: 3)

4.159784408s ago: executing program 1 (id=1329):
r0 = epoll_create1(0x0)
epoll_wait(r0, &(0x7f00000001c0)=[{}], 0x1, 0x401)
pselect6(0x40, &(0x7f0000000080)={0x4, 0x7, 0x1ec6aae1, 0x7, 0xa538, 0x5, 0x1, 0xf8}, &(0x7f00000005c0)={0x8, 0x80002, 0x1, 0x4, 0x1, 0x9, 0x3ff, 0xd}, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x118, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
iopl(0x3)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000000c0)={0x60002011})

3.584716481s ago: executing program 2 (id=1331):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), r1, 0x0, 0x3, 0x1}}, 0x20)
r2 = getpid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={<r3=>0x0}, &(0x7f00000000c0)=0xc)
syz_pidfd_open(r3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x8, 0x4, 0x7, 0x6}]})
ioctl$KVM_SET_IRQCHIP(r5, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x0, 0x0, 0x68, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}})
syz_pidfd_open(r2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback, 0xa09c}, {0xa, 0x0, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x1c}}, 0xffffffffffffffff, 0x99d}}, 0x48)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

3.27716568s ago: executing program 2 (id=1333):
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
socket$tipc(0x1e, 0x2, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
unshare(0x2c020400)
syz_io_uring_setup(0x11f, &(0x7f00000003c0)={0x0, 0x0, 0x400, 0x2, 0x31e}, &(0x7f0000000500), &(0x7f0000000340))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

3.032547696s ago: executing program 4 (id=1335):
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}, 0xf0}], 0x600, 0x0, 0x0)

2.911201651s ago: executing program 1 (id=1337):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x4541b6bf, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f02b, 0x5})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0xc40)

2.752719198s ago: executing program 1 (id=1338):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @private}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x0, 0x0, 0x500}}}}}}}, 0x0)

2.734854479s ago: executing program 1 (id=1339):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000100)={0x0, <r1=>0x0}, 0x8)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000013c0)={0x14, 0x14, 0x601, 0x0, 0x0, {0x11}}, 0x14}}, 0x0)
r3 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000200), 0x4483, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x2, 0x4, 0xff, 0x5, 0x5, 0xaaa6, 0x9, 0xa2, 0x6, 0x10, 0x6, 0x8, 0x8, 0x5, 0x8, 0xa], 0x4, 0x10})
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280"], 0x122}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e5c6000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="050001"], 0x38}, 0x1, 0x0, 0x0, 0xfb440c942bbb5e5b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
truncate(0x0, 0x5)
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x20, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18, 0x8}, [@ldst={0x6, 0x3, 0x6, 0x5, 0x1}]}, &(0x7f0000000240)='syzkaller\x00', 0x5, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, r0, 0x8, &(0x7f00000000c0)={0xfffffffc, 0x110001}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x33}, 0x10, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000440)={{0x4000, 0x4000, 0x9, 0xc, 0x2, 0x1, 0x8, 0x1, 0x5, 0xf, 0x99}, {0x3000, 0x4, 0x9, 0x40, 0x5, 0x7, 0x0, 0x8, 0x0, 0x0, 0xc, 0x1c}, {0xf000, 0x5000, 0xc, 0xfa, 0x6, 0x3, 0xb, 0xd, 0x26, 0x9, 0x6, 0x3}, {0x0, 0x8000000, 0xd, 0x0, 0x4, 0x8, 0x9, 0xec, 0x7, 0x2, 0xf6, 0xf}, {0x6000, 0x3000, 0x10, 0x9, 0x4, 0x3, 0xe8, 0x27, 0x6, 0x42, 0xb, 0x2}, {0x80a0000, 0x0, 0xe, 0xf7, 0x6, 0x5, 0x1, 0x3, 0x3, 0x81, 0x0, 0x9}, {0x4, 0x4, 0x0, 0x3, 0x6, 0x8, 0x3, 0x8, 0x9, 0xc, 0x9, 0x6}, {0x2000, 0xd000, 0xe, 0x4, 0x3, 0x9, 0x4, 0x40, 0x9, 0x1, 0x1, 0xfd}, {0xe6ee8000, 0x1000}, {0x8000, 0xfffd}, 0x0, 0x0, 0x10000, 0x20000, 0x1, 0x5400, 0x100000, [0x10001, 0x6, 0xfff, 0x9]})

2.601690182s ago: executing program 3 (id=1340):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r1=>0x0})
clock_gettime(0x0, &(0x7f0000003180)={<r2=>0x0, <r3=>0x0})
r4 = socket(0xa, 0x3, 0x3a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d40)=@newqdisc={0x1b8, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x2c, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x10001}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x3}, @TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x5}, @TCA_CODEL_TARGET={0x8, 0x1, 0x7}]}}, @TCA_STAB={0x15c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x2, 0x4, 0xffffffff, 0x0, 0x6, 0x7, 0x3}}, {0x5, 0x2, [0x7ff, 0x3, 0x3]}}, {{0x1c, 0x1, {0x5, 0x6, 0x7, 0x8, 0x2, 0x9, 0x80000, 0x6}}, {0x10, 0x2, [0x8, 0x2, 0x3, 0x1, 0xf36, 0x4]}}, {{0x1c, 0x1, {0x8, 0x10, 0x4, 0x6, 0x2, 0x10000, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x9, 0x50, 0x1, 0x5, 0x1, 0x1, 0xfff}}, {0x4}}, {{0x1c, 0x1, {0x7, 0x40, 0x0, 0x0, 0x1, 0x61dd, 0x7, 0x3}}, {0xa, 0x2, [0x2, 0x33, 0x7]}}, {{0x1c, 0x1, {0x5, 0x5, 0x6, 0x0, 0x0, 0x6, 0x7fffffff, 0x6}}, {0x10, 0x2, [0x0, 0x6, 0xa0e7, 0xffff, 0x5, 0x319]}}, {{0x1c, 0x1, {0x30, 0x9, 0x0, 0xfffffffb, 0x1, 0xf, 0x7fffffff, 0x5}}, {0xe, 0x2, [0x3, 0xe7ff, 0x1, 0x4, 0x4]}}, {{0x1c, 0x1, {0x6, 0xff, 0x0, 0x4e9, 0x0, 0x6, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x9, 0x5, 0x7e2, 0x3, 0x0, 0xfffffcd1, 0x6, 0x1}}, {0x6, 0x2, [0x1]}}]}]}, 0x1b8}}, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000008140)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/106, 0x6a}, {&(0x7f00000002c0)=""/136, 0x88}], 0x2, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x44}}, {{&(0x7f0000000380), 0x6e, &(0x7f0000000500)=[{&(0x7f0000000400)=""/72, 0x48}, {&(0x7f0000000180)=""/19, 0x13}, {&(0x7f0000000480)=""/71, 0x47}], 0x3, &(0x7f0000000580)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xbc}}, {{&(0x7f0000000640), 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000c40)=""/4096, 0x1000}], 0x1, &(0x7f0000000700)}}, {{&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000980)=[{&(0x7f0000000840)=""/215, 0xd7}, {&(0x7f0000000940)=""/59, 0x3b}], 0x2, &(0x7f00000009c0)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xb4}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000a80)=""/5, 0x5}, {&(0x7f0000000ac0)=""/99, 0x63}], 0x2, &(0x7f0000001c40)=[@rights={{0xc}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}], 0xcc}}, {{0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000001d40)=""/194, 0xc2}, {&(0x7f0000001e40)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/21, 0x15}, {&(0x7f0000002e40)=""/85, 0x55}, {&(0x7f0000002ec0)=""/57, 0x39}, {&(0x7f0000002f00)=""/133, 0x85}, {&(0x7f0000002fc0)=""/205, 0xcd}], 0x7}}, {{&(0x7f0000003100), 0x6e, &(0x7f00000041c0)=[{&(0x7f0000003180)}, {&(0x7f00000031c0)=""/4096, 0x1000}], 0x2, &(0x7f0000004200)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x90}}, {{&(0x7f00000082c0), 0x6e, &(0x7f0000004840)=[{&(0x7f0000004340)=""/130, 0x82}, {&(0x7f0000004400)=""/251, 0xfb}, {&(0x7f0000004500)=""/129, 0x81}, {&(0x7f00000045c0)=""/239, 0xef}, {&(0x7f00000046c0)=""/99, 0x63}, {&(0x7f0000004740)=""/22, 0x16}, {&(0x7f0000004780)=""/155, 0x9b}], 0x7, &(0x7f0000009ec0)=[@cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}], 0x74}}, {{&(0x7f0000004900)=@abs, 0x6e, &(0x7f0000004cc0)=[{&(0x7f0000004980)=""/139, 0x8b}, {&(0x7f0000004a40)=""/199, 0xc7}, {&(0x7f0000004b40)=""/221, 0xdd}, {&(0x7f0000004880)=""/104, 0x68}], 0x4, &(0x7f0000004d00)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa8}}, {{&(0x7f0000004dc0), 0x6e, &(0x7f0000008000)=[{&(0x7f0000004e40)=""/4096, 0x1000}, {&(0x7f0000005e40)=""/4096, 0x1000}, {&(0x7f0000006e40)=""/4096, 0x1000}, {&(0x7f0000007e40)=""/94, 0x5e}, {&(0x7f0000007ec0)=""/138, 0x8a}, {&(0x7f0000007f80)=""/91, 0x5b}], 0x6, &(0x7f0000008040)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}], 0xa, 0x122, &(0x7f0000008280)={r2, r3+10000000})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
socket$packet(0x11, 0xa, 0x300)
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x20, &(0x7f0000000100)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a1810039000000000bf0ffffff00000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)

2.398082537s ago: executing program 3 (id=1341):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000640)={'dummy0\x00', 0x0})
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r1, r1}, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r4 = io_uring_setup(0xf05, &(0x7f000000c480)={0x0, 0x4e43, 0x10000, 0x1, 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r7, 0x8902, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001300)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25df9bfb, {0x0, 0x0, 0x0, r9, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x5, 0x20, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)
io_uring_register$IORING_REGISTER_FILES(r4, 0x1e, &(0x7f0000000000)=[r4], 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c000400f700010002000000ac14140f00000000000000001400020602000000ffffffff00000000000000000d0001007564703a73797a320000d800"], 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32, @ANYBLOB='\b'], 0x20}}, 0x0)

2.226942865s ago: executing program 2 (id=1342):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_connect(0x1, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340), 0x14)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63db142ade2bd907f400", "fd6ed24e", "01000010ffffffff"}, 0x38)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x6400000000000000}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

2.120360788s ago: executing program 3 (id=1343):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000000c0)=0x198, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000100)='.pending_reads\x00', 0x80000, 0x26)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000180)={0x30, 0x5, 0x0, {0x0, 0x0, 0x0, 0x4}}, 0x30)
recvfrom(r1, 0x0, 0xe00, 0x2000, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', <r4=>0x0})
unshare(0x2a020400)
setns(0xffffffffffffffff, 0x24020000)
r5 = syz_create_resource$binfmt(&(0x7f0000000140)='./file0\x00')
io_uring_enter(0xffffffffffffffff, 0xd81, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r7, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0xc2, 0xd, 0x0, 0x0, {[@mptcp=@add_addr={0x1e, 0x12, 0x0, 0x12, 0x0, @dev, 0x0, "682a9f2378c1a4a9"}]}}}}}}}}, 0x0)
r8 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x4e20, @private=0xa010102}], 0x12)
r9 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
close(r9)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_misc(r9, &(0x7f00000000c0)="5d84fd03ac1638b10a51ed9f522a046b3c1a03dfa9bd89d0f7b32f", 0x1b)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
inotify_rm_watch(0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xe32b60fbedc7f0cc}, {0x6, 0x7}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.120112077s ago: executing program 4 (id=1344):
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000080)={0x0, 0x0, 0x2007, 0x1fd})
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}])
io_destroy(r2)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x20)
socket$kcm(0x10, 0x2, 0x4)

1.507389218s ago: executing program 0 (id=1345):
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
getdents64(0xffffffffffffffff, 0x0, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x200)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x2, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000200)={'\x00', 0xfffb, 0xc78b, 0x4, 0x9, 0x3})
ioctl$BLKTRACESTART(r1, 0x1274, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x0, 0xd, 0x0, "13ea57ffffffdfff018000000000000000000000000000088b0500", 0x30323953})

1.433846345s ago: executing program 1 (id=1346):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000940)=ANY=[@ANYBLOB="120100006f8db4088205e82806f50102030109021b0001000000000904000001fff14c0009050e"], 0x0)
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000000)={0x80002, {{0x2, 0x4e23, @empty}}, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3b}}}}, 0x104)

1.20457053s ago: executing program 3 (id=1347):
r0 = epoll_create1(0x0)
epoll_wait(r0, &(0x7f00000001c0)=[{}], 0x1, 0x401)
pselect6(0x40, &(0x7f0000000080)={0x4, 0x7, 0x1ec6aae1, 0x7, 0xa538, 0x5, 0x1, 0xf8}, &(0x7f00000005c0)={0x8, 0x80002, 0x1, 0x4, 0x1, 0x9, 0x3ff, 0xd}, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x118, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
iopl(0x3)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000000c0)={0x60002011})

1.137928104s ago: executing program 0 (id=1348):
socket$netlink(0x10, 0x3, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket(0x1e, 0x805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e00000004000280", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

1.037241771s ago: executing program 4 (id=1349):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r3, 0x5, 0x7ff}, 0xc)

915.575855ms ago: executing program 0 (id=1350):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000003c0)={0x0, 0x203}, 0x10)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x9bb0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x4000, @loopback}, 0x1c)

780.56941ms ago: executing program 4 (id=1351):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[0x6, 0x8, 0x7, 0x71, 0x2, 0x8d, 0x7fffffff, 0x6e00, 0x8, 0x9, 0x10, 0xc000000, 0x3, 0x3, 0x100, 0x5], 0xdddd1000, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="ac1400001000"/16], 0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

649.233183ms ago: executing program 0 (id=1352):
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
socket$tipc(0x1e, 0x2, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
unshare(0x2c020400)
syz_io_uring_setup(0x11f, &(0x7f00000003c0)={0x0, 0x0, 0x400, 0x2, 0x31e}, &(0x7f0000000500), &(0x7f0000000340))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

370.939765ms ago: executing program 4 (id=1353):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x10000, 0xa)
getdents(r2, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004800}, 0x4000804)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000013c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x24, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452"}, @NFTA_MATCH_NAME={0xe, 0x1, 'connlimit\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x4048010)

277.298267ms ago: executing program 2 (id=1354):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0xc00455d0, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
open_by_handle_at(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="08000000fe0000000b1f"], 0x100bf)

276.9484ms ago: executing program 0 (id=1355):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0xffff, 0x8000)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$EVIOCGREP(r1, 0x80084503, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x3b, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0], 0x328}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000850)

