last executing test programs:

1m23.880994057s ago: executing program 4 (id=1939):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$pppl2tp(0x18, 0x1, 0x1)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xae6, 0x4)

1m22.337398271s ago: executing program 4 (id=1945):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$igmp(0x2, 0x3, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
timer_create(0x3, 0x0, &(0x7f0000bbdffc))
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x4, 0x0)

1m18.593662153s ago: executing program 4 (id=1949):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40044}, 0x0)
socket(0x2, 0xa, 0x300)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x5, 0x14, 0x0, &(0x7f0000000000)='%', 0x0, 0x7fffffff, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)

1m15.262968211s ago: executing program 4 (id=1955):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
inotify_init()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r6 = dup2(r5, r5)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
ioctl$BLKTRACESTART(r5, 0x1274, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_WOWLAN(r7, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB="eec29ea959af91f227b2885cbe4efae06f79b162884b9d20cd615b65c285ab66dcf0fd6e3ba12fb0eef98897a3140e7957f605ab6aa5d54ee7286bf9c2d0ee60756b8e4104624d027a787e739f3366302bb154b98aee4e9ff007fd31e88cd4fb3588f7d791a345949ccd1d723cb196dd75eba25026ab62e51a280c89c522e9ea5d7f281b747bc276a73c9e79fc52bedf894f4502d9c90a331a89f2361fdb0dc28cfd6ffe1edee9adab9e6911df6c4cbe9c7564377cc207ba2c341754adfa"], 0x1c}, 0x1, 0x0, 0x0, 0x4044041}, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r9, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0xd0})
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)
ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

1m13.601527684s ago: executing program 4 (id=1959):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$igmp(0x2, 0x3, 0x2)
timer_create(0x3, 0x0, &(0x7f0000bbdffc))
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x4, 0x0)

1m9.081666929s ago: executing program 4 (id=1965):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000180), 0x4)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040), 0x4)
socket(0x2, 0x80805, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1004000)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

54.000606582s ago: executing program 32 (id=1965):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000180), 0x4)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040), 0x4)
socket(0x2, 0x80805, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1004000)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

16.120808512s ago: executing program 2 (id=2081):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000)
pipe2(0x0, 0x800)
write$vhost_msg_v2(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)

13.731331355s ago: executing program 1 (id=2087):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aaaa"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)

13.554449709s ago: executing program 2 (id=2088):
quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000600, 0x0, 0x0)
sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, 0x0, 0x800)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d2200000000000001090224000100000000090400000103000000092100000001220500090581"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000002c0)=[0x0, 0x7])

12.591851206s ago: executing program 1 (id=2092):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000080)=0x14)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000200)=0x32)
close(r0)

12.214077327s ago: executing program 1 (id=2094):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x29, 0xa, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

10.81557653s ago: executing program 1 (id=2097):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000580)={'\x00', 0x240, 0x9, 0x8, 0x0, 0x10})
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004340)=""/102376, 0x18fe8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xe, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
close(r3)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r5, 0x400, 0x1)
r6 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r6, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
syz_usb_connect$uac1(0x5, 0xe4, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd2, 0x3, 0x1, 0xfd, 0x0, 0x19, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x5}, [@feature_unit={0xf, 0x24, 0x6, 0x6, 0x6, 0x4, [0x2, 0x2, 0x3, 0x9], 0x7f}, @mixer_unit={0x9, 0x24, 0x4, 0x5, 0x4, "6e0403e6"}, @feature_unit={0xf, 0x24, 0x6, 0x1, 0x1, 0x4, [0x8, 0x2, 0xa, 0x2], 0x4}, @extension_unit={0x9, 0x24, 0x8, 0x3, 0x81, 0xd, "9d3e"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x201, 0x5, 0xd9, 0x4, 0x9, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x8, 0x3, 0x5, {0x7, 0x25, 0x1, 0x80, 0xbb, 0xc83}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x2, 0x25, 0x2}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x3, 0x2, 0x4, 0xc0}, @as_header={0x7, 0x24, 0x1, 0x1, 0x4, 0x5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x6, 0x1, 0x9, 0x9, "42de3d2855d8"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x9, 0x1}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x1, 0x3, 0x3, 0x6, "97", "22e67d"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x3, 0x3, 0x1, {0x7, 0x25, 0x1, 0x1, 0x0, 0x1}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x250, 0x3, 0xab, 0x7, 0x20, 0x7}, 0x48, &(0x7f0000000380)={0x5, 0xf, 0x48, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "11f35f244f0bbb3568e7a46862b69421"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xe4, 0x4, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x3, 0x4}, @ssp_cap={0x10, 0x10, 0xa, 0xfe, 0x1, 0x3, 0xf0f, 0x1, [0xff3f30]}, @wireless={0xb, 0x10, 0x1, 0xf6959c61b84b1cd0, 0xd0, 0x6, 0x5, 0x7}]}, 0x3, [{0x2, &(0x7f0000000400)=@string={0x2}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x1809}}, {0x3e, &(0x7f0000000480)=@string={0x3e, 0x3, "43381e7758e1c174b98243f323cdd2e461f1ef43a7e7a0d4533c3ff98621a175588f9f175de0cc05cd52c418d6c8f67165ccacba4c9a9ddf96895b0b"}}]})

8.549528182s ago: executing program 2 (id=2102):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x114, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
lseek(r1, 0xff, 0x0)
getdents64(r1, 0xffffffffffffffff, 0x18)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0xccd4453e7e835cf8, &(0x7f0000000040)=""/41, &(0x7f0000000080)=0x29)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setrlimit(0xa, &(0x7f0000000000)={0x1000, 0x9})
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r3=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x4e22, 0xfffffffe, @empty}, r3}}, 0x48)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_int(r4, 0x11a, 0x22, 0x0, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r3}}, 0x18)
semget$private(0x0, 0x1, 0x8)

8.394147384s ago: executing program 0 (id=2104):
r0 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r3 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {0x414}, 0x1})
io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39)

7.735077107s ago: executing program 2 (id=2105):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
ptrace(0x10, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.734476408s ago: executing program 0 (id=2106):
open(0x0, 0x60840, 0x0)
setuid(0xee01)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)

7.654362074s ago: executing program 3 (id=2107):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x80, 0xa81)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
socket$rxrpc(0x21, 0x2, 0xa)
pipe2(&(0x7f0000000000), 0x4000)
gettid()
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
ioctl$TIOCSTI(r2, 0x5412, 0x0)

7.542140663s ago: executing program 0 (id=2108):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

7.389689915s ago: executing program 3 (id=2109):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
syz_emit_ethernet(0x66, &(0x7f0000000040)={@link_local, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x8000000}}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, 0x0, 0x40000)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)
sendmsg$sock(r5, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002200)=[{&(0x7f0000000200)}, {&(0x7f0000001200)="f55d42593d0684c8aa70712dcfc9c1065096404b96a3a7f93a4614407f4112937b99add88419c7aed853f4288cdffa731e07af240f24e6a396e9499518d50a53613b2efd83d251c791ed1c7d6b1b225c46e12a06f80cba57a435ff4bee841085028ce0a869a57acdd17bafe6e8fd7234b9f31d9f2c3de189679f29d320d21c0ccd88a1331ed9943582a1ed9a2b461ff780b37de13f6fc36976b67b4c3a823d93df0679689cb8578b89f557578c1717fbb07d9c238b2b73a0b6c7d726c8c02e68be42c7262f17cb14a59885fbb73ff37f03b7eb56a683346ac5aa1ac344c98f392596593cc3711f2f1592922022eb91880f5f1bcd1ffc832a1e99f5737a13e71cbbb6019ee730698e9866560c3600981e1d48411aee1dc9524f42a0e35607ccb3e68a8e7b2c08e81db32038cc9873e30432152f1e8b125f3a2f7b38c3161554816c0ba7322e80190f8f95ce690d2c8671b3ce53f384ce5c4bdd96738e18c26b55c19f41eb7881f3076b1eef59d57704d249873c2ef058bf82d18f517c61066ef4f20546b0323afc85911180152748bec5b657bfb3ddc78f34c552659d262d9eb37f4ecd75495074e1377a4dcaf0b07b461f0757629a202a3ed4c33be39a92d2cf92fdcbb5dde6cf7019018a86a81a4c016c834e93cbb374a8452ad60db54f5ce593438f895e79ac4fe4c1fa1b08516d605436a13b6fc802d525752bcff60715f345e12dd48032e6519e79459ce869e45103c4d1df1b845e1bdf23ee73b53b5bd3bb6872b1913948c8095637ea01d6a667f5fd1a2b2c73a16e9f21c8e7add1275cd60973337b5941d1c2b58048aea1554d2cd18dd9c37b22d0c6bb6e9b8d68217bcef62890f9089606bc4ec44257dac9bcec02ead78f207a2d4d7f5e6f9be80b7f6bf65fc147b80697d6c5b8dd5c5b7a8cfba22a56d518dd936fdaa799eb329c1f00e45542862e8e2122e1cfd0b84889e594aa54c68103a8181737c53c4e00367dd300b0c00715eefcb983aa24e00dc68bc3b09cf8f2be6f360f42d4aa58c426198a0eb76d6d60e8f74933c50153d546dc991024cef921e32206600d359e45e44c67ce9f3ef3c7538ccb7dcdb8e60e02c570e104b9fff4d29d18759f0e5c16d2a293cbea01f6e69804b3651ea6b2a8ba5f8ba6be1835c6a30e7224197bb4910fcbfd4e3add9d4ba2b7003241ead23e5937bbf2d7932ffe835f6ab729fa5b95be10042e6f740a2c09bb371cc8a49c26863fc3101116adc25ae6495d321a49248db0467b7e16df783d2e4e854bf7e37eed3d959a14ebd3a7f235130e89cff3b1dde698a2d558d6ef286d293d44b5c571a350ee53d7d911e37a6bb7956fe893249e4b84d596cd47750b133706919bb353d27f05102ea019c698c08c0aff0c2b4e01b9910a61ce33ef4401489058fcf3178adc7149c29434fd94ad49afd0eb2ef288c62a67866d1f6d031b9d532bfde6198c0454be303a5f1e0527500760684bb8dd95c33c97e19fce64eb9fa2fc4728a9183e26e25fb6b46b8fde2e8973d4f50e8e4da21a301c92e11688cf6d3f22cd21f164029e89aaa69f21c72c2c0238f1e8319f18e9c657c5164f22d9b053126440e7c1d5d60d8af86947e9df26907ddff7f942a736c1a24ff68a643d814733f0ef8b82ad61a7aa8981e6dd4f166df8c80bdac44709cd8f441578b4eb9357377048fe09b7267c98d3f9c0ee2897d9d11de7ed724616e4d1e2a8ea37ba7bd7c7c25ce18a4d6fac26eec2a2589295762c84bed23e7664d175581f5e6f8544e85c67a5dbfd5cbb6036e71082b3dbef29432e8f368ac1c68c49c3c21eb78e197f8933b8d71d717f2d0871c7861a52639079fd1c965f04047e374f4d1abeabfb2b40751244a0465f3489a00f05742e744d550c4ec3a24ddd4fcc169d62d911f38bc7aa3ceb285ec7e9293e75041ce8dda2dd68b26e5832a1dd7d71f92ced44f9e4e846f4ada1811da2c64c97b3689878beb02936e37b8dc0d70471916dfb4ffecd4225995785e9654ff668f305fd8857fdfcc500ba88d1e83f44f62c38e71091014037224296b61e9cfd8ec875e26b148db3cd2e590338279a87c5ddb4f70bf03b75f7a426b182572d91933d8e3394ed9621eb500c2705cc858c9e2cf1f1dede8d59aa72fc67d98a50a51d4b55727d0f14dc0d458c749f311337250f7eacf120a5efb4d2df25de99a09d2d3e2ed54dfe0213aed2035cf2074d757d7cdbbd21e3fe44ccd09c9c6f32a598fee80da6c9aa07578f76ccd5aaa72e6779e5104d048670406c972b35ec107283c9ab4bac88e1deb9ba3303158fe53409974190a17014da89f7f4b7c31662dc3c9b76217df4a56230a1248970dd18ff4195b083520b94c0e6594175095dec768b6f006f9c85c2d2c251b4e7faa01982e1d87f7cd56ac879cb1db665bd275a92e5e318f4641312c9f32868c25b7f7d766113ddea4e92bf27f1f3b4f02ed946b193f00cc6931e9b6e1b6df1e6cde744fa7d881ea1ccb5dc21871076d2b989ac760f0e850a40084cd7566484364371a71a94ba95ff4005d54685240c4f449a1cc9e730e5fea643caf2c2d7a245253cc26a82451775e95125c5c46f8f5c51cb9f2d3b3820d56e53970f83029f0e130140a8fdb75d5793ebb2076ffc6a7328910bde1578fc98ec3d2ec99fd0a321edfb78593545e762dac5086b127192507495bceda6d11d5be304008dd8a68d54bbc7959a2c8ab635cc7820e5d742e6c5cfd012a2a0519a25b2c659e9cd351ce4c2e7acb88d29d1d98090108a7dff3cdc46c18943c057dc9b65b20da6e27e8c0e975f04d703df1005395ef7fb10e7d60a43782144c2f9c64682c7516f5027d62f7eefb04a22245e081691ebde93b5c577cf33363b63718d1b2923b2d8e687cbffa3a1c8f06d3c466c1ad20a8d0e79a61aed620da4a85c30786b55938814b47e0f876b35a38ec4e5dd09977f40ea66fd53c87d6a54febfd44b0ad6e846b1147bb7621d512ccc682911b44de0f0baf5ff07e79d51e5c5480ccfd5a2ff8e14b489de1359a5420424f6a8890ce21e7e71afc800869c16867473bdafd8c71b1ae475ee437ce3326a23acda7cc603445aa84329c3ed6c2d9814985dff777f77744e0ebc7076fe791b8561e82938379956646151d0d2592f8238747d61626fca44b003526b2cf693da02e77e0c798d969dd6354f25fa3b417379008df9dec0289c347047e85c7763d9737d1951168837c8919d", 0x8ee}], 0x2}, 0x4008804)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r5, 0x1)

7.301570012s ago: executing program 5 (id=2110):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
openat$cgroup(0xffffffffffffffff, &(0x7f0000001340)='syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb9619000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r4)
sendmsg$NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x2c, r5, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x7}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1}]}, 0x2c}}, 0x64000)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x19, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be"], 0x0, 0x9, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0xc, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0xfa, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x1000, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

7.127949516s ago: executing program 0 (id=2111):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
io_setup(0x3, &(0x7f0000000080))
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r3, 0x40189429, &(0x7f0000000000)={0x0, 0x8001, 0xa})
setsockopt$packet_fanout_data(r3, 0x107, 0x16, 0x0, 0x0)
r4 = socket(0x8000000010, 0x2, 0x0)
write(r4, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000015481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r5, 0x2007ffb)
sendfile(r5, r5, 0x0, 0x1000000201005)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x900, 0x8)
sendfile(r7, r6, 0x0, 0x7ffff000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x34, &(0x7f00000002c0)})
creat(&(0x7f0000000000)='./bus\x00', 0x8e)

