last executing test programs:

9.72780076s ago: executing program 3 (id=3466):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
mq_timedsend(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL6={0x14, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GTP_CREATE_SOCKETS={0x5}]}}}]}, 0x4c}}, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="500000000206010400000000000000000000000005000100070000000900020073797a19000000000500050002000000050004000800000015000300686173683a69702c706f72742c6e6574"], 0x50}, 0x1, 0x0, 0x0, 0x44090}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r7, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000706c78e17d90000e60ddcf948681a330500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r8, &(0x7f0000009c40)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000240)=""/171, 0xab}, {0x0}], 0x2}, 0x3ff}], 0x1, 0x40000000, 0x0)
bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)

8.635890308s ago: executing program 0 (id=3469):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
ptrace(0x8, r1)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x301000)
ioctl$HIDIOCINITREPORT(r2, 0x4805, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x20, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @local=@item_4={0x3, 0x2, 0x4, "cc56f5f3"}, @global=@item_4={0x3, 0x1, 0x8, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "060a0007"}, @global=@item_012={0x2, 0x1, 0x8, "35fc"}, @main=@item_4={0x3, 0x0, 0x9, "cdd2f361"}, @main=@item_012={0x2, 0x0, 0x9, "efc5"}]}}, 0x0}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) (async)
getpid() (async)
syz_pidfd_open(r1, 0x0) (async)
ptrace(0x8, r1) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x301000) (async)
ioctl$HIDIOCINITREPORT(r2, 0x4805, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x20, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @local=@item_4={0x3, 0x2, 0x4, "cc56f5f3"}, @global=@item_4={0x3, 0x1, 0x8, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "060a0007"}, @global=@item_012={0x2, 0x1, 0x8, "35fc"}, @main=@item_4={0x3, 0x0, 0x9, "cdd2f361"}, @main=@item_012={0x2, 0x0, 0x9, "efc5"}]}}, 0x0}, 0x0) (async)

7.676110822s ago: executing program 4 (id=3470):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000001090400eb010300000009210500000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00220500000083c94ffb"], 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f00000000c0)={0x20, 0xa, 0x9b, {0x9b, 0xb, "2b4011ce82d7bbb234e458e22a9ab79016d86a5681a8046afe8ed087ad6dd059d82b014a56943cc6df6d55ce7c9beb345de462b11bddf08d44fd8e6a8e9d7c9d44de9889ff8a964dcb60f74e7788d229b8111cfcb7cd241993f67f6312f797b30f6155d69f5f0fc413bff9dce6b133c8e5b9cc439600149cee87e4949b525876396a81d09ec758acb12cb700470bb2d76282abe75cf39a3053"}}, &(0x7f0000000880)=ANY=[@ANYBLOB="0003040000000cb5c3a5ad681e283f35663c4c807e4ca72b38d42761c2a51f78eac83fcd7ad1e94815d6bc76656d7c0ac447aa0463f58081148559b8b718cfa5b3430cea1f41980697feba4df31ede335263090a7cb56edbc5a30d2a017dae2b3fd1085acae67c3df64bb289c6170f73a37902cc0cce66cc0690b11e"], &(0x7f00000001c0)={0x0, 0xf, 0x3d, {0x5, 0xf, 0x3d, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0x9, 0x6, 0x0, 0xf00f, 0x1f8f, [0x3f3f, 0xc0, 0x0, 0xcf, 0x3f, 0x1e]}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "d133108069834dfdd67f7d7ec67e3771"}]}}, &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x8, 0x6, 0x6, "9c7b0146", "388793d2"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x0, 0x61, 0x1, 0xfa, 0xab19, 0x3}}}, &(0x7f00000007c0)={0x84, &(0x7f0000000380)={0x20, 0xa, 0x1c, "8762774a704cf41b5fbd3023d5ff3d86b1c68d1f9dcfa07d36eedae2"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x24}, &(0x7f0000000440)={0x0, 0x8, 0x1}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f00000004c0)={0x20, 0x0, 0x8, {0x10, 0x10, [0xfff]}}, &(0x7f0000000500)={0x40, 0x7, 0x2, 0xd51}, &(0x7f0000000540)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000580)={0x40, 0xb, 0x2, 't5'}, &(0x7f00000005c0)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000600)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000640)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000680)={0x40, 0x19, 0x2, "ee7b"}, &(0x7f00000006c0)={0x40, 0x1a, 0x2, 0x7}, &(0x7f0000000700)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000740)={0x40, 0x1e, 0x1, 0xf}, &(0x7f0000000780)={0x40, 0x21, 0x1, 0xeb}})
read$FUSE(0xffffffffffffffff, &(0x7f0000004200)={0x2020}, 0x2020)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000002080)='T01\n', 0x4}, {&(0x7f0000000180)="3139ead9afeed1fcd5c9a3bd2233ed38912c2fbcf4ad0ae859fb38bddbef7a9bb66a2d43daeb98a2f176075dcd1c31", 0x2f}], 0x2)

6.871868334s ago: executing program 0 (id=3471):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000005c0), 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl(0xffffffffffffffff, 0xfffff000, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
r4 = fsopen(0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_RESETEP(r5, 0x80045503, 0xffffffffffffffff)
r6 = fsmount(r4, 0x0, 0x0)
fchdir(r6)
r7 = open(0x0, 0x143142, 0x80)
ftruncate(r7, 0x2007ffb)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x55, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xe8}}, 0x0)

6.597924948s ago: executing program 3 (id=3473):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0xfbffffff)

6.53456533s ago: executing program 2 (id=3474):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x6c}, 0x1, 0x0, 0x2400, 0x8010}, 0x4000800)

6.371355283s ago: executing program 2 (id=3476):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r1 = gettid()
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x800)
r3 = epoll_create1(0x0) (async)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) (async)
r4 = syz_io_uring_setup(0xb7f, &(0x7f0000000100)={0x0, 0x38ab, 0x10000, 0x80, 0x1e8}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000600)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000000307010300000000000000000500000d090001"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x12, r7, 0x0, 0x0, 0x0, 0x40002262, 0x0, {0x1}})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f000001bff4)) (async)
timer_create(0x2, &(0x7f0000000140)={0x0, 0x1e, 0x4, @tid=r1}, &(0x7f00000000c0)=<r8=>0x0)
timer_settime(r8, 0xe54aef35e9c2845d, &(0x7f0000000280)={{}, {0x0, 0x9}}, 0x0) (async)
timer_gettime(r8, &(0x7f0000000540)) (async, rerun: 64)
ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000000c0)={0x1, @vbi={0x4, 0xd2, 0x50424752, 0x0, [0x80000000]}}) (async, rerun: 64)
syz_usb_connect(0x3, 0x24, &(0x7f0000006600)={{0x12, 0x1, 0x310, 0xe4, 0x98, 0xd8, 0x40, 0x979, 0x270, 0xec82, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xf, 0x0, 0xe0, 0x2, [{{0x9, 0x4, 0x45, 0x5, 0x0, 0x2b, 0x60, 0xca, 0x5}}]}}]}}, &(0x7f0000007100)={0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_VDPA_GET_VRING_NUM(r2, 0x8002af76, &(0x7f0000000500)) (async)
syz_usb_connect$cdc_ecm(0x2, 0x53, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x41, 0x1, 0x1, 0x5, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x2, 0x6, 0x0, 0x8, {{0xb, 0x24, 0x6, 0x0, 0x0, "0d85643211f1"}, {0x5, 0x24, 0x0, 0xb}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0x3ae, 0x1}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x1ef, 0x4, 0x9c, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xa6, 0x3, 0x7}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x4, 0xe, 0x5, 0x10, 0x7}, 0x115, &(0x7f0000000240)=ANY=[@ANYBLOB="050f1501031c100a00040800000f7800803fff0000cf3fff003f000000c0c0ff001c100a09440000000000a29d003f0000c00000000000ff00cf000000d8100b3655821000677f31892ffa1aeaca3754992409d309c975bf53d90a7225833033825bb83704e643e4e3e45c2a392af6f918edbd3397cbafcfd16735828abfc5e94d462d142f42b9b51ebebdb317390b3662bca052c083e7bb6bb371afb8000000000000000974a7cd205ae2c015a442694d8eee2ea635abc80aa18b6565ee050f222f865c320c31c13453120746c13495f261b15e6f8029633e41ec392921db58e64cd360fbdc745bf389ec5fd398480c441fafed86006661bbfea517a8007d00f4cba6e6ad72997d7166f4da9ac2ea023162db20c8"], 0x2, [{0x36, &(0x7f00000001c0)=@string={0x36, 0x3, "25d2413320d365caac1ca57e9003615201dbb52f1f85f136d65b02baeeb202000eb998ed359b5e474c83569ece2d1d3d26cf3e7a"}}, {0xcc, &(0x7f0000000380)=@string={0xcc, 0x3, "df2e93530a2b6f56bf051a35118b1d39a451208f079ec2703eff6cf4e1ae1edf20361c84db1489071ca30d4f5e26722165a9bd2f6896cde1e1ec157d2e47ac22c8d9776dc62ce2a032d08b5981c6bc158569218768a815efc93c5514bd1ec029d3622671c6bc2aea6e3a22b24ddd8a45b2ad51053d5258652fc76a6968d6e0edc77272cdd0d785803a06692a56d1770922aef905bc71dd2b07d5a6a1d4dc588244f3123f3d010e2473da1c6372c99a13f98cf83a337161da8bfcd388591f37ccd183a450da7121ef48dd"}}]}) (async, rerun: 32)
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') (rerun: 32)
preadv(r9, 0x0, 0x0, 0x400, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f00000004c0)=r9, 0x1)

6.344988209s ago: executing program 3 (id=3477):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000000801010000000000000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030088ff00"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x8008000)

6.101747077s ago: executing program 3 (id=3478):
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000180)={0x1, 0x8, 0x5, &(0x7f0000000040)={0x8, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

5.663880792s ago: executing program 0 (id=3479):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[], 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
socket(0x1000000010, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'gretap0\x00'})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff00000000a4040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a300000000038000380340000802800018023000100118c7457ff8f99b8233ba7d81496e1da69279e989c73000065399ef6cd8d8000080003400000000114"], 0xf0}}, 0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r4, 0x2)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1})
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000000640)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
unshare(0x42000000)

5.363779876s ago: executing program 3 (id=3480):
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000080)={0x28, 0x3, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8000}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0)
r3 = inotify_init1(0x800)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0)
inotify_rm_watch(r3, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000004c0)={0x4, 0xb000})
syz_open_procfs(0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000200)='./mnt\x00', 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000980)={0x32c, 0x2, 0x2, 0x201, 0x0, 0x0, {0x5, 0x0, 0x1}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_NAT={0x178, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xaa}}]}, @CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xe8, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2f}}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xe}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x14, 0x4, @private1}}}]}]}, @CTA_EXPECT_MASK={0x7c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_MASTER={0xa0, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xda78553ffb1c5f79}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}, @CTA_EXPECT_MASTER={0x6c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @local}}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}, 0x32c}, 0x1, 0x0, 0x0, 0x40004}, 0x20044080)

4.717611391s ago: executing program 1 (id=3481):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40)

4.561429652s ago: executing program 2 (id=3482):
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@fallback, 0x32, 0x1, 0xce31, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)}, 0x40)
unshare(0x14030f80)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0xcc)
inotify_rm_watch(r0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010003f6fdd140402090b975f601020301090224000201005004090400f700c873b808090504105802030d580904"], &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0})

4.24013401s ago: executing program 4 (id=3483):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r0, &(0x7f00000024c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0xcb, @dev={0xfe, 0x80, '\x00', 0x13}, 0x9}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000140)="a7", 0x1}], 0x1}, 0xfff5}], 0x1, 0x200400c0)

4.191040711s ago: executing program 1 (id=3484):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000010c0)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x0, 0x6200}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e23}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x100}, 0x40080c0)

4.114057s ago: executing program 4 (id=3485):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[], 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
socket(0x1000000010, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'gretap0\x00'})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff00000000a4040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a300000000038000380340000802800018023000100118c7457ff8f99b8233ba7d81496e1da69279e989c73000065399ef6cd8d8000080003400000000114"], 0xf0}}, 0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r4, 0x2)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1})
ioctl$VFAT_IOCTL_READDIR_BOTH(r6, 0x82307201, &(0x7f0000000640)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
socket$inet6_udp(0xa, 0x2, 0x0)

4.008196702s ago: executing program 0 (id=3486):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f0000000200)='m', 0x1)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100))
r3 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x180042)
write$snddsp(r3, &(0x7f0000000200)="a3", 0x1)
syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000043242108d8130100623001020301090212"], 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

3.953900681s ago: executing program 1 (id=3487):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x113, 0xaa110f4c, 0xe0, 0x0, 0x0, 0xb51, 0x0, 0x0, 0x1, 0x4094}}, 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x72, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x1800000000000000)

3.3119395s ago: executing program 1 (id=3488):
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000000801010000000000000000030000020900010073797a3100000000060002408809000014000480060007400000000608000640000000090500030088ff00"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x8008000)

3.169974485s ago: executing program 1 (id=3489):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000005c0), 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl(0xffffffffffffffff, 0xfffff000, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
r4 = fsopen(0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_RESETEP(r5, 0x80045503, 0xffffffffffffffff)
r6 = fsmount(r4, 0x0, 0x0)
fchdir(r6)
r7 = open(0x0, 0x143142, 0x80)
ftruncate(r7, 0x2007ffb)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x55, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0xe8}}, 0x0)

2.710688237s ago: executing program 2 (id=3490):
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="2703022b590200c90000002f1eafbcf706e105000000894f000f11", 0x1b}], 0x1}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0xfffffffffffffff3)

