last executing test programs:

13.47400758s ago: executing program 1 (id=300):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x80000)
io_setup(0x42, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, 0x0}])
sendmmsg$alg(r1, &(0x7f0000002280)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000400)="3473b585e4971ac519725987d0b33d1ef4", 0x11}], 0x1, &(0x7f0000000800)=[@op={0x18}], 0x18, 0x4001}], 0x1, 0x200000d0)

13.321726098s ago: executing program 1 (id=301):
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb81004c000800450000280000000000069078640101aa4e214e2300000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cc2000090780003"], 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "ffff01e03d64a831683fdc3fd440829c82cfc400"}, 0x3c)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFPFLAGS(r5, 0x8934, 0x0)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="1400000016004163d25a80648c2594f91724fc60", 0x14}], 0x1}, 0x0)

11.492996825s ago: executing program 3 (id=307):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040)=0x5)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0))
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x1402, 0x800, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x82}, 0xc040)
sendfile(r0, r2, &(0x7f0000000200)=0x15, 0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$NS_GET_PARENT(r4, 0xb702, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'macvtap0\x00', &(0x7f0000000240)=@ethtool_sfeatures={0x3b, 0x4, [{0x7, 0x80000001}, {0x8}, {0x80000001, 0x1}, {0x9, 0x101}]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, r6, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x1}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x400000c}, 0x4000014)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x12, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x406d, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@map_idx_val={0x18, 0xa, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x400}, @jmp={0x5, 0x0, 0x2, 0x6, 0x0, 0xffffffffffffffe0, 0x10}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000540)='syzkaller\x00', 0x3, 0x22, &(0x7f0000000580)=""/34, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x1, 0x2, 0xe}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000640)=[0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000680)=[{0x2, 0x5, 0x8, 0x9}], 0x10, 0xd8a4}, 0x94)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000440)='sched_kthread_stop\x00', r7, 0x0, 0x8}, 0x18)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0), 0x450183, 0x0)
ioctl$PPPIOCSMAXCID(r9, 0x40047451, &(0x7f0000000800)=0x54)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r8, 0x8008f512, &(0x7f0000000840))
timer_settime(0x0, 0x1, &(0x7f0000000880)={{0x77359400}, {0x77359400}}, &(0x7f00000008c0))
r10 = syz_open_dev$audion(&(0x7f0000000900), 0x4bff, 0x80100)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000940)={<r11=>0x0, 0x2, 0x20}, &(0x7f0000000980)=0xc)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r10, 0x84, 0x18, &(0x7f00000009c0)={r11, 0xfff}, 0x8)
r12 = syz_open_dev$loop(&(0x7f0000000a00), 0x4, 0x121000)
ioctl$LOOP_CONFIGURE(r12, 0x4c0a, &(0x7f0000000a40)={r3, 0x10, {0x0, 0x0, 0x0, 0x8000, 0x200, 0x0, 0x1, 0x1b, 0x14, "068379cd63c2b33747c2ec270ce0ef797994f6d4487e12f6bc5abc2785b12d0a5a71e7e7a4dacdfcb9408ec3be793836b850fdd464e5a66a6fa0de0acc83906a", "98aad8be98575c286ba88beede2454cc600d05b0e94d955dcbdd53722fa58c383e77405c4f2dd03a3f560836c7d2c2d231cfc15aec29ec4256e211b46af5e55a", "bc34ae761be6924e403cf591f2f684b63b377fb01ddac88e19333e4fa5095848", [0x10, 0xe]}})
signalfd4(r3, &(0x7f0000000b80)={[0x3]}, 0x8, 0x80800)
io_setup(0x4, &(0x7f0000000bc0)=<r13=>0x0)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r14 = openat$null(0xffffffffffffff9c, &(0x7f0000000c00), 0x10001, 0x0)
ioctl$LOOP_CONFIGURE(r14, 0x4c0a, &(0x7f0000000c40)={r12, 0xc30, {0x0, 0x0, 0x0, 0x7ff, 0x467a, 0x0, 0x9, 0xe, 0x10, "5fd27b6197649f03547adae5cf13c121176befd737e55a36688e5caf721b447f4607c2441e8b08336226bd23d61153a6bc0a8984c74105e124753d8d88a4aba3", "824b9b273bd27333092ca1291dbe25828feeb5c1a8bc648235a7381503c1715a219206e302573cb12ee3af26d1fca7ab78c735772f1349f5758efe0b0fa0f458", "3ab7fa28e61bdebd10c7adf88d46de4bdaeefdab22f1b4e8dd995ef599a09067", [0x4, 0x40]}})
io_getevents(r13, 0x3ad, 0x1, &(0x7f0000000d80)=[{}], 0x0)

11.051405418s ago: executing program 3 (id=308):
r0 = userfaultfd(0x801)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000000)=""/62, 0x3e)
r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x4000, 0x1)
getdents64(r2, 0xfffffffffffffffe, 0x0)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
userfaultfd(0x801) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
getdents64(r1, &(0x7f0000000000)=""/62, 0x3e) (async)
open$dir(&(0x7f00000000c0)='./file0\x00', 0x4000, 0x1) (async)
getdents64(r2, 0xfffffffffffffffe, 0x0) (async)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) (async)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) (async)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) (async)

10.296923886s ago: executing program 3 (id=310):
r0 = io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0x30bd, 0x2, 0x3, 0x197}) (async)
syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
futex(&(0x7f0000000300)=0x1, 0x4, 0x2, &(0x7f0000000340)={0x0, 0x989680}, &(0x7f0000000400)=0x2, 0x0) (async)
sendfile(r0, r1, &(0x7f00000002c0)=0xf1d8, 0x3d92b4a4) (async)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x1f9}, &(0x7f00000008c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r7 = socket$igmp(0x2, 0x3, 0x2) (async)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r8, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa65000000bb08004500001c000000000002057800000000e00003001100907800000000445c57062b776cab6e3c00"/66], 0x0) (async)
syz_emit_ethernet(0x180, &(0x7f00000004c0)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x3, 0x172, 0x0, 0x0, 0x95, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x4, 0x1300]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "e603901d61554b921c50c9a14dbc111f60f7bc14b7f8e3cf557804a3d30c72e7aaeabc3b8e69491d4bda071f32bbdce5"}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5}}}, {0x8, 0x6558, 0x0, "5ac551a1c2a4f31382051f0f9e96ca4d52d3b0b6e05bf905384dd507b325fda94b45a0fbc5335c9867dcb47171937eab1685cf60039b5c726fd6573c4d6906fb715340f213c62bdfd457ec67834633212a57383553b38a91e9b3153ecce7be0a03fc093b23f184f65ab717abebbefa9ae96da26d3fac8d9093c55e5146f796945155734aa5e4fa176dd80104dd3cc392851e737f42383eb070ad55a4a5130d56cb085586d0489bf591b2b310f93adc83422a43f3e004c1ac1b487ec7e141044bbcaae0206eea4e2acf4c4ae9d56082f46df7e1fb6c6560cefa2e09acb538d967e4fc19a22d75"}}}}}}, 0x0) (async)
r9 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r9, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4) (async)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x1)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r11, 0x84, 0x6b, &(0x7f0000000100)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x20)

10.025570598s ago: executing program 3 (id=312):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
syz_emit_ethernet(0x46, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x2, 0x3c, 0x38, 0x69, 0x0, 0x4, 0x6, 0x0, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x4, 0xe7, 0x3, 0x9}, @lsrr={0x83, 0x7, 0xdc, [@private=0xa010101]}, @ssrr={0x89, 0x3, 0x9a}]}}, {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x40, 0x5, 0x0, 0x5dc}}}}}}, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf5})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
r2 = syz_open_dev$video4linux(&(0x7f0000000c80), 0x7, 0xc82)
r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r3, &(0x7f00000000c0)={0x0, 0x7}, 0x2)
read(r3, &(0x7f00000001c0)=""/93, 0x5d)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f0000000000), 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000cc0)={0x0, 0x0, {0xfffff982, 0x8, 0x300f, 0x3, 0x7, 0x0, 0x2, 0x1}})
socket(0x2b, 0x80801, 0x1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)

9.998957043s ago: executing program 4 (id=313):
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005740)={&(0x7f00000056c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0xc0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x5, 0x0, 0xb49, 0x9, 0x9, 0x7, 0x3}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x0, 0xa, 0x3, 0x4e, 0x0, 0x1, 0xc, 0x3}, {0x2, 0x1000, 0xe, 0x13, 0x1, 0x8, 0x3, 0x8, 0x0, 0x46, 0x2}, {0x2, 0x5001, 0x3, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x5, 0x3}, {0x3000, 0x3000, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x3, 0x6}, {0x1, 0x8000000, 0x0, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x8092000, 0x8, 0xbd, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x6}, {0x5000, 0xdddd0000, 0xc, 0xc, 0x0, 0xf, 0x10, 0xee, 0x4, 0x0, 0x80, 0x9}, {0xdddd0000, 0x9fff, 0x10, 0x4, 0x3, 0x43, 0x0, 0xf9, 0x1, 0x2, 0x0, 0xfe}, {0x1, 0xedd8}, {0x6000, 0x17}, 0x40019, 0x0, 0xd000, 0x0, 0x100000002, 0x0, 0xdddd2000, [0x5, 0x3, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000002340)=ANY=[@ANYBLOB="0100000000000000e006"])
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @dev}, 0x18, 0x0}}], 0x6c00, 0x48)
syz_emit_ethernet(0x3e, &(0x7f0000001200)=ANY=[@ANYBLOB="aaaa289400000e06ffffffff86dd60a8192300080000fe8000000000000000eeffffff0000aafe80000000005400"], 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r7, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