5.633508857s ago: executing program 3 (id=2112):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000850000000400000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002500)={{r4}, &(0x7f0000002480), &(0x7f00000024c0)=r3}, 0x20)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)

5.632114057s ago: executing program 5 (id=2113):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b608820fae9d6dcd3292ea54c7beef795d564c90c200", 0x18)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000000)=""/33, &(0x7f00000000c0)=0x21)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
accept4$x25(r3, 0x0, 0x0, 0x80800)

5.320292682s ago: executing program 5 (id=2114):
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$comedi(0xffffffffffffff9c, 0x0, 0x80600, 0x0)
syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000180)=0x1b)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
r6 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f0000000100)=r7, 0x4)
ioctl$TCSETSF(r5, 0x5404, 0x0)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x18)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000210001002cbd7000fddbbcfe0a800004ff000000040001001400010000000000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000)

4.544049494s ago: executing program 3 (id=2115):
syz_open_procfs(0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x116b, &(0x7f0000002240)=ANY=[@ANYBLOB], 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x50)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

3.950223412s ago: executing program 0 (id=2116):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890b, &(0x7f0000000080)={@private1={0xfc, 0x1, '\x00', 0x1}, @private1, @mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x280})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r3 = socket(0x10, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000080)=ANY=[@ANYBLOB="04000100"], 0x9)
setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={0x0, 0xfffff411}, 0x8)
write(r3, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r3, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
socket(0x26, 0x80000, 0x7ff)
socket(0x2, 0x80805, 0x0)
add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x52b281, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$SG_IO(r6, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000d4a1ce4e9de42536000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002abd7000fccbdf2509000000050007000200000008000100010000"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0)

3.891107177s ago: executing program 5 (id=2117):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
close(0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x3, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4e681, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$unix(0x1, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usbip_server_init(0x3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="010000030000000000000600000008000300", @ANYRES32, @ANYBLOB="0286bb664511f77e263aed7fe2263b934c84cc3e0464e8a65a1c3b1378ee0a506c30e49b3fab05cb596d3375f2ca66fb22248b00887c07419e4a79e468447a280f1f3b5231c77fe9"], 0x1c}, 0x1, 0x0, 0x0, 0x4c800}, 0x80c4)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.875691438s ago: executing program 2 (id=2118):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
prctl$PR_MCE_KILL(0x21, 0x558f06e60675d7d5, 0x1)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r3}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc, 0x0, 0x0, 0x90ffffff}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)

2.562343584s ago: executing program 2 (id=2119):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x80, 0xa81)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
socket$rxrpc(0x21, 0x2, 0xa)
pipe2(&(0x7f0000000000), 0x4000)
gettid()
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
ioctl$TIOCSTI(r4, 0x5412, 0x0)

2.243583009s ago: executing program 3 (id=2120):
r0 = socket$kcm(0xa, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
sendmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="a6", 0xffffff58}], 0x1}, 0x40001)

2.098755021s ago: executing program 5 (id=2121):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

1.302456275s ago: executing program 3 (id=2122):
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb4, 0x6a, 0x2c, 0x10, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x2, 0x0, 0x2b, 0x57, 0x33}}]}}]}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.039929377s ago: executing program 5 (id=2123):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/image_size', 0xc2802, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000011}, 0x8080)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
set_mempolicy(0x8006, 0x0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd0, &(0x7f0000000000)=0x3, 0x4)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r5 = syz_io_uring_setup(0xbda, &(0x7f00000005c0)={0x0, 0xec25, 0x8, 0x3, 0x40000333}, &(0x7f0000000dc0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x8, 0x2000, @fd=r3, 0x0, &(0x7f0000000580), 0x0, 0x12, 0x1, {0x2}})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
rt_sigsuspend(&(0x7f0000000500)={[0xd1b4]}, 0x8)
io_setup(0x1, &(0x7f00000016c0)=<r8=>0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20040800)
io_submit(r8, 0x16, &(0x7f0000001640)=[&(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x1, 0x4, r0, &(0x7f0000000280)='a', 0x1, 0x5}])
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x79, 0x1846, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

824.828554ms ago: executing program 1 (id=2124):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b608820fae9d6dcd3292ea54c7beef795d564c90c200", 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000000)=""/33, &(0x7f00000000c0)=0x21)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
accept4$x25(r3, 0x0, 0x0, 0x80800)

274.420918ms ago: executing program 0 (id=2125):
socket$key(0xf, 0x3, 0x2)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000080046000028000000000011"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)

0s ago: executing program 1 (id=2126):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semget$private(0x0, 0x207, 0x0)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, r4, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r5=>0xffffffffffffffff})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000d80)={0x1c, r7, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x1c}}, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071004000000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x88, 0x1403, 0xc23, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg2\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)

kernel console output (not intermixed with test programs):