2.194805515s ago: executing program 3 (id=3491):
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x2a440)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x88802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x50, &(0x7f0000000000)={&(0x7f00000084c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020025642532000000000900010073797a30000000000800054000000002"], 0x40c4}}, 0x0)
r10 = semget$private(0x0, 0x4, 0x43)
semctl$SEM_STAT(r10, 0x1, 0x12, &(0x7f0000000540)=""/206)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r11 = getpgid(0x0)
ptrace$peeksig(0x4209, r11, &(0x7f0000000200)={0x5, 0x1, 0x3}, &(0x7f0000001180)=[{}, {}, {}])
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
syz_usb_connect(0x4, 0x64c, &(0x7f0000000700)=ANY=[@ANYBLOB="12010002d210911eda0befff1b590102030109023a06020181d0320904ea0704fffffff209050d1000048104e0b709782ca06ac7a034ca249a669084eb7861835a1cf9e6baad291e1b2a6823bd5df004355fe775edecd7e383b41bfbac7fdb601dc32b9b45c872b733328643a872d4e719294005eeb143b4cb8bac8fc2a7b66fa4b9e70cae03ca86d9893c0bdf4874e32dc2966c22b96c39cb0a1965965ee5ac655d2cf2cb23e9abe20145daeb3d64f6485ea4331c6de814eb277081ad14c639ce760de385ee3d19835f2cf73328392654c8263eca40d6da4a0ddb897fe9994087fee2fa0725010107fbff09050f08200003050106014877a23009050b0210009c059b0905010c2000040506072501820901000904c9070c02060009022109050710400004090109050e0c00020202055904da35d4e729459dd411091d13bfa5d6c811dacf3ef0f72a6477c3408cff30812d9e9db42771da9f9af5eabaccf62cb01115cfa9259c35a97481e833957ec40e75517f8ecf5df77c9d92d9250743558c3da283b21ea36203dc0f913c98e464641888e51145bfbb5f066c84337e298dc7bbba3f00730c6fa04f7791f1eb6e50487a7014ed5dc6e9bc59b6645fa0fda975aade74fcf0152d03aec65fe359b2040b1abda7a94b995bc0b0108a06c1a2906932b0ff8ca9dedeca943a8894cf74fbfe39e31499fcd729dd030157f239dfe2146a933cea0054b8a5e58efc648b03f1db92863af3e6e0032b0cad6305659e5fbc8348b97c079a1ee250b64d6097907ad7c8f301a1ed82786d401da5446b595d245f59f32931fca8e6deb601bf596bd2ce86f60e21343ad91a6cc3978cf0d8ae695a71c28509050b001000060004072501802c050009050a10000403050409050901000407060ff030776675ea37dd73ab36fc78d90e577f9e4fe56bb3ff54ccde0f31795c48f665b77755512622597f47924b989d4d849d9cc2be154e405efeb43cbb646ee03b38ee22287c8a056482fdc1a570c836a8a0f41895b71476d0393cbb9394e4d5bceee5f72a9468efacb589203df8655fbb896878dc0b322fc189abc08764b8e1eb562c2f590730523e80ad19d5a41a6c3118f382c73ced2d1fbe61c35cd74b366ebf36f7867a02476f13de781d0fe41b24a4616192e0d742e32c7ca8e5b81a4ead895f2ba9f0c8dda851578f54b79c547236e6944bccde290c4ae09b2542877bffeb610da738e690af13e28328c76da416090501004000ca80108702ba55e0eb54a1bd4468b4a4fea8d894e4fcfdb3bdc53239b6b3c8333d6e63725a5c3299b355e3258d263307f733819aef0d10ec2d2ab9e808c8366c04f66d01d979478e62c07ff260abb2e88bbb8beece953a93ed0600bb0b9b3c19d2a688ad5c370e7ff31eecc8db8ba3a9e3d233af64ecd295ff1998f6cb34d8d5343976371dd13b17a89009050a00ff03056405072501810508000725010106ff0309050c002000ff76e1672a39796f5eb79fb238d534c9f53ccad507000000989c37dc5279cb8196c1c6920bc9a0fa3932f02199977dc6de4504a22d162e5d1a0a1f1773b64c51b2e00659d5143ba6512537127dcbdd5c81bb7431e5aed379e1a5de4c247e8adb9a8d49e04901cdf76e8b0725018009d7040905022600020108cb07250100050300bc0720e9f0943d0745a29288fcd591b4aba42f3b5dcfc0e72a6439e052822d8dda605a978b3caece3d6e00fda010850fd243ac7df2fb554a804945712f3b4d2bd4f1215d72431ae1164602df49f189a168065db15bbe23e0110d6211ca276ace500cce2517c0e26a383b60f009c72aeb6649ae01bc80ba8408c2a981bcee9f0e0912c1b2f31871d8e1c9e104031cc04434825bc16939ea6471ac91d0ff95e762f5747c48e2083f29d27762f3173e3b1cec6f4d7931cb193a91ba60342c10d22c98def5fe8509050900000202540ac221821f4ece390a4c8f41687026f16bb29df6e32e30bc3b0cb96d1a75842751b3e670f3eb50475807f51fda232fa2991201f5c19fdc0f8105e3d0463b6cce0841199876c43a7667b6b25e3c0e158bf865aaab9b71401c12cebe4700ae00ffb932a06fcb36e741fb0def692544427fe9e681a7d2378f936e887126e1a9e2419fc3b79dff592655b24733bff04d3d1d6a8d1225d2a0747f0166cb48278fcb14d6a9bb90217110765ac1a74e0d455b2c706bad345a6f96a1ab7d417db9526a73b5e3560725010204040009050f004000f8040609050808ff0308"], &(0x7f0000000440)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x46, 0x0, 0x62, 0x10, 0x4}, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="0100010000"], 0x5, [{0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x82c}}, {0x92, &(0x7f0000001040)=ANY=[@ANYBLOB="920362ea47e9f56a63c8c92edb5bf4601fabb49b37f82ffcc08eeee6aa694c076cc06f7bbbb4d2a9877209c54ae556d645766dd05522c4c115591983160bda554467557e06d9c5a6ac3ead7c63a62d3d1653d8b12313d71c3aa422b3d33f913e7c75940c825a3e804049a3f9e6413a97e97a87f8cfefb37a185be0f212e9fa32ef491408a64f00683d33c1310abe2efe27259116c61731c87f2555b618147675bd1f4fda1c90143379393410128419d616e9d97a5272ec8c621b8e17a55cd7deacf7a25ec0a347a3e5be4253cc4b757c72b889bf36c6559dbdef03cc0db8ec607d44c4c5793974ca2a9927c1486d9c36e99ca9b4918edf01204bbd05236d42520864ce27ff848244e99754a5e198410d6247a140c40fdeb5ff2c4b1a6f68526a59ed95d8d03fd83e619e5b7801dadb68dd9ce2416dcb20feaf383694f7e9"]}, {0xa7, &(0x7f0000000ec0)=@string={0xa7, 0x3, "ab4e47676b48fa8709d8874632b6ab33bdc9fa6c05412aa46f80e81b95dafd88f3861214b1483133d10311bcabd69e0925d97d1ee4819b04058a1b63bfb0d17086a6bb1e867b1e3ed19f69220b57f00c895bcb806c003a31322e61c6f0dbc93af4347c299eaaf5f1bc64ee0390d9791cec80889b1b30af60762239a2ebd4c94ed6bb1186d4ec9a134230bb72282b3439b181fe512ce3649807e5c5fe7b9f61f3ab488a0eb7"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x3801}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0xc0f6}}]})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.095244757s ago: executing program 2 (id=3492):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x8, 0x29, 0x0, 0x7, 0x0, 0x5, 0x3, 0x2}, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x80003, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
r3 = open(0x0, 0x64842, 0x389b0d52417bb201)
pwritev2(r3, 0x0, 0x0, 0x7000, 0x0, 0x3)
socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="05000000000059c027bfd1a215014ad3ac39", @ANYRES32=0x0, @ANYBLOB="31000e0080000000ffffffffffff08021100000008021100000000000000000000000000640001007107ffff0000027601000000"], 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
close_range(r6, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x231, 0x0, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x400400c}, 0x0)
socket(0x10, 0x3, 0x0)
r7 = socket(0x3, 0xa, 0x37c8dc5f)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'ip6gretap0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a400000", @ANYRES32=r8, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c0000140001"], 0x48}}, 0x0)

1.557211996s ago: executing program 1 (id=3493):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000001090400eb010300000009210500000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00220500000083c94ffb"], 0x0}, 0x0)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
read$FUSE(r1, &(0x7f0000004200)={0x2020}, 0x2020)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0)
writev(r1, &(0x7f0000000280)=[{&(0x7f0000002080)='T01\n', 0x4}, {&(0x7f0000000180)="3139ead9afeed1fcd5c9a3bd2233ed38912c2fbcf4ad0ae859fb38bddbef7a9bb66a2d43daeb98a2f176075dcd1c31", 0x2f}], 0x2)

1.307925609s ago: executing program 4 (id=3494):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x90}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.007872451s ago: executing program 4 (id=3495):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0xfffffffa, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x50)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000080)="8b", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a017", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000380)="0efaed785acf73d48a19ee4d0a4b9e6f93e93e8a93f50bdc777453d166d496f4fad8", 0x22}, {&(0x7f00000005c0)}], 0x2}}], 0x3, 0x404c800)
shutdown(r0, 0x2)

841.926558ms ago: executing program 4 (id=3496):
socket(0x2, 0x80805, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x20014082)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x28, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1c, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

832.456932ms ago: executing program 0 (id=3497):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000010c0)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6200}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e23}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x100}, 0x40080c0)

736.273486ms ago: executing program 0 (id=3498):
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0xffffffffffffffda, 0x0, {0x6, 0x0, 0x0, 0x300000000, 0xf, 0x7, {0x0, 0xf, 0x0, 0xfffffffffffffffc, 0x40, 0x0, 0x0, 0x0, 0x0, 0xc000, 0x0, 0x0, 0xee00, 0x0, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b00012000ac00090400000107000009090585"], 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000340)={"47f138bb9a25a150b647711fed8a5b1d", <r2=>0x0, 0x0, {0x9, 0x7}, {0xfffffffffffffffe, 0xa76}, 0x99, [0x6a7, 0x81, 0x8, 0x5, 0x1000, 0x7, 0x7, 0xc3c, 0x5, 0x9, 0xffffffff, 0x7, 0x5, 0x81, 0x7fffffffffffffff, 0x3]})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f00000004c0)={"c3c17db1796162da1637b19bc37fbfb5", r2, 0x0, {0x6, 0x34fff1d1}, {0x1, 0x10001}, 0x6b02, [0x401, 0x0, 0x0, 0x2, 0x2, 0x1, 0x3b, 0x1ff, 0x9, 0x9, 0xea2, 0x6, 0x0, 0x5, 0x7, 0x3]})
r3 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002700)=@newlink={0x48, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x25a50, 0x44802}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x4}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc8b6}, 0x0)
setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000200)=0x9, 0x4)
r6 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000300)={&(0x7f0000000280)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000003c0)={r7, <r8=>0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r6, 0xc03064b7, &(0x7f0000000200)={r7, r8, r9, 0x0, 0x4000, 0x80000003, 0x0, 0x0, 0x5, 0xe, 0xc, 0x31e})
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}})
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r10)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000100)="fdd4e328fdfd635db7a1fc42d792ad242fb4d0cbb085057676cbb6c606ec165f04e99124a68c209da5551e1a83020d8ee31c7a27f0e04a084bca78a98622c25ad282f2f7998b512c2cae93ab49f980f4d31b08ab72473f7d906e14e04ac5dfdab2", 0x61, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r10, 0xc00464be, &(0x7f0000000180)={r11})
ioctl$EVIOCGLED(r3, 0x80284504, &(0x7f0000000000)=""/41)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)

0s ago: executing program 2 (id=3499):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f00000005c0)={0x70, 0x101, 0x0, 0x595f314c, 0x19, "00e47903e5951edc064af900"})
write$UHID_INPUT(r1, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
io_setup(0x20fe, &(0x7f00000001c0)=<r2=>0x0)
io_submit(r2, 0x0, &(0x7f0000002680))

kernel console output (not intermixed with test programs):