9.020910637s ago: executing program 1 (id=314):
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000140)={&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f0000000040)=[{}], &(0x7f00000000c0)=[<r0=>0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x1, 0x2, 0x3})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0], 0x1, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(0xffffffffffffffff, 0xc01864ba, &(0x7f0000000280)={0xd, r0, r1, 0xb0b0b0b0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0xd, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x86be}, [@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffff8}, @exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @generic={0x29, 0x7, 0x6, 0x5, 0x5}]}, &(0x7f0000000340)='GPL\x00', 0x2, 0x78, &(0x7f0000000380)=""/120, 0xc3100, 0x1c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x2, 0xe, 0x5, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000440)=[0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0xffff}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x3ff, <r3=>0x0}, 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={r2, 0x0, 0x25, 0x11, @val=@tracing={r3, 0x3}}, 0x20)
r4 = landlock_create_ruleset(&(0x7f00000005c0)={0xc04}, 0x18, 0x2)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={<r5=>0xffffffffffffffff})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000640)={0x0, r5}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000680), 0x3a483, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000006c0)={'veth0_to_team\x00', 0x4})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000700), 0x1c203, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, &(0x7f0000000b40)={0x2, 0x0, 0xf, 0x16, 0x122, &(0x7f0000000740)="5b3ab5f4794df679896980222f993a0595a76f8b6f757957198c66d456053ea571fba0db5aa8cc93beeea0c7f39fcdaa1057bce4e70fcb6eb00a0f8eb0773b8ecf89c98df4aa31d80f6a819cf7982b7b0c90e3a48119cbdfb0e0bb1ea00a697295d659283decaa62c47e6df59fd7f45bfe2c1d32c5816e27a5a3ca44a0c8a9ee7a50a94add595a2a6c5dae7c34c0e8d6465b7ce9b8a1f2a8ace3ee9572d9d6c20a21b1d7b79ae2a06b3ba7b4a519f2d468c9022b9281c617448609fc84982a2f42fc745ed6d254630f4ad55d91d390738e5eda63066e05002315e9b50cfafe5787ff5fd6c782fd960fe067093a361bd97cd8dad74f702190830f3d80ef0fb8bf9c027cbccd9ffdf4b3f1f58fabf8bd2b9ef9f0cf1f7f1d71e7b62de0995262c386beae34f412d628deb37a8e91b30e18b80ee02bfbc7775972315cf92ec6974cdaac70b5f7892668a25af9f7dc1122ecd22faf84075f6858b67a140ffc9776fe94d4ffa4dccf17cadce15c37608b3c9de8b4f843e444375ebf4a1a0719d53c362ac827d5acddabc83b4c13bf442c4b6c8bc5461645b97ed392a2325eaba6d875424c0cb8b51d85dabaa0ece325a4b2cf15c5f7e1b13bb298dc48f2995bdf69b32ffacbac219c43e9e99e216fc19bc1793b0fadde7eae51764250c1eabb9cf9e143845b43197e23ca90791899330e1111c629b4265cdfae4785304e88a4f6bbd04e4c41a5cc8f0e6bfc574d5f94f9c65f3841ef5103b028d0220e00d5e6adbde95f83a11e10d065a935971cdae88df2ff49a129a4b7690c2529c30b5ba952a7d3938eecefac342742e2d54f2bea01329c9e9bb50f22242f53372557f10154a97d27882329d1fdd9f1c2379c43a8369d0ca6035f6e195626315642b6b23d9f31ae98889053ebb1d8f64d5f110da6e6804c8de7ac0fe5784c5bd34adbc43680bb1af555523bc077928d3e143f29f6d622e50525f18ed181fd35ba75be8ded8e1748a56eee35cd5c9e77174a3d9171503a68df4d2c912d90c3e88cb4e3c1376b893ccae55a8a38d8d8bdd3f0cdf5aba3733f3dbf6e13e40c27cfad7f0e8a7309d01b3377016cc13e801a822ce5f3a197cb249a5077d42793a652f20654d2f8be29085bad9fc6235714381bf86b92a976204b4739e6a78d16d088be1f4d29d5e7e479ffa977f027b5ff1c0690cc4592c52b24ac6e653b5fcec4aa511f563e3ba3c0cf9f1b5782ae2018e3452db402e9be7f4777175843a8ef6ec0a8ef1736960bfa23ca55385481f07e04e4d1d147664bb7e9bd78b38b1a630b4a28a95940d43d325af8fe9ca4980be1eeb5cc41b8d5596d8e4aa5d9599b29d0480752233bc16dd5b6b904cacd5de84bd91717ad1f182a2bfffd9eb1d37a04bb5dc131515666ad8665300722d96fd958ff35a07327ee83d7150111fb9f44b6ac6b60054e789c8419b5"})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000b80)={0x6, <r8=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000bc0)=r8, 0x4)
r9 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r9, &(0x7f0000000c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000c40)=0x14)
r10 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x810, 0xffffffffffffffff, 0x8000000)
r11 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x4010, 0xffffffffffffffff, 0x10000000)
r12 = syz_io_uring_setup(0x15c7, &(0x7f0000000c80)={0x0, 0x85a3, 0x4, 0x1, 0x354}, &(0x7f0000000d00), &(0x7f0000000d40))
r13 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000e80)=@IORING_OP_MSG_RING={0x28, 0x4, 0x0, r12, 0x1, &(0x7f0000000d80)="888ef19d8452fb08bdd33ff83ce6f9144ddd160751bb342c491064aaa8aa9dcd6a544cbc16d643ea7f9f2f444fbe691edb7dd849a52f9fa1582e2750c3466e7e53cf60261046eceea7a00537900d7229484bf72a2934540944d3d5ad81f6f502497293c4f64d32a04656d28fcaa2e195243eb7620b4e818ee010612b8907012c22a520911251f07fb13247ba08077130cae7c23bc672bf2cc7567077a861095da6b1558fb2480f0c335dd8ac11cff3f018b1c0c37fe49558c4a4ee9fe7a8020aec3ce521", 0xc4, 0x1, 0x1, {0x0, r13}})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000ec0)=r3, 0x4)
r14 = syz_open_dev$vivid(&(0x7f0000000f00), 0x3, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r14, 0xc0485630, &(0x7f0000000f40)={0x6185, "f88bc83a031539e87244aee7e6e61f4b3ca2daf0b124752323a54b3531f108b6", 0x3, 0x400, 0x0, 0x1000000, 0x8})
r15 = syz_open_dev$loop(&(0x7f0000000fc0), 0x2, 0x88000)
r16 = syz_open_dev$loop(&(0x7f0000001000), 0x4f4, 0x50801)
ioctl$LOOP_CONFIGURE(r15, 0x4c0a, &(0x7f0000001040)={r16, 0xffffffff, {0x0, 0x0, 0x0, 0x101, 0xfffffffffffffffd, 0x0, 0x0, 0x1c, 0x8, "958c60ed11e8fce80859a86493d11d9eea4963be4faa6b9267e3d8c483346a8c894c989eb4e3b04738cae22b82e94a50efa068af3e56c1ab3fa59cda4ca67dbc", "561b104036a020a94a77724bbef7b6cdd5b9daaa505641ef055c02799ff0d26e4b4f2ba02f3c96886eb94c93248483f10d8a53b3cefa0ea2272c26d3608160f1", "2cc0804672762138ae7d990e62a46fce26764b600128aebe8d3731d6d91f2d7c", [0xffff, 0x813]}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000001180))
sendmsg$BATADV_CMD_GET_HARDIF(r7, &(0x7f00000012c0)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x11024}, 0xc, &(0x7f0000001280)={&(0x7f0000001200)={0x48, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x101}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000800}, 0x10)

8.876952322s ago: executing program 1 (id=317):
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000c60009040002010300010009210002150122f80409058103ffee4a82b812482491879be5a4645b048000831518a711d9cb3ee745492997ec2bb01f6dbb3e7bfb32b44a6d8e394521c3baf23edcf62e1c89859a67b589dd1f94"], 0x0)
syz_usb_connect(0x3, 0x21c, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x8b, 0xa2, 0x9a, 0x40, 0x1199, 0x6891, 0x9b0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x20a, 0x2, 0x5, 0x81, 0x80, 0x4, [{{0x9, 0x4, 0x2b, 0x47, 0x8, 0xff, 0xff, 0xff, 0x10, [], [{{0x9, 0x5, 0xa, 0x10, 0x8, 0x0, 0x7, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x200}, @generic={0x30, 0xb, "857609ad672f8831ea8def721c01d002759a12dd40324fa091b9be21cdfd1c01ec17e38d9100ed1e619c8b0047fc"}]}}, {{0x9, 0x5, 0x5, 0x5, 0x400, 0x10, 0x5, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x9}]}}, {{0x9, 0x5, 0xb, 0x3, 0x10, 0x37, 0x8, 0x2, [@generic={0x79, 0x24, "68a40e763eaea00a8d604e32e62a744372b14d8b18eec38510c938a78b094c051dca3f275d5eeda231ddfb84188aa8c41ea9101586807f9bbf25e85c652099b1fadcd8220f11f6b59cc4f5a3dff844057e738a869bdd0287563077ee2f345a29024fc5fdd4e602497e8138ade5db82f1669f937888ba3d"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x1a, 0x40}]}}, {{0x9, 0x5, 0xc, 0xc, 0x20, 0x7, 0xf, 0x5}}, {{0x9, 0x5, 0x6, 0x10, 0x10, 0x1e, 0x5, 0x2}}, {{0x9, 0x5, 0xa, 0x3, 0x40, 0x57, 0x8, 0x87, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x9, 0x8}]}}, {{0x9, 0x5, 0xa, 0x4, 0x20, 0x8a, 0x0, 0x55}}, {{0x9, 0x5, 0xd, 0x2, 0x10, 0x0, 0xb, 0x1d, [@generic={0x48, 0x5, "3f67649968a5512fb5e307202682e1bcb57c3d7e90be0480ae0d89ea8b8d5acc1e477a1a7778f1da86116bb5d90bd5638544318142ec073c04f433576be67dae27ccfdb26f78"}]}}]}}, {{0x9, 0x4, 0xc8, 0x5, 0xa, 0xff, 0xff, 0xff, 0xd, [], [{{0x9, 0x5, 0x5, 0x0, 0x200, 0xfc, 0x0, 0x8c}}, {{0x9, 0x5, 0xe, 0x0, 0x8, 0xc, 0x2, 0x8}}, {{0x9, 0x5, 0x8, 0x0, 0x40, 0x7, 0x5, 0xe0}}, {{0x9, 0x5, 0x3, 0x11, 0x3ff, 0x9, 0x3, 0x7}}, {{0x9, 0x5, 0x80, 0x2, 0x400, 0x3, 0x5, 0x19}}, {{0x9, 0x5, 0x2, 0x3, 0x400, 0x4, 0x10, 0x5, [@generic={0x6, 0xc, '::Y|'}, @generic={0x2a, 0x23, "f7b84682bfaf0354c3804ecc8ef504d5726b87acbf1e3d59081d4b4ab622492570b4644db24c784b"}]}}, {{0x9, 0x5, 0xa, 0x4, 0x30, 0x7, 0x80, 0xd0}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x8, 0x7d, 0x8, [@generic={0x2, 0x4}]}}, {{0x9, 0x5, 0xb, 0x2, 0x10, 0x7f, 0x4, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7}]}}, {{0x9, 0x5, 0xd, 0x1, 0x3ff, 0xe, 0x40, 0x16, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x17, 0x1000}]}}]}}]}}]}}, &(0x7f0000000100)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x4d, 0x8, 0x7f, 0x8, 0xd}, 0x32, &(0x7f0000000080)={0x5, 0xf, 0x32, 0x5, [@ssp_cap={0xc, 0x10, 0xa, 0x3, 0x0, 0x4, 0xf00, 0x80}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x3d, 0x7, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0xc, 0x8}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0x4, 0x2}]}, 0x1, [{0x12, &(0x7f0000000200)=ANY=[@ANYBLOB="12039f67fc43c9f907ccad0e096ea6cd231c58c780c44c7a6136c3bc0a1401000000000000004f2dca9586a6467dd488"]}]})
syz_usb_connect$uac1(0x0, 0xca, &(0x7f0000000380)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb8, 0x3, 0x1, 0x0, 0x90, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x8}, [@selector_unit={0xa, 0x24, 0x5, 0x2, 0x0, "5bb0ef8d96"}, @processing_unit={0x7, 0x24, 0x7, 0x1, 0x2, 0x1}, @feature_unit={0x13, 0x24, 0x6, 0x3, 0x5, 0x6, [0x8, 0x3, 0x5, 0x3, 0x8, 0x2], 0x8}, @mixer_unit={0xa, 0x24, 0x4, 0x1, 0x1, "a242245428"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9, 0x8, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x2, 0x0, 0x1, {0x7, 0x25, 0x1, 0xc0, 0xc, 0x101}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x5, 0x3, 0x3, 0x8, "d8", "67d8c5"}, @as_header={0x7, 0x24, 0x1, 0x8e, 0xc, 0x1002}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x1, 0x1, 0xf, "1c"}, @as_header={0x7, 0x24, 0x1, 0xf, 0x1}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x9, 0xe, 0xe, {0x7, 0x25, 0x1, 0x0, 0x6, 0x7}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x9a, 0x17, 0x5, 0xff, 0x1}, 0x2b, &(0x7f00000000c0)={0x5, 0xf, 0x2b, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "a2e10e3731b0760737acb26725a09029"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x44, 0x0, 0x6, 0xf491, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x8, 0x6, 0xfffc}]}, 0x3, [{0x99, &(0x7f0000000480)=@string={0x99, 0x3, "ff0a98e8537824e6e89666d7dfa25fd94348293afc02fc06822ccac1429b49a47ca244b46dc7c6cce7e6c75f540caa28b245538e9045f9a0e8ec38c63e00cb818d6c92ab608fea4e5d4bfe1e791c85ab16a158daff508c3fc6d169ce2dc03cb309a9be93f028b16f26a8663705c94971e74b3e76f1d075482725377708c146c84890f88dfe21c0194a76f774561cbad1aab74ab3d82743"}}, {0xa, &(0x7f0000000180)=@string={0xa, 0x3, "cce1cfb0ad2704ec"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2809}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