  T7] usb 1-1: device descriptor read/64, error -71
[  354.032022][    T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  354.651056][    T7] usb 1-1: device descriptor read/64, error -71
[  354.655274][  T150] block nbd3: Attempted send on invalid socket
[  354.663671][  T150] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  354.772874][    T7] usb usb1-port1: attempt power cycle
[  355.022425][ T7575] befs: (nbd2): No write support. Marking filesystem read-only
[  355.030314][ T1093] block nbd2: Attempted send on invalid socket
[  355.036677][ T1093] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  355.048099][ T7575] befs: (nbd2): unable to read superblock
[  356.381496][ T5540] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  356.761078][ T5540] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  356.771429][ T5540] usb 3-1: config 0 has no interface number 0
[  356.777581][ T5540] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  356.791708][ T5540] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.828232][ T5540] usb 3-1: config 0 descriptor??
[  356.881077][    T7] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  356.902807][ T5540] usb 3-1: selecting invalid altsetting 1
[  356.910089][ T5540] dvb_ttusb_budget: ttusb_init_controller: error
[  356.940884][ T5540] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  357.077015][ T5540] DVB: Unable to find symbol cx22700_attach()
[  357.140908][    T7] usb 5-1: Using ep0 maxpacket: 32
[  357.247404][ T5540] DVB: Unable to find symbol tda10046_attach()
[  357.291355][    T7] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  358.052548][    T7] usb 5-1: config 0 has no interface number 0
[  358.072489][ T5540] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  358.221814][    T7] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  358.243149][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.256840][    T7] usb 5-1: Product: syz
[  358.262084][    T7] usb 5-1: Manufacturer: syz
[  358.266958][    T7] usb 5-1: SerialNumber: syz
[  358.282225][    T7] usb 5-1: config 0 descriptor??
[  358.322712][    T7] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  358.532973][    T7] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  358.555712][    T7] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  358.729253][ T7612] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1014'.
[  358.801174][ T1109] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  359.060522][    T7] usb 5-1: USB disconnect, device number 17
[  359.066596][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  359.090373][ T5540] usb 3-1: USB disconnect, device number 10
[  359.095102][    T7] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  359.127132][    T7] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  359.404147][    T7] quatech2 5-1:0.51: device disconnected
[  359.461040][ T1109] usb 4-1: device descriptor read/64, error -71
[  359.522483][ T7615] befs: (nbd2): No write support. Marking filesystem read-only
[  359.530323][ T1093] block nbd2: Attempted send on invalid socket
[  359.536999][ T1093] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  359.547888][ T7615] befs: (nbd2): unable to read superblock
[  359.565047][ T7617] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  359.581708][ T7617] tipc: Resetting bearer <eth:syzkaller0>
[  359.597493][ T7616] tipc: Disabling bearer <eth:syzkaller0>
[  359.760951][ T1109] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  359.972913][ T4358] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  359.980666][ T1109] usb 4-1: device descriptor read/64, error -71
[  360.101534][ T1109] usb usb4-port1: attempt power cycle
[  360.148369][  T150] block nbd1: Attempted send on invalid socket
[  360.154620][  T150] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  360.415514][ T4358] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  360.459785][ T4358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  360.521064][ T1109] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  360.547336][ T4358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.561054][ T4358] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  360.631059][ T1109] usb 4-1: device descriptor read/8, error -71
[  360.661121][ T4358] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  360.670950][ T4358] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  360.679268][ T4358] usb 1-1: Manufacturer: syz
[  360.694487][ T4358] usb 1-1: config 0 descriptor??
[  360.900949][ T1109] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  361.041142][ T1109] usb 4-1: device descriptor read/8, error -71
[  361.221999][ T4358] appleir 0003:05AC:8243.0013: unknown main item tag 0x0
[  361.308262][ T4358] appleir 0003:05AC:8243.0013: No inputs registered, leaving
[  361.330608][ T4358] appleir 0003:05AC:8243.0013: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  361.421006][ T1109] usb usb4-port1: unable to enumerate USB device
[  361.679502][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1027'.
[  361.960919][ T4191] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  362.328022][ T1109] usb 1-1: USB disconnect, device number 15
[  362.351170][ T4191] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  362.376989][ T4191] usb 4-1: config 0 has no interface number 0
[  362.501236][ T7661] befs: (nbd2): No write support. Marking filesystem read-only
[  362.509248][ T1093] block nbd2: Attempted send on invalid socket
[  362.515526][ T1093] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  362.526904][ T7661] befs: (nbd2): unable to read superblock
[  363.317775][ T4191] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  363.347858][ T4191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.385537][ T4191] usb 4-1: config 0 descriptor??
[  363.403750][ T7667] fuse: Unknown parameter 'use00000000000000000000'
[  363.463012][ T4191] usb 4-1: selecting invalid altsetting 1
[  363.481568][ T4191] dvb_ttusb_budget: ttusb_init_controller: error
[  363.500900][ T4191] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  363.780374][ T4191] DVB: Unable to find symbol cx22700_attach()
[  363.827446][ T4191] DVB: Unable to find symbol tda10046_attach()
[  363.837473][ T4191] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  364.011054][ T1109] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  364.571513][ T1109] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.605951][ T1109] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  364.691128][ T1109] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  364.717221][ T1109] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  364.737989][ T1109] usb 2-1: Manufacturer: syz
[  364.751446][ T1109] usb 2-1: config 0 descriptor??
[  364.899202][ T5540] usb 4-1: USB disconnect, device number 16
[  364.924992][ T7693] netlink: 'syz.3.1040': attribute type 9 has an invalid length.
[  364.952503][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  365.865624][ T7702] befs: (nbd2): No write support. Marking filesystem read-only
[  365.873587][ T1093] block nbd2: Attempted send on invalid socket
[  365.879795][ T1093] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  365.890992][ T7702] befs: (nbd2): unable to read superblock
[  365.972436][ T4300] usb 2-1: USB disconnect, device number 12
[  368.498100][ T7739] netlink: 'syz.4.1051': attribute type 9 has an invalid length.
[  368.683401][ T7741] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1052'.
[  369.462038][ T4300] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  369.822825][ T4300] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.852357][ T4300] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  370.611264][ T4300] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  371.087577][ T4300] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  371.135043][ T4300] usb 3-1: Manufacturer: syz
[  371.181016][ T4300] usb 3-1: config 0 descriptor??
[  372.596633][ T7773] netlink: 'syz.0.1062': attribute type 9 has an invalid length.
[  372.883512][ T4243] usb 3-1: USB disconnect, device number 11
[  373.154617][ T7783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1065'.
[  375.896162][ T7816] netlink: 'syz.0.1074': attribute type 9 has an invalid length.
[  376.440950][ T4243] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  376.841199][ T4243] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  377.181611][ T4243] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  377.591832][ T4243] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  377.622776][ T4243] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  377.668801][ T4243] usb 1-1: Manufacturer: syz
[  377.709094][ T4243] usb 1-1: config 0 descriptor??
[  378.077735][ T7842] program syz.2.1082 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  378.306682][ T7842] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  378.632265][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  378.638649][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  378.661196][ T7851] netlink: 'syz.2.1085': attribute type 9 has an invalid length.
[  379.530547][ T5540] usb 1-1: USB disconnect, device number 16
[  382.452010][ T7889] fuse: Unknown parameter 'user_id00000000000000000000'
[  382.505830][ T7893] netlink: 'syz.1.1096': attribute type 9 has an invalid length.
[  382.666754][ T7897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1099'.
[  382.820894][ T4191] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  383.251166][ T4191] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.280042][ T4191] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.307666][ T7901] input: syz0 as /devices/virtual/input/input52
[  383.346385][ T4191] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  383.379946][ T4191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.442169][ T4191] usb 4-1: config 0 descriptor??
[  385.450384][ T4191] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  385.603865][ T4191] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  385.663000][ T4191] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0014/input/input53
[  385.783925][ T4191] cm6533_jd 0003:0D8C:0022.0014: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  385.881553][ T4191] usb 4-1: USB disconnect, device number 17
[  385.935142][ T7920] fido_id[7920]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  386.308320][ T7926] netlink: 'syz.3.1108': attribute type 9 has an invalid length.
[  386.500939][ T7929] fuse: Unknown parameter 'user_id00000000000000000000'
[  386.754315][ T1093] block nbd3: Attempted send on invalid socket
[  386.760728][ T1093] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  386.873371][ T7936] input: syz0 as /devices/virtual/input/input54
[  387.008748][ T7941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1113'.
[  388.575563][ T4358] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  389.825588][ T7964] netlink: 'syz.0.1120': attribute type 9 has an invalid length.
[  389.877397][ T7966] fuse: Unknown parameter 'user_id00000000000000000000'
[  390.071840][ T4358] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  390.088225][ T4358] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  390.127027][ T4358] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  390.251161][ T4358] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  390.270356][ T4358] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  390.297694][ T4358] usb 5-1: Manufacturer: syz
[  390.335191][ T4358] usb 5-1: config 0 descriptor??
[  390.384817][ T4358] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  391.266595][ T7989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1129'.
[  391.635276][ T1109] usb 5-1: USB disconnect, device number 18
[  394.722243][ T8008] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  394.736648][ T8008] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  394.827429][  T150] block nbd0: Attempted send on invalid socket
[  394.833733][  T150] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  397.281216][ T8031] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  397.311177][ T8031] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  398.072469][ T8054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1145'.
[  398.106004][ T8056] overlayfs: failed to resolve './file1': -2
[  401.149649][  T150] block nbd4: Attempted send on invalid socket
[  401.155877][  T150] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  401.367932][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.375849][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.392989][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.419473][ T8082] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  401.456227][ T8082] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  401.544182][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.556998][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.568735][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.579947][ T8082] wlan0 speed is unknown, defaulting to 1000
[  401.591073][ T8082] wlan0 speed is unknown, defaulting to 1000
[  402.170289][ T8096] overlayfs: failed to resolve './file1': -2
[  402.259356][ T8099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'.
[  402.327183][ T8089] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  402.344161][ T8089] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  405.650060][ T1093] block nbd3: Attempted send on invalid socket
[  405.656351][ T1093] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  406.916177][ T8137] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1172'.
[  408.414381][ T8145] netlink: 'syz.2.1176': attribute type 10 has an invalid length.
[  408.441681][ T8145] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1176'.
[  408.495236][ T8145] team0: Port device geneve0 added
[  410.194306][  T150] block nbd4: Attempted send on invalid socket
[  410.200947][  T150] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  410.464603][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1181'.
[  412.131031][ T4191] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  412.581174][ T4191] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.134803][ T4191] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  413.157128][ T4191] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  413.309098][ T4191] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.335607][ T4191] usb 2-1: config 0 descriptor??
[  413.434923][  T150] block nbd4: Attempted send on invalid socket
[  413.441285][  T150] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  413.742866][ T8208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1195'.
[  413.753655][ T4191] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  413.760896][ T4191] dvb-usb: bulk message failed: -22 (3/0)
[  413.817741][ T8209] program syz.3.1194 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  413.819082][ T4191] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  413.872539][ T4191] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  413.887691][ T8209] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  414.024375][ T4191] usb 2-1: media controller created
[  414.045791][ T4191] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  414.089456][ T4191] dvb-usb: bulk message failed: -22 (6/0)
[  414.114646][ T4191] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  414.174201][ T4191] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input55
[  414.297275][ T4191] dvb-usb: schedule remote query interval to 150 msecs.
[  414.313498][ T4191] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  414.399263][ T4191] usb 2-1: USB disconnect, device number 13
[  414.566688][ T4191] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  415.399902][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  416.378413][ T8245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1206'.
[  416.611327][  T150] block nbd2: Attempted send on invalid socket
[  416.631002][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  417.156736][ T8267] overlayfs: failed to resolve './file0': -2
[  417.493979][ T4347] nci: nci_rsp_packet: unknown rsp opcode 0xc02
[  418.352843][ T8292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1219'.
[  421.973322][ T8335] program syz.3.1232 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  421.983367][ T8335] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  422.672814][ T8344] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1234'.
[  423.670609][  T150] block nbd0: Attempted send on invalid socket
[  423.677127][  T150] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  424.918801][ T8364] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  424.925459][ T8364] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  424.938359][ T8364] vhci_hcd vhci_hcd.0: Device attached
[  425.790693][ T8365] vhci_hcd: connection closed
[  425.791141][ T4402] vhci_hcd: stop threads
[  425.871352][ T8380] program syz.0.1245 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  425.881860][ T8380] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  425.904896][ T4402] vhci_hcd: release socket
[  425.916277][ T4402] vhci_hcd: disconnect device
[  425.971699][ T8384] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  426.001922][ T4358] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  426.230966][ T5540] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  426.361418][ T4358] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  426.369469][ T4358] usb 5-1: config 0 has no interface number 0
[  426.429674][ T8399] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'.
[  426.611233][ T5540] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.793842][ T5540] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.849498][ T5540] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  427.924563][ T5540] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.062144][ T5540] usb 2-1: config 0 descriptor??
[  428.158188][ T4358] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  428.167663][ T4358] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.205110][ T4358] usb 5-1: config 0 descriptor??
[  428.252957][ T4358] usb 5-1: selecting invalid altsetting 1
[  428.326580][ T4358] dvb_ttusb_budget: ttusb_init_controller: error
[  428.681325][ T5540] usbhid 2-1:0.0: can't add hid device: -71
[  428.689440][ T5540] usbhid: probe of 2-1:0.0 failed with error -71
[  428.755507][ T5540] usb 2-1: USB disconnect, device number 14
[  428.895650][ T4358] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  429.171064][ T4358] DVB: Unable to find symbol cx22700_attach()
[  429.898489][ T4358] DVB: Unable to find symbol tda10046_attach()
[  429.975167][ T8428] program syz.3.1258 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  429.984666][ T8428] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  430.000896][ T4358] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  430.040672][ T4358] usb 5-1: USB disconnect, device number 19
[  430.128896][ T8437] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.248418][ T8437] tipc: Resetting bearer <eth:syzkaller0>
[  430.300313][ T8442] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  430.306969][ T8442] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  430.314988][ T8442] vhci_hcd vhci_hcd.0: Device attached
[  430.357476][ T8444] vhci_hcd: connection closed
[  430.360176][ T4425] vhci_hcd: stop threads
[  430.416981][ T4425] vhci_hcd: release socket
[  430.487189][ T4425] vhci_hcd: disconnect device
[  431.211127][ T4798] tipc: Node number set to 2152136080
[  431.552129][ T8435] tipc: Disabling bearer <eth:syzkaller0>
[  433.763042][ T8452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1263'.
[  433.798067][ T8462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1266'.
[  434.686356][  T150] block nbd0: Attempted send on invalid socket
[  434.692628][  T150] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  435.943088][ T8479] program syz.3.1269 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  435.953302][ T8479] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  438.593393][ T8507] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1277'.