183.521025ms ago: executing program 4 (id=1356):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002000000106e05fd0000000000000109028a70774011ba212400010000900109040000020300030009210200fe012285de09058103e638001900c47bc3a288de005c7e6d384ac56226be6701b27947"], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x12c, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11a, 0x2, 0x1, 0x7f, 0x40, 0xd, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "1c"}, {0x5, 0x24, 0x0, 0x401}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x3, 0x40, 0x9}, {0x6, 0x24, 0x1a, 0x6, 0xc}, [@mdlm={0x15, 0x24, 0x12, 0xa}, @acm={0x4, 0x24, 0x2, 0xe}, @mdlm_detail={0x94, 0x24, 0x13, 0x30, "59af179bd607d2b26be2e21283a0ede4dbcd75ac414ac8cbf3887cec25377c800ee051cbb3bf4b10cd56d5eb9adbd5e62eacc04bf91b4bfbf4692122b1ed7b620f8f480d812566dff2f12b5487123e4b16d5ff148e3cf11a6251153c12ded90c8b8e64111585ed735285b6d1c2eb07b4b2e87962c8e37aa3ac337fcc3616ddffd2777e234b358b538351924c75b0d63c"}, @mbim_extended={0x8, 0x24, 0x1c, 0x101, 0xce, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0x2, 0x33, 0x5}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0x4, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0xff, 0x81, 0xc}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xf, 0x4, 0x8f}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0xf9, 0x46, 0x7, 0x8, 0xbe}, 0x10, &(0x7f00000002c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x28, 0x80, 0x1, 0xb7, 0x7f}]}, 0x3, [{0xb3, &(0x7f0000000380)=@string={0xb3, 0x3, "7ab2e9df41cd87c264fddf58e706a906afe49c10ffa5f62e5b7453ddc062e42a5e1ad563e3f79f27fe159336b49d17a3884dde59c0375ad2b697bc5b4bd12edd16c7f65ee881550510b98bfa9c4fcf90b3c3178268d3cc4f21fd0a3a765601e636d6d47fa2309153f862ddcfd0f530e47486a1265b5f625922d603af8b5f4fa0b984aa98056dbb1bfe14ecd00fb2249bff120bbf73eb9bcf9fce969c1c68facf4d82130faf0dc62d54ce5b447e66f90327"}}, {0x63, &(0x7f0000000440)=@string={0x63, 0x3, "8167f403c189e26676ae91780e21b8cde3fd50549523f5f7cae78efedff4e6e6dd8ae7c80add6ac900af242b2d5503a30f71bb1167b81539068e72cdbdfc66c4b87f12b143ce2aaca60ebcf9fcd6069a7fbd8fcc99bbf581bbf6ce2aca85b549a0"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x425}}]})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x40000000000002)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x4)
r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x601)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000500))
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521)
write(r3, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="00218500000085"], 0x0, 0x0, 0x0, 0x0}, 0x0)

170.547642ms ago: executing program 3 (id=1357):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000031300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000)

84.623252ms ago: executing program 0 (id=1358):
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0xf, 0x2, 0x0, "9f76fe92f6d87e3a99080debac1874d47ee2318d4526f2148e84c532d56b46f0"})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)

84.470603ms ago: executing program 2 (id=1359):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000080)={0x0, 0x0, 0x2007, 0x1fd})
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f00000001c0)='m', 0xfffffdfc}])
io_destroy(r3)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x20)
socket$kcm(0x10, 0x2, 0x4)

69.490901ms ago: executing program 3 (id=1360):
socket$netlink(0x10, 0x3, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket(0x1e, 0x805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e000000040002800800", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

0s ago: executing program 1 (id=1361):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x40080)

kernel console output (not intermixed with test programs):

 syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  340.772621][ T9281]  ? lockdep_hardirqs_on+0x9d/0x150
[  340.772642][ T9281]  __do_fast_syscall_32+0xb4/0x110
[  340.772661][ T9281]  ? exc_page_fault+0x5f8/0x920
[  340.772683][ T9281]  do_fast_syscall_32+0x34/0x80
[  340.772703][ T9281]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  340.772722][ T9281] RIP: 0023:0xf7fc3579
[  340.772735][ T9281] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  340.772748][ T9281] RSP: 002b:00000000f50c555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  340.772765][ T9281] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000c00
[  340.772776][ T9281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  340.772785][ T9281] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  340.772794][ T9281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  340.772803][ T9281] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  340.772824][ T9281]  </TASK>
[  341.047820][ T9288] FAULT_INJECTION: forcing a failure.
[  341.047820][ T9288] name failslab, interval 1, probability 0, space 0, times 0
[  341.060582][ T9288] CPU: 1 UID: 0 PID: 9288 Comm: syz.1.909 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  341.060604][ T9288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  341.060613][ T9288] Call Trace:
[  341.060619][ T9288]  <TASK>
[  341.060625][ T9288]  dump_stack_lvl+0x241/0x360
[  341.060652][ T9288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.060674][ T9288]  ? __pfx__printk+0x10/0x10
[  341.060697][ T9288]  ? __pfx___might_resched+0x10/0x10
[  341.060719][ T9288]  should_fail_ex+0x424/0x570
[  341.060738][ T9288]  should_failslab+0xac/0x100
[  341.060760][ T9288]  __kvmalloc_node_noprof+0x170/0x5a0
[  341.060782][ T9288]  ? rhashtable_init_noprof+0x534/0xa60
[  341.060806][ T9288]  rhashtable_init_noprof+0x534/0xa60
[  341.060830][ T9288]  nf_flow_table_init+0x18e/0x2b0
[  341.060850][ T9288]  nf_tables_newflowtable+0x12f3/0x2470
[  341.060888][ T9288]  ? __pfx_nf_tables_newflowtable+0x10/0x10
[  341.060917][ T9288]  ? __nla_parse+0x40/0x60
[  341.060936][ T9288]  nfnetlink_rcv+0x12eb/0x28f0
[  341.060973][ T9288]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  341.061022][ T9288]  ? skb_clone+0x240/0x390
[  341.061045][ T9288]  ? netlink_deliver_tap+0x2e/0x1b0
[  341.061067][ T9288]  ? netlink_deliver_tap+0x2e/0x1b0
[  341.061088][ T9288]  netlink_unicast+0x7f8/0x9a0
[  341.061111][ T9288]  ? __pfx_netlink_unicast+0x10/0x10
[  341.061148][ T9288]  ? skb_put+0x114/0x1f0
[  341.061165][ T9288]  netlink_sendmsg+0x8c3/0xcd0
[  341.061195][ T9288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.061219][ T9288]  ? __import_iovec+0x585/0x830
[  341.061239][ T9288]  ? aa_sock_msg_perm+0x91/0x160
[  341.061263][ T9288]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.061283][ T9288]  __sock_sendmsg+0x221/0x270
[  341.061304][ T9288]  ____sys_sendmsg+0x523/0x860
[  341.061326][ T9288]  ? __pfx_____sys_sendmsg+0x10/0x10
[  341.061354][ T9288]  __sys_sendmsg+0x271/0x360
[  341.061373][ T9288]  ? __pfx___sys_sendmsg+0x10/0x10
[  341.061425][ T9288]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  341.061443][ T9288]  ? lockdep_hardirqs_on+0x9d/0x150
[  341.061462][ T9288]  __do_fast_syscall_32+0xb4/0x110
[  341.061480][ T9288]  ? exc_page_fault+0x5f8/0x920
[  341.061500][ T9288]  do_fast_syscall_32+0x34/0x80
[  341.061525][ T9288]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  341.061543][ T9288] RIP: 0023:0xf7ff2579
[  341.061555][ T9288] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  341.061568][ T9288] RSP: 002b:00000000f50f555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  341.061583][ T9288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  341.061594][ T9288] RDX: 0000000004000004 RSI: 0000000000000000 RDI: 0000000000000000
[  341.061602][ T9288] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  341.061611][ T9288] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  341.061619][ T9288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  341.061639][ T9288]  </TASK>
[  341.061692][ T9288] netlink: 260 bytes leftover after parsing attributes in process `syz.1.909'.
[  344.085857][ T9329] xt_CT: No such helper "netbios-ns"
[  344.155724][  T975] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  344.332971][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  344.358627][  T975] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  344.384403][    T9] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  344.413412][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  344.443780][    T9] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  344.476505][  T975] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  344.536743][  T975] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  344.591754][  T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.603044][  T975] usb 1-1: Product: syz
[  344.608430][  T975] usb 1-1: Manufacturer: syz
[  344.614282][  T975] usb 1-1: SerialNumber: syz
[  344.632101][  T975] usb 1-1: config 0 descriptor??
[  344.645937][ T5895] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  344.759529][  T975] ums-isd200 1-1:0.0: USB Mass Storage device detected
[  344.807940][ T5895] usb 2-1: config 0 has no interfaces?
[  344.820811][ T5895] usb 2-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=87.c0
[  344.896533][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.916704][  T975] scsi host1: usb-storage 1-1:0.0
[  344.928381][ T5895] usb 2-1: Product: syz
[  344.952953][ T5895] usb 2-1: Manufacturer: syz
[  344.968673][  T975] usb 1-1: USB disconnect, device number 20
[  344.986511][ T5895] usb 2-1: SerialNumber: syz
[  345.017924][ T5895] usb 2-1: config 0 descriptor??
[  345.083226][ T9345] FAULT_INJECTION: forcing a failure.
[  345.083226][ T9345] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.113511][ T9345] CPU: 0 UID: 0 PID: 9345 Comm: syz.2.924 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  345.113534][ T9345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  345.113544][ T9345] Call Trace:
[  345.113550][ T9345]  <TASK>
[  345.113557][ T9345]  dump_stack_lvl+0x241/0x360
[  345.113585][ T9345]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.113607][ T9345]  ? __pfx__printk+0x10/0x10
[  345.113637][ T9345]  should_fail_ex+0x424/0x570
[  345.113657][ T9345]  _copy_from_user+0x2d/0xb0
[  345.113680][ T9345]  get_compat_msghdr+0xb3/0x730
[  345.113708][ T9345]  ? __pfx_get_compat_msghdr+0x10/0x10
[  345.113734][ T9345]  ? do_recvmmsg+0x566/0xab0
[  345.113755][ T9345]  do_recvmmsg+0x4d5/0xab0
[  345.113780][ T9345]  ? __pfx_do_recvmmsg+0x10/0x10
[  345.113813][ T9345]  ? rcu_read_lock_any_held+0xbb/0x160
[  345.113847][ T9345]  ? ksys_write+0x24e/0x2d0
[  345.113885][ T9345]  __sys_recvmmsg+0x1aa/0x280
[  345.113902][ T9345]  ? fput+0x9b/0xd0
[  345.113914][ T9345]  ? __pfx___sys_recvmmsg+0x10/0x10
[  345.113929][ T9345]  ? ksys_write+0x275/0x2d0
[  345.113953][ T9345]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xd0
[  345.113971][ T9345]  __do_fast_syscall_32+0xb4/0x110
[  345.113990][ T9345]  ? exc_page_fault+0x5f8/0x920
[  345.114017][ T9345]  do_fast_syscall_32+0x34/0x80
[  345.114036][ T9345]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  345.114055][ T9345] RIP: 0023:0xf740d579
[  345.114067][ T9345] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  345.114080][ T9345] RSP: 002b:00000000f507555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  345.114097][ T9345] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000b00
[  345.114108][ T9345] RDX: 0000000000000359 RSI: 0000000040000140 RDI: 0000000000000000
[  345.114117][ T9345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  345.114126][ T9345] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  345.114134][ T9345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  345.114155][ T9345]  </TASK>
[  345.376763][ T5895] usb 2-1: USB disconnect, device number 44
[  346.076246][ T5895] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  346.216359][ T5895] usb 5-1: device descriptor read/64, error -71
[  346.455906][ T5895] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  346.477462][ T9364] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  346.596290][ T5895] usb 5-1: device descriptor read/64, error -71
[  346.827007][ T5895] usb usb5-port1: attempt power cycle
[  347.066456][ T9372] netlink: 'syz.1.934': attribute type 10 has an invalid length.
[  347.236332][ T5895] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  347.260746][ T5895] usb 5-1: device descriptor read/8, error -71
[  347.516027][ T5895] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  347.555172][ T2153] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  347.560175][ T5895] usb 5-1: device descriptor read/8, error -71
[  347.676310][ T5895] usb usb5-port1: unable to enumerate USB device
[  347.725421][ T2153] usb 2-1: Using ep0 maxpacket: 16
[  347.766127][ T2153] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  347.785587][ T2153] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  347.898170][ T2153] usb 2-1: config 0 has no interfaces?
[  347.907875][ T2153] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  347.981605][ T2153] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.032259][ T2153] usb 2-1: Product: syz
[  348.042394][ T2153] usb 2-1: Manufacturer: syz
[  348.049022][ T2153] usb 2-1: SerialNumber: syz
[  348.059174][ T5895] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  348.060182][ T2153] usb 2-1: config 0 descriptor??
[  348.245513][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  348.267402][ T5895] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  348.289326][ T5895] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  348.322784][ T5895] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  348.358629][ T5895] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  348.400270][ T5895] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  348.430196][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.707022][ T9383] fuse: Unexpected value for 'default_permissions'
[  349.202640][ T9403] netlink: 28 bytes leftover after parsing attributes in process `syz.4.940'.
[  349.238703][ T5895] usb 1-1: usb_control_msg returned -71
[  349.256193][ T5895] usbtmc 1-1:16.0: can't read capabilities
[  349.294593][ T5895] usb 1-1: USB disconnect, device number 21
[  349.476928][ T9411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.943'.
[  349.546022][ T5892] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  349.725726][ T5892] usb 3-1: Using ep0 maxpacket: 32
[  349.737041][ T5892] usb 3-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88
[  349.747246][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.761526][ T5892] usb 3-1: Product: syz
[  349.772500][ T5892] usb 3-1: Manufacturer: syz
[  349.788814][ T9412] netlink: 76 bytes leftover after parsing attributes in process `syz.3.944'.
[  349.790090][ T5892] usb 3-1: SerialNumber: syz
[  349.828960][ T5892] usb 3-1: config 0 descriptor??
[  349.841039][ T5892] as10x_usb: device has been detected
[  349.869067][ T5892] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan)
[  350.026595][ T5892] usb 3-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)...
[  350.122459][ T5895] usb 2-1: USB disconnect, device number 45
[  350.169349][ T5892] as10x_usb: error during firmware upload part1
[  350.197436][ T5892] Registered device Abilis Systems DVB-Titan
[  350.208467][ T5892] usb 3-1: USB disconnect, device number 31
[  350.280582][ T5892] Unregistered device Abilis Systems DVB-Titan
[  350.288956][ T5892] as10x_usb: device has been disconnected
[  350.555716][ T5895] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  350.624329][    T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  350.716558][ T5895] usb 2-1: too many configurations: 82, using maximum allowed: 8
[  350.729384][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  350.741469][ T5895] usb 2-1: can't read configurations, error -61
[  350.795908][    T9] usb 4-1: Using ep0 maxpacket: 16
[  350.828109][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.885771][ T5895] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  350.905894][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  350.951320][ T9430] netlink: 'syz.0.950': attribute type 10 has an invalid length.
[  350.979545][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  351.036236][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.096818][ T5895] usb 2-1: too many configurations: 82, using maximum allowed: 8
[  351.130622][    T9] usb 4-1: config 0 descriptor??
[  351.232103][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  351.251023][    T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  351.259395][ T5895] usb 2-1: can't read configurations, error -61
[  351.276375][ T5895] usb usb2-port1: attempt power cycle
[  351.565197][   T47] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  351.686070][ T5895] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  351.717362][ T5895] usb 2-1: too many configurations: 82, using maximum allowed: 8
[  351.735400][   T47] usb 3-1: Using ep0 maxpacket: 8
[  351.736140][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  351.755899][ T5895] usb 2-1: can't read configurations, error -61
[  351.782184][   T47] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  351.843424][   T47] usb 3-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00
[  351.875128][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.880748][ T9444] netlink: 4 bytes leftover after parsing attributes in process `syz.4.955'.
[  351.888863][   T47] usb 3-1: config 0 descriptor??
[  351.906189][ T5895] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  351.927725][   T47] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input18
[  351.927793][ T5895] usb 2-1: too many configurations: 82, using maximum allowed: 8
[  351.946363][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  351.960766][ T5895] usb 2-1: can't read configurations, error -61
[  351.968955][ T5895] usb usb2-port1: unable to enumerate USB device
[  352.003234][ T9446] netlink: 'syz.4.956': attribute type 10 has an invalid length.
[  352.371021][ T5841] usb 4-1: USB disconnect, device number 28
[  352.385764][ T2153] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  352.520204][ T9452] netlink: 'syz.3.957': attribute type 10 has an invalid length.
[  352.561794][ T9450] FAULT_INJECTION: forcing a failure.
[  352.561794][ T9450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  352.576221][ T9450] CPU: 0 UID: 0 PID: 9450 Comm: syz.0.967 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  352.576254][ T9450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  352.576266][ T9450] Call Trace:
[  352.576276][ T9450]  <TASK>
[  352.576284][ T9450]  dump_stack_lvl+0x241/0x360
[  352.576323][ T9450]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.576354][ T9450]  ? __pfx__printk+0x10/0x10
[  352.576397][ T9450]  should_fail_ex+0x424/0x570
[  352.576425][ T9450]  copy_fpstate_to_sigframe+0xa6f/0xdc0
[  352.576451][ T9450]  ? copy_fpstate_to_sigframe+0x182/0xdc0
[  352.576478][ T9450]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  352.576501][ T9450]  ? do_raw_spin_lock+0x151/0x370
[  352.576557][ T9450]  ? fpu__alloc_mathframe+0xab/0x130
[  352.576591][ T9450]  get_sigframe+0x5de/0x810
[  352.576633][ T9450]  ? __pfx_get_sigframe+0x10/0x10
[  352.576679][ T9450]  ia32_setup_frame+0x121/0xa00
[  352.576720][ T9450]  ? __pfx_ia32_setup_frame+0x10/0x10
[  352.576755][ T9450]  arch_do_signal_or_restart+0x450/0x840
[  352.576792][ T9450]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  352.576844][ T9450]  ? syscall_exit_to_user_mode+0xa3/0x340
[  352.576874][ T9450]  syscall_exit_to_user_mode+0xce/0x340
[  352.576903][ T9450]  __do_fast_syscall_32+0xc1/0x110
[  352.576938][ T9450]  do_fast_syscall_32+0x34/0x80
[  352.576964][ T9450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  352.576989][ T9450] RIP: 0023:0xf7fc3579
[  352.577007][ T9450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  352.577024][ T9450] RSP: 002b:00000000f50e6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  352.577046][ T9450] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00000000f50e6610
[  352.577059][ T9450] RDX: 0000000000000001 RSI: 00000000f744dff4 RDI: 0000000000000000
[  352.577071][ T9450] RBP: 00000000f7484f80 R08: 0000000000000000 R09: 0000000000000000
[  352.577083][ T9450] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  352.577096][ T9450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  352.577120][ T9450]  </TASK>
[  352.803874][ T2153] usb 5-1: Using ep0 maxpacket: 16
[  352.870187][ T2153] usb 5-1: config index 0 descriptor too short (expected 69, got 36)
[  352.878566][ T2153] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.889798][ T2153] usb 5-1: config 0 has no interfaces?
[  352.900334][ T2153] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  352.933720][ T2153] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.958775][ T2153] usb 5-1: Product: syz
[  352.963116][ T2153] usb 5-1: Manufacturer: syz
[  352.971516][ T2153] usb 5-1: SerialNumber: syz
[  352.988166][ T2153] usb 5-1: config 0 descriptor??
[  353.155873][ T5892] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  353.316377][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  353.324215][ T5892] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  353.334389][ T5892] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.356346][ T5892] usb 4-1: config 0 has no interfaces?
[  353.359147][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807c3f6400: rx timeout, send abort
[  353.370853][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c3f6400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  353.385576][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807c3f5c00: rx timeout, send abort
[  353.394988][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c3f5c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  353.412893][ T5892] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  353.426158][ T5197] bcm5974 3-1:0.0: could not read from device
[  353.447867][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.477379][ T5197] bcm5974 3-1:0.0: could not read from device
[  353.482107][   T47] usb 3-1: USB disconnect, device number 32
[  353.523121][ T5892] usb 4-1: Product: syz
[  353.560965][ T5892] usb 4-1: Manufacturer: syz
[  353.583677][ T5892] usb 4-1: SerialNumber: syz
[  353.618391][ T5892] usb 4-1: config 0 descriptor??
[  354.056709][   T47] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  354.228665][   T47] usb 2-1: config 0 has no interfaces?
[  354.271088][   T47] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  354.311091][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.320537][   T47] usb 2-1: Product: syz
[  354.325701][   T47] usb 2-1: Manufacturer: syz
[  354.330887][   T47] usb 2-1: SerialNumber: syz
[  354.338615][   T47] usb 2-1: config 0 descriptor??
[  355.022303][   T47] usb 5-1: USB disconnect, device number 33
[  355.152747][ T5892] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  355.375745][ T5892] usb 1-1: not running at top speed; connect to a high speed hub
[  355.391911][ T5892] usb 1-1: config 6 has an invalid interface number: 191 but max is 0