s 1 interface, different from the descriptor's value: 9
[ 1023.968103][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.002633][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.023585][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1024.048305][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.067271][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.105998][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1024.115492][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.128659][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.155458][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1024.170027][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.205280][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.273409][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1024.282613][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.292365][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.352035][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1024.377894][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1024.398190][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1024.430569][   T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1024.496494][   T24] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1024.519518][   T24] usb 3-1: Product: syz
[ 1024.537804][   T24] usb 3-1: Manufacturer: syz
[ 1024.553562][   T24] usb 3-1: SerialNumber: syz
[ 1024.588986][   T24] usb 3-1: config 0 descriptor??
[ 1024.643616][   T24] yurex 3-1:0.0: Could not find endpoints
[ 1024.937619][T24201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1024.946872][T24201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1024.985459][T24201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1025.153382][T24201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1025.184208][   T24] usb 3-1: USB disconnect, device number 84
[ 1025.802484][T15711] usb 1-1: new full-speed USB device number 103 using dummy_hcd
[ 1025.995763][T15711] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1026.024374][T15711] usb 1-1: not running at top speed; connect to a high speed hub
[ 1026.073224][T15711] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1026.301389][T15711] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1026.342710][T15711] usb 1-1: string descriptor 0 read error: -22
[ 1026.349079][T15711] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1026.389257][T15711] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.427381][T15711] usb 1-1: 0:2 : does not exist
[ 1026.462605][T15712] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1026.622705][T15712] usb 3-1: Using ep0 maxpacket: 32
[ 1026.650378][T15712] usb 3-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config
[ 1026.690574][T15712] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1026.714628][T15712] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1026.749538][T15712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.802546][T15712] usb 3-1: Product: syz
[ 1026.836952][T15712] usb 3-1: Manufacturer: syz
[ 1026.876131][T15712] usb 3-1: SerialNumber: syz
[ 1026.917919][T15712] usb 3-1: config 0 descriptor??
[ 1027.259810][T24264] team0: Device gtp0 is of different type
[ 1027.759640][T15711] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1027.824585][T15711] usb 1-1: 5:0: failed to get current value for ch 1 (-22)
[ 1027.839899][T24345] netlink: 'syz.4.2901': attribute type 16 has an invalid length.
[ 1027.883759][T15712] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1027.900079][T24345] netlink: 'syz.4.2901': attribute type 17 has an invalid length.
[ 1027.924560][T15711] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1027.956111][T15711] usb 1-1: USB disconnect, device number 103
[ 1028.057506][   T24] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1028.092813][T15724] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1028.206078][T18548] IPVS: stop unused estimator thread 0...
[ 1028.279088][T15724] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1028.328685][T15724] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1028.400737][T15724] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1028.477008][T15724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1028.511721][T15724] usb 2-1: SerialNumber: syz
[ 1028.692905][ T8258] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1028.733312][T15711] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1028.892745][T15711] usb 1-1: Using ep0 maxpacket: 32
[ 1028.900575][T15711] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[ 1028.910278][T15711] usb 1-1: config 0 has no interface number 0
[ 1028.918881][T15711] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1028.964781][T23777] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1028.972292][T15711] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1028.987260][T15711] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.016099][T23777] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1029.043003][T23777] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1029.062002][T15711] usb 1-1: Product: syz
[ 1029.071290][T23777] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1029.097317][T15711] usb 1-1: Manufacturer: syz
[ 1029.109501][   T24] usb 3-1: USB disconnect, device number 85
[ 1029.140387][T15711] usb 1-1: SerialNumber: syz
[ 1029.186570][T15711] usb 1-1: config 0 descriptor??
[ 1029.265987][T15711] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1029.380664][T23777] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1029.445768][T23777] 8021q: adding VLAN 0 to HW filter on device team0
[ 1029.453192][T15711] em28xx 1-1:0.132: Video interface 132 found:
[ 1029.519889][T18544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1029.527066][T18544] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1029.632985][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1029.640452][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1029.703688][T15711] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[ 1029.810862][T15711] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1029.850153][T15711] em28xx 1-1:0.132: board has no eeprom
[ 1029.943997][T15711] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1029.958853][T15711] em28xx 1-1:0.132: analog set to bulk mode.
[ 1029.974348][T15712] em28xx 1-1:0.132: Registering V4L2 extension
[ 1030.024090][T15711] usb 1-1: USB disconnect, device number 104
[ 1030.107100][T23777] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1030.135785][T15711] em28xx 1-1:0.132: Disconnecting em28xx
[ 1030.423773][T23777] veth0_vlan: entered promiscuous mode
[ 1030.492172][T23777] veth1_vlan: entered promiscuous mode
[ 1030.752896][T15712] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[ 1030.766196][T15724] usb 2-1: 0:2 : does not exist
[ 1030.774625][T15712] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[ 1030.786143][T15712] em28xx 1-1:0.132: No AC97 audio processor
[ 1030.805005][T15712] usb 1-1: Decoder not found
[ 1030.820795][T15712] em28xx 1-1:0.132: failed to create media graph
[ 1030.837767][T15724] usb 2-1: USB disconnect, device number 119
[ 1030.850648][T15712] em28xx 1-1:0.132: V4L2 device video103 deregistered
[ 1031.249618][T15712] em28xx 1-1:0.132: Remote control support is not available for this card.
[ 1031.897660][T15711] em28xx 1-1:0.132: Closing input extension
[ 1031.916904][T23777] veth0_macvtap: entered promiscuous mode
[ 1031.984958][T15711] em28xx 1-1:0.132: Freeing device
[ 1032.039376][T24484] team0: Device gtp0 is of different type
[ 1032.414494][T23777] veth1_macvtap: entered promiscuous mode
[ 1032.489865][T24532] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1032.512901][T24532] block device autoloading is deprecated and will be removed.
[ 1032.534163][T24535] loop4: detected capacity change from 0 to 2560
[ 1032.573540][T23777] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1032.585785][T24535] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2911'.
[ 1032.610822][T23777] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1032.695469][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.704650][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.848831][T24537] buffer_io_error: 2 callbacks suppressed
[ 1032.848869][T24537] Buffer I/O error on dev loop4, logical block 0, lost async page write
[ 1032.863680][T24537] Buffer I/O error on dev loop4, logical block 1, lost async page write
[ 1032.872297][T24537] Buffer I/O error on dev loop4, logical block 2, lost async page write
[ 1032.881084][T24537] Buffer I/O error on dev loop4, logical block 3, lost async page write
[ 1032.907354][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.964854][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1033.013820][T24537] Buffer I/O error on dev loop4, logical block 4, lost async page write
[ 1033.053769][T24537] Buffer I/O error on dev loop4, logical block 5, lost async page write
[ 1033.105824][T24537] Buffer I/O error on dev loop4, logical block 6, lost async page write
[ 1033.125485][T24537] Buffer I/O error on dev loop4, logical block 7, lost async page write
[ 1033.142894][T24537] Buffer I/O error on dev loop4, logical block 8, lost async page write
[ 1033.152158][T24537] Buffer I/O error on dev loop4, logical block 9, lost async page write
[ 1033.782348][T18544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1033.800899][   T30] kauditd_printk_skb: 50 callbacks suppressed
[ 1033.800919][   T30] audit: type=1326 audit(1762708233.654:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1033.829606][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1033.855514][T18544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.986517][T24548] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1034.022197][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1034.232570][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1034.293700][   T30] audit: type=1326 audit(1762708233.694:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1034.524871][   T30] audit: type=1326 audit(1762708233.694:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1034.547342][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1034.726993][   T30] audit: type=1326 audit(1762708233.694:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1034.822575][   T30] audit: type=1326 audit(1762708233.704:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1034.845044][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1034.936350][   T30] audit: type=1326 audit(1762708233.704:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1034.958974][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1034.995273][T24582] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2870'.
[ 1035.193094][   T30] audit: type=1326 audit(1762708233.704:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1035.304940][   T30] audit: type=1326 audit(1762708233.704:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1035.397908][   T30] audit: type=1326 audit(1762708233.704:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1035.656544][   T30] audit: type=1326 audit(1762708233.704:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24549 comm="syz.2.2913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f40b8b8f6c9 code=0x7ffc0000
[ 1036.034328][T24593] netlink: 'syz.3.2919': attribute type 10 has an invalid length.
[ 1036.061138][T24593] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[ 1036.070707][T24593] team0: Failed to send options change via netlink (err -105)
[ 1036.123912][T24593] team0: Port device netdevsim0 added
[ 1036.131367][   T60] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[ 1038.289204][T24647] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2929'.
[ 1038.401769][  T855] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1038.652556][  T855] usb 2-1: Using ep0 maxpacket: 32
[ 1038.659585][  T855] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1038.679777][  T855] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1038.755478][  T855] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1038.794443][  T855] usb 2-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00
[ 1038.833834][  T855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1038.881789][  T855] usb 2-1: config 0 descriptor??
[ 1039.708132][  T855] hid_parser_main: 5 callbacks suppressed
[ 1039.708160][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.762487][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.809298][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.912515][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.942498][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.952628][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1039.960260][  T855] holtek_mouse 0003:04D9:A0C2.0016: unknown main item tag 0x0
[ 1040.075399][  T855] holtek_mouse 0003:04D9:A0C2.0016: hidraw0: USB HID v0.00 Device [HID 04d9:a0c2] on usb-dummy_hcd.1-1/input0
[ 1040.141087][  T855] usb 2-1: USB disconnect, device number 120
[ 1040.173971][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1040.198852][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1040.213287][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1040.227298][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1040.250455][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1040.262786][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1040.281791][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.556116][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1040.611482][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.968529][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1041.003735][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1041.651865][   T13] bond0: (slave netdevsim0): Releasing backup interface
[ 1041.681520][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1041.750621][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1041.860678][T24756] fuse: Bad value for 'rootmode'
[ 1041.937148][T24759] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2940'.
[ 1042.432598][ T5834] Bluetooth: hci0: command tx timeout
[ 1042.712870][T24860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2944'.
[ 1042.721905][T24860] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2944'.
[ 1042.855366][T24866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2946'.
[ 1043.381475][   T13] dvmrp0 (unregistering): left allmulticast mode
[ 1043.478343][   T13] bond0 (unregistering): Released all slaves
[ 1043.517396][T24706] chnl_net:caif_netlink_parms(): no params data found
[ 1043.697304][   T13] tipc: Disabling bearer <udp:syz2>
[ 1043.762680][   T13] tipc: Left network mode
[ 1044.257492][T24921] xt_addrtype: ipv6 BLACKHOLE matching not supported
[ 1044.553182][ T5834] Bluetooth: hci0: command tx timeout
[ 1045.486578][T24706] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1045.494056][T24706] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1045.501353][T24706] bridge_slave_0: entered allmulticast mode
[ 1045.535119][T24706] bridge_slave_0: entered promiscuous mode
[ 1045.783821][T24979] xt_addrtype: ipv6 BLACKHOLE matching not supported
[ 1046.007588][T24975] team0: Device gtp0 is of different type
[ 1046.084568][T24706] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1046.192857][T24706] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1046.200653][T24706] bridge_slave_1: entered allmulticast mode
[ 1046.378432][T24706] bridge_slave_1: entered promiscuous mode
[ 1046.592583][ T5834] Bluetooth: hci0: command tx timeout
[ 1046.626925][   T13] hsr_slave_0: left promiscuous mode
[ 1046.711939][   T13] hsr_slave_1: left promiscuous mode
[ 1046.767815][   T13] veth1_macvtap: left promiscuous mode
[ 1046.779816][   T13] veth0_macvtap: left promiscuous mode
[ 1047.401705][T25012] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2956'.
[ 1047.591578][T25019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1047.621948][T25019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1047.764614][ T8258] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1048.277206][   T13] team0 (unregistering): Port device dummy0 removed
[ 1048.673205][ T5834] Bluetooth: hci0: command tx timeout
[ 1049.006364][T24706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1049.183705][T24706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1049.564653][T24706] team0: Port device team_slave_0 added
[ 1049.594098][   T13] IPVS: stop unused estimator thread 0...
[ 1049.678281][T24706] team0: Port device team_slave_1 added
[ 1049.921733][T24706] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.948159][T24706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1049.974503][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1050.042638][T24706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1050.089624][T24706] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1050.117684][T24706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1050.144223][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1050.173092][T24706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1050.610394][T24706] hsr_slave_0: entered promiscuous mode
[ 1050.647546][T24706] hsr_slave_1: entered promiscuous mode
[ 1050.691809][T24706] debugfs: 'hsr0' already exists in 'hsr'
[ 1050.773464][T24706] Cannot create hsr debugfs directory
[ 1050.779642][T25209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2962'.
[ 1051.531587][T25255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2966'.
[ 1051.571045][T25278] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2967'.
[ 1051.607667][T25255] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1051.862513][T15724] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1052.033587][T15724] usb 2-1: Using ep0 maxpacket: 8
[ 1052.040800][T15724] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[ 1052.049555][T15724] usb 2-1: config 0 has no interface number 0
[ 1052.057089][T15724] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1052.110220][T15724] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1052.204227][T15724] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1052.256650][T15724] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1052.298496][T15724] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1052.338716][T15724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1052.382876][T15724] usb 2-1: config 0 descriptor??
[ 1052.419600][T24706] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1052.523481][T15724] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1052.601797][T24706] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1052.652975][T24421] usb 2-1: USB disconnect, device number 121
[ 1052.663911][T24421] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[ 1052.680277][T25291] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2968'.
[ 1052.690690][T25291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2968'.
[ 1052.700275][T24706] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1052.724952][T25342] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2968'.