[  440.012603][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  440.019589][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  440.516552][ T8514] befs: (nbd3): No write support. Marking filesystem read-only
[  440.524626][ T1093] block nbd3: Attempted send on invalid socket
[  440.530911][ T1093] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  440.542093][ T8514] befs: (nbd3): unable to read superblock
[  440.549280][  T150] block nbd2: Attempted send on invalid socket
[  440.555591][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  440.801572][ T8522] tipc: Started in network mode
[  440.806729][ T8522] tipc: Node identity d68ff1c9cf42, cluster identity 4711
[  440.814761][ T8522] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  440.927267][ T8522] tipc: Resetting bearer <eth:syzkaller0>
[  441.579398][ T8521] tipc: Disabling bearer <eth:syzkaller0>
[  442.061462][ T8531] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  442.130535][ T8531] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  443.125635][ T8561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'.
[  443.839673][ T8567] befs: (nbd2): No write support. Marking filesystem read-only
[  443.854056][  T150] block nbd2: Attempted send on invalid socket
[  443.860556][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  443.871806][ T8567] befs: (nbd2): unable to read superblock
[  444.417118][ T8572] program syz.0.1295 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  444.428921][ T8572] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  445.608451][ T1093] block nbd2: Attempted send on invalid socket
[  445.614808][ T1093] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  445.968048][ T4402] Bluetooth: hci5: Frame reassembly failed (-84)
[  446.028767][ T4402] Bluetooth: hci5: Frame reassembly failed (-84)
[  448.011215][ T1109] Bluetooth: hci5: command 0x1003 tx timeout
[  448.018779][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1305'.
[  448.031746][ T4425] Bluetooth: hci5: Frame reassembly failed (-84)
[  448.070480][ T4425] Bluetooth: hci5: Frame reassembly failed (-84)
[  450.151542][ T1109] Bluetooth: hci5: command 0x1001 tx timeout
[  450.179086][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  451.871613][ T8612] befs: (nbd1): No write support. Marking filesystem read-only
[  451.879429][  T150] block nbd1: Attempted send on invalid socket
[  451.885707][  T150] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  451.898009][ T8612] befs: (nbd1): unable to read superblock
[  452.836595][ T4798] Bluetooth: hci5: command 0x1009 tx timeout
[  453.064278][ T1093] block nbd0: Attempted send on invalid socket
[  453.070502][ T1093] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  456.220590][ T8661] device syzkaller0 entered promiscuous mode
[  456.308617][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  457.262048][ T8677] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  459.875836][ T8696] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1330'.
[  459.924519][  T150] block nbd0: Attempted send on invalid socket
[  459.932653][  T150] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  462.910248][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  463.002493][ T8727] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1340'.
[  464.498013][  T150] block nbd3: Attempted send on invalid socket
[  464.505699][  T150] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  467.819469][ T4243] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0
[  468.691339][ T4243] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  468.947992][  T150] block nbd2: Attempted send on invalid socket
[  468.954351][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  472.912929][ T8814] program syz.0.1362 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  472.923027][ T8814] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  473.420856][ T4243] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  474.144155][ T8835] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1369'.
[  474.341369][ T4243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  474.705979][ T4243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  474.720318][ T4243] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  474.746795][ T4243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.830680][ T4243] usb 5-1: config 0 descriptor??
[  476.103811][ T4243] cm6533_jd 0003:0D8C:0022.0016: unknown main item tag 0x0
[  476.244220][ T4243] cm6533_jd 0003:0D8C:0022.0016: unknown main item tag 0x0
[  476.989966][ T4243] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0016/input/input56
[  477.038130][ T4243] cm6533_jd 0003:0D8C:0022.0016: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  477.088060][ T4243] usb 5-1: USB disconnect, device number 20
[  478.203839][ T8856] fido_id[8856]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  478.585963][ T4798] Bluetooth: hci5: command 0x1003 tx timeout
[  479.922921][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  480.119710][ T8869] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  480.126336][ T8869] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  480.552639][ T8887] fuse: Unknown parameter 'grou00000000000000000000'
[  480.686638][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1381'.
[  480.699543][ T8869] vhci_hcd vhci_hcd.0: Device attached
[  481.224698][ T8872] vhci_hcd: connection closed
[  481.230058][ T4347] vhci_hcd: stop threads
[  481.253921][ T4347] vhci_hcd: release socket
[  481.258952][ T4347] vhci_hcd: disconnect device
[  481.291103][ T4300] vhci_hcd: vhci_device speed not set
[  481.940965][ T4798] Bluetooth: hci5: command 0x1001 tx timeout
[  482.277265][ T1109] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  482.361858][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  482.845389][ T1109] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  482.861975][ T1109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.873630][ T1109] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.883728][ T1109] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  483.573309][ T1109] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  483.797174][ T1109] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  484.163653][ T1109] usb 2-1: Manufacturer: syz
[  484.188877][ T1109] usb 2-1: config 0 descriptor??
[  484.195568][ T8918] program syz.4.1390 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  484.243846][ T8918] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  484.410963][ T4798] Bluetooth: hci5: command 0x1009 tx timeout
[  484.441313][ T1109] usbhid 2-1:0.0: can't add hid device: -71
[  484.513044][ T1109] usbhid: probe of 2-1:0.0 failed with error -71
[  484.800828][ T8934] fuse: Unknown parameter 'grou00000000000000000000'
[  485.031031][ T1109] usb 2-1: USB disconnect, device number 15
[  486.170785][ T8953] device syzkaller0 entered promiscuous mode
[  487.538045][ T4243] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  487.574387][ T4300] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0
[  487.589795][ T4300] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  488.343559][ T8980] fido_id[8980]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  488.601108][ T4243] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  488.738227][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  488.813528][ T8988] program syz.3.1409 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  488.823684][ T8988] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  488.871042][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  488.872066][ T8996] fuse: Unknown parameter 'grou00000000000000000000'
[  488.880999][ T4243] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  488.991431][ T4243] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  489.000661][ T4243] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  489.008944][ T4243] usb 1-1: Manufacturer: syz
[  489.065609][ T4243] usb 1-1: config 0 descriptor??
[  489.577301][ T8965] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1404'.
[  489.825810][ T4243] appleir 0003:05AC:8243.0018: unknown main item tag 0x0
[  489.841259][ T4243] appleir 0003:05AC:8243.0018: No inputs registered, leaving
[  489.859343][ T4243] appleir 0003:05AC:8243.0018: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  490.283059][ T4402] Bluetooth: hci5: Frame reassembly failed (-84)
[  490.299935][ T4402] Bluetooth: hci5: Frame reassembly failed (-84)
[  490.943893][ T9016] device syzkaller0 entered promiscuous mode
[  492.477563][ T4191] Bluetooth: hci5: command 0x1003 tx timeout
[  492.484780][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  493.157063][ T4300] usb 1-1: USB disconnect, device number 17
[  493.687095][ T9047] fuse: Unknown parameter 'group_i00000000000000000000'
[  493.995769][ T9048] program syz.0.1424 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  494.025998][ T9048] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  494.150633][ T4201] Bluetooth: Frame is too long (len 10, expected len 4)
[  494.413840][ T9054] device syzkaller0 entered promiscuous mode
[  494.444459][ T9056] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  494.570912][ T4191] Bluetooth: hci5: command 0x1001 tx timeout
[  494.577163][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  496.651069][ T4191] Bluetooth: hci5: command 0x1009 tx timeout
[  496.791089][ T1109] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  497.540965][ T1109] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  497.560945][ T1109] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  497.660975][ T1109] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.111180][ T9088] fuse: Unknown parameter 'group_i00000000000000000000'
[  498.138683][ T1109] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  498.243350][ T1109] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  498.261207][ T1109] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  498.328849][ T1109] usb 1-1: Manufacturer: syz
[  498.381543][ T1109] usb 1-1: config 0 descriptor??
[  498.720963][ T1109] usbhid 1-1:0.0: can't add hid device: -71
[  498.727926][ T1109] usbhid: probe of 1-1:0.0 failed with error -71
[  498.734611][ T4201] Bluetooth: Frame is too long (len 10, expected len 4)
[  498.782238][ T1109] usb 1-1: USB disconnect, device number 18
[  499.926393][ T9106] device syzkaller0 entered promiscuous mode
[  501.452867][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  501.464503][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  501.735610][ T9128] netlink: 320 bytes leftover after parsing attributes in process `syz.2.1449'.
[  501.977664][ T9132] fuse: Unknown parameter 'group_i00000000000000000000'
[  502.462617][ T9137] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  502.477017][ T9137] device syzkaller0 entered promiscuous mode
[  504.277423][ T9140] autofs4:pid:9140:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc0189379)
[  504.294206][ T9140] autofs4:pid:9140:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379)
[  504.332226][ T9134] tipc: Resetting bearer <eth:syzkaller0>
[  504.407821][ T9134] tipc: Disabling bearer <eth:syzkaller0>
[  504.777251][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  505.823309][ T9163] overlayfs: missing 'lowerdir'
[  507.740137][ T9180] fuse: Unknown parameter 'group_id00000000000000000000'
[  508.491878][ T9190] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  508.506949][ T9190] device syzkaller0 entered promiscuous mode
[  508.973198][ T9184] tipc: Resetting bearer <eth:syzkaller0>
[  510.474180][ T9192] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1467'.
[  510.487883][ T9184] tipc: Disabling bearer <eth:syzkaller0>
[  511.925814][ T9208] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  511.937204][ T9208] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  511.939193][ T9207] device syzkaller0 entered promiscuous mode
[  512.154011][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1473'.
[  514.088776][ T9221] overlayfs: missing 'lowerdir'
[  515.062609][ T9235] ptrace attach of ""[9234] was attempted by "./syz-executor exec"[9235]
[  516.144509][ T9251] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1482'.
[  516.380028][ T9257] device syzkaller0 entered promiscuous mode
[  516.741004][ T4798] Bluetooth: hci5: command 0x1003 tx timeout
[  516.749389][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  516.767403][ T4300] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  517.450110][ T1093] block nbd1: Attempted send on invalid socket
[  517.456888][ T1093] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  517.469544][ T4300] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  517.490975][ T4300] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.525494][ T4300] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.535825][ T4300] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  518.171248][ T4300] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  518.180954][ T4300] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  518.189345][ T4300] usb 3-1: Manufacturer: syz
[  518.196497][ T4300] usb 3-1: config 0 descriptor??
[  518.224911][ T9277] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1491'.
[  518.557557][ T9281] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  518.574333][ T9281] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  518.810932][ T4798] Bluetooth: hci5: command 0x1001 tx timeout
[  518.818343][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  519.790957][ T4300] usbhid 3-1:0.0: can't add hid device: -71
[  519.801295][ T4300] usbhid: probe of 3-1:0.0 failed with error -71
[  519.855840][ T4300] usb 3-1: USB disconnect, device number 12
[  520.224532][ T9293] fuse: Unknown parameter 'group_id00000000000000000000'
[  521.100892][ T4191] Bluetooth: hci5: command 0x1009 tx timeout
[  522.134619][ T1093] block nbd0: Attempted send on invalid socket
[  522.142379][ T1093] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  522.154354][ T4300] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  522.980962][ T4300] usb 2-1: device descriptor read/64, error -71
[  523.317205][ T9319] overlayfs: missing 'lowerdir'
[  523.435578][ T4300] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  524.339062][ T4300] usb 2-1: device descriptor read/64, error -71
[  524.462814][ T4300] usb usb2-port1: attempt power cycle
[  524.495206][ T9330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'.
[  524.881087][ T4300] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  525.250978][ T4300] usb 2-1: device descriptor read/8, error -71
[  527.733576][  T150] block nbd4: Attempted send on invalid socket
[  527.740278][  T150] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  528.895883][ T9365] overlayfs: missing 'lowerdir'
[  529.044468][ T9370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1519'.
[  531.140992][ T4798] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  532.044238][ T9389] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  532.050899][ T9389] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  532.058941][ T9389] vhci_hcd vhci_hcd.0: Device attached
[  532.060814][ T4798] usb 5-1: device descriptor read/64, error -71
[  532.141382][ T9390] vhci_hcd: connection closed
[  532.142569][ T4347] vhci_hcd: stop threads
[  532.220248][ T4347] vhci_hcd: release socket
[  532.248118][ T4347] vhci_hcd: disconnect device
[  532.431209][ T4358] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  532.801352][ T4358] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  532.814719][ T4191] Bluetooth: hci5: command 0x1003 tx timeout
[  532.821061][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  532.838786][ T4358] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  532.852768][ T4358] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  533.010407][ T4358] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  533.043410][ T4201] Bluetooth: Frame is too long (len 10, expected len 4)
[  533.100846][ T4798] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  533.127161][  T150] block nbd2: Attempted send on invalid socket
[  533.133463][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  533.169641][ T4358] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  533.522317][ T4358] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  533.563871][ T4358] usb 2-1: Manufacturer: syz
[  533.931296][ T4358] usb 2-1: config 0 descriptor??
[  533.980646][ T9408] overlayfs: missing 'lowerdir'
[  534.230873][ T4191] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  534.590962][ T4191] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  534.601166][ T4191] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  534.610211][ T4191] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  534.619757][ T4191] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.636743][ T4191] usb 3-1: config 0 descriptor??
[  534.793734][ T9418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1532'.
[  534.891158][ T5540] Bluetooth: hci5: command 0x1001 tx timeout
[  534.900128][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  534.907835][ T4191] Bluetooth: Can't get state to change to load ram patch err
[  534.940860][ T4191] Bluetooth: Loading patch file failed
[  534.948120][ T4191] ath3k: probe of 3-1:0.0 failed with error -71
[  535.009347][ T4191] usb 3-1: USB disconnect, device number 13
[  535.491027][ T4358] usbhid 2-1:0.0: can't add hid device: -71
[  535.506803][ T4358] usbhid: probe of 2-1:0.0 failed with error -71
[  535.565927][ T4358] usb 2-1: USB disconnect, device number 20
[  535.981105][ T9433] netlink: 'syz.4.1533': attribute type 1 has an invalid length.
[  535.989410][ T9433] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1533'.
[  537.098874][ T4191] Bluetooth: hci5: command 0x1009 tx timeout
[  538.428903][ T9443] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1538'.
[  538.437883][ T9443] netlink: zone id is out of range
[  538.443049][ T9443] netlink: set zone limit has 4 unknown bytes
[  539.090919][ T4358] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  539.300862][ T4358] usb 3-1: device descriptor read/64, error -71
[  539.328454][ T4201] Bluetooth: Frame is too long (len 10, expected len 4)
[  539.610947][ T4358] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  539.677115][ T9461] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1544'.
[  539.924582][ T4358] usb 3-1: device descriptor read/64, error -71
[  540.051405][ T4358] usb usb3-port1: attempt power cycle
[  540.888643][ T9474] device syzkaller0 entered promiscuous mode
[  541.663567][ T4358] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  541.880909][ T4358] usb 3-1: device descriptor read/8, error -71
[  542.526031][ T9497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1552'.
[  542.553151][ T9497] netlink: zone id is out of range
[  542.626413][ T9497] netlink: set zone limit has 4 unknown bytes
[  543.837388][ T4201] Bluetooth: Frame is too long (len 10, expected len 4)
[  543.866224][ T9505] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  543.872879][ T9505] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  543.882057][ T9505] vhci_hcd vhci_hcd.0: Device attached
[  544.557944][ T9506] vhci_hcd: connection closed
[  544.559832][ T4303] vhci_hcd: stop threads
[  544.579433][ T4303] vhci_hcd: release socket
[  544.589630][ T4303] vhci_hcd: disconnect device
[  544.602165][ T4300] usb 37-1: new high-speed USB device number 5 using vhci_hcd
[  544.615069][ T4300] usb 37-1: enqueue for inactive port 0
[  544.720934][ T4300] vhci_hcd: vhci_device speed not set
[  545.379237][ T9525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1562'.
[  545.530885][ T4798] Bluetooth: hci5: command 0x1003 tx timeout
[  545.537090][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  545.969555][ T9533] device syzkaller0 entered promiscuous mode
[  546.373742][ T4358] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  546.970689][ T4358] usb 5-1: device descriptor read/64, error -71
[  547.311439][ T9552] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  547.318111][ T9552] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  547.326104][ T9552] vhci_hcd vhci_hcd.0: Device attached
[  547.495954][ T9553] vhci_hcd: connection closed
[  547.497068][ T4303] vhci_hcd: stop threads