[  355.419906][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.966'.
[  355.441103][ T5892] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
[  355.535644][   T47] usb 4-1: USB disconnect, device number 29
[  355.601030][ T5892] usb 1-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  355.662087][ T9484] netlink: 'syz.3.978': attribute type 10 has an invalid length.
[  355.900738][ T5892] usb 1-1: config 6 has no interface number 0
[  355.985917][ T5892] usb 1-1: config 6 interface 191 altsetting 216 endpoint 0x3 has invalid maxpacket 9225, setting to 64
[  356.036755][ T5892] usb 1-1: config 6 interface 191 altsetting 216 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  356.055943][ T5892] usb 1-1: config 6 interface 191 has no altsetting 0
[  356.067271][ T5892] usb 1-1: New USB device found, idVendor=0403, idProduct=f9d3, bcdDevice=9d.9b
[  356.081596][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.104849][ T5892] usb 1-1: Product: Њ
[  356.149461][ T5892] usb 1-1: Manufacturer: 粎䒫攄碫ⵥ隤環⒕⻪몊ꀖ倶嘵켐ꎥ⽢鹦쯋⡁쓦雒癅䆸ጷ芮핀㨁䱾糲冚롻‌罊㹐䂛괢뤯ꋠ浊蛝篸䣼녔鷭⺈惴ㄆ쪆굨큦犮바ᇤ㻖믺ꁉ䨧ㆤ麓睶띊뛾䫵刘ຮ鞿ゾ뗟顣䈑ꦅ㰉荟蝒㭉ᢵ䠂⍋僳ⲁ☔萜㚰橹⾒님콨鄣珁࣐쬫䒍븠渘녮ࠢ娩뎣㲯ﴪ邂
[  356.196536][ T9490] netlink: 76 bytes leftover after parsing attributes in process `syz.4.968'.
[  356.225995][ T5892] usb 1-1: SerialNumber: syz
[  356.305692][   T47] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  356.475389][   T47] usb 4-1: Using ep0 maxpacket: 16
[  356.594598][   T47] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  356.610614][   T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.718431][   T47] usb 4-1: config 0 has no interfaces?
[  356.798695][   T47] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  356.810427][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.822078][   T47] usb 4-1: Product: syz
[  356.830908][   T47] usb 4-1: Manufacturer: syz
[  356.836142][   T47] usb 4-1: SerialNumber: syz
[  356.850474][   T47] usb 4-1: config 0 descriptor??
[  356.875265][ T2153] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  357.105441][ T2153] usb 5-1: Using ep0 maxpacket: 16
[  357.119849][ T2153] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.130282][ T2153] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  357.145767][ T2153] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  357.155014][ T2153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.186880][ T2153] usb 5-1: config 0 descriptor??
[  357.234937][ T2153] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  357.363855][ T5893] usb 2-1: USB disconnect, device number 50
[  357.903468][ T5892] ftdi_sio 1-1:6.191: FTDI USB Serial Device converter detected
[  357.934014][ T5892] ftdi_sio ttyUSB0: unknown device type: 0x9d9b
[  357.992260][ T5892] usb 1-1: USB disconnect, device number 22
[  358.013459][ T5892] ftdi_sio 1-1:6.191: device disconnected
[  358.625618][ T2153] usb 5-1: USB disconnect, device number 34
[  359.158182][ T2153] usb 4-1: USB disconnect, device number 30
[  359.953722][ T9528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.979'.
[  360.071483][ T9532] delete_channel: no stack
[  360.135350][ T2153] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  360.335451][ T2153] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 7
[  360.362426][ T2153] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  360.371959][ T2153] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.380466][ T2153] usb 1-1: Product: syz
[  360.384791][ T2153] usb 1-1: Manufacturer: syz
[  360.390915][ T2153] usb 1-1: SerialNumber: syz
[  360.411763][ T2153] usb 1-1: config 0 descriptor??
[  360.576912][ T9547] netlink: 'syz.3.986': attribute type 10 has an invalid length.
[  360.905199][ T2153] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  361.035010][ T9553] netlink: 76 bytes leftover after parsing attributes in process `syz.1.985'.
[  361.087251][ T2153] usb 4-1: Using ep0 maxpacket: 16
[  361.121189][ T2153] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[  361.129469][ T2153] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  361.142319][ T2153] usb 4-1: config 0 has no interfaces?
[  361.245460][ T2153] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  361.297156][ T2153] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.308508][ T2153] usb 4-1: Product: syz
[  361.313224][ T2153] usb 4-1: Manufacturer: syz
[  361.320259][ T2153] usb 4-1: SerialNumber: syz
[  361.334481][ T2153] usb 4-1: config 0 descriptor??
[  361.855171][   T47] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  361.896705][ T5895] usb 1-1: USB disconnect, device number 23
[  362.015201][   T47] usb 2-1: Using ep0 maxpacket: 16
[  362.022659][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  362.033127][   T47] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  362.046528][   T47] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  362.055885][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.073097][   T47] usb 2-1: config 0 descriptor??
[  362.091498][   T47] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  362.254906][ T9567] netlink: 4 bytes leftover after parsing attributes in process `syz.4.991'.
[  362.422736][ T9571] netlink: 72 bytes leftover after parsing attributes in process `syz.4.993'.
[  362.485887][ T5895] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  362.647572][ T5895] usb 1-1: config 0 has an invalid interface number: 248 but max is 0
[  362.656927][ T5895] usb 1-1: config 0 has no interface number 0
[  362.663073][ T5895] usb 1-1: config 0 interface 248 has no altsetting 0
[  362.673137][ T5895] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=10.98
[  362.683111][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.692814][ T5895] usb 1-1: Product: syz
[  362.698762][ T5895] usb 1-1: Manufacturer: syz
[  362.703496][ T5895] usb 1-1: SerialNumber: syz
[  362.728806][ T5895] usb 1-1: config 0 descriptor??
[  362.984178][ T5895] usb 1-1: USB disconnect, device number 24
[  363.050615][ T5892] usb 2-1: USB disconnect, device number 51
[  363.390022][ T9584] netlink: 64 bytes leftover after parsing attributes in process `syz.1.997'.
[  363.669794][ T5892] usb 4-1: USB disconnect, device number 31
[  363.678823][ T9594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1003'.
[  363.786060][ T5895] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  363.893655][ T9600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1005'.
[  363.925608][ T9604] netlink: 'syz.0.1006': attribute type 2 has an invalid length.
[  363.925879][ T5895] usb 2-1: device descriptor read/64, error -71
[  363.933785][ T9604] netlink: 'syz.0.1006': attribute type 11 has an invalid length.
[  363.955982][ T9604] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1006'.
[  364.195731][ T5895] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  364.325681][ T5895] usb 2-1: device descriptor read/64, error -71
[  364.487291][    T9] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  364.506544][ T5895] usb usb2-port1: attempt power cycle
[  364.737838][    T9] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  364.750828][    T9] usb 3-1: config 0 has no interface number 0
[  364.761438][    T9] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  364.771311][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.780583][    T9] usb 3-1: Product: syz
[  364.784874][    T9] usb 3-1: Manufacturer: syz
[  364.790448][    T9] usb 3-1: SerialNumber: syz
[  364.859739][    T9] usb 3-1: config 0 descriptor??
[  365.001353][ T5895] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  365.038898][ T5895] usb 2-1: device descriptor read/8, error -71
[  365.285568][ T5895] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  365.316490][ T5895] usb 2-1: device descriptor read/8, error -71
[  365.483844][ T5895] usb usb2-port1: unable to enumerate USB device
[  365.577687][    T9] usb 3-1: Firmware version (0.0) predates our first public release.
[  365.593678][    T9] usb 3-1: Please update to version 0.2 or newer
[  365.797514][    T9] usb 3-1: USB disconnect, device number 33
[  366.993082][ T9640] netlink: 'syz.1.1015': attribute type 10 has an invalid length.
[  367.184126][ T9643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1016'.
[  367.396583][ T5885] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  367.471543][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1018'.
[  367.528788][ T9650] syz.3.1019: attempt to access beyond end of device
[  367.528788][ T9650] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  367.556013][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  367.806764][    T9] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  367.814794][ T5885] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  367.829326][ T5885] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  367.866057][ T5885] usb 2-1: config 0 has no interfaces?
[  368.038259][ T5885] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  368.048745][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.066334][    T9] usb 1-1: device descriptor read/64, error -71
[  368.075971][ T5885] usb 2-1: Product: syz
[  368.084064][ T5885] usb 2-1: Manufacturer: syz
[  368.093742][ T5885] usb 2-1: SerialNumber: syz
[  368.116876][ T5885] usb 2-1: config 0 descriptor??
[  368.265908][   T47] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  368.326903][    T9] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  368.464510][   T47] usb 5-1: not running at top speed; connect to a high speed hub
[  368.470141][    T9] usb 1-1: device descriptor read/64, error -71
[  368.483931][   T47] usb 5-1: config 6 has an invalid interface number: 191 but max is 0
[  368.492213][   T47] usb 5-1: config 6 contains an unexpected descriptor of type 0x2, skipping
[  368.506532][   T47] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  368.534131][   T47] usb 5-1: config 6 has no interface number 0
[  368.557372][   T47] usb 5-1: config 6 interface 191 altsetting 216 endpoint 0x3 has invalid maxpacket 9225, setting to 64
[  368.586898][   T47] usb 5-1: config 6 interface 191 altsetting 216 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  368.596044][    T9] usb usb1-port1: attempt power cycle
[  368.633616][ T5893] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  368.658203][   T47] usb 5-1: config 6 interface 191 has no altsetting 0
[  368.733932][   T47] usb 5-1: New USB device found, idVendor=0403, idProduct=f9d3, bcdDevice=9d.9b
[  368.773411][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.945336][   T47] usb 5-1: Product: Њ
[  368.946096][    T9] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  368.965940][   T47] usb 5-1: Manufacturer: 粎䒫攄碫ⵥ隤環⒕⻪몊ꀖ倶嘵켐ꎥ⽢鹦쯋⡁쓦雒癅䆸ጷ芮핀㨁䱾糲冚롻‌罊㹐䂛괢뤯ꋠ浊蛝篸䣼녔鷭⺈惴ㄆ쪆굨큦犮바ᇤ㻖믺ꁉ䨧ㆤ麓睶띊뛾䫵刘ຮ鞿ゾ뗟顣䈑ꦅ㰉荟蝒㭉ᢵ䠂⍋僳ⲁ☔萜㚰橹⾒님콨鄣珁࣐쬫䒍븠渘녮ࠢ娩뎣㲯ﴪ邂
[  369.036367][ T5893] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  369.044853][    T9] usb 1-1: device descriptor read/8, error -71
[  369.067735][ T5893] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  369.090011][   T47] usb 5-1: SerialNumber: syz
[  369.094711][ T5893] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  369.132611][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.295853][    T9] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  369.297548][ T9661] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  369.318369][ T5893] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  369.368214][    T9] usb 1-1: device descriptor read/8, error -71
[  369.511275][    T9] usb usb1-port1: unable to enumerate USB device
[  369.663876][    T9] usb 2-1: USB disconnect, device number 56
[  370.552835][ T9678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1029'.
[  370.716981][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.727429][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.737894][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.820937][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.831537][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.848298][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  370.925208][ T5841] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[  370.967101][ T9682] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1031'.
[  371.075214][ T5893] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  371.098304][ T5841] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  371.106874][ T5841] usb 2-1: config 0 has no interface number 0
[  371.113031][ T5841] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  371.124619][ T5841] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  371.136835][ T5841] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  371.152650][ T5841] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  371.162675][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.170841][ T5841] usb 2-1: Product: syz
[  371.175305][ T5841] usb 2-1: Manufacturer: syz
[  371.180027][ T5841] usb 2-1: SerialNumber: syz
[  371.190043][ T5841] usb 2-1: config 0 descriptor??
[  371.198080][ T9680] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  371.207954][ T5841] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  371.217005][ T5893] usb 3-1: device descriptor read/64, error -71
[  371.224902][ T5841] cyberjack ttyUSB0: usb_submit_urb(read int) failed
[  371.244413][ T5841] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  371.304911][   T47] ftdi_sio 5-1:6.191: FTDI USB Serial Device converter detected
[  371.350484][   T47] ftdi_sio ttyUSB1: unknown device type: 0x9d9b
[  371.383962][ T5841] usb 4-1: USB disconnect, device number 32
[  371.423430][   T47] usb 5-1: USB disconnect, device number 35
[  371.450485][   T47] ftdi_sio 5-1:6.191: device disconnected
[  371.456656][ T5893] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  371.464513][ T9692] netlink: 'syz.4.1033': attribute type 10 has an invalid length.
[  371.574510][ T2153] usb 2-1: USB disconnect, device number 57
[  371.626050][ T2153] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  371.636860][ T5893] usb 3-1: device descriptor read/64, error -71
[  371.659687][ T2153] cyberjack 2-1:0.69: device disconnected
[  371.745521][ T5893] usb usb3-port1: attempt power cycle
[  371.915404][ T5841] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  371.937422][   T47] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  372.080122][ T5841] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  372.091954][ T5841] usb 4-1: config 1 has an invalid descriptor of length 92, skipping remainder of the config
[  372.104733][   T47] usb 5-1: Using ep0 maxpacket: 16
[  372.112997][ T5841] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.125396][ T5893] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  372.139180][   T47] usb 5-1: config index 0 descriptor too short (expected 69, got 36)
[  372.151162][ T5841] usb 4-1: config 1 has no interface number 0
[  372.159831][   T47] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  372.173268][ T5841] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  372.295685][ T5893] usb 3-1: device descriptor read/8, error -71
[  372.301937][   T47] usb 5-1: config 0 has no interfaces?
[  372.322521][ T5841] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  372.339450][   T47] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  372.348824][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.358090][ T5841] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.367360][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.380918][   T47] usb 5-1: Product: syz
[  372.388389][ T5841] usb 4-1: Product: syz
[  372.404619][   T47] usb 5-1: Manufacturer: syz
[  372.411336][ T5841] usb 4-1: Manufacturer: syz
[  372.427398][   T47] usb 5-1: SerialNumber: syz
[  372.433550][ T5841] usb 4-1: SerialNumber: syz
[  372.441775][   T47] usb 5-1: config 0 descriptor??
[  372.454305][ T5841] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  372.461318][ T5841] cdc_ncm 4-1:1.1: bind() failure
[  372.715689][ T5893] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[  372.736376][ T5885] usb 4-1: USB disconnect, device number 33
[  372.766411][ T5893] usb 3-1: device descriptor read/8, error -71
[  372.895607][ T5893] usb usb3-port1: unable to enumerate USB device
[  373.041220][ T9710] __nla_validate_parse: 2 callbacks suppressed
[  373.041240][ T9710] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1039'.
[  373.059547][ T9710] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1039'.
[  373.080373][ T9710] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1039'.
[  373.109334][ T9709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1040'.
[  373.271229][ T9720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1042'.
[  373.326955][ T9724] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1043'.
[  373.464469][ T9730] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1044'.
[  373.489292][ T9730] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1044'.
[  373.527318][ T9730] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1044'.
[  374.586231][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  374.648110][ T5893] usb 5-1: USB disconnect, device number 36
[  374.784030][ T9754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  374.896071][ T9754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  374.993153][ T9754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.007931][ T9757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.031503][ T9754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.040130][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  375.045226][ T5841] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  375.061459][ T9757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.267043][ T9754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.317209][    T9] usb 1-1: Using ep0 maxpacket: 8
[  375.324252][    T9] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  375.344372][    T9] usb 1-1: config 179 has no interface number 0
[  375.347621][ T9754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.358584][ T5841] usb 4-1: device descriptor read/64, error -71
[  375.429522][    T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  375.521198][    T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  375.577520][    T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 203, changing to 11
[  375.615663][ T5841] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  375.634774][    T9] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 42897, setting to 1024
[  375.677933][    T9] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  375.781769][    T9] usb 1-1: config 179 interface 65 has no altsetting 0
[  375.806194][ T5841] usb 4-1: device descriptor read/64, error -71
[  375.880100][    T9] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  375.904185][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.915680][ T5841] usb usb4-port1: attempt power cycle
[  375.967790][ T9755] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  376.024045][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input19
[  376.117815][ T5197] input input19: unable to receive magic message: -110
[  376.237534][ T9755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.255608][ T5841] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  376.284981][ T5197] input input19: unable to receive magic message: -32