[ 1053.018440][T18548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1053.057947][T18548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1053.109069][T24706] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1053.414817][T18548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1053.445999][T18548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1053.682540][T15724] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1053.841224][T15724] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1053.874207][T15724] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1053.903882][T15724] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[ 1053.978294][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1053.978319][   T30] audit: type=1326 audit(1762708253.784:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1054.015802][T15724] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1054.029996][T24706] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1054.041061][T15724] usb 3-1: config 0 descriptor??
[ 1054.072558][   T30] audit: type=1326 audit(1762708253.784:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1054.136456][T24706] 8021q: adding VLAN 0 to HW filter on device team0
[ 1054.203951][T25389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2973'.
[ 1054.312289][   T30] audit: type=1326 audit(1762708253.784:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1054.351324][T11407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1054.358505][T11407] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1054.384543][T25389] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1054.690703][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.702202][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.710829][T25394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1054.720702][T25394] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1054.760134][T25358] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2971'.
[ 1054.777023][T15724] arvo 0003:1E7D:30D4.0017: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.2-1/input0
[ 1054.874916][   T30] audit: type=1326 audit(1762708253.784:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1055.049393][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1055.056788][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1055.095034][T15724] arvo 0003:1E7D:30D4.0017: couldn't init struct arvo_device
[ 1055.105583][T15724] arvo 0003:1E7D:30D4.0017: couldn't install keyboard
[ 1055.135785][   T30] audit: type=1326 audit(1762708253.784:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1055.144857][T15724] arvo 0003:1E7D:30D4.0017: probe with driver arvo failed with error -71
[ 1055.185017][T15724] usb 3-1: USB disconnect, device number 87
[ 1055.425531][T24706] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1055.460158][   T30] audit: type=1326 audit(1762708253.784:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1055.486168][T24706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1055.514783][   T30] audit: type=1326 audit(1762708253.784:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1055.564439][   T30] audit: type=1326 audit(1762708253.784:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1055.682209][T24706] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1055.739932][   T30] audit: type=1326 audit(1762708253.784:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1056.145992][   T30] audit: type=1326 audit(1762708253.784:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25374 comm="syz.1.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7938d8f6c9 code=0x7ffc0000
[ 1056.644159][T24706] veth0_vlan: entered promiscuous mode
[ 1056.920473][T24706] veth1_vlan: entered promiscuous mode
[ 1057.030082][T24706] veth0_macvtap: entered promiscuous mode
[ 1057.115058][T25444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2976'.
[ 1057.135338][T24706] veth1_macvtap: entered promiscuous mode
[ 1057.201494][T24706] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1057.286136][T24706] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1057.401717][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1057.668307][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1057.699605][T25467] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2978'.
[ 1057.709461][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1057.738486][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1057.792738][T24421] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1057.978478][T18542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1058.025540][T18542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1058.025643][T24421] usb 4-1: Using ep0 maxpacket: 16
[ 1058.133688][T24421] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1058.175813][T24421] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1058.179786][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1058.218693][T24421] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1058.234159][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1058.248792][T24421] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1058.286550][T24421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1058.353643][T24421] usb 4-1: config 0 descriptor??
[ 1058.821328][T24421] mcp2221 0003:04D8:00DD.0018: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[ 1059.894552][T25507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1059.966937][T25507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1060.123069][T24421] usb 4-1: reset high-speed USB device number 5 using dummy_hcd
[ 1060.569681][T25533] syzkaller1: entered promiscuous mode
[ 1060.597891][T25533] syzkaller1: entered allmulticast mode
[ 1061.111138][T25473] usb 4-1: USB disconnect, device number 5
[ 1061.144105][T25551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2989'.
[ 1061.298397][T25551] bridge_slave_1: left allmulticast mode
[ 1061.322663][T25551] bridge_slave_1: left promiscuous mode
[ 1061.344803][T25551] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1061.503858][T25551] bridge_slave_0: left allmulticast mode
[ 1061.510504][T25551] bridge_slave_0: left promiscuous mode
[ 1061.517032][T25551] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1063.648949][ T5148] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1063.661826][ T5148] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1063.671595][ T5148] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1063.717700][ T5148] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1063.727219][ T5148] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1064.660548][T25639] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2996'.
[ 1065.802581][ T5834] Bluetooth: hci2: command tx timeout
[ 1066.002789][T23138] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1066.087539][T18544] team0: Port device netdevsim0 removed
[ 1066.195517][T23138] usb 2-1: Using ep0 maxpacket: 32
[ 1066.217154][T23138] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[ 1066.285644][T23138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1066.434444][T23138] usb 2-1: config 0 descriptor??
[ 1067.653532][T25795] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3002'.
[ 1067.682617][T25795] netlink: 'syz.3.3002': attribute type 8 has an invalid length.
[ 1067.814744][T18544] dvmrp0 (unregistering): left allmulticast mode
[ 1067.872619][ T5834] Bluetooth: hci2: command tx timeout
[ 1067.972311][T18544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1068.084115][T18544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1068.143857][T18544] bond0 (unregistering): Released all slaves
[ 1068.225766][T25619] chnl_net:caif_netlink_parms(): no params data found
[ 1068.399987][T18544] tipc: Disabling bearer <udp:syz2>
[ 1068.407678][T18544] tipc: Left network mode
[ 1068.455226][T23138] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[ 1068.499567][T23138] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1068.529947][T23138] dib0700: firmware download failed at 7 with -22
[ 1068.553584][T23138] usb 2-1: USB disconnect, device number 122
[ 1068.969720][T25847] vti0: entered promiscuous mode
[ 1068.982654][T25847] vti0: entered allmulticast mode
[ 1069.011581][T25619] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1069.031093][T25619] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1069.041092][T25619] bridge_slave_0: entered allmulticast mode
[ 1069.068315][T25619] bridge_slave_0: entered promiscuous mode
[ 1069.096995][T25619] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1069.135182][T25619] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1069.159632][T25619] bridge_slave_1: entered allmulticast mode
[ 1069.192493][T25619] bridge_slave_1: entered promiscuous mode
[ 1069.335458][T18544] hsr_slave_0: left promiscuous mode
[ 1069.412145][T18544] hsr_slave_1: left promiscuous mode
[ 1069.420218][T18544] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1069.952559][ T5834] Bluetooth: hci2: command tx timeout
[ 1071.839381][T25928] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3010'.
[ 1072.112738][ T5148] Bluetooth: hci2: command tx timeout
[ 1072.479415][T25935] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3011'.
[ 1072.777582][T25942] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3013'.
[ 1073.092504][ T8258] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 1073.195122][T18544] team0 (unregistering): Port device team_slave_1 removed
[ 1073.485252][ T8258] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1073.513263][ T8258] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1073.522245][T18544] team0 (unregistering): Port device team_slave_0 removed
[ 1073.567962][ T8258] usb 4-1: Product: syz
[ 1073.572189][ T8258] usb 4-1: Manufacturer: syz
[ 1073.582446][ T8258] usb 4-1: SerialNumber: syz
[ 1074.054839][ T8258] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1074.070868][ T8258] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1074.187761][T25954] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3014'.
[ 1074.335209][T25956] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1075.126575][ T8258] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPIPE
[ 1075.128212][T25944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1075.149125][ T8258] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1075.175218][ T8258] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1075.193869][T25944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1075.217441][ T8258] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[ 1075.218017][T18544] team0 (unregistering): Port device dummy0 removed
[ 1075.675072][T23138] usb 4-1: USB disconnect, device number 6
[ 1075.757620][T25619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1075.785066][T25619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1076.025962][T25619] team0: Port device team_slave_0 added
[ 1076.045934][T25619] team0: Port device team_slave_1 added
[ 1076.068374][T26031] fuse: Bad value for 'group_id'
[ 1076.097019][T26031] fuse: Bad value for 'group_id'
[ 1076.478293][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1076.478312][   T30] audit: type=1326 audit(1762708276.314:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.538570][T25619] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1076.549397][T18544] IPVS: stop unused estimator thread 0...
[ 1076.556100][T25619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1076.584507][   T30] audit: type=1326 audit(1762708276.314:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.627227][T25619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1076.644010][   T30] audit: type=1326 audit(1762708276.324:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.674151][   T30] audit: type=1326 audit(1762708276.324:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.697606][   T30] audit: type=1326 audit(1762708276.384:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.736101][   T30] audit: type=1326 audit(1762708276.384:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.766360][   T30] audit: type=1326 audit(1762708276.384:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.821110][T25619] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1076.841644][T25619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1076.874463][   T30] audit: type=1326 audit(1762708276.384:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1076.897973][T25619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1076.913300][   T30] audit: type=1326 audit(1762708276.384:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26070 comm="syz.3.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19f038f6c9 code=0x7ffc0000
[ 1077.854760][T26103] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3023'.
[ 1077.990353][T25619] hsr_slave_0: entered promiscuous mode
[ 1077.999414][T25619] hsr_slave_1: entered promiscuous mode
[ 1078.035831][T25619] debugfs: 'hsr0' already exists in 'hsr'
[ 1078.092560][T25619] Cannot create hsr debugfs directory
[ 1079.464011][T26200] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3027'.
[ 1079.930429][   T30] audit: type=1326 audit(1762708279.784:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26215 comm="syz.4.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1fb8f6c9 code=0x7ffc0000
[ 1080.181942][T26229] fuse: Bad value for 'fd'
[ 1080.409492][T25619] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1080.460084][T25619] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1080.496962][T25619] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1080.566486][T25619] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1081.004019][T26297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3034'.
[ 1081.769739][T25619] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1081.858264][T25619] 8021q: adding VLAN 0 to HW filter on device team0
[ 1081.993582][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1082.000860][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1082.084886][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1082.092539][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1082.401790][T26331] netlink: 'syz.1.3038': attribute type 10 has an invalid length.
[ 1083.394717][T26331] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1083.982314][T25619] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1084.235977][T25619] veth0_vlan: entered promiscuous mode
[ 1084.255282][T25619] veth1_vlan: entered promiscuous mode
[ 1084.285953][T25619] veth0_macvtap: entered promiscuous mode
[ 1084.297871][T25619] veth1_macvtap: entered promiscuous mode
[ 1084.351979][T25619] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1084.390671][T25619] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1084.432922][T26366] binder: 26363:26366 ioctl c0306201 2000000001c0 returned -14
[ 1084.527271][   T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.573977][   T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.651947][   T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1084.688897][   T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1085.962599][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1086.018449][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1086.283447][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1086.319275][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1086.703745][T26396] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3045'.
[ 1088.209940][T26441] loop2: detected capacity change from 0 to 7
[ 1088.217563][T26441] Dev loop2: unable to read RDB block 7
[ 1088.223392][T26441]  loop2: unable to read partition table
[ 1088.229867][T26441] loop2: partition table beyond EOD, truncated
[ 1088.455717][T26441] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1088.465718][T26444] xt_TCPMSS: Only works on TCP SYN packets
[ 1088.543295][ T5198] Dev loop2: unable to read RDB block 7
[ 1088.600533][ T5198]  loop2: unable to read partition table
[ 1088.624447][ T5198] loop2: partition table beyond EOD, truncated
[ 1088.745179][T26438] bond0: (slave bond_slave_0): Releasing backup interface
[ 1088.810400][T26438] bond0: (slave bond_slave_1): Releasing backup interface
[ 1088.911195][T26438] team0: Port device team_slave_0 removed
[ 1089.049763][T26438] team0: Port device team_slave_1 removed
[ 1089.098108][T26438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1089.183471][T26438] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1089.208729][T26438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1089.241025][T26438] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1089.748860][T26467] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3059'.
[ 1090.166877][T26438] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1091.041306][ T5198] Dev loop6: unable to read RDB block 1
[ 1091.202120][ T5198]  loop6: unable to read partition table
[ 1091.216813][ T5198] loop6: partition table beyond EOD, truncated
[ 1091.343448][T25473] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1091.678595][T25473] usb 4-1: Using ep0 maxpacket: 16
[ 1091.904017][T25473] usb 4-1: config 0 has an invalid interface number: 174 but max is 3
[ 1091.912977][T25473] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1091.986431][T25473] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4
[ 1092.022685][T25473] usb 4-1: config 0 has no interface number 0
[ 1092.034188][T25473] usb 4-1: config 0 interface 174 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1092.246920][T25473] usb 4-1: config 0 interface 174 has no altsetting 0
[ 1092.289477][T25473] usb 4-1: New USB device found, idVendor=0403, idProduct=e000, bcdDevice=2d.c6
[ 1092.321021][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1092.331287][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1092.341304][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1092.353752][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1092.362069][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1092.436932][T25473] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1092.492611][T25473] usb 4-1: Product: �
[ 1092.496838][T25473] usb 4-1: Manufacturer: �ᚨ弰翭�齤⑱�处�꣰嵋㶕�박䞅�攻羳湓鞡�춒��⣋ꅿꓘ츽�骔꿕沖⥀湢棅䆱홹貴硎�쿓
[ 1092.625342][T25473] usb 4-1: SerialNumber: Ñ…
[ 1092.661226][T25473] usb 4-1: config 0 descriptor??
[ 1093.594578][T18544] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1093.621601][T18544] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1093.908092][T18544] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1093.940438][T25473] ftdi_sio 4-1:0.174: FTDI USB Serial Device converter detected
[ 1093.959893][T18544] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.024197][T25473] ftdi_sio ttyUSB0: unknown device type: 0x2dc6
[ 1094.129510][T25473] usb 4-1: USB disconnect, device number 7
[ 1094.150209][T25473] ftdi_sio 4-1:0.174: device disconnected
[ 1094.432620][ T5834] Bluetooth: hci3: command tx timeout
[ 1094.788784][T18544] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1094.819932][T18544] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.832481][T15712] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1095.023869][T15712] usb 3-1: Using ep0 maxpacket: 32
[ 1095.480295][T18544] team0: Port device netdevsim0 removed
[ 1095.483592][T15712] usb 3-1: config 0 has an invalid descriptor of length 13, skipping remainder of the config
[ 1095.508200][T15712] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1095.526668][T18544] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1095.587733][T18544] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1095.594773][T15712] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1095.637886][T15712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1095.646217][T15712] usb 3-1: Product: syz