8.842705071s ago: executing program 4 (id=318):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfffffffe, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xc6}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xa)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x34, r4, 0x333, 0x0, 0x0, {0x1c}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}]}, 0x34}}, 0x200080c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r5)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000005c0)={0x20, r6, 0x0, 0x70bd68, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3a}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x4881)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000280), 0x4)

7.685563306s ago: executing program 4 (id=320):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100005207000000418681a2a0010203010902240001000000000904000002ffefdc0009050800000000000009050700000000000099304a896c55ffbea0347ca6cc463738ea4b2704295fa4c127ced0886f4ba27b1699310b97d9e57e72063efdf741df42b85b5c3a0a7736a2f10fc148360000ef9c861fd7dcc652670fe6f7dfb81b41cf02cf0be0f392b22c1f12ad1584628afb6a19f6bfda69e4ecf07cb84ca9cb2e465d3f81b588b14e9fe9075e835d7c62eeed15e273f9fd32c6678ca5923b688531023255e966245d28e043b95a69a507922b91e7043cb837c477bf19b49032e5478de35e9976ac0b127cbaf25a4a064cac76d6b5e1c1cc76dfad3a69ad610aa0341c22fc25cf8bd750dfb53febc76436b14df47aef726a9f1e6bb53a7c1830f931ca07db6b7621c85013f234fd"], 0x0)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0)

5.844297086s ago: executing program 1 (id=331):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x80000003, 0x12b400)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f00000001c0)={0x0, 0x0, 0x100f, 0x4, 0x2, 0x0, 0x0, 0x1})
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000040)=0x2)

4.654178457s ago: executing program 4 (id=334):
r0 = socket(0x10, 0x80002, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000000)={0x0, @multicast1, @private}, &(0x7f0000000040)=0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x24000000)
r3 = userfaultfd(0x80001)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x22000, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f00000001c0)=0xffffffa4)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
socket$alg(0x26, 0x5, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_io_uring_setup(0x1881, 0x0, &(0x7f0000000580), &(0x7f0000000900))
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x353, 0x78, 0x300, 0x0, 0xa, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x1, 0x1, 0x4, 0x9f6, 0x3, 0x1ff, 0x803d, 0x1, 0x7, 0x5f, 0x202, 0x1, 0xc})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
r10 = syz_open_dev$sg(&(0x7f0000000100), 0xf9ba, 0x28540)
ioctl$SCSI_IOCTL_SEND_COMMAND(r10, 0x1, &(0x7f00000002c0)={0x0, 0x401, 0x3e})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r6, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r7, 0x3516, 0x67f, 0x64, 0x0, 0x0)

3.862335945s ago: executing program 3 (id=335):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = userfaultfd(0x1)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x40000002})
epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0xffffffef, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x18, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000100000069"], 0x0, 0x0, 0x0, 0x0})

3.737995835s ago: executing program 4 (id=336):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$nl_generic(0x10, 0x3, 0x10)
map_shadow_stack(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) (async)
ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
keyctl$setperm(0x5, 0x0, 0x52b242d) (async)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f036e04000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) (async)
r7 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r7, 0xc018480b, &(0x7f0000000980)={0x1, 0xffffffff, 0x8001, 0x5, 0x1, 0x5})

3.52823364s ago: executing program 2 (id=338):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a01040000000000000000020000003c000480380001800b00010064796e73657400002800028008000940000000a7080004400000000008000340000000000900010073797a30000000000900010073797a30000000000900020073797a32"], 0x90}}, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r7, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50000008200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856"], &(0x7f0000000280)='GPL\x00'}, 0x94)
r9 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000000)=r8, 0x4)
socket$kcm(0x2, 0x1000000000000002, 0x0)
unshare(0x42000000)

3.169870871s ago: executing program 2 (id=339):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000002007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800eaffc30000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x94)

3.162184126s ago: executing program 2 (id=340):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc})
r1 = epoll_create1(0x0)
migrate_pages(0x0, 0x9, 0x0, &(0x7f0000000380)=0x102)
fcntl$dupfd(r1, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000200)={0x44, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x1, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x4}]}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[], 0x8c}}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x100000008, 0x0)
r7 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
bind$tipc(r7, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000300)=<r9=>0x0, &(0x7f00000004c0)=<r10=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r11, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r11, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})

3.070864531s ago: executing program 4 (id=341):
r0 = syz_io_uring_setup(0x49f, &(0x7f0000000280)={0x0, 0xf19e, 0x10001, 0x200002, 0xc0024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) (async)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000000340)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})
umount2(&(0x7f0000000300)='./file0\x00', 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000cc0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x4, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x8, 0xa, 0x40, 0x70, 0x87, 0x0, 0xee01}, {}, {0x0, 0x3, 0x0, 0x800000}, 0x4, 0x6e6bb8}}, 0xb8}}, 0x8044)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xc4, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@broadcast, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x90, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x401}, 0x0, 0x0, 0x0, 0x1, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
r5 = eventfd2(0xff, 0x80001)
r6 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x301, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xf}}}, 0x74}, 0x1, 0x0, 0x0, 0x44090}, 0x40000)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001e00210000000000000000000a00000005000000000000be69"], 0x20}}, 0x0) (async)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001e00210000000000000000000a00000005000000000000be69"], 0x20}}, 0x0)
r8 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r8, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="001410"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="001410"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000a80)={0x44, &(0x7f0000000800)={0x20, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000300)=r5, 0x1)
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) (async)
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)

2.765810691s ago: executing program 1 (id=342):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00979ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x0, 0x19, 0x7, {0x7, 0xe, "fe52d83db7"}}, 0x0}, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x0, 0xf, 0x6, "aed2e1a3120f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000640)={0x40, 0xd, 0x3, "9de1cd"}, 0x0, 0x0, 0x0, 0x0})
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x28, 0x0, 0x2, 0x983a}, {0x20, 0x0, 0xaf, 0xfffff024}, {0x6}]}, 0x10)
write$cgroup_subtree(r7, &(0x7f0000000240)=ANY=[], 0xfe33)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x100}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)

2.5979557s ago: executing program 0 (id=343):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e)
ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x6, &(0x7f00000000c0)=[{0x1, 0x5, 0xa, 0x3}, {0x80, 0x4, 0x21}, {0xf0, 0xc1, 0x3, 0x3}, {0x6, 0x8, 0xc, 0x9}, {0x1, 0x6, 0x1, 0xb7c}, {0x0, 0x5, 0x2, 0x3}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000001c0)={0x0, <r3=>0x0})
sched_setattr(r3, &(0x7f0000000040)={0x38, 0x6, 0x20, 0x3, 0xc, 0x6, 0x40, 0x10001, 0x3, 0x3}, 0x0)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x3, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)

2.518598047s ago: executing program 0 (id=344):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_io_uring_setup(0x497, &(0x7f0000002c80)={0x0, 0xe3d3, 0x8, 0x800005, 0x1f0}, &(0x7f0000000440)=<r4=>0x0, &(0x7f0000002d00)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r6, 0x107, 0x7, 0x0, &(0x7f0000000040))
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002e40)="f8f5db", 0x3}], 0x1}, 0x0, 0x24000890, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'crct10dif-arm64-neon\x00'}}, 0x0, 0x0)
keyctl$describe(0x6, r7, 0x0, 0x0)

2.229881081s ago: executing program 2 (id=345):
r0 = syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000400)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0xd, @capture={0x0, 0x0, {0xffff, 0x9}, 0xfffffff9, 0xf1}})
bind$pptp(0xffffffffffffffff, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000002d00010026bd7000fcdbdf2504"], 0x2c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20008010)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000600), 0x40800, 0x0)
syz_clone3(&(0x7f0000002800)={0x201800000, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0x0], 0x1, {r5}}, 0x58)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000006c0)={r1, 0x8, {0x0, 0x0, 0x0, 0x1, 0x84c9, 0x0, 0x12, 0x1b, 0x369a4505f68cf8ed, "4ef4a52a6e965c00ad8c6cc953665646ae2be3613390f0b0cf2e2dc85398febdba3c9d812d60f80cf59ddf5fafff8c43dc8871e92059b544cafcbcb4d752e98f", "b27d9eab9a9a3d9045d74f271409755dc3de7185401ba6f0ed8f25fc53ddced65e172d694e330f638eb8c6bdfdd4c89c877d846c136de98ef5b1fcd62600e7c3", "6c8beb80ac76b7f75f097b8a095483a40b35ea38dd172a5e814d14b12ba47aaa", [0x1, 0x7]}})
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r9=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r7, 0x84, 0x73, &(0x7f0000000100)={r9, 0x81, 0x30, 0xfffffffffffff10c, 0x100}, &(0x7f0000000180)=0x18)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000340)={r9, @in={{0x2, 0x4e24, @local}}, 0x0, 0x9, 0x8, 0x5, 0x6e, 0x10001, 0x7}, 0x9c)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x4, 0x10a00)