[  547.512333][ T4303] vhci_hcd: release socket
[  547.517249][ T4303] vhci_hcd: disconnect device
[  547.541907][ T4358] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  547.590949][ T4300] vhci_hcd: vhci_device speed not set
[  547.620823][ T4798] Bluetooth: hci5: command 0x1001 tx timeout
[  547.627042][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  547.753401][ T4358] usb 5-1: device descriptor read/64, error -71
[  547.873486][ T4358] usb usb5-port1: attempt power cycle
[  548.259307][ T9571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1575'.
[  548.283307][ T4358] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  548.391468][ T4358] usb 5-1: device descriptor read/8, error -71
[  548.701086][ T4358] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  548.815323][ T4358] usb 5-1: device descriptor read/8, error -71
[  549.058139][ T4358] usb usb5-port1: unable to enumerate USB device
[  549.755737][ T5540] Bluetooth: hci5: command 0x1009 tx timeout
[  549.964619][ T9587] device syzkaller0 entered promiscuous mode
[  554.100103][ T9616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1586'.
[  554.995064][ T9628] device syzkaller0 entered promiscuous mode
[  555.080948][ T4256] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  555.653338][ T4256] usb 3-1: device descriptor read/64, error -71
[  556.281027][ T4256] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  556.458207][ T9640] process 'syz.0.1591' launched './file2' with NULL argv: empty string added
[  556.510847][ T4191] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  556.791078][ T4256] usb 3-1: device descriptor read/64, error -71
[  557.051171][ T4256] usb usb3-port1: attempt power cycle
[  557.327379][ T9649] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  557.334038][ T9649] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  557.342169][ T9649] vhci_hcd vhci_hcd.0: Device attached
[  557.350914][ T4358] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  557.450912][ T4191] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  557.465872][ T4191] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  557.475010][ T4191] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  557.484614][ T4191] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.495606][ T4191] usb 5-1: config 0 descriptor??
[  557.537991][ T9650] vhci_hcd: connection closed
[  557.538353][  T422] vhci_hcd: stop threads
[  557.560287][  T422] vhci_hcd: release socket
[  557.578150][  T422] vhci_hcd: disconnect device
[  557.583463][ T4358] usb 4-1: device descriptor read/64, error -71
[  557.631038][ T4300] vhci_hcd: vhci_device speed not set
[  557.851061][ T4256] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  557.867519][ T9666] fuse: Bad value for 'fd'
[  557.873497][ T4191] Bluetooth: Can't get state to change to load ram patch err
[  557.881357][ T4191] Bluetooth: Loading patch file failed
[  557.887109][ T4191] ath3k: probe of 5-1:0.0 failed with error -71
[  557.910816][ T4358] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  557.914998][ T4191] usb 5-1: USB disconnect, device number 27
[  558.201614][ T4256] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  558.220941][ T4256] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  558.231238][ T4256] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  558.240401][ T4256] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.262411][ T4256] usb 3-1: config 0 descriptor??
[  558.370865][ T4358] usb 4-1: device descriptor read/64, error -71
[  558.500987][ T4358] usb usb4-port1: attempt power cycle
[  558.842658][ T4256] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  558.914435][ T4256] cm6533_jd 0003:0D8C:0022.0019: unknown main item tag 0x0
[  558.925289][ T4256] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0019/input/input57
[  558.948435][ T4256] cm6533_jd 0003:0D8C:0022.0019: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  559.589666][ T4256] usb 3-1: USB disconnect, device number 20
[  559.921321][ T4358] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  560.228562][ T9684] fido_id[9684]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  560.591224][ T4358] usb 4-1: device not accepting address 20, error -71
[  560.969939][ T9702] device syzkaller0 entered promiscuous mode
[  561.069700][ T9710] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1611'.
[  561.716759][ T4358] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  562.130786][ T9714] fuse: Bad value for 'fd'
[  562.309956][ T4358] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  562.860885][ T4358] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  562.901478][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  562.907840][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  562.930943][ T4358] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.013588][ T4358] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  563.166021][ T4358] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  563.178522][ T4358] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  563.394602][ T9726] device syzkaller0 entered promiscuous mode
[  564.118386][ T4358] usb 4-1: Manufacturer: syz
[  564.377300][ T4358] usb 4-1: config 0 descriptor??
[  564.410949][ T4358] usb 4-1: can't set config #0, error -71
[  564.426784][ T4358] usb 4-1: USB disconnect, device number 21
[  565.214681][ T4358] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  565.214739][ T9736] qnx4: no qnx4 filesystem (no root dir).
[  565.992776][ T4358] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.016926][ T4256] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  566.593484][ T4358] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  567.010981][ T9759] fuse: Bad value for 'fd'
[  567.150990][ T4358] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  567.207307][ T4358] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  567.218307][ T4358] usb 4-1: Manufacturer: syz
[  567.431196][ T4256] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.538299][ T4256] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  567.553301][ T4358] usb 4-1: config 0 descriptor??
[  567.578911][ T4256] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  567.590959][ T4358] usb 4-1: can't set config #0, error -71
[  567.599431][ T4256] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.613239][ T4358] usb 4-1: USB disconnect, device number 22
[  567.662348][ T4256] usb 5-1: config 0 descriptor??
[  568.000895][ T4300] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  568.162317][ T4256] cm6533_jd 0003:0D8C:0022.001A: unknown main item tag 0x0
[  568.186975][ T4256] cm6533_jd 0003:0D8C:0022.001A: unknown main item tag 0x0
[  568.225158][ T4256] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.001A/input/input58
[  568.323885][ T4256] cm6533_jd 0003:0D8C:0022.001A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  568.420933][ T4300] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  568.454350][ T4256] usb 5-1: USB disconnect, device number 28
[  568.474795][ T4300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  568.515643][ T4300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  568.535832][ T9779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1628'.
[  568.550836][ T4300] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  568.691579][ T4300] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  568.706639][ T4300] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  568.720284][ T4300] usb 2-1: Manufacturer: syz
[  568.763375][ T4300] usb 2-1: config 0 descriptor??
[  570.220202][ T9800] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  570.252372][ T9800] device syzkaller0 entered promiscuous mode
[  571.061046][ T4300] usbhid 2-1:0.0: can't add hid device: -71
[  571.068282][ T4300] usbhid: probe of 2-1:0.0 failed with error -71
[  571.116926][ T4300] usb 2-1: USB disconnect, device number 21
[  572.061441][ T9814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1639'.
[  572.121011][ T4256] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  572.350824][ T4300] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  572.500896][ T4256] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  572.522009][ T4256] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  572.663249][ T4256] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  572.685395][ T4256] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  572.696667][ T4256] usb 4-1: Manufacturer: syz
[  572.725572][ T4256] usb 4-1: config 0 descriptor??
[  572.761054][ T4300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.815726][ T4300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.870929][ T4300] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  572.910605][ T4300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.948468][ T4300] usb 2-1: config 0 descriptor??
[  572.982749][ T9807] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1636'.
[  573.432817][ T4300] cm6533_jd 0003:0D8C:0022.001B: unknown main item tag 0x0
[  573.440157][ T4300] cm6533_jd 0003:0D8C:0022.001B: unknown main item tag 0x0
[  573.509331][ T4300] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.001B/input/input59
[  573.525481][ T4300] cm6533_jd 0003:0D8C:0022.001B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  573.637903][ T4300] usb 2-1: USB disconnect, device number 22
[  573.688461][ T9831] fido_id[9831]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  573.740864][ T4798] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  573.814854][  T150] block nbd2: Attempted send on invalid socket
[  573.821783][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  573.980988][ T4798] usb 1-1: Using ep0 maxpacket: 32
[  574.101535][ T4798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  574.156885][ T4798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  574.655980][ T4798] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  574.666280][ T4798] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.686876][ T4798] usb 1-1: config 0 descriptor??
[  574.698316][ T4241] usb 4-1: USB disconnect, device number 23
[  574.720576][ T9835] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  574.735677][ T9835] device syzkaller0 entered promiscuous mode
[  574.882738][ T4798] hub 1-1:0.0: USB hub found
[  575.720894][ T4798] hub 1-1:0.0: 1 port detected
[  575.819943][ T9853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1652'.
[  575.881266][ T4358] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  576.311050][ T4358] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  576.330774][ T4358] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  576.364714][ T4358] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  576.370882][ T4798] hub 1-1:0.0: activate --> -90
[  576.399030][ T4358] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  576.551132][ T4358] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  576.582054][ T4358] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  576.664871][ T4358] usb 3-1: Manufacturer: syz
[  576.695169][ T4358] usb 3-1: config 0 descriptor??
[  576.782291][ T4300] usb 1-1: USB disconnect, device number 19
[  578.060960][ T4358] usbhid 3-1:0.0: can't add hid device: -71
[  578.068991][ T4358] usbhid: probe of 3-1:0.0 failed with error -71
[  578.104326][ T4358] usb 3-1: USB disconnect, device number 21
[  578.856588][ T9884] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1660'.
[  579.140838][ T4798] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  579.550972][ T4798] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  579.584505][ T4798] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  579.650104][ T9890] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  579.674840][ T9890] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  579.720997][ T4798] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  579.750196][ T4798] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  579.822228][ T4798] usb 3-1: Manufacturer: syz
[  579.869422][ T4798] usb 3-1: config 0 descriptor??
[  580.114312][ T9898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1664'.
[  580.186840][ T9885] netlink: 320 bytes leftover after parsing attributes in process `syz.2.1659'.
[  582.600375][ T4798] usb 3-1: USB disconnect, device number 22
[  583.722111][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  584.394612][ T4798] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  584.689435][ T9934] atomic_op ffff888022395198 conn xmit_atomic 0000000000000000
[  584.941011][ T4798] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  584.976549][ T4798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  584.997894][ T4798] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  585.015703][ T4798] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  585.099934][ T9945] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1676'.
[  585.641263][ T4798] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  585.689561][ T4798] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  585.730946][ T4798] usb 1-1: Manufacturer: syz
[  585.748102][ T4798] usb 1-1: config 0 descriptor??
[  585.796069][ T4798] usb 1-1: can't set config #0, error -71
[  585.822576][ T4798] usb 1-1: USB disconnect, device number 20
[  586.540793][ T4256] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  587.010873][ T9963] Can't find ip_set type has
[  587.461118][ T4256] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  587.590023][ T4256] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  587.650994][ T4256] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  587.761048][ T4256] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  587.775206][ T4256] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  587.783938][ T4256] usb 3-1: Manufacturer: syz
[  587.817592][ T4256] usb 3-1: config 0 descriptor??
[  587.873299][ T4256] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  587.951474][ T4358] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  587.980809][ T4798] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  588.083323][ T9950] netlink: 320 bytes leftover after parsing attributes in process `syz.2.1677'.
[  588.220976][ T4798] usb 4-1: Using ep0 maxpacket: 32
[  588.320947][ T4358] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  588.350928][ T4798] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  588.361471][ T4798] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  588.371659][ T4798] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  588.383977][ T4358] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  588.387057][ T4798] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  588.394308][ T4358] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  588.408045][ T4798] usb 4-1: config 1 has no interface number 0
[  588.432315][ T4798] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  588.446694][ T4798] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.513441][ T4798] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  588.601235][ T4358] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  588.615523][ T4358] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  588.624570][ T4358] usb 2-1: Product: syz
[  588.628940][ T4358] usb 2-1: Manufacturer: syz
[  588.634434][ T4358] usb 2-1: SerialNumber: syz
[  588.720949][ T4798] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[  588.730612][ T4798] snd_usb_pod 4-1:1.1: invalid control EP
[  588.756460][ T4798] snd_usb_pod 4-1:1.1: cannot start listening: -22
[  588.775585][ T4798] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  588.788627][ T4798] snd_usb_pod: probe of 4-1:1.1 failed with error -22
[  588.848081][ T9978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1686'.
[  589.020536][ T4798] usb 4-1: USB disconnect, device number 24
[  589.197595][ T4300] usb 3-1: USB disconnect, device number 23
[  590.349938][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  590.860921][ T4256] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  591.263174][T10005] Can't find ip_set type has
[  591.560886][ T4256] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  591.854314][ T4256] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  591.865753][ T4256] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.570807][ T4256] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  592.721287][ T4256] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  592.760455][ T4256] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  592.769526][ T4358] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  592.805079][ T4358] usb 2-1: USB disconnect, device number 23
[  592.830087][ T4256] usb 1-1: Manufacturer: syz
[  592.855127][ T4358] usblp0: removed
[  592.864761][T10022] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  592.896942][ T4256] usb 1-1: config 0 descriptor??
[  592.898104][T10022] device syzkaller0 entered promiscuous mode
[  593.032052][ T4300] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  593.052545][ T4241] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  593.065455][ T4241] Bluetooth: hci2: Injecting HCI hardware error event
[  593.077390][  T146] Bluetooth: hci2: hardware error 0x00
[  593.400987][ T4300] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  593.451497][ T4300] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  593.469616][ T4300] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  593.509651][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1702'.
[  594.066449][ T4300] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  594.105599][ T4300] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  594.132443][ T4300] usb 5-1: Manufacturer: syz
[  594.162304][ T4300] usb 5-1: config 0 descriptor??
[  594.194270][T10025] Bluetooth: Frame is too long (len 10, expected len 4)
[  594.316917][ T4300] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  596.302730][T10020] netlink: 320 bytes leftover after parsing attributes in process `syz.4.1697'.
[  596.415692][ T4256] usbhid 1-1:0.0: can't add hid device: -71
[  596.479326][ T4256] usbhid: probe of 1-1:0.0 failed with error -71
[  596.518089][ T4256] usb 1-1: USB disconnect, device number 21
[  596.590142][T10050] netlink: 'syz.0.1706': attribute type 1 has an invalid length.
[  596.619400][T10050] device bond1 entered promiscuous mode
[  596.625589][T10050] 8021q: adding VLAN 0 to HW filter on device bond1
[  596.694971][T10050] 8021q: adding VLAN 0 to HW filter on device bond1
[  596.704101][T10050] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  596.715282][T10050] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  596.726554][T10050] bond1: (slave vcan1): Error -22 calling dev_set_mtu
[  596.890365][ T4300] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  597.523534][T10060] atomic_op ffff88801fcf6198 conn xmit_atomic 0000000000000000
[  597.634172][ T4300] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  597.756547][ T4300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  597.821065][ T4300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  597.946468][ T4300] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  597.988136][ T4256] usb 5-1: USB disconnect, device number 29
[  598.381218][ T4300] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  598.605087][ T4300] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  598.650221][ T4300] usb 4-1: Manufacturer: syz
[  599.058513][ T4300] usb 4-1: config 0 descriptor??
[  599.905088][ T4300] usbhid 4-1:0.0: can't add hid device: -71
[  599.913909][ T4300] usbhid: probe of 4-1:0.0 failed with error -71
[  599.922442][ T4300] usb 4-1: USB disconnect, device number 25
[  600.847741][ T4256] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  600.957330][T10025] Bluetooth: Frame is too long (len 10, expected len 4)
[  601.361194][ T4256] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  601.559571][ T4256] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.571606][ T4256] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  601.583438][ T4256] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  601.680879][ T4256] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  601.693405][ T4256] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  601.707690][ T4256] usb 3-1: Manufacturer: syz