[ 1095.650557][T15712] usb 3-1: Manufacturer: syz
[ 1095.661254][T15712] usb 3-1: SerialNumber: syz
[ 1095.687033][T26562] chnl_net:caif_netlink_parms(): no params data found
[ 1095.694381][T15712] usb 3-1: config 0 descriptor??
[ 1096.512771][ T5834] Bluetooth: hci3: command tx timeout
[ 1097.184834][T26562] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1097.217155][T26562] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1097.267104][T26562] bridge_slave_0: entered allmulticast mode
[ 1097.335714][T26562] bridge_slave_0: entered promiscuous mode
[ 1097.387030][T26562] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1097.414348][T26562] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1097.422002][T26772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3074'.
[ 1097.440013][T26562] bridge_slave_1: entered allmulticast mode
[ 1097.449113][T26562] bridge_slave_1: entered promiscuous mode
[ 1097.627429][T26562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1097.641910][T15712] usb 3-1: USB disconnect, device number 88
[ 1098.147177][T18544] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1098.252850][T18544] dvmrp0 (unregistering): left allmulticast mode
[ 1098.551631][T18544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1098.563522][T18544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1098.586689][T18544] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1098.595209][ T5834] Bluetooth: hci3: command tx timeout
[ 1098.604464][T18544] bond0 (unregistering): Released all slaves
[ 1098.800239][T18544] bond1 (unregistering): Released all slaves
[ 1098.821784][T18544] bond2 (unregistering): Released all slaves
[ 1098.851942][T26562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1098.992873][T26831] vlan2: entered promiscuous mode
[ 1098.998162][T26831] dummy0: entered promiscuous mode
[ 1099.059868][T18544] tipc: Left network mode
[ 1099.197363][T26562] team0: Port device team_slave_0 added
[ 1099.269517][T26869] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1099.330337][T26562] team0: Port device team_slave_1 added
[ 1099.502818][T25473] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1099.559901][T26562] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1099.568099][   T30] kauditd_printk_skb: 16 callbacks suppressed
[ 1099.568120][   T30] audit: type=1400 audit(1762708299.414:2133): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=26918 comm="syz.4.3086"
[ 1099.600477][T26562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1099.629778][T26562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1099.644263][T26915] netlink: 'syz.2.3085': attribute type 6 has an invalid length.
[ 1099.703672][T25473] usb 1-1: Using ep0 maxpacket: 16
[ 1099.712892][T25473] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1099.726095][T26562] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1099.735620][T25473] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1099.764803][T26562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1099.795028][T25473] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1099.808291][T25473] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1099.818668][T26562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1099.829466][T25473] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1099.841563][T25473] usb 1-1: config 0 descriptor??
[ 1099.873447][T18544] hsr_slave_0: left promiscuous mode
[ 1099.890562][T18544] hsr_slave_1: left promiscuous mode
[ 1099.905631][T18544] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1100.315800][T26943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3088'.
[ 1100.366776][T25473] microsoft 0003:045E:07DA.0019: unknown main item tag 0x0
[ 1100.374261][T25473] microsoft 0003:045E:07DA.0019: unknown global tag 0xe
[ 1100.381283][T25473] microsoft 0003:045E:07DA.0019: item 0 1 1 14 parsing failed
[ 1100.390089][T25473] microsoft 0003:045E:07DA.0019: parse failed
[ 1100.407987][T25473] microsoft 0003:045E:07DA.0019: probe with driver microsoft failed with error -22
[ 1100.589054][T26879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1100.635104][T26879] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1100.674600][ T5834] Bluetooth: hci3: command tx timeout
[ 1100.816788][T24421] usb 1-1: USB disconnect, device number 105
[ 1101.489470][T18544] team0 (unregistering): Port device team_slave_1 removed
[ 1101.581874][T18544] team0 (unregistering): Port device team_slave_0 removed
[ 1103.324434][T26943] bridge_slave_1: left allmulticast mode
[ 1103.330170][T26943] bridge_slave_1: left promiscuous mode
[ 1103.339560][T26943] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1103.358395][T26943] bridge_slave_0: left allmulticast mode
[ 1103.375175][T26943] bridge_slave_0: left promiscuous mode
[ 1103.401425][T26943] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1103.508075][T26957] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1103.562725][T26957] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1103.574674][T26957] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1103.620015][T26957] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1104.030360][T27004] syzkaller1: entered promiscuous mode
[ 1104.048259][T27004] syzkaller1: entered allmulticast mode
[ 1104.107378][T27004] binder: 26988:27004 ioctl c0306201 2000000001c0 returned -14
[ 1104.120004][T26562] hsr_slave_0: entered promiscuous mode
[ 1104.135120][T26562] hsr_slave_1: entered promiscuous mode
[ 1104.143368][T26562] debugfs: 'hsr0' already exists in 'hsr'
[ 1104.158571][T26562] Cannot create hsr debugfs directory
[ 1104.521253][T27038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3098'.
[ 1105.228338][T18544] IPVS: stop unused estimator thread 0...
[ 1106.317937][T27131] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3104'.
[ 1107.619780][T27150] team0: Device gtp0 is of different type
[ 1108.119000][T26562] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1108.223432][T26562] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1108.442855][T25473] usb 4-1: new low-speed USB device number 8 using dummy_hcd
[ 1108.447409][T26562] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1108.508478][T26562] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1108.582515][T25473] usb 4-1: device descriptor read/64, error -71
[ 1108.882505][T25473] usb 4-1: new low-speed USB device number 9 using dummy_hcd
[ 1109.092538][T25473] usb 4-1: device descriptor read/64, error -71
[ 1109.131945][T26562] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1109.219017][T26562] 8021q: adding VLAN 0 to HW filter on device team0
[ 1109.265058][T25473] usb usb4-port1: attempt power cycle
[ 1109.297942][T18544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1109.305207][T18544] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1109.383107][T18548] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1109.390429][T18548] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1109.634433][T25473] usb 4-1: new low-speed USB device number 10 using dummy_hcd
[ 1109.685006][T25473] usb 4-1: device descriptor read/8, error -71
[ 1109.775971][T26562] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1109.972546][T25473] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[ 1110.013005][T25473] usb 4-1: device descriptor read/8, error -71
[ 1110.032839][T15711] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1110.127019][T25473] usb usb4-port1: unable to enumerate USB device
[ 1110.196129][T26562] veth0_vlan: entered promiscuous mode
[ 1110.249132][T15711] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1110.269923][T26562] veth1_vlan: entered promiscuous mode
[ 1110.324030][T15711] usb 5-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[ 1110.407666][T26562] veth0_macvtap: entered promiscuous mode
[ 1110.416370][T15711] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1110.449827][T26562] veth1_macvtap: entered promiscuous mode
[ 1110.475364][T27216] fuse: Unknown parameter '0000000000000000000004500000000000000000003'
[ 1110.512177][T15711] usb 5-1: config 0 descriptor??
[ 1110.577877][T26562] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1110.641654][T26562] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1110.683842][T18548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1110.704276][T18548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1110.737717][T18548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1110.771727][T15711] usbhid 5-1:0.0: can't add hid device: -71
[ 1110.778345][T15711] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1110.788276][T18548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1110.803799][T15711] usb 5-1: USB disconnect, device number 74
[ 1111.227488][T18548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1111.278262][T18548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1111.467466][T18544] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1111.553678][T27258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3116'.
[ 1111.612943][T18544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1114.533084][   T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1115.016657][T18544] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1115.102679][   T24] usb 4-1: Using ep0 maxpacket: 8
[ 1115.110000][   T24] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1115.131763][   T24] usb 4-1: config 0 has no interface number 0
[ 1115.138957][T18544] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1115.155734][   T24] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1115.239964][   T24] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1115.243450][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1115.285432][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1115.302868][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1115.311900][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1115.324033][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1115.393466][   T24] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1115.412878][   T24] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1115.449057][   T24] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1115.472943][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.634193][   T24] usb 4-1: config 0 descriptor??
[ 1115.673737][   T24] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1115.727004][T18544] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1115.762469][T18544] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1115.872707][   T24] usb 4-1: USB disconnect, device number 12
[ 1115.926077][   T24] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[ 1116.116609][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.123362][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.135144][T18544] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1116.166216][T18544] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1116.334178][T18544] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[ 1116.336002][T27362] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3130'.
[ 1116.362430][T18544] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode
[ 1116.427121][T27367] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.3130' resets device
[ 1116.433538][T18544] team0: Port device netdevsim0 removed
[ 1116.446803][T18544] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1116.482556][T18544] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1117.007031][T27313] chnl_net:caif_netlink_parms(): no params data found
[ 1117.036410][T15711] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1117.208894][T15711] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1117.237755][T15711] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.342547][T15711] usb 2-1: Product: syz
[ 1117.361361][T15711] usb 2-1: Manufacturer: syz
[ 1117.431969][T15711] usb 2-1: SerialNumber: syz
[ 1117.532910][T27512] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3136'.
[ 1117.553272][ T5148] Bluetooth: hci1: command tx timeout
[ 1117.568211][T18544] batman_adv: batadv0: Interface deactivated: gretap1
[ 1117.577930][T15711] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1117.663566][T15712] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1117.871252][T27425] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3133'.
[ 1117.970353][   T24] usb 2-1: USB disconnect, device number 124
[ 1118.760596][T15712] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1118.773440][T15712] ath9k_htc: Failed to initialize the device
[ 1118.789690][   T24] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1119.047102][T18544] batman_adv: batadv0: Removing interface: gretap1
[ 1119.068023][T27542] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[ 1119.080760][T27542] Cannot find set identified by id 1 to match
[ 1119.451218][T18544] bond1 (unregistering): (slave geneve2): Releasing active interface
[ 1119.632677][ T5148] Bluetooth: hci1: command tx timeout
[ 1119.736953][T18544] bond0 (unregistering): Released all slaves
[ 1120.622475][   T24] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1121.042628][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1121.192496][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[ 1121.307470][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.514021][   T24] usb 1-1: config 0 descriptor??
[ 1121.626122][T18544] bond1 (unregistering): Released all slaves
[ 1121.712592][ T5148] Bluetooth: hci1: command tx timeout
[ 1121.873263][   T24] usbhid 1-1:0.0: can't add hid device: -71
[ 1121.881468][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1121.953563][   T24] usb 1-1: USB disconnect, device number 106
[ 1122.864580][T18544] tipc: Disabling bearer <eth:syzkaller0>
[ 1122.883071][T18544] tipc: Disabling bearer <udp:syz2>
[ 1122.895684][T18544] tipc: Left network mode
[ 1122.910326][T27313] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1122.942233][T27313] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1122.971326][T27313] bridge_slave_0: entered allmulticast mode
[ 1122.996307][T27313] bridge_slave_0: entered promiscuous mode
[ 1123.107932][T27313] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1123.125559][T27313] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1123.141586][T27313] bridge_slave_1: entered allmulticast mode
[ 1123.233431][T27313] bridge_slave_1: entered promiscuous mode
[ 1123.796859][ T5148] Bluetooth: hci1: command tx timeout
[ 1124.719441][T27313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1124.857852][T27313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1125.056160][T18544] hsr_slave_1: left promiscuous mode
[ 1125.080318][T18544] veth1_macvtap: left promiscuous mode
[ 1125.101304][T18544] veth0_macvtap: left promiscuous mode
[ 1127.247164][T27748] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3158'.
[ 1129.142798][T15711] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1129.295982][T15711] usb 3-1: device descriptor read/64, error -71
[ 1129.450217][T27313] team0: Port device team_slave_0 added
[ 1129.486050][T27313] team0: Port device team_slave_1 added
[ 1129.542464][T15711] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1129.722524][T15711] usb 3-1: device descriptor read/64, error -71
[ 1129.821614][T27313] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1129.890459][T15711] usb usb3-port1: attempt power cycle
[ 1129.992528][T27313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1130.079450][T27313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1130.104256][T27313] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1130.111577][T27313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1130.137753][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1130.147300][T27313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1130.232255][T27821] FAULT_INJECTION: forcing a failure.
[ 1130.232255][T27821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1130.268720][T27821] CPU: 0 UID: 0 PID: 27821 Comm: syz.1.3169 Not tainted syzkaller #0 PREEMPT(full) 
[ 1130.268750][T27821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1130.268761][T27821] Call Trace:
[ 1130.268770][T27821]  <TASK>
[ 1130.268780][T27821]  dump_stack_lvl+0x189/0x250
[ 1130.268814][T27821]  ? __pfx____ratelimit+0x10/0x10
[ 1130.268846][T27821]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1130.268868][T27821]  ? __pfx__printk+0x10/0x10
[ 1130.268898][T27821]  should_fail_ex+0x414/0x560
[ 1130.268932][T27821]  _copy_to_user+0x31/0xb0
[ 1130.268959][T27821]  simple_read_from_buffer+0xe1/0x170
[ 1130.268993][T27821]  proc_fail_nth_read+0x1b3/0x220
[ 1130.269021][T27821]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1130.269048][T27821]  ? rw_verify_area+0x2a6/0x4d0
[ 1130.269074][T27821]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1130.269100][T27821]  vfs_read+0x200/0xa30
[ 1130.269123][T27821]  ? trace_sched_exit_tp+0x36/0x110
[ 1130.269160][T27821]  ? __pfx_vfs_read+0x10/0x10
[ 1130.269210][T27821]  ksys_read+0x145/0x250
[ 1130.269239][T27821]  ? __pfx_ksys_read+0x10/0x10
[ 1130.269269][T27821]  ? do_syscall_64+0xbe/0xfa0
[ 1130.269299][T27821]  do_syscall_64+0xfa/0xfa0
[ 1130.269325][T27821]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.269344][T27821]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1130.269363][T27821]  ? clear_bhb_loop+0x60/0xb0
[ 1130.269386][T27821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.269405][T27821] RIP: 0033:0x7f1a76b8e0dc
[ 1130.269424][T27821] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1130.269441][T27821] RSP: 002b:00007f1a77a5e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1130.269463][T27821] RAX: ffffffffffffffda RBX: 00007f1a76de5fa0 RCX: 00007f1a76b8e0dc
[ 1130.269478][T27821] RDX: 000000000000000f RSI: 00007f1a77a5e0a0 RDI: 0000000000000004
[ 1130.269490][T27821] RBP: 00007f1a77a5e090 R08: 0000000000000000 R09: 0000000000000000
[ 1130.269503][T27821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1130.269515][T27821] R13: 00007f1a76de6038 R14: 00007f1a76de5fa0 R15: 00007f1a76f0fa28
[ 1130.269549][T27821]  </TASK>
[ 1130.483745][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1130.532500][T15711] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1130.618724][T15711] usb 3-1: device descriptor read/8, error -71
[ 1130.862446][T15711] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1130.884033][T27313] hsr_slave_0: entered promiscuous mode
[ 1130.893345][T27313] hsr_slave_1: entered promiscuous mode
[ 1130.934728][T15711] usb 3-1: device descriptor read/8, error -71
[ 1130.979628][T27857] fuse: Bad value for 'group_id'
[ 1130.984783][T27857] fuse: Bad value for 'group_id'
[ 1131.124137][T15711] usb usb3-port1: unable to enumerate USB device
[ 1131.260076][T18544] IPVS: stop unused estimator thread 0...
[ 1131.809012][T27934] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3173'.
[ 1133.111311][T27992] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3176'.
[ 1133.593270][T28022] netlink: 'syz.0.3179': attribute type 16 has an invalid length.
[ 1133.603302][T28022] netlink: 'syz.0.3179': attribute type 17 has an invalid length.
[ 1134.192034][T27313] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1134.235635][T27313] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1134.311844][T27313] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1134.414336][T27313] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1135.918394][T27313] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1135.974479][T27313] 8021q: adding VLAN 0 to HW filter on device team0