1.492891043s ago: executing program 0 (id=346):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000feffffff000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000008b7030000000000008500000008000000bf09000000000000a5090100ffffff80bf00200000000018ad980000000000005e080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)

1.409957695s ago: executing program 0 (id=347):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010020000000208f0e12000000000000010902240001000000000904000001030000000921000000412269000000000000000000009c53ac31afad101680b509ff7a1e6ac309ebec7f1a489e818c7d7a2be54a0c56b72ae0a7325ea098f08dc818d4018249287d78b29749e114d5374b2f87bdef824b0501bd874fc0dd2b260a5dd54b0a8fa16647d1c87848ba6331ab54e3eb9c453c2cd0a2dc7799ee1642d255ca7642735967bf7a3783b73ca4e6fa7e48fcac4af96a07955192a4ab7170ab91"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000100)={0x0, 0x23, 0xa, {0xa, 0x21, "e60a36c324a26992"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.306165394s ago: executing program 2 (id=348):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc931e000)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_DEV_DESTROY(r0, 0x5502)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)

1.089691869s ago: executing program 3 (id=349):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfffffffe, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xc6}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xa)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x34, r4, 0x333, 0x0, 0x0, {0x1c}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}]}, 0x34}}, 0x200080c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r5)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000005c0)={0x20, r6, 0x0, 0x70bd68, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x3a}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x4881)
epoll_create(0x1)

1.052524828s ago: executing program 2 (id=350):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r0=>0x0)
pipe2$9p(&(0x7f00000000c0), 0x4000)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usb_connect$uac1(0x4, 0x0, 0x0, &(0x7f0000000a80)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x7, 0xda, 0x0, 0xff, 0xc}, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

293.993574ms ago: executing program 0 (id=351):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000004007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800eaffc30000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x94)

0s ago: executing program 0 (id=352):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCMIWAIT(r0, 0x545c, 0x0)
unshare(0x2040400)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = getpgrp(0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
setns(r4, 0x14020000)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000100)={0x8, "c5bfc939792343b5c1c56366f1d35b2fb02785c91949c58579f673fd3fa8cf72"})
r7 = epoll_create(0x4)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
ftruncate(r8, 0x100000001)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r1, &(0x7f0000000000))
write$binfmt_script(r5, 0x0, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000040)={0x1, @pix={0x3, 0x5, 0x47425247, 0x1, 0x0, 0x0, 0x3, 0x7, 0x1, 0x1, 0x2}})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r10 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000005b40), 0x1, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r5, 0x941c, 0x0)
write$binfmt_register(r10, &(0x7f0000005b80)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x10000, 0x3a, '%', 0x3a, '', 0x3a, './file0'}, 0x28)

kernel console output (not intermixed with test programs):