[  376.297422][ T9755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.332543][ T5841] usb 4-1: device descriptor read/8, error -71
[  376.438794][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  376.456479][ T5197] input input19: unable to receive magic message: -32
[  376.605391][ T5841] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  376.646085][ T5197] input input19: unable to receive magic message: -32
[  376.653059][    T9] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  376.707312][ T5841] usb 4-1: device descriptor read/8, error -71
[  376.755768][ T6651] input input19: unable to receive magic message: -32
[  376.826835][    T9] usb 3-1: Using ep0 maxpacket: 16
[  376.846427][ T5841] usb usb4-port1: unable to enumerate USB device
[  376.856113][ T5197] input input19: unable to receive magic message: -32
[  376.874149][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  376.950759][    T9] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  376.985638][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.018591][    T9] usb 3-1: Product: syz
[  377.040244][    T9] usb 3-1: Manufacturer: syz
[  377.063135][    T9] usb 3-1: SerialNumber: syz
[  377.126355][    T9] usb 3-1: config 0 descriptor??
[  377.143154][    T9] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  377.237906][    T9] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  377.783998][    T9] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  377.883789][   T47] usb 1-1: USB disconnect, device number 29
[  377.883813][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  377.900487][   T47] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  377.932946][ T9784] bridge2: entered promiscuous mode
[  378.219609][    T9] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  378.238106][    T9] em28xx 3-1:0.0: board has no eeprom
[  378.272525][ T9803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.283026][ T9803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.398858][ T9806] __nla_validate_parse: 1 callbacks suppressed
[  378.398911][ T9806] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1066'.
[  378.554029][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.560452][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.675478][ T9813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.796423][ T9813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.887568][ T9813] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1068'.
[  378.922335][ T5895] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  378.924235][ T9817] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1068'.
[  379.331302][    T9] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  379.356126][    T9] em28xx 3-1:0.0: dvb set to bulk mode.
[  379.370020][ T5885] em28xx 3-1:0.0: Binding DVB extension
[  379.559183][ T5892] usb 3-1: USB disconnect, device number 38
[  379.649002][ T5885] em28xx 3-1:0.0: Registering input extension
[  379.673348][ T5892] em28xx 3-1:0.0: Disconnecting em28xx
[  379.702950][ T5892] em28xx 3-1:0.0: Closing input extension
[  379.911434][ T5892] em28xx 3-1:0.0: Freeing device
[  379.978784][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1078'.
[  380.406798][   T30] audit: type=1326 audit(1744420074.077:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9855 comm="syz.2.1080" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0
[  381.083923][ T9878] loop6: detected capacity change from 0 to 524287999
[  381.136067][ T9878] buffer_io_error: 7 callbacks suppressed
[  381.136088][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.238132][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.265282][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.279815][   T30] audit: type=1326 audit(1744420074.947:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  381.301774][    C0] vkms_vblank_simulate: vblank timer overrun
[  381.314065][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.351002][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.432562][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.469089][   T30] audit: type=1326 audit(1744420074.947:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  381.492227][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.583274][   T30] audit: type=1326 audit(1744420074.947:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  381.643508][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.708251][ T9878] ldm_validate_partition_table(): Disk read failed.
[  381.737564][   T30] audit: type=1326 audit(1744420074.947:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  381.764169][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.799226][ T9878] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.813897][ T9878] Dev loop6: unable to read RDB block 0
[  381.821198][ T9878]  loop6: unable to read partition table
[  381.885704][ T9878] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  381.936975][ T9881] ldm_validate_partition_table(): Disk read failed.
[  381.991187][ T9881] Dev loop6: unable to read RDB block 0
[  382.030515][ T9881]  loop6: unable to read partition table
[  382.053498][ T9881] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  382.134342][   T30] audit: type=1326 audit(1744420074.947:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  382.165708][ T5892] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  382.436273][ T5892] usb 1-1: Using ep0 maxpacket: 8
[  382.443882][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  382.474537][   T30] audit: type=1326 audit(1744420074.947:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  382.526034][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83
[  382.573207][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  382.608327][   T30] audit: type=1326 audit(1744420074.947:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  382.638925][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  382.677875][ T5892] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10
[  382.693400][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.711933][   T30] audit: type=1326 audit(1744420074.947:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  382.733819][    C0] vkms_vblank_simulate: vblank timer overrun
[  382.791616][ T5892] usb 1-1: Product: syz
[  382.881315][ T5892] usb 1-1: Manufacturer: syz
[  382.953984][ T5892] usb 1-1: SerialNumber: syz
[  382.992087][ T5892] usb 1-1: config 0 descriptor??
[  383.031626][   T30] audit: type=1326 audit(1744420074.947:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf740d598 code=0x7ffc0000
[  383.055800][ T9871] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  383.078780][ T5892] radioshark2 1-1:0.0: Invalid radioSHARK2 device
[  383.144942][ T5892] radioshark2 1-1:0.0: probe with driver radioshark2 failed with error -22
[  383.291714][ T9871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1085'.
[  383.606120][   T47] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  383.679543][ T5892] usb 1-1: USB disconnect, device number 30
[  383.786683][   T47] usb 2-1: Using ep0 maxpacket: 32
[  383.802459][   T47] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  383.849053][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.871206][   T47] usb 2-1: Product: syz
[  383.890243][   T47] usb 2-1: Manufacturer: syz
[  383.963509][   T47] usb 2-1: SerialNumber: syz
[  384.003195][   T47] usb 2-1: config 0 descriptor??
[  384.013209][   T47] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  384.886160][ T5892] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  385.050277][ T5892] usb 5-1: config 0 has no interfaces?
[  385.069881][ T5892] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  385.111367][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.137072][ T9910] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1095'.
[  385.184443][ T5892] usb 5-1: Product: syz
[  385.200072][ T5892] usb 5-1: Manufacturer: syz
[  385.209358][ T5892] usb 5-1: SerialNumber: syz
[  385.228802][ T5892] usb 5-1: config 0 descriptor??
[  385.415806][ T5885] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  385.546259][ T5885] usb 3-1: device descriptor read/64, error -71
[  385.564928][   T47] gspca_topro: reg_r err -32
[  385.570128][   T47] gspca_topro: Sensor soi763a
[  385.796162][ T5885] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[  385.937744][ T5885] usb 3-1: device descriptor read/64, error -71
[  386.066984][ T5885] usb usb3-port1: attempt power cycle
[  386.174977][ T9946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1105'.
[  386.415957][ T5885] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  386.447208][ T5885] usb 3-1: device descriptor read/8, error -71
[  386.485403][ T6886] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  386.506212][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  386.600387][   T47] usb 2-1: USB disconnect, device number 58
[  386.627739][ T6886] usb 1-1: device descriptor read/64, error -71
[  386.661335][ T9951] netlink: 'syz.1.1109': attribute type 10 has an invalid length.
[  386.669810][    T9] usb 4-1: Using ep0 maxpacket: 8
[  386.682283][    T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  386.691773][ T5885] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  386.701520][    T9] usb 4-1: config 179 has no interface number 0
[  386.709144][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  386.721576][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  386.737361][ T5885] usb 3-1: device descriptor read/8, error -71
[  386.743638][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 203, changing to 11
[  386.757356][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 42897, setting to 1024
[  386.773281][    T9] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  386.787917][    T9] usb 4-1: config 179 interface 65 has no altsetting 0
[  386.796877][    T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  386.807612][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.821117][ T9949] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  386.836603][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input21
[  386.853026][ T5885] usb usb3-port1: unable to enumerate USB device
[  386.915486][ T6886] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  386.929122][ T5197] input input21: unable to receive magic message: -110
[  386.942740][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  386.954153][ T5197] input input21: unable to receive magic message: -32
[  386.968840][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  386.978279][ T5197] input input21: unable to receive magic message: -32
[  386.993980][ T5197] input input21: unable to receive magic message: -32
[  387.058345][ T6651] input input21: unable to receive magic message: -32
[  387.082718][ T5197] input input21: unable to receive magic message: -32
[  387.089801][ T6886] usb 1-1: device descriptor read/64, error -71
[  387.106724][ T5885] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  387.147698][ T5197] input input21: unable to receive magic message: -32
[  387.158410][ T5197] input input21: unable to receive magic message: -32
[  387.184400][ T9946] input input21: unable to receive magic message: -32
[  387.194240][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  387.205449][ T6886] usb usb1-port1: attempt power cycle
[  387.271285][ T9949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.280700][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  387.290684][ T9949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.291970][ T5885] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  387.315735][ T5885] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  387.328069][ T5885] usb 2-1: config 0 has no interfaces?
[  387.341340][ T5885] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  387.352185][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.361645][ T5885] usb 2-1: Product: syz
[  387.366781][ T5885] usb 2-1: Manufacturer: syz
[  387.371577][ T5885] usb 2-1: SerialNumber: syz
[  387.383834][ T5885] usb 2-1: config 0 descriptor??
[  387.476728][ T5885] usb 5-1: USB disconnect, device number 38
[  387.555308][ T6886] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  387.586075][ T6886] usb 1-1: device descriptor read/8, error -71
[  387.650442][ T9958] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  387.660885][ T9958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1111'.
[  387.674597][ T9958] tipc: Disabling bearer <udp:syz2>
[  387.759764][ T9960] Invalid logical block size (2097152)
[  387.846174][ T6886] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  387.868407][ T6886] usb 1-1: device descriptor read/8, error -71
[  387.977133][ T6886] usb usb1-port1: unable to enumerate USB device
[  388.065753][    T9] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  388.121181][   T30] kauditd_printk_skb: 236 callbacks suppressed
[  388.121201][   T30] audit: type=1326 audit(1744420081.787:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.160857][   T30] audit: type=1326 audit(1744420081.787:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.185866][   T30] audit: type=1326 audit(1744420081.817:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.222099][   T30] audit: type=1326 audit(1744420081.817:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.245121][   T30] audit: type=1326 audit(1744420081.817:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.268651][   T30] audit: type=1326 audit(1744420081.817:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=279 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.292556][   T30] audit: type=1326 audit(1744420081.817:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.316328][    T9] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  388.324613][   T30] audit: type=1326 audit(1744420081.817:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.350735][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.365936][    T9] usb 5-1: config 0 has no interface number 0
[  388.377922][    T9] usb 5-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  388.393498][   T30] audit: type=1326 audit(1744420081.827:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=280 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.419861][    T9] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  388.429992][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.439547][   T30] audit: type=1326 audit(1744420081.827:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9963 comm="syz.2.1114" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x7ffc0000
[  388.468792][    T9] usb 5-1: config 0 descriptor??
[  388.491633][    T9] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  388.681314][ T9962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.698022][ T9962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.712717][    T9] usb 5-1: USB disconnect, device number 39
[  388.722306][ T6010] usb 5-1: Failed to submit usb control message: -71
[  388.733997][ T6010] usb 5-1: unable to send the bmi data to the device: -71
[  388.742265][ T6010] usb 5-1: unable to get target info from device
[  388.749047][ T6010] usb 5-1: could not get target info (-71)
[  388.755036][ T6010] usb 5-1: could not probe fw (-71)
[  389.119452][    T9] usb 4-1: USB disconnect, device number 38
[  389.126034][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  389.172920][    T9] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  389.509236][ T9984] fuse: Bad value for 'fd'
[  389.617203][ T9982] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1118'.
[  389.783591][ T6886] usb 2-1: USB disconnect, device number 59
[  390.248354][T10002] FAULT_INJECTION: forcing a failure.
[  390.248354][T10002] name failslab, interval 1, probability 0, space 0, times 0
[  390.261359][T10002] CPU: 1 UID: 0 PID: 10002 Comm: syz.2.1126 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  390.261389][T10002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  390.261402][T10002] Call Trace:
[  390.261411][T10002]  <TASK>
[  390.261420][T10002]  dump_stack_lvl+0x241/0x360
[  390.261460][T10002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.261492][T10002]  ? __pfx__printk+0x10/0x10
[  390.261526][T10002]  ? __pfx___might_resched+0x10/0x10
[  390.261558][T10002]  should_fail_ex+0x424/0x570
[  390.261587][T10002]  should_failslab+0xac/0x100
[  390.261618][T10002]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  390.261650][T10002]  ? __alloc_skb+0x1c2/0x480
[  390.261675][T10002]  __alloc_skb+0x1c2/0x480
[  390.261701][T10002]  ? __pfx___alloc_skb+0x10/0x10
[  390.261727][T10002]  ? __local_bh_enable_ip+0x168/0x200
[  390.261747][T10002]  ? lockdep_hardirqs_on+0x9d/0x150
[  390.261777][T10002]  alloc_skb_with_frags+0xc3/0x830
[  390.261809][T10002]  ? ip6_pol_route+0x192/0x15f0
[  390.261839][T10002]  sock_alloc_send_pskb+0x91c/0xa70
[  390.261886][T10002]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  390.261913][T10002]  ? ipv6_get_saddr_eval+0xbce/0xf50
[  390.261953][T10002]  __ip6_append_data+0x2c4f/0x41b0
[  390.262004][T10002]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  390.262049][T10002]  ? ip6_mtu+0x81/0x3f0
[  390.262076][T10002]  ? __pfx___ip6_append_data+0x10/0x10
[  390.262108][T10002]  ? ip6_setup_cork+0xaaf/0x11c0
[  390.262137][T10002]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  390.262172][T10002]  ip6_make_skb+0x31d/0x440
[  390.262206][T10002]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  390.262232][T10002]  ? __pfx_ip6_make_skb+0x10/0x10
[  390.262288][T10002]  udpv6_sendmsg+0x216b/0x3070
[  390.262336][T10002]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  390.262374][T10002]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  390.262407][T10002]  ? __lock_acquire+0xad5/0xd80
[  390.262448][T10002]  ? inet_send_prepare+0x1b7/0x260
[  390.262473][T10002]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  390.262494][T10002]  ? inet_send_prepare+0x1b7/0x260
[  390.262517][T10002]  ? do_raw_spin_unlock+0x13c/0x8b0
[  390.262558][T10002]  ? inet_send_prepare+0x1b7/0x260
[  390.262590][T10002]  __sock_sendmsg+0xef/0x270
[  390.262623][T10002]  ____sys_sendmsg+0x523/0x860
[  390.262656][T10002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  390.262697][T10002]  __sys_sendmsg+0x271/0x360
[  390.262727][T10002]  ? __pfx___sys_sendmsg+0x10/0x10
[  390.262804][T10002]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  390.262831][T10002]  ? lockdep_hardirqs_on+0x9d/0x150
[  390.262860][T10002]  __do_fast_syscall_32+0xb4/0x110
[  390.262888][T10002]  ? exc_page_fault+0x5f8/0x920
[  390.262919][T10002]  do_fast_syscall_32+0x34/0x80
[  390.262947][T10002]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.262973][T10002] RIP: 0023:0xf740d579
[  390.262991][T10002] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  390.263010][T10002] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  390.263033][T10002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000600
[  390.263049][T10002] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.263062][T10002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.263075][T10002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  390.263087][T10002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.263117][T10002]  </TASK>