[ 1136.113720][T18544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1136.120902][T18544] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1136.777584][T28096] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3189'.
[ 1136.875045][T28087] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1136.882677][T28087] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1137.586336][   T30] audit: type=1326 audit(1762708337.444:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.1.3191" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a76b8f6c9 code=0x0
[ 1137.946072][T18548] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1137.953335][T18548] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1138.340439][T28106] bond0: (slave bond_slave_0): Releasing backup interface
[ 1138.377655][T28106] bond0: (slave bond_slave_1): Releasing backup interface
[ 1138.551498][T28106] team0: Port device team_slave_0 removed
[ 1138.672635][ T5834] Bluetooth: hci5: command 0x0406 tx timeout
[ 1138.715628][T28106] team0: Port device team_slave_1 removed
[ 1139.226892][T28130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3194'.
[ 1139.241395][T28106] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1139.256260][T28106] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1139.387846][T28106] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1139.415480][T28106] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1139.546836][T28106] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1139.757254][T18544] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.080715][T18544] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.117993][T18544] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.266379][T18544] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.301822][T28136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3195'.
[ 1140.344262][T28136] bridge_slave_1: left allmulticast mode
[ 1140.351185][T28136] bridge_slave_1: left promiscuous mode
[ 1140.358616][T28136] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1140.540839][T28136] bridge_slave_0: left allmulticast mode
[ 1140.579281][T28136] bridge_slave_0: left promiscuous mode
[ 1140.595035][T28136] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1140.873264][T23138] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1141.044912][T23138] usb 3-1: Using ep0 maxpacket: 16
[ 1141.087975][T23138] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1141.135698][T23138] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.151212][T28142] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3196'.
[ 1141.197282][T27313] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1141.298931][T23138] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1141.341975][T27313] veth0_vlan: entered promiscuous mode
[ 1141.368262][T27313] veth1_vlan: entered promiscuous mode
[ 1141.390422][T23138] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1141.474568][T23138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.491706][T27313] veth0_macvtap: entered promiscuous mode
[ 1141.548236][T23138] usb 3-1: Product: syz
[ 1141.559023][T27313] veth1_macvtap: entered promiscuous mode
[ 1141.572666][T23138] usb 3-1: Manufacturer: syz
[ 1141.593429][T23138] usb 3-1: SerialNumber: syz
[ 1141.655434][T27313] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1141.696847][T27313] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1141.789599][T11407] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.994500][T11407] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.014242][T11407] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.051109][T11407] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.097814][T23138] usb 3-1: 0:2 : does not exist
[ 1142.171287][T11407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1142.262306][T11407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1142.537536][T11407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1142.584799][T11407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1142.932682][T25473] usb 3-1: USB disconnect, device number 93
[ 1143.213876][T28180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3120'.
[ 1144.484984][T28235] fuse: Bad value for 'group_id'
[ 1144.490170][T28235] fuse: Bad value for 'group_id'
[ 1145.639106][T28257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3207'.
[ 1147.170371][T28275] x_tables: duplicate underflow at hook 1
[ 1149.525190][T24421] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1149.584772][T28341] fuse: Bad value for 'group_id'
[ 1149.601150][T28341] fuse: Bad value for 'group_id'
[ 1149.734880][T28348] vivid-008: disconnect
[ 1149.808438][T24421] usb 2-1: Using ep0 maxpacket: 32
[ 1149.846316][T24421] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[ 1149.896413][T24421] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.938532][T24421] usb 2-1: config 0 descriptor??
[ 1150.391462][T24421] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[ 1150.456380][T28345] vivid-008: reconnect
[ 1150.888434][T24421] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1150.970051][T24421] dib0700: firmware download failed at 7 with -22
[ 1151.003175][T24421] usb 2-1: USB disconnect, device number 125
[ 1151.442457][T24421] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1151.617999][T24421] usb 2-1: Using ep0 maxpacket: 8
[ 1151.634918][T24421] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[ 1151.646010][T24421] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1151.662110][T24421] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[ 1151.728275][T24421] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.772441][T24421] usb 2-1: rejected 1 configuration due to insufficient available bus power
[ 1152.108962][T24421] usb 2-1: no configuration chosen from 1 choice
[ 1154.542607][T24421] usb 2-1: USB disconnect, device number 126
[ 1155.009168][T28457] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3227'.
[ 1155.079747][T23138] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1155.265466][T23138] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1155.371988][T23138] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1155.397124][T23138] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1155.470085][T23138] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1155.519862][T23138] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.787955][T23138] usb 5-1: config 0 descriptor??
[ 1156.291009][T23138] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1156.682477][   T30] audit: type=1326 audit(1762708356.524:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28475 comm="syz.2.3232" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f000278f6c9 code=0x0
[ 1156.704479][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1156.817904][T23138] usb 5-1: USB disconnect, device number 75
[ 1157.463020][T28508] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1158.141647][T28528] syzkaller1: entered promiscuous mode
[ 1158.165328][T28528] syzkaller1: entered allmulticast mode
[ 1158.339077][T28546] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3244'.
[ 1158.511869][T28546] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1160.659021][   T30] audit: type=1326 audit(1762708360.484:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.022577][   T30] audit: type=1326 audit(1762708360.484:2137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.083681][   T30] audit: type=1326 audit(1762708360.484:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.135339][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1161.172723][   T30] audit: type=1326 audit(1762708360.484:2139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.232791][   T30] audit: type=1326 audit(1762708360.484:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.255386][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1161.262523][   T30] audit: type=1326 audit(1762708360.484:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.285070][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1161.291606][   T30] audit: type=1326 audit(1762708360.494:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.322523][   T30] audit: type=1326 audit(1762708360.494:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.384798][   T30] audit: type=1326 audit(1762708360.494:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1161.668019][T28611] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3255'.
[ 1161.993957][T28613] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3254'.
[ 1162.003133][T28613] bridge_slave_1: left allmulticast mode
[ 1162.013529][T28613] bridge_slave_1: left promiscuous mode
[ 1162.020033][T28613] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1162.030573][   T30] audit: type=1326 audit(1762708360.494:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1162.053218][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1162.107418][T28613] bridge_slave_0: left allmulticast mode
[ 1162.116374][T28613] bridge_slave_0: left promiscuous mode
[ 1162.122607][T28613] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1162.252471][   T30] audit: type=1326 audit(1762708360.494:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28569 comm="syz.2.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000278f6c9 code=0x7ffc0000
[ 1164.274654][ T5148] Bluetooth: hci0: command 0x0406 tx timeout
[ 1164.314622][T24421] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1164.572466][T24421] usb 3-1: Using ep0 maxpacket: 16
[ 1164.600145][T24421] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[ 1164.622391][T24421] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1164.923149][T24421] usb 3-1: config 0 has no interface number 0
[ 1165.263395][T24421] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[ 1165.497268][T24421] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.536080][T24421] usb 3-1: Product: syz
[ 1165.540392][T24421] usb 3-1: Manufacturer: syz
[ 1165.545125][T24421] usb 3-1: SerialNumber: syz
[ 1165.631156][T24421] usb 3-1: config 0 descriptor??
[ 1165.722712][T23138] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1165.866646][T24421] uvcvideo 3-1:0.105: Found UVC 0.00 device syz (046d:08d3)
[ 1165.867201][T28648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1165.902537][T28648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1165.902926][T23138] usb 1-1: Using ep0 maxpacket: 16
[ 1165.982648][T24421] uvcvideo 3-1:0.105: No valid video chain found.
[ 1165.985561][T23138] usb 1-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1166.247310][ T8258] usb 3-1: USB disconnect, device number 94
[ 1166.305401][T23138] usb 1-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1166.315862][T23138] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1166.322734][T23138] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1166.332123][T23138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1166.625549][T23138] usb 1-1: config 0 descriptor??
[ 1167.067878][T23138] mcp2221 0003:04D8:00DD.001B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[ 1168.992509][T23138] usb 1-1: reset high-speed USB device number 107 using dummy_hcd
[ 1169.767205][T28784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3276'.
[ 1169.806140][T15712] usb 1-1: USB disconnect, device number 107
[ 1170.782849][T23138] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1170.994823][T23138] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1171.017776][T23138] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[ 1171.043524][T23138] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[ 1171.064517][T23138] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[ 1171.074437][T23138] usb 4-1: config 129 has no interface number 0
[ 1171.081612][T23138] usb 4-1: config 129 has no interface number 1
[ 1171.088074][T23138] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[ 1171.102026][T23138] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[ 1171.121096][T23138] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[ 1171.135063][T23138] usb 4-1: config 129 interface 135 has no altsetting 0
[ 1171.142061][T23138] usb 4-1: config 129 interface 5 has no altsetting 0
[ 1171.159926][T23138] usb 4-1: string descriptor 0 read error: -22
[ 1171.166617][T23138] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[ 1171.192390][T23138] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1171.220320][T28817] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3280'.
[ 1171.325903][T23138] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1171.372864][T23138] usb 4-1: MIDIStreaming interface descriptor not found
[ 1171.725877][T23138] usb 4-1: USB disconnect, device number 13
[ 1172.263583][ T8258] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 1172.445129][ T8258] usb 1-1: Using ep0 maxpacket: 8
[ 1172.451648][ T8258] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[ 1172.460070][ T8258] usb 1-1: config 0 has no interface number 0
[ 1172.473089][ T8258] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1172.539990][T28883] program syz.4.3286 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1172.579980][ T8258] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1172.632556][T23138] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1172.762888][ T8258] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1172.793053][T23138] usb 4-1: Using ep0 maxpacket: 16
[ 1172.802487][T23138] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1172.824056][T23138] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1172.882473][T23138] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1172.909950][T23138] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1172.955990][T23138] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.047049][T23138] usb 4-1: config 0 descriptor??
[ 1173.266181][ T8258] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1173.290083][ T8258] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1173.496738][T23138] mcp2221 0003:04D8:00DD.001C: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[ 1173.632899][ T8258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.954835][ T8258] usb 1-1: config 0 descriptor??
[ 1174.223445][ T8258] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1174.280727][T28883] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3286'.
[ 1174.290258][T28883] netlink: 'syz.4.3286': attribute type 7 has an invalid length.
[ 1174.298226][T28883] netlink: 'syz.4.3286': attribute type 8 has an invalid length.
[ 1174.306046][T28883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3286'.
[ 1174.325476][T28883] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3286'.
[ 1174.491943][T28905] netlink: 'syz.2.3288': attribute type 11 has an invalid length.
[ 1174.568008][T28905] kvm: pic: single mode not supported
[ 1174.568046][T28905] kvm: pic: level sensitive irq not supported
[ 1175.436069][T28947] tipc: Started in network mode
[ 1175.452135][T28947] tipc: Node identity ac14140f, cluster identity 4711
[ 1175.479134][T28947] tipc: New replicast peer: 255.255.255.255
[ 1175.520686][T28947] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1175.584315][T28155] usb 4-1: USB disconnect, device number 14
[ 1176.194963][T28155] usb 1-1: USB disconnect, device number 108
[ 1176.233996][T28155] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[ 1176.653931][T15712] tipc: Node number set to 2886997007
[ 1177.555550][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.562006][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.101740][T29036] team0: Device gtp0 is of different type
[ 1178.233956][T15712] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1178.698424][T15712] usb 1-1: Using ep0 maxpacket: 16
[ 1178.725621][T15712] usb 1-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1178.905761][T15712] usb 1-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1178.966098][T15712] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1178.981405][T15712] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1178.992606][T15712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1179.009318][T15712] usb 1-1: config 0 descriptor??
[ 1179.550992][T15712] mcp2221 0003:04D8:00DD.001D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[ 1181.573840][ T8258] usb 1-1: USB disconnect, device number 109
[ 1181.881539][T29157] team0: Device gtp0 is of different type
[ 1182.921847][T29173] loop2: detected capacity change from 0 to 7
[ 1182.960060][T29173] Dev loop2: unable to read RDB block 7
[ 1182.988370][T29173]  loop2: unable to read partition table
[ 1183.010500][T29175] xt_TCPMSS: Only works on TCP SYN packets
[ 1183.024521][T29173] loop2: partition table beyond EOD, truncated
[ 1183.072103][T29173] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1185.132604][T25473] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1185.333721][T25473] usb 5-1: Using ep0 maxpacket: 16
[ 1185.373501][T25473] usb 5-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.451891][T25473] usb 5-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1185.522661][T25473] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1185.632459][T25473] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1185.672553][T25473] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.721572][T25473] usb 5-1: config 0 descriptor??
[ 1186.804646][T25473] mcp2221 0003:04D8:00DD.001E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[ 1187.152058][T29261] team0: Device gtp0 is of different type
[ 1187.331197][   T30] audit: type=1326 audit(1762708387.184:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29269 comm="syz.2.3327" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f000278f6c9 code=0x0
[ 1187.353099][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1187.834177][T25473] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1187.992481][T25473] usb 4-1: Using ep0 maxpacket: 16
[ 1188.006174][T25473] usb 4-1: config 0 has an invalid interface number: 113 but max is 1
[ 1188.015713][T25473] usb 4-1: config 0 has an invalid interface number: 191 but max is 1
[ 1188.028838][T25473] usb 4-1: config 0 has no interface number 0
[ 1188.036415][T25473] usb 4-1: config 0 has no interface number 1
[ 1188.044554][T25473] usb 4-1: config 0 interface 191 has no altsetting 0
[ 1188.057793][T25473] usb 4-1: New USB device found, idVendor=1645, idProduct=0005, bcdDevice=30.dd
[ 1188.068866][T25473] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1188.077703][T25473] usb 4-1: Product: syz
[ 1188.084951][T25473] usb 4-1: Manufacturer: syz
[ 1188.090035][T25473] usb 4-1: SerialNumber: syz
[ 1188.099750][T25473] usb 4-1: config 0 descriptor??
[ 1188.365756][T25473] kaweth 4-1:0.113: Firmware present in device.
[ 1188.386541][T25473] kaweth 4-1:0.113: Error reading configuration (-71), no net device created
[ 1188.436594][T25473] kaweth 4-1:0.113: probe with driver kaweth failed with error -5
[ 1188.621922][T25473] kaweth 4-1:0.191: Firmware present in device.
[ 1188.681574][T25473] kaweth 4-1:0.191: Error reading configuration (-71), no net device created
[ 1188.798309][T25473] kaweth 4-1:0.191: probe with driver kaweth failed with error -5
[ 1188.900820][   T24] usb 5-1: USB disconnect, device number 76
[ 1188.914206][T25473] usb 4-1: USB disconnect, device number 15