873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.820105][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.860671][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.867799][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.893940][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.921557][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.953089][ T5872] hsr_slave_0: entered promiscuous mode
[   73.959625][ T5872] hsr_slave_1: entered promiscuous mode
[   73.967686][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.978310][ T5876] team0: Port device team_slave_0 added
[   73.986142][ T5876] team0: Port device team_slave_1 added
[   74.000914][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.008250][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.016134][ T5878] bridge_slave_0: entered allmulticast mode
[   74.022889][ T5878] bridge_slave_0: entered promiscuous mode
[   74.032730][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.039958][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.048682][ T5878] bridge_slave_1: entered allmulticast mode
[   74.055579][ T5878] bridge_slave_1: entered promiscuous mode
[   74.099713][ T5875] team0: Port device team_slave_0 added
[   74.107330][ T5875] team0: Port device team_slave_1 added
[   74.113496][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.120644][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.146782][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.186889][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.194362][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.220315][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.234504][ T5873] hsr_slave_0: entered promiscuous mode
[   74.240643][ T5873] hsr_slave_1: entered promiscuous mode
[   74.247245][ T5873] debugfs: 'hsr0' already exists in 'hsr'
[   74.253018][ T5873] Cannot create hsr debugfs directory
[   74.265362][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.277061][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.296824][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.303802][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.330049][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.366185][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.373172][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.399974][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.460324][ T5878] team0: Port device team_slave_0 added
[   74.467689][ T5878] team0: Port device team_slave_1 added
[   74.494986][ T5861] Bluetooth: hci0: command tx timeout
[   74.500835][ T5876] hsr_slave_0: entered promiscuous mode
[   74.507288][ T5876] hsr_slave_1: entered promiscuous mode
[   74.513178][ T5876] debugfs: 'hsr0' already exists in 'hsr'
[   74.519081][ T5876] Cannot create hsr debugfs directory
[   74.534829][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.541917][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.567922][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.578526][ T5861] Bluetooth: hci4: command tx timeout
[   74.588641][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.595764][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.621872][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.654184][ T5861] Bluetooth: hci2: command tx timeout
[   74.654204][ T5860] Bluetooth: hci3: command tx timeout
[   74.654232][ T5860] Bluetooth: hci1: command tx timeout
[   74.678074][ T5875] hsr_slave_0: entered promiscuous mode
[   74.684479][ T5875] hsr_slave_1: entered promiscuous mode
[   74.690444][ T5875] debugfs: 'hsr0' already exists in 'hsr'
[   74.696261][ T5875] Cannot create hsr debugfs directory
[   74.770819][ T5878] hsr_slave_0: entered promiscuous mode
[   74.777173][ T5878] hsr_slave_1: entered promiscuous mode
[   74.783111][ T5878] debugfs: 'hsr0' already exists in 'hsr'
[   74.789366][ T5878] Cannot create hsr debugfs directory
[   74.939031][ T5872] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   74.959155][ T5872] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   74.988192][ T5872] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.010533][ T5872] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   75.060571][ T5873] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.074957][ T5873] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.089507][ T5873] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.099029][ T5873] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.135348][ T5876] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   75.156952][ T5876] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   75.176637][ T5876] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   75.186684][ T5876] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   75.233568][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.243595][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.253584][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.281852][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.326559][ T5878] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.353129][ T5878] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.362963][ T5878] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.372752][ T5878] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.401301][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.423852][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.440713][ T5872] 8021q: adding VLAN 0 to HW filter on device team0
[   75.471383][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.478523][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.489678][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.496790][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.513421][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[   75.549491][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.556652][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.565968][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.573104][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.593924][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.649808][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.666736][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[   75.692113][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   75.712976][ T5873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.730791][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.737905][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.755742][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.762885][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.772086][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.779234][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.793566][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.807971][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.815120][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.862513][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.893698][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[   75.906576][ T5872] veth0_vlan: entered promiscuous mode
[   75.914858][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.927325][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.934478][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.964780][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.971917][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.990828][ T5872] veth1_vlan: entered promiscuous mode
[   76.056721][ T5873] veth0_vlan: entered promiscuous mode
[   76.082341][ T5872] veth0_macvtap: entered promiscuous mode
[   76.101235][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.110356][ T5873] veth1_vlan: entered promiscuous mode
[   76.125733][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.134029][ T5872] veth1_macvtap: entered promiscuous mode
[   76.152895][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.189260][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.215200][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.224786][ T5876] veth0_vlan: entered promiscuous mode
[   76.233685][ T5873] veth0_macvtap: entered promiscuous mode
[   76.246116][ T5873] veth1_macvtap: entered promiscuous mode
[   76.261094][   T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.270155][   T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.281298][ T5876] veth1_vlan: entered promiscuous mode
[   76.299708][  T153] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.309171][  T153] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.329003][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.341425][ T5875] veth0_vlan: entered promiscuous mode
[   76.360594][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.371507][  T153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.388165][ T5878] veth0_vlan: entered promiscuous mode
[   76.399611][ T5878] veth1_vlan: entered promiscuous mode
[   76.406544][  T153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.416312][  T153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.428827][ T5875] veth1_vlan: entered promiscuous mode
[   76.450753][  T153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.486567][ T5876] veth0_macvtap: entered promiscuous mode
[   76.505896][  T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.515095][  T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.529181][ T5876] veth1_macvtap: entered promiscuous mode
[   76.539993][ T5875] veth0_macvtap: entered promiscuous mode
[   76.564793][ T5875] veth1_macvtap: entered promiscuous mode
[   76.576069][ T5860] Bluetooth: hci0: command tx timeout
[   76.582372][ T5878] veth0_macvtap: entered promiscuous mode
[   76.590472][ T4621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.603728][ T5878] veth1_macvtap: entered promiscuous mode
[   76.610601][ T4621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.628636][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.637276][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.645353][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.655425][ T5860] Bluetooth: hci4: command tx timeout
[   76.673900][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.687461][ T5872] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.689292][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.717654][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.735537][ T5860] Bluetooth: hci1: command tx timeout
[   76.737223][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[   76.740989][ T5860] Bluetooth: hci2: command tx timeout
[   76.747765][ T5861] Bluetooth: hci3: command tx timeout
[   76.766889][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[   76.777996][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.816636][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.828222][   T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.843894][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.853300][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.866438][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.879046][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.887894][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.903718][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.935323][ T4621] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.977628][ T4621] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.990923][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.000830][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.010706][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.025262][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.060259][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.075363][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.097493][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.127301][  T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.141478][  T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.149857][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.164140][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   77.166013][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.196513][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.208979][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.267403][ T4621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.279173][ T4621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.328810][   T10] usb 4-1: Using ep0 maxpacket: 16
[   77.355963][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.363831][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.372659][   T10] usb 4-1: config 1 interface 0 has no altsetting 0
[   77.388412][   T10] usb 4-1: New USB device found, idVendor=056a, idProduct=00d3, bcdDevice= 0.40
[   77.418267][ T5963] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2'.
[   77.433358][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.465931][   T10] usb 4-1: Product: syz
[   77.470159][   T10] usb 4-1: Manufacturer: ⠔�졻퉟㯾걵嗼᯦ߌ翯䧓掗ᦪ铰멸↹현州ᓨ�硲뷖榾�ছ镊೫찷킛쵯걣∗ᕑ�ᕾࠩў��邟�驂╞詣
[   77.525936][   T10] usb 4-1: SerialNumber: syz
[   77.562541][ T5972] binder: BINDER_SET_CONTEXT_MGR already set
[   77.569427][ T5972] binder: 5968:5972 ioctl 4018620d 2000000000c0 returned -16
[   77.613139][ T5972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7'.
[   77.624231][ T5942] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   77.638752][ T5974] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7'.
[   77.748695][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   77.896861][ T5977] Zero length message leads to an empty skb
[   77.966939][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.980003][ T5942] usb 5-1: config 0 has an invalid interface number: 239 but max is 0
[   77.989110][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.057533][ T5942] usb 5-1: config 0 has no interface number 0
[   78.064389][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.073718][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.090407][ T5942] usb 5-1: config 0 interface 239 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[   78.102840][ T5987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'.
[   78.113499][ T5987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'.
[   78.135607][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.144412][ T5942] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[   78.154758][ T5942] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[   78.178947][ T5942] usb 5-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=60.d9
[   78.220282][   T30] audit: type=1326 audit(1755555936.007:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.270928][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.329410][ T5867] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   78.337387][ T5942] usb 5-1: Product: syz
[   78.339832][ T5991] process 'syz.0.10' launched './file2' with NULL argv: empty string added
[   78.359091][ T5942] usb 5-1: Manufacturer: syz
[   78.375928][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.387346][ T5942] usb 5-1: SerialNumber: syz
[   78.394838][   T30] audit: type=1326 audit(1755555936.037:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.438503][ T5942] usb 5-1: config 0 descriptor??
[   78.444246][ T5964] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   78.453127][   T30] audit: type=1326 audit(1755555936.037:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.484528][   T30] audit: type=1326 audit(1755555936.037:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.508002][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   78.514801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   78.516902][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   78.575996][   T30] audit: type=1326 audit(1755555936.037:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.629117][ T5867] usb 3-1: config index 0 descriptor too short (expected 48905, got 36)
[   78.647977][ T5867] usb 3-1: config 54 has too many interfaces: 140, using maximum allowed: 32
[   78.675109][ T5861] Bluetooth: hci0: command tx timeout