[  601.738401][ T4256] usb 3-1: config 0 descriptor??
[  601.812858][T10112] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  601.840015][T10112] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  602.330909][ T4798] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  602.781212][ T4798] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.200981][ T4798] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  603.220259][ T4798] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  603.342577][ T4798] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  603.360916][ T4256] usbhid 3-1:0.0: can't add hid device: -71
[  603.367193][ T4256] usbhid: probe of 3-1:0.0 failed with error -71
[  604.283737][ T4798] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  604.307868][ T4256] usb 3-1: USB disconnect, device number 24
[  604.313880][ T4798] usb 1-1: Manufacturer: syz
[  604.335279][ T4798] usb 1-1: config 0 descriptor??
[  604.751336][T10121] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1723'.
[  604.768422][ T4798] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  604.917411][T10135] netlink: 292 bytes leftover after parsing attributes in process `syz.1.1727'.
[  605.280827][ T4798] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  605.540830][ T4798] usb 4-1: Using ep0 maxpacket: 32
[  605.558480][ T4241] usb 1-1: USB disconnect, device number 22
[  606.101079][ T4798] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  606.118579][ T4798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.140677][ T4798] usb 4-1: Product: syz
[  606.158947][ T4798] usb 4-1: Manufacturer: syz
[  606.174893][ T4798] usb 4-1: SerialNumber: syz
[  606.197158][ T4798] usb 4-1: config 0 descriptor??
[  606.264303][ T4798] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  606.331269][ T4300] Bluetooth: hci5: command 0x1003 tx timeout
[  606.353385][T10025] Bluetooth: hci5: sending frame failed (-49)
[  606.924396][T10156] udc-core: couldn't find an available UDC or it's busy
[  606.948645][T10156] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  606.958702][T10159] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  607.062372][ T4798] gspca_ov534_9: reg_w failed -110
[  607.590839][ T4798] gspca_ov534_9: Unknown sensor 0000
[  607.591244][ T4798] ov534_9: probe of 4-1:0.0 failed with error -22
[  608.200619][ T4241] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  608.411094][ T4300] Bluetooth: hci5: command 0x1001 tx timeout
[  608.417266][T10025] Bluetooth: hci5: sending frame failed (-49)
[  608.660870][ T4241] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  608.696679][ T4241] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  608.724570][ T4241] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  608.745745][ T4241] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.803167][ T4241] usb 2-1: config 0 descriptor??
[  609.071410][ T4241] usb 2-1: USB disconnect, device number 24
[  609.378564][ T4798] usb 4-1: USB disconnect, device number 26
[  609.723945][T10179] overlayfs: failed to resolve './file1': -2
[  610.491595][ T4241] Bluetooth: hci5: command 0x1009 tx timeout
[  611.090977][ T4191] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  611.950845][ T4191] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.061689][ T4191] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  612.087779][ T4191] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  612.190868][ T4191] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  612.207813][ T4191] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  612.227579][ T4191] usb 4-1: Manufacturer: syz
[  612.248152][ T4191] usb 4-1: config 0 descriptor??
[  612.303409][ T4191] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  612.551579][T10190] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1740'.
[  612.584525][T10203] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  613.639180][ T4300] usb 4-1: USB disconnect, device number 27
[  613.680062][T10217] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1750'.
[  613.716796][T10219] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1751'.
[  613.808139][T10227] capability: warning: `syz.1.1754' uses deprecated v2 capabilities in a way that may be insecure
[  614.388844][ T4241] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  615.069134][T10240] device syzkaller0 entered promiscuous mode
[  615.351263][ T4241] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  615.366532][ T4241] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  615.377019][ T4241] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  615.391877][ T4241] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.414450][ T4241] usb 3-1: config 0 descriptor??
[  616.174236][ T4798] usb 3-1: USB disconnect, device number 25
[  620.255705][T10315] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  620.920810][    T7] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  621.370926][    T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  621.406793][  T150] block nbd2: Attempted send on invalid socket
[  621.406916][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  621.718248][    T7] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  621.718296][    T7] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  621.718320][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.726887][    T7] usb 5-1: config 0 descriptor??
[  621.975771][ T4798] usb 5-1: USB disconnect, device number 30
[  624.332284][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  624.338753][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  626.663755][T10373] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  626.675235][T10373] exFAT-fs (loop1): unable to read boot sector
[  626.681656][T10373] exFAT-fs (loop1): failed to read boot sector
[  626.687821][T10373] exFAT-fs (loop1): failed to recognize exfat type
[  627.000882][T10373] netlink: 'syz.1.1795': attribute type 83 has an invalid length.
[  627.339468][ T1093] block nbd4: Attempted send on invalid socket
[  627.345844][ T1093] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  627.431441][ T4191] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  630.442360][T10402] atomic_op ffff888060f76198 conn xmit_atomic 0000000000000000
[  630.451223][ T4256] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  631.370942][ T4243] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  631.548961][T10425] input: syz1 as /devices/virtual/input/input60
[  631.761442][ T4243] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[  631.801608][ T4243] usb 2-1: config 0 has no interface number 0
[  631.991108][ T4243] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  632.026182][ T4243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.049762][ T4243] usb 2-1: Product: syz
[  632.058508][ T4243] usb 2-1: Manufacturer: syz
[  632.076176][ T4243] usb 2-1: SerialNumber: syz
[  632.114935][ T4243] usb 2-1: config 0 descriptor??
[  632.301132][ T4300] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  632.400823][    T7] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  632.500901][ T4300] usb 5-1: device descriptor read/64, error -71
[  632.845980][T10444] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  632.857874][T10444] device syzkaller0 entered promiscuous mode
[  632.921432][ T4243] usb 2-1: atusb_control_msg: req 0x21 val 0x0 idx 0x1f, error -71
[  633.423175][ T4243] usb 2-1: Firmware version (0.0) predates our first public release.
[  633.431790][ T4243] usb 2-1: Please update to version 0.2 or newer
[  633.447613][T10441] tipc: Resetting bearer <eth:syzkaller0>
[  633.459644][ T4243] usb 2-1: atusb_probe: initialization failed, error = -71
[  633.468446][ T4243] atusb: probe of 2-1:0.128 failed with error -71
[  633.480809][ T4300] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  633.491095][    T7] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  633.575808][    T7] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  633.582109][ T4243] usb 2-1: USB disconnect, device number 25
[  634.076479][T10441] tipc: Disabling bearer <eth:syzkaller0>
[  634.087835][T10447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1820'.
[  634.121030][    T7] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  634.130878][    T7] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  634.139134][    T7] usb 3-1: Manufacturer: syz
[  634.154616][    T7] usb 3-1: config 0 descriptor??
[  634.192081][ T4300] usb 5-1: device descriptor read/64, error -71
[  634.319571][    T7] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  634.327416][ T4300] usb usb5-port1: attempt power cycle
[  635.217857][T10440] netlink: 320 bytes leftover after parsing attributes in process `syz.2.1817'.
[  636.683308][ T4191] usb 3-1: USB disconnect, device number 27
[  636.691987][T10484] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  636.698847][T10484] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  636.710302][T10484] vhci_hcd vhci_hcd.0: Device attached
[  636.991267][ T4241] usb 33-1: new high-speed USB device number 3 using vhci_hcd
[  637.512719][T10485] vhci_hcd: connection reset by peer
[  637.518919][ T4347] vhci_hcd: stop threads
[  637.537135][ T4347] vhci_hcd: release socket
[  637.570978][ T4347] vhci_hcd: disconnect device
[  638.583062][T10507] device syzkaller0 entered promiscuous mode
[  638.620818][ T4191] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  639.241024][ T4191] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  639.261170][ T4191] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  639.339267][ T4191] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  639.370012][ T4191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.446611][ T4191] usb 4-1: config 0 descriptor??
[  639.479481][T10518] fuse: Unknown parameter 'user_i00000000000000000000'
[  639.618661][T10517] device syzkaller0 entered promiscuous mode
[  642.283683][T10550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1849'.
[  642.476491][    T7] usb 4-1: USB disconnect, device number 28
[  642.507165][ T4241] vhci_hcd: vhci_device speed not set
[  643.561304][T10561] device syzkaller0 entered promiscuous mode
[  643.649654][T10564] device syzkaller0 entered promiscuous mode
[  644.138206][T10570] fuse: Unknown parameter 'user_i00000000000000000000'
[  644.292563][T10565] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  644.302029][T10565] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  645.927293][T10583] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  645.933943][T10583] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  645.962091][T10583] vhci_hcd vhci_hcd.0: Device attached
[  647.278335][T10584] vhci_hcd: connection closed
[  647.278549][ T4347] vhci_hcd: stop threads
[  647.288859][ T4347] vhci_hcd: release socket
[  647.298437][ T4347] vhci_hcd: disconnect device
[  647.377579][  T150] block nbd2: Attempted send on invalid socket
[  647.384356][  T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  647.395607][ T4256] vhci_hcd: vhci_device speed not set
[  648.200876][ T4300] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  648.572443][ T4300] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  648.910836][ T4300] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  648.977927][ T4300] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  648.997524][ T4300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.036258][ T4300] usb 2-1: config 0 descriptor??
[  649.069358][T10614] device syzkaller0 entered promiscuous mode
[  649.244726][T10615] device syzkaller0 entered promiscuous mode
[  650.536637][T10628] fuse: Unknown parameter 'user_id00000000000000000000'
[  651.017052][ T4191] usb 2-1: USB disconnect, device number 26
[  652.089284][T10658] device syzkaller0 entered promiscuous mode
[  653.460936][ T4191] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  653.961091][ T4191] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  654.040768][ T4241] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  654.444863][ T4191] usb 3-1: config 0 has no interface number 0
[  654.454340][ T4191] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  654.465994][ T4191] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.524409][ T4241] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  654.529793][ T4191] usb 3-1: config 0 descriptor??
[  654.609458][ T4191] usb 3-1: selecting invalid altsetting 1
[  654.617999][T10684] fuse: Unknown parameter 'user_id00000000000000000000'
[  654.625641][ T4191] dvb_ttusb_budget: ttusb_init_controller: error
[  654.632996][ T4191] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  655.021491][ T4241] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  655.145922][ T4241] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  655.155498][ T4241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.167254][ T4191] DVB: Unable to find symbol cx22700_attach()
[  655.171233][ T4241] usb 5-1: config 0 descriptor??
[  655.243624][ T4191] DVB: Unable to find symbol tda10046_attach()
[  655.250020][ T4191] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  655.286385][T10691] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  655.293027][T10691] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  655.300861][T10691] vhci_hcd vhci_hcd.0: Device attached
[  655.368221][T10698] vhci_hcd: connection closed
[  655.380302][T10702] netlink: 'syz.3.1892': attribute type 29 has an invalid length.
[  655.393090][T10702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1892'.
[  655.403564][T10702] netlink: 'syz.3.1892': attribute type 29 has an invalid length.
[  655.411871][T10702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1892'.
[  656.111627][ T4402] vhci_hcd: stop threads
[  656.116464][ T4402] vhci_hcd: release socket
[  656.158479][ T4402] vhci_hcd: disconnect device
[  656.231080][ T4300] usb 33-1: new high-speed USB device number 5 using vhci_hcd
[  656.252591][ T4300] usb 33-1: enqueue for inactive port 0
[  656.358788][ T4191] usb 3-1: USB disconnect, device number 28
[  656.360812][ T4241] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  656.390892][ T4300] vhci_hcd: vhci_device speed not set
[  656.400065][ T4243] usb 5-1: USB disconnect, device number 34
[  656.535925][T10711] device syzkaller0 entered promiscuous mode
[  656.746505][T10718] fuse: Unknown parameter 'user_id00000000000000000000'
[  656.930935][ T4243] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  657.124239][ T4241] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  657.181778][ T4241] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  657.196246][ T4241] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  657.292511][ T4241] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  657.311071][ T4241] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  657.319388][ T4241] usb 2-1: Manufacturer: syz
[  657.331372][ T4241] usb 2-1: config 0 descriptor??
[  657.374471][ T4241] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  657.412453][ T4243] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  657.434109][ T4243] usb 5-1: config 0 interface 0 has no altsetting 0
[  657.596993][T10703] netlink: 320 bytes leftover after parsing attributes in process `syz.1.1891'.
[  657.680980][ T4243] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  657.713761][ T4243] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.741270][ T4243] usb 5-1: Product: syz
[  657.750983][ T4243] usb 5-1: Manufacturer: syz
[  657.755633][ T4243] usb 5-1: SerialNumber: syz
[  657.771151][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  657.789436][ T4243] usb 5-1: config 0 descriptor??
[  657.873867][ T4243] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  657.975173][ T4243] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  658.021103][ T4243] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  658.035173][ T4243] usb 5-1: media controller created
[  658.084922][ T4243] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  658.311611][ T4243] DVB: Unable to find symbol tda10046_attach()
[  658.318631][ T4243] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  658.364148][ T4243] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  658.524484][ T4191] usb 2-1: USB disconnect, device number 27
[  658.770545][T10747] device syzkaller0 entered promiscuous mode
[  658.781389][ T4241] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  659.151032][ T4241] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.161696][ T4241] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  659.197891][ T4241] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  659.207384][ T4241] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.221459][ T4241] usb 1-1: config 0 descriptor??
[  659.279398][ T4241] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  659.350959][ T4243] dvb_usb_m920x: probe of 5-1:0.0 failed with error -71
[  659.483972][T10754] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  659.490650][T10754] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  659.498759][T10754] vhci_hcd vhci_hcd.0: Device attached
[  659.530971][T10755] vhci_hcd: connection closed
[  659.534897][ T4347] vhci_hcd: stop threads
[  659.593192][ T4347] vhci_hcd: release socket
[  661.171287][ T4243] usb 5-1: USB disconnect, device number 35
[  661.192491][ T4347] vhci_hcd: disconnect device
[  661.885580][T10762] fuse: Bad value for 'fd'
[  661.987067][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  662.585160][ T4300] usb 1-1: USB disconnect, device number 24
[  662.621032][ T4191] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  663.001222][ T4191] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  663.012127][ T4191] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  663.025954][ T4191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.072341][ T4191] usb 4-1: config 0 descriptor??
[  663.212435][ T4300] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  663.214161][ T4191] usbhid 4-1:0.0: can't add hid device: -22
[  663.261587][ T4191] usbhid: probe of 4-1:0.0 failed with error -22
[  663.760932][ T4300] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  664.829551][T10799] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0
[  664.876239][ T4300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  664.967725][ T4300] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  666.016916][T10804] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  666.023573][T10804] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  667.220882][ T4300] usb 1-1: string descriptor 0 read error: -71
[  667.227671][ T1109] usb 4-1: USB disconnect, device number 29
[  667.238021][ T4300] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  667.278200][T10804] vhci_hcd vhci_hcd.0: Device attached
[  667.561419][ T4300] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  667.678971][T10777] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[  668.710420][ T4300] usb 1-1: config 0 descriptor??
[  668.823240][ T4300] usb 1-1: can't set config #0, error -71
[  669.053854][T10805] vhci_hcd: connection reset by peer
[  669.059672][T10822] vhci_hcd: stop threads
[  669.064455][T10822] vhci_hcd: release socket
[  669.072045][T10822] vhci_hcd: disconnect device
[  669.097659][ T4300] usb 1-1: USB disconnect, device number 25
[  669.126345][T10827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1925'.
[  670.100896][ T4241] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  671.586629][T10837] fuse: Bad value for 'fd'
[  671.631996][ T4241] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  671.888503][ T4241] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  671.902260][ T4241] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  671.912822][ T4241] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.639709][ T4241] usb 3-1: config 0 descriptor??
[  672.700975][ T4241] usb 3-1: can't set config #0, error -71
[  672.728948][ T4241] usb 3-1: USB disconnect, device number 29
[  672.821068][T10777] vhci_hcd: vhci_device speed not set
[  676.850041][T10902] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  676.861829][T10902] device syzkaller0 entered promiscuous mode
[  677.970954][ T4241] tipc: Node number set to 432927177
[  678.923194][T10897] tipc: Resetting bearer <eth:syzkaller0>