[ 1189.343198][T29332] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3332'.
[ 1189.477204][T29332] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3332'.
[ 1189.886346][ T5834] Bluetooth: hci2: command 0x0406 tx timeout
[ 1191.415159][T29358] team0: Device gtp0 is up. Set it down before adding it as a team port
[ 1192.003581][T25473] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1192.073995][T29382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3342'.
[ 1192.162469][T25473] usb 5-1: Using ep0 maxpacket: 16
[ 1192.184164][T25473] usb 5-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1192.213868][T25473] usb 5-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1192.285325][T25473] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1192.292193][T25473] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1192.332847][ T8258] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1192.358822][T25473] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.394315][T25473] usb 5-1: config 0 descriptor??
[ 1192.442685][T23138] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[ 1192.482635][T15712] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1192.522688][ T8258] usb 2-1: Using ep0 maxpacket: 32
[ 1192.532089][ T8258] usb 2-1: config 120 has an invalid interface number: 207 but max is 0
[ 1192.586191][ T8258] usb 2-1: config 120 has no interface number 0
[ 1192.628090][ T8258] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=6f.0b
[ 1192.634156][T23138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1192.662495][T15712] usb 3-1: device descriptor read/64, error -71
[ 1192.672722][ T8258] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1192.681731][ T8258] usb 2-1: Product: syz
[ 1192.707452][T23138] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[ 1192.719246][ T8258] usb 2-1: Manufacturer: syz
[ 1192.733182][T23138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.741407][ T8258] usb 2-1: SerialNumber: syz
[ 1192.767550][ T8258] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1192.767917][T23138] usb 1-1: config 0 descriptor??
[ 1192.861495][T25473] mcp2221 0003:04D8:00DD.001F: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[ 1192.945772][T15712] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1193.044776][T23138] usbhid 1-1:0.0: can't add hid device: -71
[ 1193.062565][T23138] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1193.089501][T23138] usb 1-1: USB disconnect, device number 110
[ 1193.159019][T15712] usb 3-1: device descriptor read/64, error -71
[ 1193.293466][T15712] usb usb3-port1: attempt power cycle
[ 1193.319046][ T8258] r8152-cfgselector 2-1: USB disconnect, device number 127
[ 1193.652412][T15712] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1193.693213][T15712] usb 3-1: device descriptor read/8, error -71
[ 1193.945307][T15712] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[ 1194.059584][T15712] usb 3-1: device descriptor read/8, error -71
[ 1194.176884][T15712] usb usb3-port1: unable to enumerate USB device
[ 1195.085783][   T30] audit: type=1326 audit(1762708394.824:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.118838][   T30] audit: type=1326 audit(1762708394.824:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.141870][T23138] usb 5-1: USB disconnect, device number 77
[ 1195.402683][   T30] audit: type=1326 audit(1762708394.824:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.477577][   T30] audit: type=1326 audit(1762708394.824:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.500079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.522196][   T30] audit: type=1326 audit(1762708394.824:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.611851][   T30] audit: type=1326 audit(1762708394.824:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1195.634414][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.703238][T23138] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1195.848862][   T30] audit: type=1326 audit(1762708394.824:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1196.012993][   T30] audit: type=1326 audit(1762708394.834:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1196.035569][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1196.104085][T29491] team0: Device gtp0 is of different type
[ 1196.125727][T23138] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1196.135697][T23138] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.166179][   T30] audit: type=1326 audit(1762708394.834:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1196.200105][T23138] usb 5-1: Product: syz
[ 1196.314999][T23138] usb 5-1: Manufacturer: syz
[ 1196.335944][T23138] usb 5-1: SerialNumber: syz
[ 1196.356866][T23138] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1196.382229][T15712] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1196.476013][   T30] audit: type=1326 audit(1762708394.834:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29453 comm="syz.0.3347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbf1d38f6c9 code=0x7ffc0000
[ 1197.033155][T15714] usb 5-1: USB disconnect, device number 78
[ 1197.490243][T15712] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1197.504993][T15712] ath9k_htc: Failed to initialize the device
[ 1197.537779][T15714] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1197.599470][T29534] loop2: detected capacity change from 0 to 7
[ 1197.636866][T29534] Dev loop2: unable to read RDB block 7
[ 1197.672496][T29534]  loop2: unable to read partition table
[ 1197.678442][T29534] loop2: partition table beyond EOD, truncated
[ 1197.743324][T29534] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1197.822794][T29543] xt_TCPMSS: Only works on TCP SYN packets
[ 1197.834206][T29549] AppArmor: change_hat: Invalid input '0'
[ 1199.530740][T15712] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1199.982394][T15712] usb 3-1: Using ep0 maxpacket: 16
[ 1199.990020][T15712] usb 3-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1200.011515][T15712] usb 3-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1200.046994][T29614] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3359'.
[ 1200.087956][T15712] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1200.112530][T15712] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1200.145775][T15712] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.343733][T15712] usb 3-1: config 0 descriptor??
[ 1200.768083][T15712] mcp2221 0003:04D8:00DD.0020: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[ 1202.973316][   T24] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1203.153193][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1203.161427][   T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1203.177478][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1203.207443][   T24] usb 5-1: config 0 descriptor??
[ 1203.647695][T28155] usb 3-1: USB disconnect, device number 99
[ 1203.674546][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1203.703562][   T24] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[ 1203.726698][   T24] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[ 1206.002481][T23138] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1206.517488][T23138] usb 2-1: Using ep0 maxpacket: 32
[ 1206.544130][T23138] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1206.557540][T23138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1206.664201][T23138] usb 2-1: config 0 descriptor??
[ 1206.917955][T23138] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1207.502912][T29748] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3375'.
[ 1208.069061][T29755] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1208.344923][T29760] netlink: 'syz.4.3377': attribute type 10 has an invalid length.
[ 1208.554733][T29760] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1209.420741][T29782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3382'.
[ 1209.566629][T29782] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3382'.
[ 1209.961814][T25473] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1210.152435][T25473] usb 4-1: Using ep0 maxpacket: 16
[ 1210.381522][T25473] usb 4-1: config 0 has an invalid interface number: 238 but max is 0
[ 1210.705347][T25473] usb 4-1: config 0 has no interface number 0
[ 1210.798419][T25473] usb 4-1: config 0 interface 238 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1210.810196][T25473] usb 4-1: config 0 interface 238 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1210.821773][T25473] usb 4-1: config 0 interface 238 has no altsetting 0
[ 1210.834231][T25473] usb 4-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00
[ 1211.066604][T25473] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1211.097160][T25473] usb 4-1: config 0 descriptor??
[ 1211.610280][T25473] logitech-djreceiver 0003:046D:C513.0021: unknown main item tag 0x0
[ 1211.641502][T25473] logitech-djreceiver 0003:046D:C513.0021: unknown main item tag 0x0
[ 1211.714639][T25473] logitech-djreceiver 0003:046D:C513.0021: unknown main item tag 0x0
[ 1211.742454][T25473] logitech-djreceiver 0003:046D:C513.0021: unknown main item tag 0x0
[ 1211.761511][T25473] logitech-djreceiver 0003:046D:C513.0021: unknown main item tag 0x0
[ 1211.887247][T25473] logitech-djreceiver 0003:046D:C513.0021: hidraw0: USB HID v0.05 Device [HID 046d:c513] on usb-dummy_hcd.3-1/input238
[ 1211.956650][T29856] input: syz0 as /devices/virtual/input/input41
[ 1212.046079][T29861] random: crng reseeded on system resumption
[ 1212.166335][T25473] usb 4-1: USB disconnect, device number 16
[ 1213.801288][T29942] ipip0: entered promiscuous mode
[ 1213.814252][T29942] ipip0: entered allmulticast mode
[ 1214.278296][T15712] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1214.460339][T29888] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1214.488514][T15712] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[ 1214.506877][T15712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1214.546708][T15712] usb 4-1: Product: syz
[ 1214.564186][T15712] usb 4-1: Manufacturer: syz
[ 1214.588559][T15712] usb 4-1: SerialNumber: syz
[ 1214.637333][T15712] usb 4-1: config 0 descriptor??
[ 1215.352712][T28155] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1215.472578][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[ 1215.535000][T28155] usb 3-1: Using ep0 maxpacket: 32
[ 1215.586165][T28155] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[ 1215.632667][T28155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1215.668103][T28155] usb 3-1: config 0 descriptor??
[ 1216.297393][T28155] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[ 1216.354311][T28155] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1216.402743][T28155] dib0700: firmware download failed at 7 with -22
[ 1216.419540][T15712] usb 4-1: f81604_read: reg: 105 failed: -EPROTO
[ 1216.439576][T15712] f81604 4-1:0.0: Setting termination of CH#0 failed: -EPROTO
[ 1216.450563][T28155] usb 3-1: USB disconnect, device number 100
[ 1216.458826][T15712] f81604 4-1:0.0: probe with driver f81604 failed with error -71
[ 1216.481611][T15712] usb 4-1: USB disconnect, device number 17
[ 1216.565176][T15711] usb 1-1: new high-speed USB device number 111 using dummy_hcd
[ 1216.772826][T15711] usb 1-1: Using ep0 maxpacket: 32
[ 1216.793874][T15711] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1216.803160][T15711] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.838023][T15711] usb 1-1: config 0 descriptor??
[ 1217.099911][T15711] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1217.115171][T30047] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3400'.
[ 1217.128520][T15711] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1217.167220][T15711] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1217.187564][T15711] usb 1-1: media controller created
[ 1217.271205][T15711] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1217.348854][T15711] az6027: usb out operation failed. (-71)
[ 1217.360121][T15711] az6027: usb out operation failed. (-71)
[ 1217.384886][T15711] stb0899_attach: Driver disabled by Kconfig
[ 1217.406236][T15711] az6027: no front-end attached
[ 1217.406236][T15711] 
[ 1217.433701][T15711] az6027: usb out operation failed. (-71)
[ 1217.447456][T15711] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1217.510340][T15711] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input42
[ 1217.531277][T15711] dvb-usb: schedule remote query interval to 400 msecs.
[ 1217.540168][T15711] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1217.557248][T15711] usb 1-1: USB disconnect, device number 111
[ 1217.620984][T30071] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3404'.
[ 1217.677709][T15711] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1220.176977][T15711] hid (null): global environment stack underflow
[ 1220.183952][T15711] hid (null): report_id 3777927162 is invalid
[ 1220.190392][T15711] hid (null): invalid report_count 30335
[ 1220.258968][T15711] hid-generic 0000:0007:0008.0022: global environment stack underflow
[ 1220.272134][T30120] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3409'.
[ 1220.419639][T30120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3409'.
[ 1220.445050][T15711] hid-generic 0000:0007:0008.0022: item 0 4 1 11 parsing failed
[ 1220.481081][T30120] bridge_slave_1: left allmulticast mode
[ 1220.488220][T30120] bridge_slave_1: left promiscuous mode
[ 1220.523547][T30120] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1220.654402][T30120] bridge_slave_0: left allmulticast mode
[ 1220.662622][T15711] hid-generic 0000:0007:0008.0022: probe with driver hid-generic failed with error -22
[ 1220.691996][T30120] bridge_slave_0: left promiscuous mode
[ 1220.731794][T30120] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1220.809884][   T30] kauditd_printk_skb: 42 callbacks suppressed
[ 1220.809907][   T30] audit: type=1326 audit(1762708420.644:2200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30131 comm="syz.3.3412" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f19f038f6c9 code=0x0
[ 1222.409491][T30151] netlink: 'syz.2.3415': attribute type 16 has an invalid length.
[ 1222.444040][T30151] netlink: 'syz.2.3415': attribute type 17 has an invalid length.
[ 1222.912579][T15712] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1223.285422][T15712] usb 3-1: Using ep0 maxpacket: 32
[ 1223.343960][T15712] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1223.372421][T15712] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1223.375372][T15712] usb 3-1: config 0 descriptor??
[ 1223.604323][T15712] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1223.839180][T15712] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1223.930254][T15712] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1223.988489][T15712] usb 3-1: media controller created
[ 1224.137643][T15712] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1224.235261][T30202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3419'.
[ 1224.273973][T15712] az6027: usb out operation failed. (-71)
[ 1224.337783][T15712] az6027: usb out operation failed. (-71)
[ 1224.357624][T15712] stb0899_attach: Driver disabled by Kconfig
[ 1224.382905][T15712] az6027: no front-end attached
[ 1224.382905][T15712] 
[ 1224.590780][T15712] az6027: usb out operation failed. (-71)
[ 1224.621035][T15712] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1224.682572][T15712] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input43
[ 1224.740743][T15712] dvb-usb: schedule remote query interval to 400 msecs.
[ 1224.768391][T15712] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1224.852847][T15712] usb 3-1: USB disconnect, device number 101
[ 1225.161710][T15712] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1225.614538][T30255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3426'.
[ 1226.479805][T30288] lo: entered allmulticast mode
[ 1226.509374][T30288] tunl0: entered allmulticast mode
[ 1226.577957][T30288] gre0: entered allmulticast mode
[ 1226.610788][T30288] gretap0: entered allmulticast mode
[ 1226.630639][T30288] erspan0: entered allmulticast mode
[ 1226.651283][T30288] ip_vti0: entered allmulticast mode
[ 1226.674232][T30288] ip6_vti0: entered allmulticast mode
[ 1226.702051][T30288] sit0: entered allmulticast mode
[ 1226.712197][T30288] ip6tnl0: entered allmulticast mode
[ 1226.717860][T30288] ip6gre0: entered allmulticast mode
[ 1226.735598][T30288] syz_tun: entered allmulticast mode
[ 1226.756780][T30288] ip6gretap0: entered allmulticast mode
[ 1226.772593][T30288] vcan0: entered allmulticast mode
[ 1226.778172][T30288] bond0: entered allmulticast mode
[ 1226.784077][T30288] bond_slave_0: entered allmulticast mode
[ 1226.791648][T30288] bond_slave_1: entered allmulticast mode
[ 1226.808584][T30288] team0: entered allmulticast mode
[ 1226.818533][T30288] team_slave_0: entered allmulticast mode
[ 1226.829026][T30288] team_slave_1: entered allmulticast mode
[ 1226.869450][T30288] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1226.882634][T30288] dummy0: entered allmulticast mode
[ 1226.903919][T30288] nlmon0: entered allmulticast mode
[ 1227.002802][T30288] caif0: entered allmulticast mode
[ 1227.012722][T30288] vxcan0: entered allmulticast mode
[ 1227.024499][T30288] vxcan1: entered allmulticast mode
[ 1227.024749][T15711] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[ 1227.063118][T30288] veth0: entered allmulticast mode
[ 1227.119334][T30288] veth1: entered allmulticast mode
[ 1227.172694][T30288] wg0: entered allmulticast mode
[ 1227.177987][T30288] wg1: entered allmulticast mode
[ 1227.192968][T30288] wg2: entered allmulticast mode
[ 1227.220744][T30288] veth0_to_bridge: entered allmulticast mode
[ 1227.232496][T15711] usb 1-1: Using ep0 maxpacket: 32
[ 1227.240139][T15711] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1227.250952][T15711] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.277249][T30288] bridge_slave_0: entered allmulticast mode
[ 1227.291720][T15711] usb 1-1: config 0 descriptor??
[ 1227.293145][T30288] veth1_to_bridge: entered allmulticast mode
[ 1227.344619][T30288] bridge_slave_1: entered allmulticast mode
[ 1227.371489][T30288] veth0_to_bond: entered allmulticast mode
[ 1227.473450][T30288] veth1_to_bond: entered allmulticast mode
[ 1227.510205][T30288] veth0_to_team: entered allmulticast mode
[ 1227.519649][T15711] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1227.537151][T30288] veth1_to_team: entered allmulticast mode
[ 1227.551817][T15711] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1227.557631][T30288] veth0_to_batadv: entered allmulticast mode
[ 1227.589311][T15711] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1227.607036][T30288] batadv_slave_0: entered allmulticast mode
[ 1227.610277][T15711] usb 1-1: media controller created
[ 1227.642622][T30288] veth1_to_batadv: entered allmulticast mode
[ 1227.669287][T30288] batadv_slave_1: entered allmulticast mode
[ 1227.681611][T15711] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1227.692676][T30288] xfrm0: entered allmulticast mode
[ 1227.702816][T30288] veth0_to_hsr: entered allmulticast mode
[ 1227.721123][T30288] hsr_slave_0: entered allmulticast mode
[ 1227.738026][T30288] veth1_to_hsr: entered allmulticast mode
[ 1227.754212][T30288] hsr_slave_1: entered allmulticast mode
[ 1227.770327][T30288] hsr0: entered allmulticast mode
[ 1227.776842][T15711] az6027: usb out operation failed. (-71)