[   78.677168][   T30] audit: type=1326 audit(1755555936.037:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.710026][ T5867] usb 3-1: config 54 has an invalid descriptor of length 74, skipping remainder of the config
[   78.724172][ T5867] usb 3-1: config 54 has 0 interfaces, different from the descriptor's value: 140
[   78.724225][ T5952] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   78.733662][ T5867] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   78.751575][ T5861] Bluetooth: hci4: command tx timeout
[   78.757372][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.772659][   T30] audit: type=1326 audit(1755555936.037:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.795336][   T30] audit: type=1326 audit(1755555936.037:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.821344][ T5942] usb 5-1: probing VID:PID(2201:012C)   
[   78.828330][ T5861] Bluetooth: hci3: command tx timeout
[   78.828376][ T5865] Bluetooth: hci2: command tx timeout
[   78.833839][ T5861] Bluetooth: hci1: command tx timeout
[   78.848024][ T5942] usb 5-1: vub300 testing BULK OUT EndPoint(0) 02
[   78.854675][   T30] audit: type=1326 audit(1755555936.037:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.914815][   T30] audit: type=1326 audit(1755555936.037:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1a98ebe9 code=0x7ffc0000
[   78.924636][ T5942] usb 5-1: vub300 testing BULK IN EndPoint(1) 82
[   78.984869][ T5995] syz.1.11 uses obsolete (PF_INET,SOCK_PACKET)
[   79.024707][ T5952] usb 1-1: Using ep0 maxpacket: 16
[   79.032869][ T5952] usb 1-1: config index 0 descriptor too short (expected 14385, got 36)
[   79.049456][ T5942] usb 5-1: Could not find two sets of bulk-in/out endpoint pairs
[   79.062643][ T5952] usb 1-1: config 52 has too many interfaces: 52, using maximum allowed: 32
[   79.100627][ T5942] vub300 5-1:0.239: probe with driver vub300 failed with error -22
[   79.103341][ T5952] usb 1-1: config 52 has an invalid descriptor of length 52, skipping remainder of the config
[   79.195278][ T5952] usb 1-1: config 52 has 0 interfaces, different from the descriptor's value: 52
[   79.208462][ T5952] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[   79.234461][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.234760][ T5942] usb 5-1: USB disconnect, device number 2
[   79.249292][ T5952] usb 1-1: Product: syz
[   79.305146][ T5952] usb 1-1: Manufacturer: syz
[   79.331189][ T5952] usb 1-1: SerialNumber: syz
[   79.347584][ T6000] netlink: 'syz.1.12': attribute type 1 has an invalid length.
[   79.483588][ T6000] bond1: entered promiscuous mode
[   79.492085][ T6000] 8021q: adding VLAN 0 to HW filter on device bond1
[   79.575780][ T5952] usb 1-1: USB disconnect, device number 2
[   79.833803][   T10] usbhid 4-1:1.0: can't add hid device: -71
[   79.840310][   T10] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[   79.867153][   T10] usb 4-1: USB disconnect, device number 2
[   79.889139][ T6013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.936738][ T6013] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.172912][ T6021] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   80.244304][   T10] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   80.394199][ T5942] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   80.425607][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   80.446238][   T10] usb 4-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[   80.456278][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.474805][   T10] usb 4-1: config 0 descriptor??
[   80.565741][ T5942] usb 2-1: Using ep0 maxpacket: 8
[   80.597775][ T5942] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[   80.644242][ T5867] usb 3-1: string descriptor 0 read error: -71
[   80.644593][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   80.704270][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.714446][ T5867] usb 3-1: USB disconnect, device number 2
[   80.734437][ T5861] Bluetooth: hci0: command tx timeout
[   80.755266][ T5942] usb 2-1: Product: syz
[   80.759523][ T5942] usb 2-1: Manufacturer: syz
[   80.764624][ T5942] usb 2-1: SerialNumber: syz
[   80.775146][ T6030] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15'.
[   80.818999][ T5861] Bluetooth: hci4: command tx timeout
[   80.830847][    T9] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[   80.856641][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.878710][    T9] usb 1-1: Product: syz
[   80.878730][    T9] usb 1-1: Manufacturer: syz
[   80.878742][    T9] usb 1-1: SerialNumber: syz
[   80.886628][    T9] usb 1-1: config 0 descriptor??
[   80.892492][    T9] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 003
[   80.895282][ T5860] Bluetooth: hci3: command tx timeout
[   80.895981][ T5861] Bluetooth: hci2: command tx timeout
[   80.904166][ T5861] Bluetooth: hci1: command tx timeout
[   81.048254][ T6017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.048521][ T6017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.179511][ T6035] netlink: 'syz.2.20': attribute type 21 has an invalid length.
[   81.256085][ T6017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.264902][ T6017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.276814][ T6017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.290475][ T6017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.302253][ T6017] binder_alloc: 6016: binder_alloc_buf, no vma
[   81.565227][ T5942] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[   81.576091][ T5942] mxuport 2-1:254.0: probe with driver mxuport failed with error -5
[   81.600219][ T5942] usb 2-1: USB disconnect, device number 2
[   81.929753][ T6045] netdevsim netdevsim2: Direct firmware load for .
[   81.929753][ T6045]  failed with error -2
[   81.942091][ T6045] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[   81.942091][ T6045] 
[   81.944991][ T5951] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   82.104621][ T5951] usb 5-1: Using ep0 maxpacket: 32
[   82.120847][ T5951] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[   82.129778][ T5951] usb 5-1: config 0 has no interface number 0
[   82.140887][ T5951] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[   82.161585][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.171283][ T5951] usb 5-1: Product: syz
[   82.176448][ T5951] usb 5-1: Manufacturer: syz
[   82.181230][ T5951] usb 5-1: SerialNumber: syz
[   82.192035][ T5951] usb 5-1: config 0 descriptor??
[   82.201428][ T5951] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[   82.212199][ T5951] usb 5-1: selecting invalid altsetting 1
[   82.219630][ T5951] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[   82.229365][ T5951] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   82.246434][ T5951] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[   82.257969][ T5951] usb 5-1: media controller created
[   82.284240][ T5951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   82.410823][ T5951] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[   82.423168][ T5951] zl10353_read_register: readreg error (reg=127, ret==-71)
[   82.443892][ T5951] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[   82.493251][ T5951] usb 5-1: USB disconnect, device number 3
[   82.535894][ T6061] pim6reg: entered allmulticast mode
[   82.650449][ T6064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29'.
[   82.872919][   T10] usbhid 4-1:0.0: can't add hid device: -71
[   82.880939][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[   82.896809][   T10] usb 4-1: USB disconnect, device number 3
[   83.176342][ T6079] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.229588][ T6079] netlink: 20 bytes leftover after parsing attributes in process `syz.2.31'.
[   83.279640][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31'.
[   83.373005][    T9] i2c i2c-1: failure reading functionality
[   83.398466][    T9] i2c i2c-1: connected i2c-tiny-usb device
[   83.432779][    T9] usb 1-1: USB disconnect, device number 3
[   83.588325][ T6095] netlink: 'syz.4.37': attribute type 1 has an invalid length.
[   84.074266][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   84.144365][ T5951] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   84.235829][   T10] usb 1-1: config 1 has an invalid interface number: 116 but max is 0
[   84.244259][   T10] usb 1-1: config 1 has no interface number 0
[   84.259284][   T10] usb 1-1: config 1 interface 116 has no altsetting 0
[   84.278800][   T10] usb 1-1: New USB device found, idVendor=0499, idProduct=101c, bcdDevice=52.c1
[   84.293891][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.303264][   T10] usb 1-1: Product: syz
[   84.308382][   T10] usb 1-1: Manufacturer: syz
[   84.313238][   T10] usb 1-1: SerialNumber: syz
[   84.321936][ T5951] usb 4-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config
[   84.341089][ T5951] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   84.355089][ T5951] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[   84.366357][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.378843][ T5951] usb 4-1: Product: syz
[   84.383076][ T5951] usb 4-1: Manufacturer: syz
[   84.388315][ T5951] usb 4-1: SerialNumber: syz
[   84.424732][ T5951] usb 4-1: config 0 descriptor??
[   84.541319][   T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   84.574282][   T10] usb 1-1: USB disconnect, device number 4
[   84.658161][ T6008] udevd[6008]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.116/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   84.669532][    T9] usb 4-1: USB disconnect, device number 4
[   84.734406][ T5942] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   84.854367][ T5951] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   84.916563][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.928916][ T5942] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[   84.938830][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.956284][ T5942] usb 3-1: config 0 descriptor??
[   85.014417][ T5951] usb 5-1: Using ep0 maxpacket: 32
[   85.023270][ T5951] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[   85.038140][ T5951] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   85.066223][ T5951] usb 5-1: config 0 has no interface number 0
[   85.163776][ T5951] usb 5-1: config 0 interface 8 altsetting 248 endpoint 0xD has invalid maxpacket 1024, setting to 64
[   85.183857][ T5951] usb 5-1: config 0 interface 8 altsetting 248 has 3 endpoint descriptors, different from the interface descriptor's value: 10
[   85.214236][ T5951] usb 5-1: config 0 interface 8 has no altsetting 0
[   85.233482][ T6128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.43'.
[   85.428540][ T5951] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[   85.447316][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.534750][ T5951] usb 5-1: Product: syz
[   85.588520][ T5951] usb 5-1: Manufacturer: syz
[   85.612754][ T5951] usb 5-1: SerialNumber: syz
[   85.769272][ T5951] usb 5-1: config 0 descriptor??
[   85.991206][   T30] kauditd_printk_skb: 59 callbacks suppressed
[   85.991244][   T30] audit: type=1326 audit(1755555943.777:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6121 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[   86.448806][ T5951] ath6kl: Failed to submit usb control message: -71
[   86.457232][ T5951] ath6kl: unable to send the bmi data to the device: -71
[   86.469460][ T5951] ath6kl: Unable to send get target info: -71
[   86.484515][ T5951] ath6kl: Failed to init ath6kl core: -71
[   86.515055][ T5951] ath6kl_usb 5-1:0.8: probe with driver ath6kl_usb failed with error -71
[   86.581430][ T5951] usb 5-1: USB disconnect, device number 4
[   86.754819][ T6152] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.51'.
[   86.861739][ T6152] mmap: syz.4.51 (6152) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   87.138444][   T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   87.297756][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[   87.306137][   T10] usb 2-1: config 0 has no interface number 0
[   87.312507][   T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   87.330263][   T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.358791][   T10] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[   87.399032][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.429461][   T10] usb 2-1: config 0 descriptor??
[   87.454533][ T5951] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   87.491749][ T5942] usbhid 3-1:0.0: can't add hid device: -71
[   87.497925][ T5942] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   87.601990][ T5942] usb 3-1: USB disconnect, device number 3
[   87.642702][ T6154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.652846][ T6154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.680866][ T5951] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   87.692542][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.700706][    T9] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   87.718267][ T5951] usb 4-1: Product: syz
[   87.725506][ T5951] usb 4-1: Manufacturer: syz
[   87.730189][ T5951] usb 4-1: SerialNumber: syz
[   87.747890][ T5951] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   87.767660][ T5952] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   87.866998][    T9] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[   87.875565][    T9] usb 1-1: config 8 has an invalid descriptor of length 116, skipping remainder of the config
[   87.888736][    T9] usb 1-1: config 8 has no interface number 0
[   87.920061][    T9] usb 1-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   87.922058][   T10] prodikeys 0003:041E:2801.0001: item fetching failed at offset 3/7
[   87.945347][    T9] usb 1-1: config 8 interface 177 has no altsetting 0
[   87.966738][    T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[   87.976632][   T10] prodikeys 0003:041E:2801.0001: hid parse failed
[   87.990109][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.998473][   T10] prodikeys 0003:041E:2801.0001: probe with driver prodikeys failed with error -22
[   88.146842][ T6154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.155756][ T6154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.179548][   T43] usb 2-1: USB disconnect, device number 3
[   88.227548][ T6159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.242930][ T6170] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   88.254761][ T6159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.294278][   T10] usb 4-1: USB disconnect, device number 5
[   88.299892][ T6159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.314637][ T6171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.314782][ T6159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.323414][ T6171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.346451][    T9] usb 1-1: string descriptor 0 read error: -71
[   88.349789][ T6170] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.57'.
[   88.357270][    T9] ir_toy 1-1:8.177: required endpoints not found
[   88.372150][    T9] usb 1-1: USB disconnect, device number 5
[   88.377339][  T981] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   88.544331][  T981] usb 5-1: device descriptor read/64, error -71
[   88.804132][  T981] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   88.898121][ T5952] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[   88.931604][ T5952] ath9k_htc: Failed to initialize the device
[   88.944501][  T981] usb 5-1: device descriptor read/64, error -71
[   88.955583][   T10] usb 4-1: ath9k_htc: USB layer deinitialized
[   89.054679][  T981] usb usb5-port1: attempt power cycle
[   89.254468][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   89.394188][  T981] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   89.404259][   T43] usb 1-1: Using ep0 maxpacket: 16
[   89.412112][   T43] usb 1-1: config 0 has no interfaces?
[   89.421773][   T43] usb 1-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[   89.432689][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.440996][  T981] usb 5-1: device descriptor read/8, error -71