[  390.665582][ T6886] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  390.821290][ T6886] usb 1-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.831526][ T6886] usb 1-1: config 0 interface 0 has no altsetting 0
[  390.838428][ T6886] usb 1-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[  390.847596][ T6886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.879628][T10013] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  390.879740][ T6886] usb 1-1: config 0 descriptor??
[  390.977137][T10013] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1128'.
[  391.255813][    T9] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  391.349786][ T6886] kye 0003:0458:5012.000C: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  391.387210][ T6886] kye 0003:0458:5012.000C: hidraw0: USB HID v0.00 Device [HID 0458:5012] on usb-dummy_hcd.0-1/input0
[  391.398372][ T6886] kye 0003:0458:5012.000C: tablet-enabling feature report not found
[  391.408490][ T6886] kye 0003:0458:5012.000C: tablet enabling failed
[  391.416377][ T5892] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  391.446863][T10020] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1131'.
[  391.457384][    T9] usb 2-1: config index 0 descriptor too short (expected 38031, got 77)
[  391.490590][    T9] usb 2-1: config 96 has too many interfaces: 74, using maximum allowed: 32
[  391.551353][    T9] usb 2-1: config 96 has an invalid descriptor of length 73, skipping remainder of the config
[  391.572299][ T9997] syzkaller1: entered promiscuous mode
[  391.582244][    T9] usb 2-1: config 96 has 0 interfaces, different from the descriptor's value: 74
[  391.593656][ T9997] syzkaller1: entered allmulticast mode
[  391.632534][    T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  391.642627][ T5892] usb 5-1: Using ep0 maxpacket: 8
[  391.661251][ T5892] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  391.685678][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.693785][ T5892] usb 5-1: config 179 has no interface number 0
[  391.700997][    T9] usb 2-1: Product: syz
[  391.712180][ T5892] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  391.727413][    T9] usb 2-1: Manufacturer: syz
[  391.732052][    T9] usb 2-1: SerialNumber: syz
[  391.757739][ T5892] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  391.786636][ T5892] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 203, changing to 11
[  391.818829][ T5892] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 42897, setting to 1024
[  391.854042][ T5892] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  391.868064][ T5892] usb 5-1: config 179 interface 65 has no altsetting 0
[  391.877471][ T5892] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  391.888457][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.961970][T10016] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  391.974211][T10014] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1129'.
[  391.985382][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  392.168016][ T6886] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  392.171274][ T9997] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1124'.
[  392.215020][ T5892] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input23
[  392.276096][ T5197] input input23: unable to receive magic message: -110
[  392.284678][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  392.313391][ T5197] input input23: unable to receive magic message: -32
[  392.348274][ T6886] usb 4-1: Using ep0 maxpacket: 8
[  392.431235][ T6886] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  392.442897][ T5197] input input23: unable to receive magic message: -32
[  392.455441][ T6886] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  392.518618][ T5197] input input23: unable to receive magic message: -32
[  392.531693][ T6886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  392.572814][ T6886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  392.627679][ T6886] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  392.649344][ T7118] input input23: unable to receive magic message: -32
[  392.672928][ T6886] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  392.710123][ T6886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.762077][T10016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.784313][ T5197] input input23: unable to receive magic message: -32
[  392.795015][T10016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.906007][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[  392.977778][ T6886] usb 4-1: usb_control_msg returned -32
[  392.983755][ T6886] usbtmc 4-1:16.0: can't read capabilities
[  393.372799][T10035] usbtmc 4-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  393.383083][ T6886] usb 1-1: USB disconnect, device number 35
[  393.586466][ T5885] usb 4-1: USB disconnect, device number 39
[  393.906968][ T6886] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  394.041934][ T5885] usb 5-1: USB disconnect, device number 40
[  394.048448][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  394.067569][ T6886] usb 1-1: Using ep0 maxpacket: 16
[  394.072938][ T5885] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  394.139261][ T6886] usb 1-1: unable to get BOS descriptor or descriptor too short
[  394.158643][ T6886] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  394.182755][ T6886] usb 1-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  394.244297][ T6886] usb 1-1: config 1 interface 0 has no altsetting 0
[  394.308346][    T9] usb 2-1: USB disconnect, device number 60
[  394.356901][ T6886] usb 1-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  394.381001][T10049] FAULT_INJECTION: forcing a failure.
[  394.381001][T10049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.399928][ T6886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.445916][ T6886] usb 1-1: Product: syz
[  394.451204][ T6886] usb 1-1: Manufacturer: syz
[  394.458539][T10049] CPU: 0 UID: 0 PID: 10049 Comm: syz.1.1142 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  394.458587][T10049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  394.458600][T10049] Call Trace:
[  394.458608][T10049]  <TASK>
[  394.458617][T10049]  dump_stack_lvl+0x241/0x360
[  394.458656][T10049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.458687][T10049]  ? __pfx__printk+0x10/0x10
[  394.458737][T10049]  should_fail_ex+0x424/0x570
[  394.458765][T10049]  _copy_from_user+0x2d/0xb0
[  394.458797][T10049]  generic_map_update_batch+0x59f/0x8e0
[  394.458842][T10049]  ? __pfx_generic_map_update_batch+0x10/0x10
[  394.458870][T10049]  ? __fget_files+0x39d/0x420
[  394.458888][T10049]  ? __fget_files+0x2a/0x420
[  394.458917][T10049]  ? __pfx_generic_map_update_batch+0x10/0x10
[  394.458945][T10049]  bpf_map_do_batch+0x39a/0x660
[  394.458975][T10049]  __sys_bpf+0x3c1/0x8b0
[  394.459000][T10049]  ? __pfx___sys_bpf+0x10/0x10
[  394.459044][T10049]  ? ksys_write+0x275/0x2d0
[  394.459082][T10049]  __ia32_sys_bpf+0x7c/0x90
[  394.459115][T10049]  __do_fast_syscall_32+0xb4/0x110
[  394.459143][T10049]  ? exc_page_fault+0x5f8/0x920
[  394.459173][T10049]  do_fast_syscall_32+0x34/0x80
[  394.459200][T10049]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.459226][T10049] RIP: 0023:0xf7ff2579
[  394.459243][T10049] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  394.459262][T10049] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  394.459285][T10049] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000800002c0
[  394.459300][T10049] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  394.459313][T10049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.459325][T10049] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  394.459338][T10049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  394.459369][T10049]  </TASK>
[  394.677153][ T6886] usb 1-1: SerialNumber: syz
[  395.082574][T10055] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1143'.
[  395.408500][T10063] syzkaller1: entered promiscuous mode
[  395.450452][T10063] syzkaller1: entered allmulticast mode
[  395.859983][T10066] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode
[  395.919181][T10066] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode
[  396.004489][T10074] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1150'.
[  396.069794][T10074] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  396.187947][   T47] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  396.346035][T10078] tipc: Started in network mode
[  396.354270][T10078] tipc: Node identity 6e5cbfe4bc48, cluster identity 4711
[  396.363765][T10078] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  396.367878][   T47] usb 3-1: config 0 interface 0 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  396.387298][   T47] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.395208][   T47] usb 3-1: New USB device found, idVendor=056a, idProduct=033e, bcdDevice= 0.00
[  396.404509][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.420464][T10077] tipc: Disabling bearer <eth:syzkaller0>
[  396.432316][   T47] usb 3-1: config 0 descriptor??
[  396.460935][T10066] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  396.482522][   T47] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  396.630608][T10082] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.640019][T10082] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.662409][T10082] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.662935][T10084] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1153'.
[  396.683940][T10084] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1153'.
[  396.708781][T10085] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.746125][T10085] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.811417][T10085] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  396.851505][T10082] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1152'.
[  397.212903][ T6886] usbhid 1-1:1.0: couldn't find an input interrupt endpoint
[  397.223658][ T6886] usb 1-1: USB disconnect, device number 36
[  398.767331][ T5841] usb 3-1: USB disconnect, device number 43
[  399.699355][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  399.699376][   T30] audit: type=1326 audit(1744420093.367:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10176 comm="syz.1.1185" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2579 code=0x0
[  400.156963][ T5892] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  400.215743][ T5885] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  400.333456][ T5892] usb 1-1: config 0 has no interfaces?
[  400.344817][ T5892] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  400.365880][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.380909][ T5885] usb 3-1: Using ep0 maxpacket: 8
[  400.393193][ T5885] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  400.407587][ T5892] usb 1-1: Product: syz
[  400.411816][ T5892] usb 1-1: Manufacturer: syz
[  400.420271][ T5885] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  400.433458][ T5892] usb 1-1: SerialNumber: syz
[  400.439117][ T5885] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  400.456015][ T5892] usb 1-1: config 0 descriptor??
[  400.461251][ T5885] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  400.479050][ T5885] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  400.536242][ T5885] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  400.562510][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.829259][ T5885] usb 3-1: usb_control_msg returned -32
[  400.840249][ T5885] usbtmc 3-1:16.0: can't read capabilities
[  401.088246][T10220] __nla_validate_parse: 22 callbacks suppressed
[  401.088268][T10220] netlink: 308 bytes leftover after parsing attributes in process `syz.4.1200'.
[  401.162808][T10220] netlink: 'syz.4.1200': attribute type 10 has an invalid length.
[  401.173737][T10220] macvlan0: entered promiscuous mode
[  401.203251][T10220] macvlan0: entered allmulticast mode
[  401.220856][T10224] usbtmc 3-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  401.238398][T10220] veth1_vlan: entered allmulticast mode
[  401.309814][T10220] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  401.319476][   T36] bond0: (slave macvlan0): interface is now down
[  401.347985][   T13] bond0: (slave macvlan0): interface is now down
[  401.376949][   T13] bond0: (slave macvlan0): interface is now down
[  401.417631][   T13] bond0: now running without any active interface!
[  401.419171][T10226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1201'.
[  401.440492][ T6886] usb 3-1: USB disconnect, device number 44
[  401.931957][T10235] syzkaller1: entered promiscuous mode
[  401.939958][T10235] syzkaller1: entered allmulticast mode
[  402.152144][T10241] netlink: 'syz.2.1206': attribute type 4 has an invalid length.
[  402.456181][   T47] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  402.497091][T10250] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1209'.
[  402.600840][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1210'.
[  402.640090][   T47] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  402.650248][   T47] usb 3-1: config 0 interface 0 has no altsetting 0
[  402.671011][   T47] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  402.689492][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.710687][   T47] usb 3-1: Product: syz
[  402.715620][   T47] usb 3-1: Manufacturer: syz
[  402.721247][   T47] usb 3-1: SerialNumber: syz
[  402.890793][ T6886] usb 1-1: USB disconnect, device number 37
[  403.077620][   T47] usb 3-1: config 0 descriptor??
[  403.148968][   T47] usb 3-1: selecting invalid altsetting 0
[  403.447233][T10275] syzkaller1: entered promiscuous mode
[  403.471675][   T47] usb 3-1: USB disconnect, device number 45
[  403.486473][T10275] syzkaller1: entered allmulticast mode
[  403.651017][ T6636] udevd[6636]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  403.856005][ T5885] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  403.915383][ T5893] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  404.015705][ T5885] usb 1-1: Using ep0 maxpacket: 8
[  404.023310][ T5885] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  404.032395][ T5885] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  404.042857][ T5885] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  404.053153][ T5885] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  404.064725][ T5885] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  404.064771][ T5885] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  404.064794][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.106881][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  404.118269][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  404.128501][ T5893] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[  404.155112][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.175948][ T5893] usb 4-1: config 0 descriptor??
[  404.218947][T10290] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551612)
[  404.230797][T10290] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  404.308761][ T5885] usb 1-1: usb_control_msg returned -32
[  404.314396][ T5885] usbtmc 1-1:16.0: can't read capabilities
[  404.383556][T10281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.420705][T10281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.517793][ T5893] usbhid 4-1:0.0: can't add hid device: -71
[  404.523862][ T5893] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  404.572573][ T5893] usb 4-1: USB disconnect, device number 40
[  404.702498][T10302] usbtmc 1-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  404.934889][ T5892] usb 1-1: USB disconnect, device number 38
[  405.015608][ T5893] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  405.183478][ T5893] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  405.206116][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  405.233295][ T5893] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  405.251976][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  405.279714][ T5893] usb 4-1: SerialNumber: syz
[  405.549988][ T5893] usb 4-1: 0:2 : does not exist
[  405.575885][ T5893] usb 4-1: unit 255 not found!
[  405.652903][ T5893] usb 4-1: USB disconnect, device number 41
[  405.743476][T10332] netlink: 'syz.0.1236': attribute type 30 has an invalid length.
[  405.836228][T10331] batman_adv: batadv0: Adding interface: dummy0
[  405.842686][T10331] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  405.869911][T10331] batman_adv: batadv0: Interface activated: dummy0
[  405.876618][ T6650] udevd[6650]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  405.953464][T10334] batadv0: mtu less than device minimum
[  405.962088][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  405.974408][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  405.986431][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  405.998424][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.010408][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.022212][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.033723][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.045509][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.057471][T10334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  406.191246][T10347] FAULT_INJECTION: forcing a failure.
[  406.191246][T10347] name failslab, interval 1, probability 0, space 0, times 0
[  406.204435][T10347] CPU: 0 UID: 0 PID: 10347 Comm: syz.3.1241 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  406.204461][T10347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  406.204472][T10347] Call Trace:
[  406.204480][T10347]  <TASK>
[  406.204488][T10347]  dump_stack_lvl+0x241/0x360
[  406.204540][T10347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.204575][T10347]  ? __pfx__printk+0x10/0x10
[  406.204607][T10347]  ? __pfx___might_resched+0x10/0x10
[  406.204636][T10347]  should_fail_ex+0x424/0x570
[  406.204664][T10347]  should_failslab+0xac/0x100
[  406.204697][T10347]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  406.204729][T10347]  ? __alloc_skb+0x1c2/0x480
[  406.204747][T10347]  ? stack_trace_save+0x11a/0x1d0
[  406.204781][T10347]  __alloc_skb+0x1c2/0x480
[  406.204808][T10347]  ? __pfx___alloc_skb+0x10/0x10
[  406.204839][T10347]  tipc_nl_compat_doit+0x172/0x610
[  406.204862][T10347]  ? __pfx_aa_get_newest_label+0x10/0x10
[  406.204891][T10347]  ? __lock_acquire+0xad5/0xd80
[  406.204912][T10347]  ? __pfx_aa_get_newest_label+0x10/0x10
[  406.204943][T10347]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[  406.204980][T10347]  ? bpf_lsm_capable+0x9/0x10
[  406.205004][T10347]  ? security_capable+0x7e/0x2d0
[  406.205046][T10347]  tipc_nl_compat_recv+0xec7/0x1590
[  406.205075][T10347]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  406.205095][T10347]  ? genl_get_cmd+0x612/0xce0
[  406.205121][T10347]  ? __pfx___mutex_lock+0x10/0x10
[  406.205145][T10347]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[  406.205171][T10347]  ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10
[  406.205193][T10347]  ? __pfx_genl_get_cmd+0x10/0x10
[  406.205220][T10347]  ? __local_bh_enable_ip+0x168/0x200
[  406.205241][T10347]  ? lockdep_hardirqs_on+0x9d/0x150
[  406.205275][T10347]  genl_rcv_msg+0xb38/0xf00
[  406.205308][T10347]  ? __pfx_genl_rcv_msg+0x10/0x10
[  406.205341][T10347]  ? __dev_queue_xmit+0x1780/0x3f60