[  679.150961][ T4191] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  679.164828][T10897] tipc: Disabling bearer <eth:syzkaller0>
[  679.570942][ T4191] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.996253][ T4191] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  680.095897][T10911] fuse: Bad value for 'fd'
[  680.435644][ T4191] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  680.444871][ T4191] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.591677][ T4191] usb 3-1: config 0 descriptor??
[  680.611122][ T4191] usb 3-1: can't set config #0, error -71
[  680.632434][ T4191] usb 3-1: USB disconnect, device number 30
[  682.491951][T10921] Set syz0 is full, maxelem 0 reached
[  684.890810][ T1109] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  685.869064][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  685.875472][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  685.881840][   T26] kauditd_printk_skb: 15 callbacks suppressed
[  685.881854][   T26] audit: type=1326 audit(1756255073.285:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10939 comm="syz.1.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c8f36be9 code=0x7fc00000
[  686.260809][T10963] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  686.274756][T10963] device syzkaller0 entered promiscuous mode
[  686.832633][T10956] tipc: Resetting bearer <eth:syzkaller0>
[  688.692900][ T4241] tipc: Node number set to 716880189
[  688.712144][T10956] tipc: Disabling bearer <eth:syzkaller0>
[  689.208791][T10977] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1966'.
[  696.190937][    T7] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  696.281832][T11032] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[  697.253075][T11035] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1983'.
[  697.680858][    T7] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  697.818612][    T7] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  697.933880][    T7] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  697.943197][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.944707][T10777] Bluetooth: hci3: command 0x0405 tx timeout
[  697.959706][    T7] usb 4-1: config 0 descriptor??
[  698.508722][    T7] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  701.179625][ T4300] usb 4-1: USB disconnect, device number 31
[  703.604388][T11076] wlan0 speed is unknown, defaulting to 1000
[  704.736502][T11097] wlan0 speed is unknown, defaulting to 1000
[  706.592075][ T4191] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  706.730806][T10777] Bluetooth: hci5: command 0x0409 tx timeout
[  706.760937][T11124] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  706.767504][T11124] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  706.812593][T11124] vhci_hcd vhci_hcd.0: Device attached
[  706.868263][T11097] chnl_net:caif_netlink_parms(): no params data found
[  707.112167][T11097] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.131828][T11097] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.174936][T11097] device bridge_slave_0 entered promiscuous mode
[  707.205357][T11097] bridge0: port 2(bridge_slave_1) entered blocking state
[  707.256005][T11097] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.292208][T11097] device bridge_slave_1 entered promiscuous mode
[  707.417845][T11097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.474151][T11097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.476878][T11125] trusted_key: encrypted_key: insufficient parameters specified
[  707.508647][T11125] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  707.524478][T11127] vhci_hcd: connection closed
[  707.524785][ T4303] vhci_hcd: stop threads
[  707.564456][ T4303] vhci_hcd: release socket
[  707.592699][ T4303] vhci_hcd: disconnect device
[  707.609072][T11097] team0: Port device team_slave_0 added
[  707.645832][T11097] team0: Port device team_slave_1 added
[  707.670948][ T4191] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  707.721349][ T4191] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  707.751031][ T4191] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  707.766573][ T4191] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  707.860160][T11097] batman_adv: batadv0: Adding interface: batadv_slave_0
[  707.901036][ T4191] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  707.920349][T11097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  707.947143][ T4191] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  707.961797][ T4191] usb 3-1: Manufacturer: syz
[  707.969755][ T4191] usb 3-1: config 0 descriptor??
[  707.983389][T11097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  708.004734][T11097] batman_adv: batadv0: Adding interface: batadv_slave_1
[  708.019383][T11097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.051565][T11097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  708.130122][T11097] device hsr_slave_0 entered promiscuous mode
[  708.151379][T11097] device hsr_slave_1 entered promiscuous mode
[  708.168533][T11097] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  708.203206][T11097] Cannot create hsr debugfs directory
[  708.212559][    T7] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  708.236208][T11117] netlink: 320 bytes leftover after parsing attributes in process `syz.2.2000'.
[  708.242740][T11161] atomic_op ffff8880219bb998 conn xmit_atomic 0000000000000000
[  708.685542][ T4191] appleir 0003:05AC:8243.001C: unknown main item tag 0x0
[  708.711323][ T4191] appleir 0003:05AC:8243.001C: No inputs registered, leaving
[  708.762180][ T4191] appleir 0003:05AC:8243.001C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  708.821215][ T4358] Bluetooth: hci5: command 0x041b tx timeout
[  708.890909][    T7] usb 2-1: Using ep0 maxpacket: 32
[  709.041397][    T7] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  709.079564][    T7] usb 2-1: config 0 has no interface number 0
[  709.101760][T11168] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  709.108436][T11168] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  709.128346][T11168] vhci_hcd vhci_hcd.0: Device attached
[  709.163079][    T7] usb 2-1: config 0 interface 184 has no altsetting 0
[  709.178684][T11169] vhci_hcd: connection closed
[  709.181319][ T4303] vhci_hcd: stop threads
[  709.219999][ T4303] vhci_hcd: release socket
[  709.295543][ T4303] vhci_hcd: disconnect device
[  709.421595][    T7] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  709.472795][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.581602][    T7] usb 2-1: Product: syz
[  709.640220][    T7] usb 2-1: Manufacturer: syz
[  709.704508][    T7] usb 2-1: SerialNumber: syz
[  709.811244][    T7] usb 2-1: config 0 descriptor??
[  709.968276][    T7] smsc75xx v1.0.0
[  710.392169][T11097] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  710.441896][T11097] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  710.476809][T11171] usb 3-1: USB disconnect, device number 31
[  710.600902][    T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  710.622325][    T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  710.722107][T11097] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  710.976730][ T4358] Bluetooth: hci5: command 0x040f tx timeout
[  711.287402][T11171] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  711.490340][T11097] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  712.010986][T11097] 8021q: adding VLAN 0 to HW filter on device bond0
[  712.030007][T11097] 8021q: adding VLAN 0 to HW filter on device team0
[  712.059601][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  712.080828][T11171] usb 3-1: Using ep0 maxpacket: 32
[  712.105870][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  712.127079][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  712.148256][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  712.170087][ T4402] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.177255][ T4402] bridge0: port 1(bridge_slave_0) entered forwarding state
[  712.220951][    T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  712.236412][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  712.259653][    T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71
[  712.283197][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  712.305999][    T7] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  712.319200][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  712.330349][    T7] smsc75xx: probe of 2-1:0.184 failed with error -71
[  712.350514][ T4402] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.357680][ T4402] bridge0: port 2(bridge_slave_1) entered forwarding state
[  712.365638][T11171] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  712.383206][    T7] usb 2-1: USB disconnect, device number 28
[  712.393791][T11171] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.405261][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  712.427899][T11171] usb 3-1: Product: syz
[  712.439651][T11171] usb 3-1: Manufacturer: syz
[  712.461301][T11171] usb 3-1: SerialNumber: syz
[  712.466545][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  712.502603][T11171] usb 3-1: config 0 descriptor??
[  712.508689][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  712.572625][T11171] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  712.595217][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  712.611642][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  712.629474][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  712.643956][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  712.661883][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  712.678276][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  712.691011][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  712.729118][T11097] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  712.745577][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  713.118441][T11205] udc-core: couldn't find an available UDC or it's busy
[  713.174555][T11205] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  713.211388][T10967] Bluetooth: hci5: command 0x0419 tx timeout
[  713.259227][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  713.273084][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  713.301090][T11171] gspca_ov534_9: reg_w failed -110
[  713.445725][T11211] atomic_op ffff88801f947998 conn xmit_atomic 0000000000000000
[  713.887888][T11097] 8021q: adding VLAN 0 to HW filter on device batadv0
[  714.130912][T11171] gspca_ov534_9: Unknown sensor 0000
[  714.130979][T11171] ov534_9: probe of 3-1:0.0 failed with error -22
[  715.194650][T11228] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  715.201308][T11228] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  715.252499][T11228] vhci_hcd vhci_hcd.0: Device attached
[  715.277218][T11229] vhci_hcd: connection closed
[  715.278294][ T9685] vhci_hcd: stop threads
[  715.320926][ T9685] vhci_hcd: release socket
[  715.379679][ T9685] vhci_hcd: disconnect device
[  716.187815][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  716.230087][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  716.677390][  T422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  716.707177][  T422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  716.771608][T11097] device veth0_vlan entered promiscuous mode
[  716.799621][  T422] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  716.846108][  T422] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  716.992744][T11097] device veth1_vlan entered promiscuous mode
[  717.179097][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  717.197623][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  717.260232][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  717.279085][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  717.292538][T11097] device veth0_macvtap entered promiscuous mode
[  717.305509][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  717.349480][T11097] device veth1_macvtap entered promiscuous mode
[  717.418663][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  717.447258][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.477556][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  717.506900][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.527186][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  717.547964][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.598560][ T4798] usb 3-1: USB disconnect, device number 32
[  717.634748][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  717.665841][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.683804][T11097] batman_adv: batadv0: Interface activated: batadv_slave_0
[  717.727201][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  717.758418][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.797838][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  717.828129][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.845990][ T5540] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  717.854993][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  717.866053][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  717.876205][T11097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  717.886793][T11097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  718.019744][ T4409] Bluetooth: hci1: Frame reassembly failed (-84)
[  718.063523][ T4409] Bluetooth: hci1: Frame reassembly failed (-84)
[  718.258299][T11097] batman_adv: batadv0: Interface activated: batadv_slave_1
[  718.701469][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  718.726887][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  718.741306][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  718.750259][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  718.773798][T11097] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  718.799538][T11097] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  718.836114][T11097] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  718.845227][T11097] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  718.917796][ T4347] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  718.931296][ T5540] usb 4-1: Using ep0 maxpacket: 16
[  719.015708][ T4347] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.090841][ T5540] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  719.103183][ T5540] usb 4-1: config 0 has no interface number 0
[  719.109504][ T5540] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  719.123937][ T4347] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.138642][ T5540] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  719.150348][ T5540] usb 4-1: config 0 interface 41 has no altsetting 0
[  719.197799][ T4402] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.220171][ T4347] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.227627][ T4402] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.266002][ T9685] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  719.306847][ T9685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.321062][ T5540] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  719.340607][ T9685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.349300][ T5540] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.359514][ T5540] usb 4-1: Product: syz
[  719.395022][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  719.395347][ T5540] usb 4-1: Manufacturer: syz
[  719.427234][ T5540] usb 4-1: SerialNumber: syz
[  719.649094][ T5540] usb 4-1: config 0 descriptor??
[  719.681108][T11250] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  719.737256][T11250] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  719.968601][ T4347] tipc: Left network mode
[  720.293326][T11250] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  720.301825][ T1109] Bluetooth: hci1: command 0x1003 tx timeout
[  720.311377][  T146] Bluetooth: hci1: sending frame failed (-49)
[  720.331544][T11250] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  720.848401][T11278] atomic_op ffff8880230d2198 conn xmit_atomic 0000000000000000
[  721.371017][ T5540] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  721.798475][T11292] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  721.805311][T11292] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  721.813577][T11171] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  721.821434][T11292] vhci_hcd vhci_hcd.0: Device attached
[  721.893733][T11293] vhci_hcd: connection closed
[  721.894904][ T9685] vhci_hcd: stop threads
[  721.910913][ T5540] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  721.920828][ T9685] vhci_hcd: release socket
[  721.929487][ T4347] device hsr_slave_0 left promiscuous mode
[  721.965055][ T9685] vhci_hcd: disconnect device
[  721.985724][ T4347] device hsr_slave_1 left promiscuous mode
[  722.034769][ T4347] batman_adv: batadv0: Interface deactivated: dummy0
[  722.042352][    T7] vhci_hcd: vhci_device speed not set
[  722.088193][ T4347] batman_adv: batadv0: Removing interface: dummy0
[  722.153675][ T4347] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  722.191312][T11171] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  722.211920][ T4347] batman_adv: batadv0: Removing interface: batadv_slave_0
[  722.234222][T11171] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.364028][T11171] usb 6-1: config 0 descriptor??
[  722.432371][ T4241] Bluetooth: hci1: command 0x1001 tx timeout
[  722.443896][ T4347] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  722.455558][  T146] Bluetooth: hci1: sending frame failed (-49)
[  722.495801][ T4347] batman_adv: batadv0: Removing interface: batadv_slave_1
[  722.545662][T11171] gspca_main: spca508-2.14.0 probing 8086:0110
[  722.607261][ T4347] device bridge_slave_1 left promiscuous mode
[  722.656484][ T4347] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.731411][T11171] gspca_spca508: reg_read err -32
[  722.965507][ T4347] device bridge_slave_0 left promiscuous mode
[  722.991285][T11171] gspca_spca508: reg_read err -71
[  723.024979][ T5540] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  723.030817][T11171] gspca_spca508: reg_read err -71
[  723.035064][ T5540] CoreChips: probe of 4-1:0.41 failed with error -71
[  723.062997][ T5540] usb 4-1: USB disconnect, device number 32
[  723.087713][ T4347] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.124938][T11171] gspca_spca508: reg_read err -71
[  723.145073][T11300] input: syz1 as /devices/virtual/input/input63
[  723.250837][T11171] gspca_spca508: reg write: error -71
[  723.256301][T11171] spca508: probe of 6-1:0.0 failed with error -71
[  723.277909][ T4347] device veth1_macvtap left promiscuous mode
[  723.299783][ T4347] device veth0_macvtap left promiscuous mode
[  723.310340][T11171] usb 6-1: USB disconnect, device number 2
[  723.319414][ T4347] device veth1_vlan left promiscuous mode
[  723.331535][ T4347] device veth0_vlan left promiscuous mode
[  723.379561][T11304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2034'.
[  724.078397][T11310] Set syz0 is full, maxelem 0 reached
[  724.199529][T11318] serio: Serial port ptm1
[  724.480758][T11171] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  724.498708][    T7] Bluetooth: hci1: command 0x1009 tx timeout
[  724.525457][ T4347] team0 (unregistering): Port device team_slave_1 removed
[  724.545201][ T4347] team0 (unregistering): Port device team_slave_0 removed
[  724.579951][ T4347] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  724.610414][ T4347] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  724.679668][ T4347] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  724.746207][T11171] usb 4-1: Using ep0 maxpacket: 32
[  724.760890][T11329] atomic_op ffff88801fcf3998 conn xmit_atomic 0000000000000000
[  724.941175][T11171] usb 4-1: config 1 has an invalid interface number: 98 but max is 0
[  724.992722][T11171] usb 4-1: config 1 has no interface number 0
[  725.123839][ T4347] bond0 (unregistering): Released all slaves
[  725.347039][T11171] usb 4-1: New USB device found, idVendor=04e8, idProduct=8001, bcdDevice=1f.78
[  725.380977][T11171] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.389655][T11171] usb 4-1: Product: syz
[  725.399806][T11171] usb 4-1: Manufacturer: syz