[   89.448797][   T43] usb 1-1: Product: syz
[   89.454949][   T43] usb 1-1: Manufacturer: syz
[   89.461701][   T43] usb 1-1: SerialNumber: syz
[   89.471653][   T43] usb 1-1: config 0 descriptor??
[   89.684143][  T981] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   89.703154][ T5952] usb 1-1: USB disconnect, device number 6
[   89.721650][  T981] usb 5-1: device descriptor read/8, error -71
[   89.855110][  T981] usb usb5-port1: unable to enumerate USB device
[   90.800765][ T6210] netlink: 'syz.0.67': attribute type 1 has an invalid length.
[   91.164233][ T5952] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   91.426764][ T6221] bridge1: entered promiscuous mode
[   91.605471][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   91.754240][   T43] usb 4-1: device descriptor read/64, error -71
[   91.994209][   T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   92.103100][   T24] cfg80211: failed to load regulatory.db
[   92.136061][   T43] usb 4-1: device descriptor read/64, error -71
[   92.258523][   T43] usb usb4-port1: attempt power cycle
[   92.461403][ T6234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.71'.
[   92.479372][ T6232] tipc: Started in network mode
[   92.485258][ T6232] tipc: Node identity 12ce1e49ba01, cluster identity 4711
[   92.500755][ T6232] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.508766][ T6232] syzkaller0: entered promiscuous mode
[   92.518678][ T6232] syzkaller0: entered allmulticast mode
[   92.694174][   T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   92.727058][   T43] usb 4-1: device descriptor read/8, error -71
[   92.774306][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.931548][   T24] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[   92.947654][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.956717][   T24] usb 2-1: Product: syz
[   92.961121][   T24] usb 2-1: Manufacturer: syz
[   92.974313][   T43] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   92.983441][   T24] usb 2-1: SerialNumber: syz
[   93.002023][   T24] usb 2-1: config 0 descriptor??
[   93.018561][   T43] usb 4-1: device descriptor read/8, error -71
[   93.033364][   T24] gspca_main: sunplus-2.14.0 probing 055f:c230
[   93.144353][   T43] usb usb4-port1: unable to enumerate USB device
[   93.614273][  T981] tipc: Node number set to 2832145993
[   94.584821][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'.
[   95.206416][   T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[   95.441972][   T10] usb 4-1: Using ep0 maxpacket: 16
[   95.487807][   T10] usb 4-1: config 0 has no interfaces?
[   95.495230][ T6232] tipc: Resetting bearer <eth:syzkaller0>
[   95.506257][ T5952] usb 2-1: USB disconnect, device number 4
[   95.513944][ T6230] tipc: Resetting bearer <eth:syzkaller0>
[   95.590887][   T10] usb 4-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[   95.610825][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.622538][ T6230] tipc: Disabling bearer <eth:syzkaller0>
[   95.633405][   T10] usb 4-1: Product: syz
[   95.642976][   T10] usb 4-1: Manufacturer: syz
[   95.651509][   T10] usb 4-1: SerialNumber: syz
[   95.668985][   T10] usb 4-1: config 0 descriptor??
[   95.777879][ T6266] input: syz0 as /devices/virtual/input/input5
[   95.902935][ T6261] FAULT_INJECTION: forcing a failure.
[   95.902935][ T6261] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   95.933128][ T6261] CPU: 1 UID: 0 PID: 6261 Comm: syz.3.77 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[   95.933157][ T6261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   95.933171][ T6261] Call Trace:
[   95.933179][ T6261]  <TASK>
[   95.933188][ T6261]  dump_stack_lvl+0x189/0x250
[   95.933229][ T6261]  ? __pfx____ratelimit+0x10/0x10
[   95.933258][ T6261]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.933283][ T6261]  ? __pfx__printk+0x10/0x10
[   95.933309][ T6261]  ? __might_fault+0xb0/0x130
[   95.933341][ T6261]  ? rcu_is_watching+0x15/0xb0
[   95.933363][ T6261]  should_fail_ex+0x414/0x560
[   95.933393][ T6261]  _copy_from_iter+0x1db/0x16f0
[   95.933414][ T6261]  ? trace_kmalloc+0x1f/0xd0
[   95.933440][ T6261]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[   95.933473][ T6261]  ? __pfx__copy_from_iter+0x10/0x10
[   95.933499][ T6261]  ? skb_set_owner_w+0x25b/0x3a0
[   95.933522][ T6261]  ? skb_put+0x11b/0x210
[   95.933543][ T6261]  pppoe_sendmsg+0x46a/0x790
[   95.933578][ T6261]  ? __pfx_pppoe_sendmsg+0x10/0x10
[   95.933608][ T6261]  ? rcu_is_watching+0x15/0xb0
[   95.933627][ T6261]  ? aa_sock_msg_perm+0xf1/0x1d0
[   95.933646][ T6261]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   95.933668][ T6261]  ? __pfx_pppoe_sendmsg+0x10/0x10
[   95.933697][ T6261]  __sock_sendmsg+0x219/0x270
[   95.933723][ T6261]  ____sys_sendmsg+0x52d/0x830
[   95.933745][ T6261]  ? __pfx_____sys_sendmsg+0x10/0x10
[   95.933770][ T6261]  ? import_iovec+0x74/0xa0
[   95.933795][ T6261]  ___sys_sendmsg+0x21f/0x2a0
[   95.933815][ T6261]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.933838][ T6261]  ? kstrtouint+0x6e/0xe0
[   95.933880][ T6261]  ? __fget_files+0x2a/0x420
[   95.933897][ T6261]  ? __fget_files+0x3a0/0x420
[   95.933918][ T6261]  __sys_sendmmsg+0x227/0x430
[   95.933942][ T6261]  ? __pfx___sys_sendmmsg+0x10/0x10
[   95.933962][ T6261]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   95.934006][ T6261]  ? ksys_write+0x22a/0x250
[   95.934042][ T6261]  ? __pfx_ksys_write+0x10/0x10
[   95.934067][ T6261]  ? rcu_is_watching+0x15/0xb0
[   95.934090][ T6261]  __x64_sys_sendmmsg+0xa0/0xc0
[   95.934110][ T6261]  do_syscall_64+0xfa/0x3b0
[   95.934140][ T6261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.934160][ T6261]  ? clear_bhb_loop+0x60/0xb0
[   95.934183][ T6261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.934203][ T6261] RIP: 0033:0x7fcb1538ebe9
[   95.934230][ T6261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.934248][ T6261] RSP: 002b:00007fcb16257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   95.934275][ T6261] RAX: ffffffffffffffda RBX: 00007fcb155b5fa0 RCX: 00007fcb1538ebe9
[   95.934290][ T6261] RDX: 0000000000000484 RSI: 0000200000001340 RDI: 0000000000000005
[   95.934304][ T6261] RBP: 00007fcb16257090 R08: 0000000000000000 R09: 0000000000000000
[   95.934317][ T6261] R10: 0000000024048084 R11: 0000000000000246 R12: 0000000000000001
[   95.934330][ T6261] R13: 00007fcb155b6038 R14: 00007fcb155b5fa0 R15: 00007fcb156dfa28
[   95.934354][ T6261]  </TASK>
[   95.954873][  T981] usb 4-1: USB disconnect, device number 10
[   96.942588][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.83'.
[   97.084355][   T43] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[   97.308440][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.331521][   T43] usb 5-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[   97.364273][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.402533][   T43] usb 5-1: config 0 descriptor??
[   97.494368][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[   97.657416][   T10] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[   97.670917][   T10] usb 4-1: config 0 has no interface number 0
[   97.677496][   T10] usb 4-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   97.740324][   T10] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   97.742805][ T6299] netlink: 12 bytes leftover after parsing attributes in process `syz.4.84'.
[   97.809850][ T6300] netlink: 120 bytes leftover after parsing attributes in process `syz.2.86'.
[   97.834685][ T5867] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   97.904178][   T10] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   97.904225][   T10] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[   97.904248][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.951733][   T10] usb 4-1: config 0 descriptor??
[   97.959301][   T10] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input6
[   97.984180][ T5867] usb 1-1: Using ep0 maxpacket: 32
[   97.985893][ T5867] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[   97.985943][ T5867] usb 1-1: config 0 has no interface number 0
[   97.985975][ T5867] usb 1-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   97.985998][ T5867] usb 1-1: config 0 interface 188 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[   97.986025][ T5867] usb 1-1: config 0 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 129, changing to 11
[   97.986054][ T5867] usb 1-1: config 0 interface 188 altsetting 0 endpoint 0x8D has invalid maxpacket 10062, setting to 1024
[   97.986112][ T5867] usb 1-1: config 0 interface 188 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   97.987948][ T5867] usb 1-1: New USB device found, idVendor=2c7c, idProduct=6002, bcdDevice=42.9b
[   97.987978][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.988001][ T5867] usb 1-1: Product: syz
[   97.988037][ T5867] usb 1-1: Manufacturer: syz
[   97.988048][ T5867] usb 1-1: SerialNumber: syz
[   97.989361][ T5867] usb 1-1: config 0 descriptor??
[   97.989928][ T6296] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[   97.991493][ T5867] option 1-1:0.188: GSM modem (1-port) converter detected
[   98.201633][ T6296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.201918][ T6296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.203231][ T5867] usb 1-1: USB disconnect, device number 8
[   98.205423][ T5867] option 1-1:0.188: device disconnected
[   98.696520][    T9] usb 4-1: USB disconnect, device number 11
[  100.731032][   T43] usbhid 5-1:0.0: can't add hid device: -71
[  100.796432][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  100.923254][   T43] usb 5-1: USB disconnect, device number 9
[  101.054333][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  101.284203][   T24] usb 2-1: Using ep0 maxpacket: 16
[  101.308100][ T6352] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  101.456525][   T24] usb 2-1: config 0 has no interfaces?
[  101.495002][   T24] usb 2-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[  101.544245][ T6357] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  101.550904][ T6357] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  101.558591][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.613820][   T24] usb 2-1: Product: syz
[  101.650452][   T24] usb 2-1: Manufacturer: syz
[  101.776492][ T6357] vhci_hcd vhci_hcd.0: Device attached
[  101.782133][   T24] usb 2-1: SerialNumber: syz
[  101.815679][   T24] usb 2-1: config 0 descriptor??
[  101.915876][    T9] vhci_hcd: vhci_device speed not set
[  102.045504][ T5867] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  102.131573][    T9] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  102.705918][ T5867] usb 3-1: Using ep0 maxpacket: 8
[  102.721642][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  102.749711][   T24] usb 2-1: USB disconnect, device number 6
[  102.769100][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  102.830259][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  102.875669][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  102.926827][ T5867] usb 3-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  102.962792][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.991996][ T5867] usb 3-1: Product: syz
[  103.003646][ T5867] usb 3-1: Manufacturer: syz
[  103.015703][ T5867] usb 3-1: SerialNumber: syz
[  103.053656][ T5867] usb 3-1: config 0 descriptor??
[  103.068755][ T5867] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input7
[  103.084123][   T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  103.279686][   T43] usb 1-1: Using ep0 maxpacket: 8
[  103.286208][ T6357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.327604][   T43] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  103.334559][ T6357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.433749][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.458294][ T6381] vcan0: tx drop: invalid da for name 0x0000000010000003
[  103.489592][ T5867] imon:send_packet: packet tx failed (-71)
[  103.492671][ T6358] vhci_hcd: connection reset by peer
[  103.496768][   T43] usb 1-1: config 0 descriptor??
[  103.517022][ T6382] trusted_key: syz.4.102 sent an empty control message without MSG_MORE.
[  103.545092][ T6382] fuse: Bad value for 'group_id'
[  103.552072][ T6382] fuse: Bad value for 'group_id'
[  103.624443][ T5867] imon 3-1:0.0: panel buttons/knobs setup failed
[  103.632396][   T59] vhci_hcd: stop threads
[  103.648119][   T59] vhci_hcd: release socket
[  103.662925][   T59] vhci_hcd: disconnect device
[  103.822466][   T43] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  104.052133][ T5867] rc_core: IR keymap rc-imon-pad not found
[  104.058577][ T5867] Registered IR keymap rc-empty
[  104.065699][ T5867] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  104.079520][ T5867] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  104.089691][ T5867] imon:send_packet: packet tx failed (-71)
[  104.117225][ T5867] imon 3-1:0.0: remote input dev register failed
[  104.128785][ T5867] imon 3-1:0.0: imon_init_intf0: rc device setup failed
[  104.214154][ T5867] imon 3-1:0.0: unable to initialize intf0, err 0
[  104.230839][ T5867] imon:imon_probe: failed to initialize context!
[  104.246253][ T5867] imon 3-1:0.0: unable to register, err -19
[  104.295681][ T5867] usb 3-1: USB disconnect, device number 4
[  104.363863][ T6399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'.
[  104.704368][ T5867] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  104.905175][ T5867] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 180, using maximum allowed: 30
[  104.958522][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  105.100811][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  105.143789][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 180
[  105.295566][ T5867] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  105.311244][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.407035][ T5867] usb 3-1: config 0 descriptor??
[  105.700296][ T6369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.100'.
[  105.767303][ T6421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.100'.
[  105.771163][ T5867] usb 3-1: USB disconnect, device number 5
[  105.814377][   T43] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  105.826979][   T43] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  105.854433][   T43] asix 1-1:0.0: probe with driver asix failed with error -71
[  105.882402][   T43] usb 1-1: USB disconnect, device number 9
[  106.121551][ T6428] geneve2: entered promiscuous mode
[  106.444369][ T6441] fuse: blksize only supported for fuseblk
[  106.582807][ T6449] bridge_slave_0: left allmulticast mode
[  106.602564][ T6449] bridge_slave_0: left promiscuous mode
[  106.623912][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.119'.
[  106.636794][ T6449] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.651483][ T6449] bridge_slave_1: left allmulticast mode
[  106.657743][ T6449] bridge_slave_1: left promiscuous mode
[  106.663641][ T6449] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.680054][ T6449] bond0: (slave bond_slave_0): Releasing backup interface
[  106.700664][ T6449] bond0: (slave bond_slave_1): Releasing backup interface
[  106.733776][ T6449] team0: Port device team_slave_0 removed
[  106.742751][ T6449] team0: Port device team_slave_1 removed
[  106.752794][ T6449] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.760665][ T6449] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.769298][ T6449] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.777150][ T6449] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.796181][ T6453] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.809449][ T6453] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.424999][ T6477] netlink: 4388 bytes leftover after parsing attributes in process `syz.3.122'.
[  107.992527][    T9] vhci_hcd: vhci_device speed not set