[  406.205363][T10347]  ? kasan_save_track+0x3f/0x80
[  406.205384][T10347]  ? __kasan_slab_alloc+0x66/0x80
[  406.205415][T10347]  ? __do_fast_syscall_32+0xb4/0x110
[  406.205459][T10347]  ? __lock_acquire+0xad5/0xd80
[  406.205483][T10347]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  406.205519][T10347]  netlink_rcv_skb+0x208/0x480
[  406.205549][T10347]  ? __pfx_genl_rcv_msg+0x10/0x10
[  406.205580][T10347]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  406.205632][T10347]  ? netlink_deliver_tap+0x2e/0x1b0
[  406.205669][T10347]  genl_rcv+0x28/0x40
[  406.205688][T10347]  netlink_unicast+0x7f8/0x9a0
[  406.205724][T10347]  ? __pfx_netlink_unicast+0x10/0x10
[  406.205753][T10347]  ? skb_put+0x114/0x1f0
[  406.205778][T10347]  netlink_sendmsg+0x8c3/0xcd0
[  406.205822][T10347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.205856][T10347]  ? __import_iovec+0x585/0x830
[  406.205883][T10347]  ? aa_sock_msg_perm+0x91/0x160
[  406.205918][T10347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.205945][T10347]  __sock_sendmsg+0x221/0x270
[  406.205976][T10347]  ____sys_sendmsg+0x523/0x860
[  406.206008][T10347]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.206048][T10347]  __sys_sendmsg+0x271/0x360
[  406.206076][T10347]  ? __pfx___sys_sendmsg+0x10/0x10
[  406.206153][T10347]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  406.206178][T10347]  ? lockdep_hardirqs_on+0x9d/0x150
[  406.206205][T10347]  __do_fast_syscall_32+0xb4/0x110
[  406.206230][T10347]  ? exc_page_fault+0x5f8/0x920
[  406.206259][T10347]  do_fast_syscall_32+0x34/0x80
[  406.206285][T10347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  406.206309][T10347] RIP: 0023:0xf73fd579
[  406.206328][T10347] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  406.206345][T10347] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  406.206367][T10347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000440
[  406.206381][T10347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  406.206393][T10347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  406.206405][T10347] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  406.206417][T10347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  406.206447][T10347]  </TASK>
[  407.055963][    T9] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  407.226657][T10362] Invalid logical block size (1310720)
[  407.242994][    T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  407.255396][ T5893] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  407.274706][T10361] syzkaller1: entered promiscuous mode
[  407.291054][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.298925][T10361] syzkaller1: entered allmulticast mode
[  407.359343][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  407.401341][    T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  407.430789][ T5893] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.464046][ T5893] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  407.485770][    T9] usb 5-1: Product: syz
[  407.489996][    T9] usb 5-1: Manufacturer: syz
[  407.497231][ T5893] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  407.509636][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  407.518795][ T5893] usb 2-1: SerialNumber: syz
[  407.530054][    T9] usb 5-1: SerialNumber: syz
[  407.554507][    T9] usb 5-1: config 0 descriptor??
[  407.609671][    T9] usb 5-1: selecting invalid altsetting 0
[  407.773851][ T5893] usb 2-1: 0:2 : does not exist
[  407.844182][T10373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1249'.
[  407.928313][ T5893] usb 2-1: USB disconnect, device number 61
[  408.130482][ T6650] udevd[6650]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  408.155467][ T6886] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  408.415183][ T6886] usb 1-1: Using ep0 maxpacket: 16
[  408.428676][ T6886] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  408.438918][T10383] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1254'.
[  408.481115][ T6886] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  408.506560][ T6886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.537558][ T6886] usb 1-1: config 0 descriptor??
[  408.844691][T10387] netlink: 'syz.1.1255': attribute type 21 has an invalid length.
[  408.854212][T10387] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1255'.
[  408.897455][   T30] audit: type=1326 audit(1744420102.547:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10384 comm="syz.3.1256" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000
[  408.915624][T10387] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1255'.
[  409.071745][ T5893] usb 5-1: USB disconnect, device number 41
[  409.167602][T10393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.188759][T10393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.204931][   T30] audit: type=1326 audit(1744420102.547:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10384 comm="syz.3.1256" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000
[  409.236853][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.244119][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.261012][T10393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.278774][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.302382][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.315876][T10394] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.331125][T10394] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.343585][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.374549][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.383884][T10394] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1257'.
[  409.407476][T10373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  409.417995][T10373] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  409.438139][   T30] audit: type=1326 audit(1744420102.547:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10384 comm="syz.3.1256" exe="/root/syz-executor" sig=0 arch=40000003 syscall=174 compat=1 ip=0xf73fd579 code=0x7ffc0000
[  409.444570][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.552336][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.572436][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.590931][   T30] audit: type=1326 audit(1744420102.547:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10384 comm="syz.3.1256" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000
[  409.643489][ T6886] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  409.712123][   T30] audit: type=1326 audit(1744420102.547:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10384 comm="syz.3.1256" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fd579 code=0x7ffc0000
[  409.804495][ T6886] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.000D/input/input25
[  410.125920][ T6886] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  410.281864][T10410] FAULT_INJECTION: forcing a failure.
[  410.281864][T10410] name failslab, interval 1, probability 0, space 0, times 0
[  410.340590][T10410] CPU: 1 UID: 0 PID: 10410 Comm: syz.1.1261 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  410.340612][T10410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  410.340620][T10410] Call Trace:
[  410.340626][T10410]  <TASK>
[  410.340632][T10410]  dump_stack_lvl+0x241/0x360
[  410.340659][T10410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.340679][T10410]  ? __pfx__printk+0x10/0x10
[  410.340701][T10410]  ? __pfx___might_resched+0x10/0x10
[  410.340724][T10410]  should_fail_ex+0x424/0x570
[  410.340743][T10410]  should_failslab+0xac/0x100
[  410.340764][T10410]  kmem_cache_alloc_noprof+0x78/0x390
[  410.340783][T10410]  ? __anon_vma_prepare+0xc4/0x4a0
[  410.340799][T10410]  __anon_vma_prepare+0xc4/0x4a0
[  410.340810][T10410]  ? __kasan_slab_alloc+0x66/0x80
[  410.340826][T10410]  ? kmem_cache_alloc_noprof+0x1e1/0x390
[  410.340843][T10410]  ? __pmd_alloc+0x118/0x440
[  410.340865][T10410]  handle_pte_fault+0x518f/0x61c0
[  410.340885][T10410]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  410.340912][T10410]  ? __pfx_handle_pte_fault+0x10/0x10
[  410.340926][T10410]  ? __lruvec_stat_mod_folio+0x7d/0x300
[  410.340950][T10410]  ? __lock_acquire+0xad5/0xd80
[  410.340968][T10410]  ? do_raw_spin_lock+0x151/0x370
[  410.340992][T10410]  ? do_raw_spin_unlock+0x13c/0x8b0
[  410.341016][T10410]  ? _raw_spin_unlock+0x28/0x50
[  410.341029][T10410]  ? __pmd_alloc+0x37f/0x440
[  410.341059][T10410]  ? __pfx___pmd_alloc+0x10/0x10
[  410.341104][T10410]  handle_mm_fault+0x1129/0x1bf0
[  410.341131][T10410]  ? mt_find+0x28a/0x8f0
[  410.341169][T10410]  ? __pfx_handle_mm_fault+0x10/0x10
[  410.341204][T10410]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  410.341225][T10410]  exc_page_fault+0x2bb/0x920
[  410.341246][T10410]  asm_exc_page_fault+0x26/0x30
[  410.341259][T10410] RIP: 0010:rep_movs_alternative+0x33/0x90
[  410.341281][T10410] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  410.341293][T10410] RSP: 0018:ffffc9000b7f7c98 EFLAGS: 00050246
[  410.341306][T10410] RAX: 0000000000000000 RBX: 0000000080000048 RCX: 0000000000000008
[  410.341315][T10410] RDX: 0000000000000000 RSI: ffff888058d99448 RDI: 0000000080000040
[  410.341324][T10410] RBP: ffff888058d99000 R08: ffff888058d9944f R09: 1ffff1100b1b3289
[  410.341334][T10410] R10: dffffc0000000000 R11: ffffed100b1b328a R12: 0000000000000008
[  410.341343][T10410] R13: 00007ffffffff000 R14: ffff888058d99448 R15: 0000000080000040
[  410.341365][T10410]  _copy_to_user+0x8b/0xb0
[  410.341386][T10410]  tiocgwinsz+0x3d/0x70
[  410.341405][T10410]  tty_ioctl+0x52c/0xdc0
[  410.341424][T10410]  __se_compat_sys_ioctl+0x50e/0xc30
[  410.341444][T10410]  ? __pfx___se_compat_sys_ioctl+0x10/0x10
[  410.341461][T10410]  ? __fget_files+0x2a/0x420
[  410.341478][T10410]  ? fput+0x9b/0xd0
[  410.341490][T10410]  ? ksys_write+0x275/0x2d0
[  410.341511][T10410]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  410.341527][T10410]  ? lockdep_hardirqs_on+0x9d/0x150
[  410.341545][T10410]  __do_fast_syscall_32+0xb4/0x110
[  410.341562][T10410]  ? exc_page_fault+0x5f8/0x920
[  410.341581][T10410]  do_fast_syscall_32+0x34/0x80
[  410.341598][T10410]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  410.341614][T10410] RIP: 0023:0xf7ff2579
[  410.341625][T10410] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  410.341637][T10410] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  410.341649][T10410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005413
[  410.341658][T10410] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  410.341666][T10410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  410.341674][T10410] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  410.341682][T10410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  410.341701][T10410]  </TASK>
[  410.728949][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.507667][ T5893] usb 1-1: USB disconnect, device number 39
[  412.457045][ T5893] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  412.504530][T10445] netlink: 'syz.0.1272': attribute type 10 has an invalid length.
[  412.557654][T10445] macvlan0: entered promiscuous mode
[  412.566698][T10445] macvlan0: entered allmulticast mode
[  412.596758][T10445] veth1_vlan: entered allmulticast mode
[  412.638971][T10445] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  412.648478][   T36] bond0: (slave macvlan0): interface is now down
[  412.663283][T10447] bond0: (slave veth0_to_hsr): Error: Device can not be enslaved while up
[  412.675583][   T36] bond0: (slave macvlan0): interface is now down
[  412.691863][ T5893] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  412.709629][   T36] bond0: now running without any active interface!
[  412.721081][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.732090][ T5893] usb 5-1: Product: syz
[  412.737911][ T5893] usb 5-1: Manufacturer: syz
[  412.743821][ T5893] usb 5-1: SerialNumber: syz
[  412.769482][ T5893] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  412.833540][ T6886] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  412.896254][ T5892] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  413.003032][T10452] netlink: 'syz.0.1275': attribute type 10 has an invalid length.
[  413.058198][ T5892] usb 3-1: Using ep0 maxpacket: 32
[  413.096217][T10454] netlink: 'syz.3.1276': attribute type 2 has an invalid length.
[  413.107343][T10456] __nla_validate_parse: 11 callbacks suppressed
[  413.107546][T10456] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1269'.
[  413.136214][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.141292][T10454] k�*�]�: entered promiscuous mode
[  413.157934][T10454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1276'.
[  413.220423][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.316053][ T5892] usb 3-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[  413.349177][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.397970][ T5892] usb 3-1: config 0 descriptor??
[  413.445901][ T5893] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  413.615835][ T5893] usb 1-1: Using ep0 maxpacket: 16
[  413.627242][ T5893] usb 1-1: config index 0 descriptor too short (expected 69, got 36)
[  413.635676][ T5893] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.686673][ T5893] usb 1-1: config 0 has no interfaces?
[  413.714102][ T5893] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  413.723832][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.745130][ T5893] usb 1-1: Product: syz
[  413.760989][ T5893] usb 1-1: Manufacturer: syz
[  413.777595][ T5893] usb 1-1: SerialNumber: syz
[  413.823076][ T5893] usb 1-1: config 0 descriptor??
[  413.869041][ T5892] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  413.888185][ T5892] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  413.905784][ T6886] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  413.937638][ T5892] macally 0003:060B:0001.000E: unknown main item tag 0x0
[  413.962540][ T5892] macally 0003:060B:0001.000E: hidraw0: USB HID v0.00 Device [HID 060b:0001] on usb-dummy_hcd.2-1/input0
[  413.981155][ T6886] ath9k_htc: Failed to initialize the device
[  414.083979][ T6886] usb 5-1: ath9k_htc: USB layer deinitialized
[  414.122942][ T5893] usb 3-1: USB disconnect, device number 46
[  414.156433][ T5841] usb 5-1: USB disconnect, device number 42
[  414.248815][ T6886] usb 1-1: USB disconnect, device number 40
[  414.979549][T10469] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  414.992616][T10469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1281'.
[  415.056653][   T30] audit: type=1326 audit(1744420108.727:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10468 comm="syz.2.1281" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf740d579 code=0x0
[  415.576711][T10482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'.
[  415.828514][T10488] netlink: 'syz.4.1286': attribute type 10 has an invalid length.
[  415.862400][T10488] veth1_vlan: left allmulticast mode
[  416.396777][ T5895] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  416.506491][    T9] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  416.549777][ T5895] usb 3-1: Using ep0 maxpacket: 32
[  416.551691][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.551717][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.551745][ T5895] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  416.551771][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.554062][ T5895] usb 3-1: config 0 descriptor??
[  416.686624][ T6886] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  416.714133][    T9] usb 2-1: Using ep0 maxpacket: 16
[  416.720260][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  416.720291][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  416.731243][    T9] usb 2-1: New USB device found, idVendor=0d57, idProduct=e999, bcdDevice=a7.63
[  416.731312][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.731333][    T9] usb 2-1: Product: syz
[  416.731349][    T9] usb 2-1: Manufacturer: syz
[  416.731365][    T9] usb 2-1: SerialNumber: syz
[  416.739221][    T9] usb 2-1: config 0 descriptor??
[  416.838515][ T6886] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  416.838570][ T6886] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  416.838597][ T6886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.843533][T10510] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  416.849493][ T6886] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  417.300146][ T5893] usb 4-1: USB disconnect, device number 42
[  417.712834][ T5895] usbhid 3-1:0.0: can't add hid device: -71
[  417.760094][ T5893] usb 2-1: USB disconnect, device number 62
[  417.776278][ T5895] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  417.831854][ T5895] usb 3-1: USB disconnect, device number 47
[  418.013021][T10519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1295'.
[  418.549142][T10530] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'.
[  418.572431][T10530] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1299'.
[  418.960574][T10540] netlink: 308 bytes leftover after parsing attributes in process `syz.1.1303'.
[  419.975832][T10572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1309'.
[  420.340406][ T2153] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  420.571894][ T2153] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  420.945475][ T2153] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  420.997053][T10580] FAULT_INJECTION: forcing a failure.
[  420.997053][T10580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.083867][ T2153] usb 3-1: config 1 has no interface number 0
[  421.092019][ T2153] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  421.115778][T10580] CPU: 1 UID: 0 PID: 10580 Comm: syz.4.1312 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  421.115810][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  421.115824][T10580] Call Trace:
[  421.115832][T10580]  <TASK>
[  421.115842][T10580]  dump_stack_lvl+0x241/0x360
[  421.115885][T10580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.115916][T10580]  ? __pfx__printk+0x10/0x10
[  421.115958][T10580]  should_fail_ex+0x424/0x570
[  421.115987][T10580]  _copy_to_user+0x31/0xb0
[  421.116021][T10580]  simple_read_from_buffer+0xc4/0x170
[  421.116056][T10580]  proc_fail_nth_read+0x1ef/0x260
[  421.116082][T10580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  421.116108][T10580]  ? rw_verify_area+0x246/0x630
[  421.116131][T10580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  421.116155][T10580]  vfs_read+0x21f/0xb90
[  421.116184][T10580]  ? __pfx___mutex_lock+0x10/0x10
[  421.116211][T10580]  ? __pfx_vfs_read+0x10/0x10
[  421.116238][T10580]  ? __fget_files+0x2a/0x420
[  421.116260][T10580]  ? __fget_files+0x39d/0x420
[  421.116277][T10580]  ? __fget_files+0x2a/0x420
[  421.116306][T10580]  ksys_read+0x19d/0x2d0
[  421.116332][T10580]  ? __pfx_ksys_read+0x10/0x10
[  421.116358][T10580]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  421.116384][T10580]  ? lockdep_hardirqs_on+0x9d/0x150
[  421.116412][T10580]  __do_fast_syscall_32+0xb4/0x110
[  421.116438][T10580]  ? exc_page_fault+0x5f8/0x920
[  421.116467][T10580]  do_fast_syscall_32+0x34/0x80
[  421.116494][T10580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  421.116519][T10580] RIP: 0023:0xf7f92579