[ 1227.782600][T30288] veth1_virt_wifi: entered allmulticast mode
[ 1227.782811][T30288] veth0_virt_wifi: entered allmulticast mode
[ 1227.820267][T15711] az6027: usb out operation failed. (-71)
[ 1227.821461][T30288] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[ 1227.851680][T15711] stb0899_attach: Driver disabled by Kconfig
[ 1227.862591][T30288] veth1_vlan: entered allmulticast mode
[ 1227.878514][T15711] az6027: no front-end attached
[ 1227.878514][T15711] 
[ 1227.878801][T30288] veth0_vlan: entered allmulticast mode
[ 1227.913811][T15711] az6027: usb out operation failed. (-71)
[ 1227.924963][T30288] vlan0: entered allmulticast mode
[ 1227.930268][T15711] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1227.942773][T30288] vlan1: entered allmulticast mode
[ 1227.948155][T30288] macvlan0: entered allmulticast mode
[ 1227.973817][T15711] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input44
[ 1227.991931][T15711] dvb-usb: schedule remote query interval to 400 msecs.
[ 1227.992903][T30288] macvlan1: entered allmulticast mode
[ 1227.999390][T15711] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1228.045129][T15711] usb 1-1: USB disconnect, device number 112
[ 1228.052886][T30288] ipvlan0: entered allmulticast mode
[ 1228.069654][T30288] ipvlan1: entered allmulticast mode
[ 1228.082658][T30288] veth1_macvtap: entered allmulticast mode
[ 1228.099089][T30288] veth0_macvtap: entered allmulticast mode
[ 1228.120938][T30288] macvtap0: entered allmulticast mode
[ 1228.137174][T30288] macsec0: entered allmulticast mode
[ 1228.151741][T30288] geneve0: entered allmulticast mode
[ 1228.158613][T15711] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1228.168636][T30288] geneve1: entered allmulticast mode
[ 1228.188912][T30288] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[ 1228.198143][T30288] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[ 1228.212686][T30288] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[ 1228.243245][T30288] mac80211_hwsim hwsim15 wlan0: entered allmulticast mode
[ 1228.252959][T30288] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[ 1228.270740][T30288] ip6tnl1: entered allmulticast mode
[ 1228.286139][T30288] gretap0.0: entered allmulticast mode
[ 1228.292950][T30288] ipip0: left promiscuous mode
[ 1228.299483][T30288] nicvf0: entered allmulticast mode
[ 1228.398257][T30349] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[ 1228.763632][T15711] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1228.942518][T15711] usb 4-1: Using ep0 maxpacket: 16
[ 1229.126562][T15711] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1229.153821][T15711] usb 4-1: config 0 interface 0 altsetting 235 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1229.234430][T15711] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1229.255057][T15711] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1229.275360][T15711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1229.287736][T15711] usb 4-1: config 0 descriptor??
[ 1229.740950][T15711] mcp2221 0003:04D8:00DD.0023: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[ 1231.875753][  T855] usb 4-1: USB disconnect, device number 18
[ 1234.345655][T30515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3457'.
[ 1234.949002][T30535] netlink: 'syz.3.3461': attribute type 10 has an invalid length.
[ 1234.980295][T30535] dummy0: left allmulticast mode
[ 1235.014365][T30540] Invalid logical block size (318767104)
[ 1235.022533][T30535] dummy0: entered allmulticast mode
[ 1235.057031][T30535] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1236.568096][T30578] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 1236.576238][T15711] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 1236.984174][T15711] usb 1-1: Using ep0 maxpacket: 16
[ 1236.991961][T15711] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1237.003925][T15711] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1237.019497][T15711] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1237.059514][T15711] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1237.089474][T15711] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.120393][T15711] usb 1-1: config 0 descriptor??
[ 1237.914709][T30571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1237.923924][T30571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1238.013837][T15711] usbhid 1-1:0.0: can't add hid device: -71
[ 1238.020001][T15711] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1238.050813][T15711] usb 1-1: USB disconnect, device number 113
[ 1238.289499][T30604] netlink: 'syz.1.3472': attribute type 7 has an invalid length.
[ 1239.004284][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.013691][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.042427][ T8258] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1239.197408][ T8258] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1239.209151][ T8258] usb 3-1: config 15 has an invalid interface number: 69 but max is 0
[ 1239.225047][ T8258] usb 3-1: config 15 has no interface number 0
[ 1239.241509][ T8258] usb 3-1: config 15 interface 69 has no altsetting 0
[ 1239.265916][ T8258] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=ec.82
[ 1239.279713][ T8258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1239.300216][ T8258] usb 3-1: Product: syz
[ 1239.309398][ T8258] usb 3-1: Manufacturer: syz
[ 1239.320320][ T8258] usb 3-1: SerialNumber: syz
[ 1239.603880][T30615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1239.746637][T30615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1239.783564][ T8258] gspca_main: jeilinj-2.14.0 probing 0979:0270
[ 1239.844557][ T8258] usb 3-1: USB disconnect, device number 102
[ 1240.152430][T15711] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1240.372493][T15711] usb 4-1: Using ep0 maxpacket: 8
[ 1240.471620][T15711] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1240.485926][T30680] geneve2: entered promiscuous mode
[ 1240.491239][T30680] geneve2: entered allmulticast mode
[ 1240.503690][T15711] usb 4-1: config 0 has no interface number 0
[ 1240.511456][T15711] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1240.524690][T15711] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1240.538690][T15711] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1240.559370][T15711] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1240.674154][T15711] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1240.710199][T15711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1240.784209][T15711] usb 4-1: config 0 descriptor??
[ 1240.844034][T15711] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1240.896204][ T8258] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1241.073835][ T5834] Bluetooth: hci1: command 0x0406 tx timeout
[ 1241.134907][ T8258] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1241.144035][ T8258] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1241.153446][ T8258] usb 3-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1241.167259][ T8258] usb 3-1: config 1 interface 0 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1241.180904][ T8258] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1241.192772][ T8258] usb 3-1: config 1 interface 0 has no altsetting 1
[ 1241.202226][ T8258] usb 3-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[ 1241.213461][ T8258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.221514][ T8258] usb 3-1: Product: syz
[ 1241.242128][ T8258] usb 3-1: Manufacturer: syz
[ 1241.255664][ T8258] usb 3-1: SerialNumber: syz
[ 1241.372797][T15711] usb 1-1: new full-speed USB device number 114 using dummy_hcd
[ 1241.478869][ T8258] smsusb:smsusb_probe: board id=8, interface number 0
[ 1241.488071][ T8258] usb 3-1: selecting invalid altsetting 0
[ 1241.496868][ T8258] smsusb:smsusb_probe: usb_set_interface failed, rc -22
[ 1241.521823][ T8258] smsusb 3-1:1.0: probe with driver smsusb failed with error -22
[ 1241.545657][T15711] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1241.547887][ T8258] usb 3-1: USB disconnect, device number 103
[ 1241.558095][T15711] usb 1-1: config 0 has no interfaces?
[ 1241.589538][T15711] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[ 1241.599895][T15711] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.608502][T15711] usb 1-1: Product: syz
[ 1241.616485][T15711] usb 1-1: Manufacturer: syz
[ 1241.625732][T15711] usb 1-1: SerialNumber: syz
[ 1241.680797][T15711] usb 1-1: config 0 descriptor??
[ 1242.726503][T30018] usb 4-1: USB disconnect, device number 19
[ 1242.736474][T30018] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[ 1242.899841][T30763] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3491'.
[ 1243.231451][T30763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3491'.
[ 1244.015444][T15712] usb 1-1: USB disconnect, device number 114
[ 1244.483627][T15712] usb 1-1: new low-speed USB device number 115 using dummy_hcd
[ 1244.645444][T15712] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 is Bulk; changing to Interrupt
[ 1244.656271][T15712] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[ 1244.672433][T15712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1244.709357][T30814] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1244.951243][T30814] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1245.015122][T30814] 
[ 1245.017490][T30814] ======================================================
[ 1245.024499][T30814] WARNING: possible circular locking dependency detected
[ 1245.031679][T30814] syzkaller #0 Not tainted
[ 1245.036125][T30814] ------------------------------------------------------
[ 1245.043309][T30814] syz.0.3498/30814 is trying to acquire lock:
[ 1245.049536][T30814] ffff88801c6a8220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450
[ 1245.059796][T30814] 
[ 1245.059796][T30814] but task is already holding lock:
[ 1245.067155][T30814] ffff888024901448 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50
[ 1245.076992][T30814] 
[ 1245.076992][T30814] which lock already depends on the new lock.
[ 1245.076992][T30814] 
[ 1245.087558][T30814] 
[ 1245.087558][T30814] the existing dependency chain (in reverse order) is:
[ 1245.096562][T30814] 
[ 1245.096562][T30814] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}:
[ 1245.105167][T30814]        lock_acquire+0x120/0x360
[ 1245.110202][T30814]        blk_alloc_queue+0x538/0x620
[ 1245.115521][T30814]        __blk_mq_alloc_disk+0x15c/0x340
[ 1245.115552][T30814]        loop_add+0x411/0xad0
[ 1245.115585][T30814]        loop_init+0xd9/0x170
[ 1245.115612][T30814]        do_one_initcall+0x236/0x820
[ 1245.115638][T30814]        do_initcall_level+0x104/0x190
[ 1245.115657][T30814]        do_initcalls+0x59/0xa0
[ 1245.115673][T30814]        kernel_init_freeable+0x334/0x4b0
[ 1245.152001][T30814]        kernel_init+0x1d/0x1d0
[ 1245.156887][T30814]        ret_from_fork+0x4bc/0x870
[ 1245.162086][T30814]        ret_from_fork_asm+0x1a/0x30
[ 1245.167386][T30814] 
[ 1245.167386][T30814] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 1245.174662][T30814]        lock_acquire+0x120/0x360
[ 1245.179806][T30814]        fs_reclaim_acquire+0x72/0x100
[ 1245.185289][T30814]        kmem_cache_alloc_noprof+0x45/0x6e0
[ 1245.191301][T30814]        __kernfs_iattrs+0xd9/0x320
[ 1245.196508][T30814]        kernfs_iop_setattr+0xea/0x3f0
[ 1245.202140][T30814]        notify_change+0xc1a/0xf40
[ 1245.207431][T30814]        do_truncate+0x1a4/0x220
[ 1245.212493][T30814]        path_openat+0x306c/0x3830
[ 1245.217635][T30814]        do_filp_open+0x1fa/0x410
[ 1245.222743][T30814]        do_sys_openat2+0x121/0x1c0
[ 1245.228074][T30814]        __x64_sys_openat+0x138/0x170
[ 1245.233556][T30814]        do_syscall_64+0xfa/0xfa0
[ 1245.238672][T30814]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.245092][T30814] 
[ 1245.245092][T30814] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[ 1245.253611][T30814]        validate_chain+0xb9b/0x2140
[ 1245.258896][T30814]        __lock_acquire+0xab9/0xd20
[ 1245.264100][T30814]        lock_acquire+0x120/0x360
[ 1245.269160][T30814]        down_read+0x46/0x2e0
[ 1245.273862][T30814]        kernfs_iop_getattr+0x9e/0x450
[ 1245.279353][T30814]        vfs_getattr_nosec+0x2e1/0x430
[ 1245.284930][T30814]        loop_assign_backing_file+0x222/0x400
[ 1245.291026][T30814]        lo_ioctl+0x167f/0x1c50
[ 1245.295918][T30814]        blkdev_ioctl+0x5af/0x6d0
[ 1245.300963][T30814]        __se_sys_ioctl+0xfc/0x170
[ 1245.306111][T30814]        do_syscall_64+0xfa/0xfa0
[ 1245.311138][T30814]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.317552][T30814] 
[ 1245.317552][T30814] other info that might help us debug this:
[ 1245.317552][T30814] 
[ 1245.327902][T30814] Chain exists of:
[ 1245.327902][T30814]   &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24
[ 1245.327902][T30814] 
[ 1245.342353][T30814]  Possible unsafe locking scenario:
[ 1245.342353][T30814] 
[ 1245.349986][T30814]        CPU0                    CPU1
[ 1245.355381][T30814]        ----                    ----
[ 1245.360865][T30814]   lock(&q->q_usage_counter(io)#24);
[ 1245.366288][T30814]                                lock(fs_reclaim);
[ 1245.372824][T30814]                                lock(&q->q_usage_counter(io)#24);
[ 1245.380754][T30814]   rlock(&root->kernfs_iattr_rwsem);
[ 1245.386124][T30814] 
[ 1245.386124][T30814]  *** DEADLOCK ***
[ 1245.386124][T30814] 
[ 1245.394518][T30814] 3 locks held by syz.0.3498/30814:
[ 1245.399714][T30814]  #0: ffff8880248f6440 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x11e4/0x1c50
[ 1245.408792][T30814]  #1: ffff888024901448 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50
[ 1245.419231][T30814]  #2: ffff888024901480 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: lo_ioctl+0x1604/0x1c50
[ 1245.430147][T30814] 
[ 1245.430147][T30814] stack backtrace:
[ 1245.436039][T30814] CPU: 0 UID: 0 PID: 30814 Comm: syz.0.3498 Not tainted syzkaller #0 PREEMPT(full) 
[ 1245.436057][T30814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1245.436064][T30814] Call Trace:
[ 1245.436071][T30814]  <TASK>
[ 1245.436077][T30814]  dump_stack_lvl+0x189/0x250
[ 1245.436097][T30814]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1245.436112][T30814]  ? __pfx__printk+0x10/0x10
[ 1245.436126][T30814]  print_circular_bug+0x2ee/0x310
[ 1245.436141][T30814]  check_noncircular+0x134/0x160
[ 1245.436156][T30814]  validate_chain+0xb9b/0x2140
[ 1245.436169][T30814]  ? tomoyo_path_perm+0x1e3/0x4b0
[ 1245.436187][T30814]  __lock_acquire+0xab9/0xd20
[ 1245.436199][T30814]  ? kernfs_iop_getattr+0x9e/0x450
[ 1245.436213][T30814]  lock_acquire+0x120/0x360
[ 1245.436223][T30814]  ? kernfs_iop_getattr+0x9e/0x450
[ 1245.436238][T30814]  down_read+0x46/0x2e0
[ 1245.436249][T30814]  ? kernfs_iop_getattr+0x9e/0x450
[ 1245.436265][T30814]  kernfs_iop_getattr+0x9e/0x450
[ 1245.436279][T30814]  vfs_getattr_nosec+0x2e1/0x430
[ 1245.436292][T30814]  loop_assign_backing_file+0x222/0x400
[ 1245.436310][T30814]  ? __pfx_loop_assign_backing_file+0x10/0x10
[ 1245.436325][T30814]  ? schedule+0x91/0x360
[ 1245.436343][T30814]  ? percpu_ref_kill_and_confirm+0xa3/0x130
[ 1245.436357][T30814]  lo_ioctl+0x167f/0x1c50
[ 1245.436374][T30814]  ? __pfx_lo_ioctl+0x10/0x10
[ 1245.436388][T30814]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1245.436401][T30814]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1245.436415][T30814]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1245.436431][T30814]  ? debug_object_activate+0x2e2/0x420
[ 1245.436449][T30814]  ? do_raw_spin_unlock+0x122/0x240
[ 1245.436465][T30814]  ? __lock_acquire+0xab9/0xd20
[ 1245.436476][T30814]  ? __lock_acquire+0xab9/0xd20
[ 1245.436488][T30814]  ? __lock_acquire+0xab9/0xd20
[ 1245.436501][T30814]  ? __lock_acquire+0xab9/0xd20
[ 1245.436515][T30814]  ? is_bpf_text_address+0x26/0x2b0
[ 1245.436529][T30814]  ? is_bpf_text_address+0x292/0x2b0
[ 1245.436540][T30814]  ? is_bpf_text_address+0x26/0x2b0
[ 1245.436552][T30814]  ? kernel_text_address+0xa5/0xe0
[ 1245.436569][T30814]  ? __kernel_text_address+0xd/0x40
[ 1245.436584][T30814]  ? unwind_get_return_address+0x4d/0x90
[ 1245.436599][T30814]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1245.436613][T30814]  ? arch_stack_walk+0xfc/0x150
[ 1245.436629][T30814]  ? stack_trace_save+0x9c/0xe0
[ 1245.436642][T30814]  ? __pfx_stack_trace_save+0x10/0x10
[ 1245.436656][T30814]  ? stack_depot_save_flags+0x40/0x860
[ 1245.436674][T30814]  ? kasan_save_track+0x4f/0x80
[ 1245.436689][T30814]  ? kasan_save_track+0x3e/0x80
[ 1245.436702][T30814]  ? __kasan_save_free_info+0x46/0x50
[ 1245.436715][T30814]  ? __kasan_slab_free+0x5c/0x80
[ 1245.436730][T30814]  ? kfree+0x19a/0x6d0
[ 1245.436743][T30814]  ? tomoyo_path_number_perm+0x47a/0x5a0
[ 1245.436756][T30814]  ? security_file_ioctl+0xcb/0x2d0
[ 1245.436768][T30814]  ? __se_sys_ioctl+0x47/0x170
[ 1245.436780][T30814]  ? do_syscall_64+0xfa/0xfa0
[ 1245.436802][T30814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.436829][T30814]  ? __asan_memset+0x22/0x50
[ 1245.436852][T30814]  ? blk_get_meta_cap+0x18c/0x750
[ 1245.436875][T30814]  ? __pfx_blk_get_meta_cap+0x10/0x10
[ 1245.436891][T30814]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1245.436906][T30814]  ? blkdev_common_ioctl+0xff7/0x2550
[ 1245.436918][T30814]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1245.436931][T30814]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 1245.436941][T30814]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1245.436954][T30814]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1245.436968][T30814]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1245.436988][T30814]  ? __pfx_lo_ioctl+0x10/0x10
[ 1245.437002][T30814]  blkdev_ioctl+0x5af/0x6d0
[ 1245.437024][T30814]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1245.437033][T30814]  ? __fget_files+0x3a0/0x420
[ 1245.437044][T30814]  ? __fget_files+0x2a/0x420
[ 1245.437054][T30814]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1245.437067][T30814]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1245.437077][T30814]  __se_sys_ioctl+0xfc/0x170
[ 1245.437091][T30814]  do_syscall_64+0xfa/0xfa0
[ 1245.437105][T30814]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1245.437120][T30814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.437130][T30814]  ? clear_bhb_loop+0x60/0xb0
[ 1245.437143][T30814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.437154][T30814] RIP: 0033:0x7fbf1d38f6c9
[ 1245.437166][T30814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1245.437176][T30814] RSP: 002b:00007fbf1e2f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1245.437190][T30814] RAX: ffffffffffffffda RBX: 00007fbf1d5e5fa0 RCX: 00007fbf1d38f6c9
[ 1245.437199][T30814] RDX: 000000000000000a RSI: 0000000000004c06 RDI: 0000000000000007
[ 1245.437207][T30814] RBP: 00007fbf1d411f91 R08: 0000000000000000 R09: 0000000000000000
[ 1245.437214][T30814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1245.437222][T30814] R13: 00007fbf1d5e6038 R14: 00007fbf1d5e5fa0 R15: 00007fbf1d70fa28
[ 1245.437234][T30814]  </TASK>
[ 1245.918768][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1245.983574][T15712] usb 1-1: string descriptor 0 read error: -71
[ 1245.990347][T15712] hub 1-1:32.0: USB hub found
[ 1245.996233][T15712] hub 1-1:32.0: config failed, can't read hub descriptor (err -22)
[ 1246.023665][T15712] usb 1-1: USB disconnect, device number 115