[  725.404791][T11171] usb 4-1: SerialNumber: syz
[  725.710291][T10967] usb 4-1: USB disconnect, device number 33
[  726.446786][T11331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'.
[  726.455806][T11331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'.
[  726.465779][T11331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'.
[  726.474803][T11331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'.
[  726.569828][  T146] Bluetooth: Frame is too long (len 10, expected len 4)
[  728.439106][T11379] fuse: Unknown parameter 'fd0x0000000000000005'
[  728.885440][T11380] Set syz0 is full, maxelem 0 reached
[  729.251702][T11386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2053'.
[  730.850786][T10967] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  731.630992][T10967] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  732.503649][T10967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.560827][T10967] usb 3-1: Product: syz
[  732.571016][T10967] usb 3-1: Manufacturer: syz
[  732.599371][T10967] usb 3-1: SerialNumber: syz
[  733.127559][ T5540] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  733.511062][ T5540] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  733.530565][ T5540] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.582018][ T5540] usb 2-1: config 0 descriptor??
[  733.640841][T10967] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32
[  733.680805][T10967] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  733.690315][T10967] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  733.751045][T10967] lan78xx: probe of 3-1:1.0 failed with error -32
[  734.633676][T10967] usb 3-1: USB disconnect, device number 33
[  734.829764][T11453] Set syz0 is full, maxelem 0 reached
[  735.049654][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2065'.
[  735.661097][ T5540] usb 2-1: Cannot set autoneg
[  735.680851][ T5540] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[  735.761058][ T5540] usb 2-1: USB disconnect, device number 29
[  736.120828][ T4300] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  736.930983][ T4300] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  736.950160][ T4300] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  737.013583][ T4300] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  737.084880][ T4300] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  737.110753][ T4300] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.149737][ T4300] usb 1-1: config 0 descriptor??
[  737.190460][T11461] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  737.211981][ T4300] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  739.573100][T11520] device syzkaller0 entered promiscuous mode
[  739.622494][ T4300] usb 1-1: USB disconnect, device number 26
[  741.241625][T10967] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  741.540892][T10967] usb 4-1: Using ep0 maxpacket: 32
[  741.958516][T10967] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  742.210387][T10967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.190749][T10967] usb 4-1: Product: syz
[  743.210695][T10967] usb 4-1: Manufacturer: syz
[  743.215344][T10967] usb 4-1: SerialNumber: syz
[  743.252672][T10967] usb 4-1: config 0 descriptor??
[  743.585682][T11568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  743.598339][T11568] device syzkaller0 entered promiscuous mode
[  744.043597][T10967] usb 4-1: can't set config #0, error -71
[  744.059352][T10967] usb 4-1: USB disconnect, device number 34
[  744.247812][T11575] Set syz0 is full, maxelem 0 reached
[  744.269065][T11561] tipc: Resetting bearer <eth:syzkaller0>
[  745.096768][T11561] tipc: Disabling bearer <eth:syzkaller0>
[  745.320990][ T5540] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  745.500766][T11592] serio: Serial port ptm0
[  745.708846][ T5540] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  745.779829][ T5540] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  745.800980][ T5540] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.836661][ T5540] usb 3-1: config 0 descriptor??
[  745.927618][ T5540] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  747.228681][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  747.237124][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  747.720817][ T4256] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  749.191391][ T4241] usb 3-1: USB disconnect, device number 34
[  749.212688][ T4256] usb 2-1: Using ep0 maxpacket: 32
[  749.305525][T11629] device syzkaller0 entered promiscuous mode
[  749.521730][ T4256] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  749.597167][ T4256] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.653111][ T4256] usb 2-1: Product: syz
[  749.670848][ T4256] usb 2-1: Manufacturer: syz
[  749.682709][ T4256] usb 2-1: SerialNumber: syz
[  749.741848][ T4256] usb 2-1: config 0 descriptor??
[  749.811486][ T4256] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  750.405254][T11663] udc-core: couldn't find an available UDC or it's busy
[  750.435909][T11663] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  750.460743][ T4798] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  750.610893][ T4256] gspca_ov534_9: reg_w failed -110
[  752.180843][ T4798] usb 3-1: Using ep0 maxpacket: 32
[  752.187892][T11676] netlink: 'syz.0.2111': attribute type 12 has an invalid length.
[  752.410980][ T4798] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  752.422186][   T26] audit: type=1804 audit(1756255140.145:28): pid=11676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2111" name="bus" dev="ramfs" ino=62986 res=1 errno=0
[  752.490136][ T4798] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  752.513093][   T26] audit: type=1804 audit(1756255140.245:29): pid=11676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2111" name="bus" dev="ramfs" ino=62986 res=1 errno=0
[  752.716873][ T4798] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  752.729924][ T4798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.750715][ T4256] gspca_ov534_9: Unknown sensor 0000
[  752.750779][ T4256] ov534_9: probe of 2-1:0.0 failed with error -22
[  752.843925][T11694] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2114'.
[  753.915427][ T4798] usb 3-1: config 0 descriptor??
[  753.931842][ T4798] usb 3-1: can't set config #0, error -71
[  755.557510][T10777] Bluetooth: hci5: command 0x0405 tx timeout
[  755.586985][ T4798] usb 3-1: USB disconnect, device number 35
[  755.758802][ T4347] Bluetooth: hci1: Frame reassembly failed (-84)
[  756.811322][ T4241] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  756.928262][T11749] loop7: detected capacity change from 0 to 7
[  756.943375][ T4256] usb 2-1: USB disconnect, device number 30
[  756.965088][T11749] Dev loop7: unable to read RDB block 7
[  756.976262][T11749]  loop7: unable to read partition table
[  757.009166][T11749] loop7: partition table beyond EOD, truncated
[  757.070745][ T4241] usb 4-1: Using ep0 maxpacket: 16
[  757.115996][T11749] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  757.210919][ T4241] usb 4-1: config 1 has an invalid interface number: 214 but max is 0
[  757.220951][ T4241] usb 4-1: config 1 has no interface number 0
[  757.229179][ T4241] usb 4-1: config 1 interface 214 has no altsetting 0
[  757.440934][ T4241] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  757.475629][ T4241] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.508509][ T4241] usb 4-1: Product: syz
[  757.524235][ T4241] usb 4-1: Manufacturer: syz
[  757.542838][ T4241] usb 4-1: SerialNumber: syz
[  757.612243][ T4241] ums-alauda 4-1:1.214: USB Mass Storage device detected
[  757.770758][ T4300] Bluetooth: hci1: command 0x1003 tx timeout
[  757.790833][  T146] Bluetooth: hci1: sending frame failed (-49)
[  757.840732][T11171] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  757.927396][ T4300] usb 4-1: USB disconnect, device number 35
[  758.171628][T11757] 
[  758.174018][T11757] ======================================================
[  758.181039][T11757] WARNING: possible circular locking dependency detected
[  758.188056][T11757] 5.15.189-syzkaller #0 Not tainted
[  758.193238][T11757] ------------------------------------------------------
[  758.200240][T11757] syz.5.2123/11757 is trying to acquire lock:
[  758.206288][T11757] ffff88807a02a138 ((wq_completion)loop7){+.+.}-{0:0}, at: flush_workqueue+0x126/0x1380
[  758.210770][T11171] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  758.216025][T11757] 
[  758.216025][T11757] but task is already holding lock:
[  758.216033][T11757] ffff888147aa5468 (&lo->lo_mutex){+.+.}-{3:3}
[  758.224578][T11171] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  758.231656][T11757] , at: __loop_clr_fd+0xaa/0xb90
[  758.231683][T11757] 
[  758.231683][T11757] which lock already depends on the new lock.
[  758.231683][T11757] 
[  758.231689][T11757] 
[  758.231689][T11757] the existing dependency chain (in reverse order) is:
[  758.231695][T11757] 
[  758.231695][T11757] -> #6 (&lo->lo_mutex){+.+.}-{3:3}:
[  758.231722][T11757]        __mutex_lock_common+0x1eb/0x2390
[  758.231749][T11757]        mutex_lock_killable_nested+0x17/0x20
[  758.231765][T11757]        lo_open+0x6a/0x100
[  758.231780][T11757]        blkdev_get_whole+0x90/0x390
[  758.231799][T11757]        blkdev_get_by_dev+0x2d0/0xa60
[  758.241781][T11171] usb 1-1: config 220 has no interface number 2
[  758.248174][T11757]        blkdev_open+0x12d/0x2c0
[  758.248200][T11757]        do_dentry_open+0x7ff/0xf80
[  758.248218][T11757]        path_openat+0x2682/0x2f30
[  758.248232][T11757]        do_filp_open+0x1b3/0x3e0
[  758.248246][T11757]        do_sys_openat2+0x142/0x4a0
[  758.248263][T11757]        __x64_sys_openat+0x135/0x160
[  758.248280][T11757]        do_syscall_64+0x4c/0xa0
[  758.248299][T11757]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  758.248319][T11757] 
[  758.248319][T11757] -> #5 (&disk->open_mutex
[  758.254179][T11171] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  758.263659][T11757] ){+.+.}-{3:3}:
[  758.263682][T11757]        __mutex_lock_common+0x1eb/0x2390
[  758.263705][T11757]        mutex_lock_nested+0x17/0x20
[  758.263720][T11757]        blkdev_get_by_dev+0x157/0xa60
[  758.273536][T11171] usb 1-1: config 220 interface 0 has no altsetting 0
[  758.280233][T11757]        swsusp_check+0x9b/0x2a0
[  758.280257][T11757]        software_resume+0xc6/0x3b0
[  758.286410][T11171] usb 1-1: config 220 interface 76 has no altsetting 0
[  758.292027][T11757]        resume_store+0xe4/0x130
[  758.292050][T11757]        kernfs_fop_write_iter+0x379/0x4c0
[  758.292068][T11757]        vfs_write+0x712/0xd00
[  758.292083][T11757]        ksys_write+0x14d/0x250
[  758.292096][T11757]        do_syscall_64+0x4c/0xa0
[  758.297218][T11171] usb 1-1: config 220 interface 1 has no altsetting 0
[  758.301931][T11757]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  758.301957][T11757] 
[  758.301957][T11757] -> #4 (system_transition_mutex/1){+.+.}-{3:3}:
[  758.301991][T11757]        __mutex_lock_common+0x1eb/0x2390
[  758.460885][T11171] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  758.466112][T11757]        mutex_lock_nested+0x17/0x20
[  758.472024][T11171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.480859][T11757]        software_resume+0x7c/0x3b0
[  758.480883][T11757]        resume_store+0xe4/0x130
[  758.480899][T11757]        kernfs_fop_write_iter+0x379/0x4c0
[  758.480919][T11757]        vfs_write+0x712/0xd00
[  758.486766][T11171] usb 1-1: Product: syz
[  758.494153][T11757]        ksys_write+0x14d/0x250
[  758.494173][T11757]        do_syscall_64+0x4c/0xa0
[  758.494192][T11757]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  758.494212][T11757] 
[  758.494212][T11757] -> #3 (&of->mutex){+.+.}-{3:3}:
[  758.494241][T11757]        __mutex_lock_common+0x1eb/0x2390
[  758.500055][T11171] usb 1-1: Manufacturer: syz
[  758.504435][T11757]        mutex_lock_nested+0x17/0x20
[  758.504455][T11757]        kernfs_seq_start+0x51/0x3c0
[  758.504472][T11757]        seq_read_iter+0x3c4/0xd50
[  758.510689][T11171] usb 1-1: SerialNumber: syz
[  758.515022][T11757]        vfs_read+0x725/0xcf0
[  758.515041][T11757]        ksys_read+0x14d/0x250
[  758.582693][T11757]        do_syscall_64+0x4c/0xa0
[  758.587636][T11757]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  758.594168][T11757] 
[  758.594168][T11757] -> #2 (&p->lock){+.+.}-{3:3}:
[  758.601194][T11757]        __mutex_lock_common+0x1eb/0x2390
[  758.606905][T11757]        mutex_lock_nested+0x17/0x20
[  758.612197][T11757]        seq_read_iter+0xad/0xd50
[  758.617228][T11757]        do_iter_readv_writev+0x497/0x600
[  758.622933][T11757]        do_iter_read+0x20b/0x7c0
[  758.627950][T11757]        loop_process_work+0x18dc/0x2480
[  758.633611][T11757]        process_one_work+0x863/0x1000
[  758.639060][T11757]        worker_thread+0xaa8/0x12a0
[  758.644244][T11757]        kthread+0x436/0x520
[  758.648834][T11757]        ret_from_fork+0x1f/0x30
[  758.653757][T11757] 
[  758.653757][T11757] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}:
[  758.662878][T11757]        process_one_work+0x7bf/0x1000
[  758.668369][T11757]        worker_thread+0xaa8/0x12a0
[  758.673698][T11757]        kthread+0x436/0x520
[  758.678303][T11757]        ret_from_fork+0x1f/0x30
[  758.683242][T11757] 
[  758.683242][T11757] -> #0 ((wq_completion)loop7){+.+.}-{0:0}:
[  758.691320][T11757]        __lock_acquire+0x2c33/0x7c60
[  758.696720][T11757]        lock_acquire+0x197/0x3f0
[  758.701741][T11757]        flush_workqueue+0x142/0x1380
[  758.707111][T11757]        drain_workqueue+0xcf/0x380
[  758.712307][T11757]        destroy_workqueue+0x7b/0xb20
[  758.717673][T11757]        __loop_clr_fd+0x234/0xb90
[  758.722780][T11757]        blkdev_put+0x53f/0x7d0
[  758.727625][T11757]        blkdev_close+0x76/0xa0
[  758.732464][T11757]        __fput+0x234/0x930
[  758.736965][T11757]        task_work_run+0x125/0x1a0
[  758.742067][T11757]        do_exit+0x61e/0x20a0
[  758.746776][T11757]        do_group_exit+0x12e/0x300
[  758.751879][T11757]        get_signal+0x6ca/0x12c0
[  758.756813][T11757]        arch_do_signal_or_restart+0xc1/0x1300
[  758.762965][T11757]        exit_to_user_mode_loop+0x9e/0x130
[  758.768774][T11757]        exit_to_user_mode_prepare+0xb1/0x140
[  758.774839][T11757]        syscall_exit_to_user_mode+0x16/0x40
[  758.780815][T11757]        do_syscall_64+0x58/0xa0
[  758.785752][T11757]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  758.792191][T11757] 
[  758.792191][T11757] other info that might help us debug this:
[  758.792191][T11757] 
[  758.802411][T11757] Chain exists of:
[  758.802411][T11757]   (wq_completion)loop7 --> &disk->open_mutex --> &lo->lo_mutex
[  758.802411][T11757] 
[  758.815870][T11757]  Possible unsafe locking scenario:
[  758.815870][T11757] 
[  758.823346][T11757]        CPU0                    CPU1
[  758.828814][T11757]        ----                    ----
[  758.834169][T11757]   lock(&lo->lo_mutex);
[  758.838404][T11757]                                lock(&disk->open_mutex);
[  758.845508][T11757]                                lock(&lo->lo_mutex);
[  758.852261][T11757]   lock((wq_completion)loop7);
[  758.857107][T11757] 
[  758.857107][T11757]  *** DEADLOCK ***
[  758.857107][T11757] 
[  758.865241][T11757] 2 locks held by syz.5.2123/11757:
[  758.870432][T11757]  #0: ffff88801fe3a118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0
[  758.879740][T11757]  #1: ffff888147aa5468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[  758.888981][T11757] 
[  758.888981][T11757] stack backtrace:
[  758.895032][T11757] CPU: 1 PID: 11757 Comm: syz.5.2123 Not tainted 5.15.189-syzkaller #0
[  758.903266][T11757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
[  758.913315][T11757] Call Trace:
[  758.916590][T11757]  <TASK>
[  758.919515][T11757]  dump_stack_lvl+0x168/0x230
[  758.924191][T11757]  ? load_image+0x3b0/0x3b0
[  758.928690][T11757]  ? show_regs_print_info+0x20/0x20
[  758.933887][T11757]  ? print_circular_bug+0x12b/0x1a0
[  758.939085][T11757]  check_noncircular+0x274/0x310
[  758.944019][T11757]  ? add_chain_block+0x940/0x940
[  758.948948][T11757]  ? lockdep_lock+0xdc/0x1e0
[  758.953533][T11757]  ? mark_lock+0x94/0x320
[  758.958034][T11757]  __lock_acquire+0x2c33/0x7c60
[  758.962889][T11757]  ? verify_lock_unused+0x140/0x140
[  758.968082][T11757]  ? verify_lock_unused+0x140/0x140
[  758.973362][T11757]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  758.979339][T11757]  ? verify_lock_unused+0x140/0x140
[  758.984535][T11757]  ? verify_lock_unused+0x140/0x140
[  758.989730][T11757]  ? memset+0x1e/0x40
[  758.993894][T11757]  lock_acquire+0x197/0x3f0
[  758.998394][T11757]  ? flush_workqueue+0x126/0x1380
[  759.003415][T11757]  ? read_lock_is_recursive+0x10/0x10
[  759.008783][T11757]  ? __init_swait_queue_head+0xa5/0x150
[  759.014325][T11757]  flush_workqueue+0x142/0x1380
[  759.019169][T11757]  ? flush_workqueue+0x126/0x1380
[  759.024187][T11757]  ? __lock_acquire+0x7c60/0x7c60
[  759.029204][T11757]  ? __mutex_lock_common+0x431/0x2390
[  759.034572][T11757]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[  759.040037][T11757]  ? lockdep_hardirqs_off+0x70/0x100
[  759.045318][T11757]  ? rcu_work_rcufn+0x110/0x110
[  759.050160][T11757]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  759.055788][T11757]  ? finish_wait+0xc0/0x1d0
[  759.060288][T11757]  drain_workqueue+0xcf/0x380
[  759.064960][T11757]  destroy_workqueue+0x7b/0xb20
[  759.069804][T11757]  __loop_clr_fd+0x234/0xb90
[  759.074396][T11757]  ? lo_release+0x172/0x1f0
[  759.078890][T11757]  ? lo_open+0x100/0x100
[  759.083124][T11757]  blkdev_put+0x53f/0x7d0
[  759.087454][T11757]  blkdev_close+0x76/0xa0
[  759.091773][T11757]  ? blkdev_open+0x2c0/0x2c0
[  759.096352][T11757]  __fput+0x234/0x930
[  759.100589][T11757]  task_work_run+0x125/0x1a0
[  759.105171][T11757]  do_exit+0x61e/0x20a0
[  759.109323][T11757]  ? put_task_struct+0x80/0x80
[  759.114087][T11757]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  759.120065][T11757]  ? lock_chain_count+0x20/0x20
[  759.124907][T11757]  ? cgroup_freezing+0x264/0x310
[  759.130000][T11757]  do_group_exit+0x12e/0x300
[  759.134615][T11757]  ? lockdep_hardirqs_on+0x94/0x140
[  759.139824][T11757]  get_signal+0x6ca/0x12c0
[  759.144254][T11757]  arch_do_signal_or_restart+0xc1/0x1300
[  759.149899][T11757]  ? __sys_recvmmsg+0x280/0x280
[  759.154752][T11757]  ? get_sigframe_size+0x10/0x10
[  759.159697][T11757]  ? __x64_sys_recvmmsg+0x18d/0x240
[  759.164889][T11757]  ? exit_to_user_mode_loop+0x3b/0x130
[  759.170347][T11757]  exit_to_user_mode_loop+0x9e/0x130
[  759.176000][T11757]  exit_to_user_mode_prepare+0xb1/0x140
[  759.181543][T11757]  syscall_exit_to_user_mode+0x16/0x40
[  759.187007][T11757]  do_syscall_64+0x58/0xa0
[  759.191523][T11757]  ? clear_bhb_loop+0x30/0x80
[  759.196194][T11757]  ? clear_bhb_loop+0x30/0x80
[  759.200868][T11757]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  759.206761][T11757] RIP: 0033:0x7f091f2cfbe9
[  759.211172][T11757] Code: Unable to access opcode bytes at RIP 0x7f091f2cfbbf.
[  759.218702][T11757] RSP: 002b:00007f091d4f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  759.227201][T11757] RAX: 0000000000010106 RBX: 00007f091f4f7180 RCX: 00007f091f2cfbe9
[  759.235255][T11757] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005
[  759.243232][T11757] RBP: 00007f091f352e19 R08: 0000000000000000 R09: 0000000000000000
[  759.251284][T11757] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  759.259248][T11757] R13: 00007f091f4f7218 R14: 00007f091f4f7180 R15: 00007ffe07448f58
[  759.267217][T11757]  </TASK>
[  759.451441][T11171] usb 1-1: selecting invalid altsetting 0
[  759.461766][T11171] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  759.468130][T11171] usb 1-1: No valid video chain found.
[  759.972428][ T1109] Bluetooth: hci1: command 0x1001 tx timeout
[  759.980031][  T146] Bluetooth: hci1: sending frame failed (-49)
[  759.989037][T11786] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2127'.
[  760.000167][T11171] usb 1-1: selecting invalid altsetting 0
[  760.005964][T11171] usbtest: probe of 1-1:220.1 failed with error -22
[  760.020121][T11171] usb 1-1: USB disconnect, device number 27
[  762.010819][ T4241] Bluetooth: hci1: command 0x1009 tx timeout