[  421.116537][T10580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  421.116554][T10580] RSP: 002b:00000000f50b6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  421.116577][T10580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50b6620
[  421.116592][T10580] RDX: 000000000000000f RSI: 00000000f741dff4 RDI: 0000000000000000
[  421.116604][T10580] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  421.116616][T10580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  421.116629][T10580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  421.116659][T10580]  </TASK>
[  421.347531][    C1] vkms_vblank_simulate: vblank timer overrun
[  421.366657][ T2153] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  421.377724][ T2153] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.385791][ T2153] usb 3-1: Product: syz
[  421.389976][ T2153] usb 3-1: Manufacturer: syz
[  421.394570][ T2153] usb 3-1: SerialNumber: syz
[  421.406904][ T2153] usb 3-1: selecting invalid altsetting 1
[  421.739407][T10585] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1314'.
[  421.754927][T10585] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1314'.
[  422.590952][T10591] netlink: 308 bytes leftover after parsing attributes in process `syz.0.1316'.
[  422.960444][T10595] FAULT_INJECTION: forcing a failure.
[  422.960444][T10595] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.060909][T10595] CPU: 1 UID: 0 PID: 10595 Comm: syz.4.1318 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  423.060940][T10595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  423.060952][T10595] Call Trace:
[  423.060960][T10595]  <TASK>
[  423.060969][T10595]  dump_stack_lvl+0x241/0x360
[  423.061007][T10595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.061031][T10595]  ? __pfx__printk+0x10/0x10
[  423.061064][T10595]  should_fail_ex+0x424/0x570
[  423.061086][T10595]  _copy_from_iter+0x211/0x1c70
[  423.061108][T10595]  ? _copy_from_iter+0x288/0x1c70
[  423.061132][T10595]  ? skb_set_owner_w+0x246/0x380
[  423.061153][T10595]  ? sock_alloc_send_pskb+0x944/0xa70
[  423.061172][T10595]  ? __pfx__copy_from_iter+0x10/0x10
[  423.061193][T10595]  ? __pfx__copy_from_iter+0x10/0x10
[  423.061238][T10595]  ? page_copy_sane+0x46/0x260
[  423.061261][T10595]  copy_page_from_iter+0x7a/0x100
[  423.061287][T10595]  skb_copy_datagram_from_iter+0x2e0/0x6c0
[  423.061318][T10595]  packet_sendmsg+0x4774/0x6ed0
[  423.061344][T10595]  ? _parse_integer_limit+0x1b4/0x200
[  423.061378][T10595]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  423.061432][T10595]  ? __pfx_packet_sendmsg+0x10/0x10
[  423.061454][T10595]  ? aa_sk_perm+0x96f/0xac0
[  423.061481][T10595]  ? __pfx_aa_sk_perm+0x10/0x10
[  423.061506][T10595]  ? aa_sock_msg_perm+0x91/0x160
[  423.061534][T10595]  ? __pfx_packet_sendmsg+0x10/0x10
[  423.061556][T10595]  __sock_sendmsg+0x221/0x270
[  423.061587][T10595]  __sys_sendto+0x365/0x4c0
[  423.061608][T10595]  ? __pfx___sys_sendto+0x10/0x10
[  423.061634][T10595]  ? __fget_files+0x2a/0x420
[  423.061658][T10595]  ? ksys_write+0x275/0x2d0
[  423.061685][T10595]  __ia32_sys_sendto+0xdd/0x100
[  423.061705][T10595]  __do_fast_syscall_32+0xb4/0x110
[  423.061727][T10595]  ? exc_page_fault+0x5f8/0x920
[  423.061750][T10595]  do_fast_syscall_32+0x34/0x80
[  423.061772][T10595]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  423.061793][T10595] RIP: 0023:0xf7f92579
[  423.061808][T10595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  423.061822][T10595] RSP: 002b:00000000f50b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  423.061841][T10595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  423.061855][T10595] RDX: 000000000000e90c RSI: 0000000000000000 RDI: 0000000080000540
[  423.061869][T10595] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  423.061881][T10595] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  423.061894][T10595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  423.061917][T10595]  </TASK>
[  423.907840][ T2153] cdc_ncm 3-1:1.1: SET_CRC_MODE failed
[  423.919410][ T2153] cdc_ncm 3-1:1.1: SET_NTB_FORMAT failed
[  423.955121][ T2153] usb 3-1: selecting invalid altsetting 1
[  423.960912][ T2153] cdc_ncm 3-1:1.1: bind() failure
[  424.012328][ T2153] usb 3-1: USB disconnect, device number 48
[  424.076814][T10615] netlink: 'syz.1.1325': attribute type 16 has an invalid length.
[  424.102745][T10615] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.1325'.
[  424.136411][T10615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1325'.
[  424.398611][T10619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1323'.
[  424.429075][T10623] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1326'.
[  424.465829][T10623] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1326'.
[  424.487917][T10624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1322'.
[  424.499842][T10623] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1326'.
[  424.734703][T10627] FAULT_INJECTION: forcing a failure.
[  424.734703][T10627] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.801310][T10627] CPU: 0 UID: 0 PID: 10627 Comm: syz.2.1327 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  424.801341][T10627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  424.801354][T10627] Call Trace:
[  424.801362][T10627]  <TASK>
[  424.801371][T10627]  dump_stack_lvl+0x241/0x360
[  424.801408][T10627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.801439][T10627]  ? __pfx__printk+0x10/0x10
[  424.801479][T10627]  should_fail_ex+0x424/0x570
[  424.801506][T10627]  _copy_to_user+0x31/0xb0
[  424.801540][T10627]  simple_read_from_buffer+0xc4/0x170
[  424.801575][T10627]  proc_fail_nth_read+0x1ef/0x260
[  424.801600][T10627]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  424.801625][T10627]  ? rw_verify_area+0x246/0x630
[  424.801648][T10627]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  424.801671][T10627]  vfs_read+0x21f/0xb90
[  424.801700][T10627]  ? __pfx___mutex_lock+0x10/0x10
[  424.801727][T10627]  ? __pfx_vfs_read+0x10/0x10
[  424.801753][T10627]  ? __fget_files+0x2a/0x420
[  424.801775][T10627]  ? __fget_files+0x39d/0x420
[  424.801792][T10627]  ? __fget_files+0x2a/0x420
[  424.801821][T10627]  ksys_read+0x19d/0x2d0
[  424.801847][T10627]  ? __pfx_ksys_read+0x10/0x10
[  424.801873][T10627]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  424.801899][T10627]  ? lockdep_hardirqs_on+0x9d/0x150
[  424.801926][T10627]  __do_fast_syscall_32+0xb4/0x110
[  424.801953][T10627]  ? exc_page_fault+0x5f8/0x920
[  424.801981][T10627]  do_fast_syscall_32+0x34/0x80
[  424.802008][T10627]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  424.802034][T10627] RIP: 0023:0xf740d579
[  424.802051][T10627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  424.802069][T10627] RSP: 002b:00000000f5096590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  424.802092][T10627] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5096620
[  424.802105][T10627] RDX: 000000000000000f RSI: 00000000f73fdff4 RDI: 0000000000000000
[  424.802117][T10627] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  424.802129][T10627] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  424.802141][T10627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  424.802171][T10627]  </TASK>
[  425.516751][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1322'.
[  425.981655][T10653] ALSA: mixer_oss: invalid OSS volume 'dev/vmci'
[  426.246249][    T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  426.314780][T10663] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1340'.
[  426.367841][T10663] netlink: 'syz.3.1340': attribute type 10 has an invalid length.
[  426.376913][T10663] macvlan0: entered allmulticast mode
[  426.383068][T10663] veth1_vlan: entered allmulticast mode
[  426.393439][T10663] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  426.436144][    T9] usb 1-1: Using ep0 maxpacket: 8
[  426.447157][    T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55
[  426.459436][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.484343][    T9] usb 1-1: Product: syz
[  426.493317][    T9] usb 1-1: Manufacturer: syz
[  426.503439][    T9] usb 1-1: SerialNumber: syz
[  426.520043][    T9] usb 1-1: config 0 descriptor??
[  426.563999][T10666] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1341'.
[  426.573844][T10666] tipc: Invalid UDP bearer configuration
[  426.573930][T10666] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  426.768209][    T9] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  426.797637][    T9] dvb_usb_af9015 1-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  426.848142][    T9] usb 1-1: USB disconnect, device number 41
[  427.055190][ T6886] usb 3-1: new low-speed USB device number 49 using dummy_hcd
[  427.167188][T10671] veth1_vlan (unregistering): left allmulticast mode
[  427.235607][ T6886] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  427.247953][T10671] bond0: (slave macvlan0): Releasing backup interface
[  427.253584][ T6886] usb 3-1: config 0 has no interface number 0
[  427.275330][ T6886] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  427.315421][ T6886] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  427.336612][ T6886] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  427.366747][ T6886] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  427.405330][ T6886] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  427.436891][ T6886] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  427.469705][ T6886] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  427.485708][ T6886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.496818][   T30] audit: type=1326 audit(1744420121.157:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.517412][ T6886] usb 3-1: config 0 descriptor??
[  427.533662][T10669] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  427.541818][T10669] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  427.559397][   T30] audit: type=1326 audit(1744420121.157:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.594977][ T6886] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  427.629790][   T30] audit: type=1326 audit(1744420121.197:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=220 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.660446][   T30] audit: type=1326 audit(1744420121.197:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.740160][   T30] audit: type=1326 audit(1744420121.197:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=301 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.762570][ T5841] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  427.789452][   T30] audit: type=1326 audit(1744420121.197:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.874851][   T30] audit: type=1326 audit(1744420121.207:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.939944][ T5841] usb 2-1: Using ep0 maxpacket: 8
[  427.952471][   T30] audit: type=1326 audit(1744420121.207:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  427.981150][ T5841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  428.002615][ T5841] usb 2-1: New USB device found, idVendor=0582, idProduct=28e8, bcdDevice=f5.06
[  428.012475][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.038681][   T30] audit: type=1326 audit(1744420121.207:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  428.064682][ T5841] usb 2-1: Product: syz
[  428.072045][ T5841] usb 2-1: Manufacturer: syz
[  428.080557][ T5841] usb 2-1: SerialNumber: syz
[  428.089072][ T5841] usb 2-1: config 0 descriptor??
[  428.095775][   T30] audit: type=1326 audit(1744420121.207:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10677 comm="syz.0.1345" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000
[  428.372430][ T5841] usb 2-1: USB disconnect, device number 63
[  428.489561][ T5895] usb 3-1: USB disconnect, device number 49
[  428.534423][ T5895] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  428.561552][ T6650] udevd[6650]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  428.864760][T10713] netlink: 'syz.3.1360': attribute type 16 has an invalid length.
[  428.880563][T10713] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000055: 0000 [#1] SMP KASAN PTI
[  428.892491][T10713] KASAN: null-ptr-deref in range [0x00000000000002a8-0x00000000000002af]
[  428.900909][T10713] CPU: 0 UID: 0 PID: 10713 Comm: syz.3.1360 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) 
[  428.912982][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  428.923039][T10713] RIP: 0010:rtnl_create_link+0x6af/0xea0
[  428.928685][T10713] Code: 24 20 42 80 3c 28 00 74 08 48 89 df e8 da 09 3b f8 4c 89 64 24 28 bd a8 02 00 00 48 89 5c 24 08 48 03 2b 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 ef e8 b2 09 3b f8 45 31 e4 48 83 7d 00
[  428.948301][T10713] RSP: 0018:ffffc9000466ee50 EFLAGS: 00010206
[  428.954377][T10713] RAX: 0000000000000055 RBX: ffff888034640008 RCX: 0000000000080000
[  428.962360][T10713] RDX: ffffc9000d2a4000 RSI: 0000000000002788 RDI: 0000000000002789
[  428.970339][T10713] RBP: 00000000000002a8 R08: ffffffff89f27279 R09: 1ffff920008cddf6
[  428.978319][T10713] R10: dffffc0000000000 R11: fffff520008cddf7 R12: ffff88807c6ec080
[  428.986293][T10713] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888034640000
[  428.994290][T10713] FS:  0000000000000000(0000) GS:ffff888124f96000(0063) knlGS:00000000f5086b40
[  429.003224][T10713] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  429.009808][T10713] CR2: 00000000800000c0 CR3: 000000002903c000 CR4: 00000000003526f0
[  429.017793][T10713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  429.025766][T10713] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  429.033737][T10713] Call Trace:
[  429.037021][T10713]  <TASK>
[  429.039961][T10713]  rtnl_newlink_create+0x2f2/0xcb0
[  429.045081][T10713]  ? __mutex_lock+0x380/0x10c0
[  429.049875][T10713]  ? __pfx_aa_get_newest_label+0x10/0x10
[  429.055531][T10713]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  429.061177][T10713]  ? __pfx___mutex_lock+0x10/0x10
[  429.066217][T10713]  ? ns_capable+0x8a/0xf0
[  429.070552][T10713]  rtnl_newlink+0x18b0/0x1fe0
[  429.075237][T10713]  ? stack_depot_save_flags+0x44/0x940
[  429.080704][T10713]  ? __pfx_rtnl_newlink+0x10/0x10
[  429.085736][T10713]  ? __netlink_deliver_tap+0x561/0x7f0
[  429.091201][T10713]  ? netlink_deliver_tap+0x19d/0x1b0
[  429.096500][T10713]  ? netlink_unicast+0x7c6/0x9a0
[  429.101444][T10713]  ? netlink_sendmsg+0x8c3/0xcd0
[  429.106389][T10713]  ? __sock_sendmsg+0x221/0x270
[  429.111246][T10713]  ? ____sys_sendmsg+0x523/0x860
[  429.116204][T10713]  ? __sys_sendmsg+0x271/0x360
[  429.120991][T10713]  ? __do_fast_syscall_32+0xb4/0x110
[  429.126287][T10713]  ? do_fast_syscall_32+0x34/0x80
[  429.131318][T10713]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  429.137836][T10713]  ? kasan_quarantine_put+0xdc/0x230
[  429.143120][T10713]  ? lockdep_hardirqs_on+0x9d/0x150
[  429.148317][T10713]  ? nlmon_xmit+0xaf/0x100
[  429.152763][T10713]  ? __local_bh_enable_ip+0x168/0x200
[  429.158142][T10713]  ? lockdep_hardirqs_on+0x9d/0x150
[  429.163347][T10713]  ? aa_get_newest_label+0x101/0x6f0
[  429.168642][T10713]  ? __lock_acquire+0xad5/0xd80
[  429.173512][T10713]  ? __pfx_rtnl_newlink+0x10/0x10
[  429.178568][T10713]  rtnetlink_rcv_msg+0x80f/0xd70
[  429.183515][T10713]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  429.188636][T10713]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  429.194103][T10713]  ? ref_tracker_free+0x63e/0x7e0
[  429.199134][T10713]  netlink_rcv_skb+0x208/0x480
[  429.203908][T10713]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  429.209378][T10713]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  429.214676][T10713]  ? netlink_deliver_tap+0x2e/0x1b0
[  429.219882][T10713]  ? netlink_deliver_tap+0x2e/0x1b0
[  429.225097][T10713]  netlink_unicast+0x7f8/0x9a0
[  429.229882][T10713]  ? __pfx_netlink_unicast+0x10/0x10
[  429.235176][T10713]  ? skb_put+0x114/0x1f0
[  429.239422][T10713]  netlink_sendmsg+0x8c3/0xcd0
[  429.244202][T10713]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.249500][T10713]  ? __import_iovec+0x585/0x830
[  429.254366][T10713]  ? aa_sock_msg_perm+0x91/0x160
[  429.259322][T10713]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.264617][T10713]  __sock_sendmsg+0x221/0x270
[  429.269307][T10713]  ____sys_sendmsg+0x523/0x860
[  429.274075][T10713]  ? __pfx_____sys_sendmsg+0x10/0x10
[  429.279370][T10713]  __sys_sendmsg+0x271/0x360
[  429.283961][T10713]  ? __pfx_futex_wake+0x10/0x10
[  429.288812][T10713]  ? __pfx___sys_sendmsg+0x10/0x10
[  429.293944][T10713]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  429.300535][T10713]  ? lockdep_hardirqs_on+0x9d/0x150
[  429.305736][T10713]  __do_fast_syscall_32+0xb4/0x110
[  429.310846][T10713]  ? exc_page_fault+0x5f8/0x920
[  429.315800][T10713]  do_fast_syscall_32+0x34/0x80
[  429.320669][T10713]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  429.327017][T10713] RIP: 0023:0xf73fd579
[  429.331094][T10713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  429.350705][T10713] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  429.359130][T10713] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000800000c0
[  429.367108][T10713] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  429.375086][T10713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  429.383079][T10713] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  429.391060][T10713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  429.399044][T10713]  </TASK>
[  429.402072][T10713] Modules linked in:
[  429.408079][T10713] ---[ end trace 0000000000000000 ]---
[  429.446098][T10713] RIP: 0010:rtnl_create_link+0x6af/0xea0
[  429.461268][T10713] Code: 24 20 42 80 3c 28 00 74 08 48 89 df e8 da 09 3b f8 4c 89 64 24 28 bd a8 02 00 00 48 89 5c 24 08 48 03 2b 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 ef e8 b2 09 3b f8 45 31 e4 48 83 7d 00
[  429.493456][T10713] RSP: 0018:ffffc9000466ee50 EFLAGS: 00010206
[  429.513401][ T5892] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  429.542595][T10713] RAX: 0000000000000055 RBX: ffff888034640008 RCX: 0000000000080000
[  429.581248][T10713] RDX: ffffc9000d2a4000 RSI: 0000000000002788 RDI: 0000000000002789
[  429.616837][T10713] RBP: 00000000000002a8 R08: ffffffff89f27279 R09: 1ffff920008cddf6
[  429.631157][T10713] R10: dffffc0000000000 R11: fffff520008cddf7 R12: ffff88807c6ec080
[  429.639596][T10713] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888034640000
[  429.650553][T10713] FS:  0000000000000000(0000) GS:ffff888125096000(0063) knlGS:00000000f5086b40
[  429.660055][T10713] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  429.666691][ T5892] usb 5-1: Using ep0 maxpacket: 16
[  429.668083][ T5892] usb 5-1: config index 0 descriptor too short (expected 28810, got 36)
[  429.683373][ T5892] usb 5-1: config 64 has too many interfaces: 119, using maximum allowed: 32
[  429.683935][T10713] CR2: 000000000c3ce522 CR3: 000000002903c000 CR4: 00000000003526f0
[  429.702190][ T5892] usb 5-1: config 64 has an invalid descriptor of length 36, skipping remainder of the config
[  429.713644][T10713] Kernel panic - not syncing: Fatal exception
[  429.719891][T10713] Kernel Offset: disabled
[  429.724250][T10713] Rebooting in 86400 seconds..