[  108.024752][ T5952] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  108.314206][   T43] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  108.387454][ T5952] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  108.448471][ T5952] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  108.464318][   T43] usb 1-1: device descriptor read/64, error -71
[  108.533108][ T5952] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  108.554158][   T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  108.607233][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.702661][ T6486] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  108.710706][   T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  108.713094][ T5952] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  108.748677][   T10] usb 5-1: config 0 has an invalid interface number: 120 but max is 0
[  108.775596][   T10] usb 5-1: config 0 has no interface number 0
[  108.844212][   T43] usb 1-1: device descriptor read/64, error -71
[  108.863374][   T10] usb 5-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  108.949998][   T10] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  108.961632][   T10] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  109.047485][   T10] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  109.047757][   T43] usb usb1-port1: attempt power cycle
[  109.064888][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.176259][   T10] usb 5-1: config 0 descriptor??
[  109.209845][   T10] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.120/input/input9
[  109.574195][   T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  109.649284][   T43] usb 1-1: device descriptor read/8, error -71
[  109.954452][   T43] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  110.013362][   T10] usb 5-1: USB disconnect, device number 10
[  110.077787][   T43] usb 1-1: device descriptor read/8, error -71
[  110.178513][    C1] vcan0: j1939_tp_rxtimer: 0xffff888058528800: rx timeout, send abort
[  110.187147][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058528800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  110.201921][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058529c00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  110.221039][   T43] usb usb1-port1: unable to enumerate USB device
[  110.424350][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  110.614267][   T10] usb 5-1: Using ep0 maxpacket: 16
[  110.621777][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.633271][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.647138][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  110.683598][   T10] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  110.745904][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.759202][   T10] usb 5-1: config 0 descriptor??
[  110.970910][   T10] hid (null): usage index exceeded
[  110.981723][   T10] hid-multitouch 0003:0457:07DA.0002: ignoring exceeding usage max
[  111.029574][   T10] hid-multitouch 0003:0457:07DA.0002: usage index exceeded
[  111.041734][   T10] hid-multitouch 0003:0457:07DA.0002: item 0 4 2 0 parsing failed
[  111.123952][   T10] hid-multitouch 0003:0457:07DA.0002: probe with driver hid-multitouch failed with error -22
[  111.217123][ T5952] usb 5-1: USB disconnect, device number 11
[  111.477756][    C1] vcan0: j1939_tp_rxtimer: 0xffff888058529400: rx timeout, send abort
[  111.486101][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058529400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  111.500489][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805852bc00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  111.674237][ T5867] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  111.754191][   T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  111.895229][ T6586] netlink: 12 bytes leftover after parsing attributes in process `syz.3.139'.
[  112.048923][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.070644][ T6596] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.141'.
[  112.082859][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  112.425142][   T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  112.491139][   T43] usb 1-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9
[  112.505938][  T981] usb 2-1: USB disconnect, device number 7
[  112.544524][ T5867] usb 4-1: device descriptor read/64, error -71
[  112.566898][   T43] usb 1-1: Manufacturer: syz
[  112.625844][   T43] usb 1-1: SerialNumber: syz
[  112.636842][   T10] usb 5-1: Using ep0 maxpacket: 32
[  112.647972][   T43] usb 1-1: config 0 descriptor??
[  112.680830][   T43] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  112.688309][   T10] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  112.691581][   T43] usb 1-1: No valid video chain found.
[  112.727765][   T10] usb 5-1: config 0 has no interface number 0
[  112.733949][   T10] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  112.917544][ T5867] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  113.005341][ T6581] binder: 6568:6581 ioctl c0306201 2000000003c0 returned -14
[  113.043483][   T10] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  113.107686][ T5867] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  113.117861][ T5867] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  113.134368][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.138061][ T5867] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  113.154393][   T10] usb 5-1: Product: syz
[  113.159795][   T10] usb 5-1: Manufacturer: syz
[  113.169976][   T10] usb 5-1: SerialNumber: syz
[  113.180285][   T10] usb 5-1: config 0 descriptor??
[  113.193151][   T10] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  113.222667][   T10] em28xx 5-1:0.132: Video interface 132 found:
[  113.260958][ T5867] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  113.280042][ T5867] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  113.385086][ T6614] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.144'.
[  113.460186][ T5867] usb 4-1: Manufacturer: syz
[  113.599162][ T5867] usb 4-1: config 0 descriptor??
[  113.673381][ T5867] smsusb:smsusb_probe: board id=9, interface number 0
[  113.682307][ T6588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.686506][ T5867] smsusb:smsusb_probe: Device initialized with return code -19
[  113.703556][ T6588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.751952][   T10] em28xx 5-1:0.132: chip ID is em2884
[  113.873031][ T6590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.895229][ T6590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.905891][ T6590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.920258][ T6590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.977468][ T6590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.048652][ T6590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.066623][ T6590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.086351][ T6590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.105660][ T6590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.123546][ T6590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.144768][    T9] usb 4-1: USB disconnect, device number 13
[  114.521558][ T5867] usb 1-1: USB disconnect, device number 14
[  114.563785][   T10] em28xx 5-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5)
[  114.575119][   T10] em28xx 5-1:0.132: failed to read eeprom (err=-5)
[  114.581818][   T10] em28xx 5-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  114.645771][   T10] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  114.653935][   T10] em28xx 5-1:0.132: analog set to bulk mode.
[  114.660052][    T9] em28xx 5-1:0.132: Registering V4L2 extension
[  114.669231][   T10] usb 5-1: USB disconnect, device number 12
[  114.696948][   T10] em28xx 5-1:0.132: Disconnecting em28xx
[  114.744945][   T43] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  114.813438][    T9] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  114.821403][    T9] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  114.834018][    T9] em28xx 5-1:0.132: No AC97 audio processor
[  114.851185][    T9] usb 5-1: Decoder not found
[  114.864178][    T9] em28xx 5-1:0.132: failed to create media graph
[  114.875527][    T9] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  114.893066][    T9] em28xx 5-1:0.132: Remote control support is not available for this card.
[  114.972569][   T43] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  114.986470][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.996996][   T43] usb 2-1: Product: syz
[  115.001201][   T43] usb 2-1: Manufacturer: syz
[  115.006295][   T43] usb 2-1: SerialNumber: syz
[  115.012580][   T10] em28xx 5-1:0.132: Closing input extension
[  115.021812][   T43] usb 2-1: config 0 descriptor??
[  115.032730][   T10] em28xx 5-1:0.132: Freeing device
[  115.194737][ T5867] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  115.228934][ T6647] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.152'.
[  115.243318][   T43] usb 2-1: USB disconnect, device number 8
[  115.544848][ T5867] usb 4-1: Using ep0 maxpacket: 32
[  115.557497][ T5867] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  115.593781][ T5867] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  115.760744][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.935055][ T5867] usb 4-1: Product: syz
[  116.090539][ T5867] usb 4-1: Manufacturer: syz
[  116.104237][ T5952] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  116.108044][ T5867] usb 4-1: SerialNumber: syz
[  116.137976][ T5867] usb 4-1: config 0 descriptor??
[  116.166742][ T5867] usb 4-1: bad CDC descriptors
[  116.173527][ T5867] usb 4-1: unsupported MDLM descriptors
[  116.284864][ T5952] usb 2-1: Using ep0 maxpacket: 32
[  116.310706][ T5952] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  116.402249][ T5952] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  116.440067][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.500237][ T5952] usb 2-1: Product: syz
[  116.516190][ T6671] netlink: 4388 bytes leftover after parsing attributes in process `syz.0.157'.
[  116.570194][ T5952] usb 2-1: Manufacturer: syz
[  116.576573][ T5952] usb 2-1: SerialNumber: syz
[  116.586413][ T5952] usb 2-1: config 0 descriptor??
[  116.839776][ T6654] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  116.849326][ T6654] tipc: Resetting bearer <eth:syzkaller0>
[  116.857995][ T5952] usb 2-1: USB disconnect, device number 9
[  117.077237][ T6653] tipc: Disabling bearer <eth:syzkaller0>
[  117.322322][ T6687] cgroup: fork rejected by pids controller in /syz2
[  117.793969][ T6724] netlink: 4 bytes leftover after parsing attributes in process `syz.1.163'.
[  117.808137][ T6724] macvlan2: entered promiscuous mode
[  117.817243][ T6724] macvlan2: entered allmulticast mode
[  117.961362][ T5867] usb 4-1: USB disconnect, device number 14
[  118.274894][ T6728] netlink: 8 bytes leftover after parsing attributes in process `syz.1.164'.
[  118.748565][ T6741] netlink: 'syz.2.169': attribute type 10 has an invalid length.
[  118.766993][ T6741] team0: Port device dummy0 added
[  118.864700][  T121] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  119.136355][  T121] usb 4-1: config 1 has an invalid interface number: 116 but max is 0
[  119.144808][  T121] usb 4-1: config 1 has no interface number 0
[  119.151003][  T121] usb 4-1: config 1 interface 116 has no altsetting 0
[  119.165216][  T121] usb 4-1: New USB device found, idVendor=0499, idProduct=101c, bcdDevice=52.c1
[  119.174630][  T121] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.183891][  T121] usb 4-1: Product: syz
[  119.195167][  T121] usb 4-1: Manufacturer: syz
[  119.202111][  T121] usb 4-1: SerialNumber: syz
[  119.429065][  T121] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  119.486812][  T121] usb 4-1: USB disconnect, device number 15
[  119.519781][   T30] audit: type=1326 audit(1755555977.307:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  119.590802][ T5877] udevd[5877]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.116/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  119.601597][   T30] audit: type=1326 audit(1755555977.307:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  119.631816][ T5952] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  119.709806][   T30] audit: type=1326 audit(1755555977.307:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  119.804105][ T5952] usb 3-1: Using ep0 maxpacket: 8
[  119.816081][ T5952] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  119.844406][   T30] audit: type=1326 audit(1755555977.307:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  119.866447][    C0] vkms_vblank_simulate: vblank timer overrun
[  119.888275][ T5952] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  119.934653][ T5952] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  119.973377][ T5952] usb 3-1: Product: syz
[  119.983495][   T30] audit: type=1326 audit(1755555977.307:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.016094][ T5952] usb 3-1: Manufacturer: syz
[  120.044148][ T5952] usb 3-1: SerialNumber: syz
[  120.140298][ T6773] FAULT_INJECTION: forcing a failure.
[  120.140298][ T6773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.169073][   T30] audit: type=1326 audit(1755555977.307:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.223720][ T6773] CPU: 0 UID: 0 PID: 6773 Comm: syz.3.177 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  120.223752][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.223765][ T6773] Call Trace:
[  120.223773][ T6773]  <TASK>
[  120.223782][ T6773]  dump_stack_lvl+0x189/0x250
[  120.223812][ T6773]  ? __pfx____ratelimit+0x10/0x10
[  120.223842][ T6773]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.223876][ T6773]  ? __pfx__printk+0x10/0x10
[  120.223904][ T6773]  ? __might_fault+0xb0/0x130
[  120.223935][ T6773]  ? __up_read+0x280/0x680
[  120.223959][ T6773]  ? rcu_is_watching+0x15/0xb0
[  120.223982][ T6773]  should_fail_ex+0x414/0x560
[  120.224012][ T6773]  _copy_from_user+0x2d/0xb0
[  120.224035][ T6773]  io_submit_one+0xc2/0x1310
[  120.224058][ T6773]  ? rcu_is_watching+0x15/0xb0
[  120.224081][ T6773]  ? __pfx_io_submit_one+0x10/0x10
[  120.224101][ T6773]  ? __might_fault+0xb0/0x130
[  120.224128][ T6773]  ? rcu_is_watching+0x15/0xb0
[  120.224148][ T6773]  ? lock_acquire+0x5f/0x360
[  120.224182][ T6773]  ? lock_release+0x4b/0x3e0
[  120.224212][ T6773]  ? __might_fault+0xcc/0x130
[  120.224242][ T6773]  __se_sys_io_submit+0x185/0x2f0
[  120.224276][ T6773]  ? __pfx___se_sys_io_submit+0x10/0x10
[  120.224307][ T6773]  ? ksys_write+0x22a/0x250
[  120.224340][ T6773]  ? rcu_is_watching+0x15/0xb0
[  120.224362][ T6773]  do_syscall_64+0xfa/0x3b0
[  120.224393][ T6773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.224413][ T6773]  ? clear_bhb_loop+0x60/0xb0
[  120.224437][ T6773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.224458][ T6773] RIP: 0033:0x7fcb1538ebe9
[  120.224476][ T6773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.224494][ T6773] RSP: 002b:00007fcb16257038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  120.224517][ T6773] RAX: ffffffffffffffda RBX: 00007fcb155b5fa0 RCX: 00007fcb1538ebe9
[  120.224533][ T6773] RDX: 0000200000000580 RSI: 0000000000000001 RDI: 00007fcb16235000
[  120.224548][ T6773] RBP: 00007fcb16257090 R08: 0000000000000000 R09: 0000000000000000
[  120.224561][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.224573][ T6773] R13: 00007fcb155b6038 R14: 00007fcb155b5fa0 R15: 00007fcb156dfa28
[  120.224597][ T6773]  </TASK>
[  120.447882][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.454485][   T30] audit: type=1326 audit(1755555977.317:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.476908][   T30] audit: type=1326 audit(1755555977.357:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.499140][   T30] audit: type=1326 audit(1755555977.367:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.521210][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.527485][   T30] audit: type=1326 audit(1755555977.367:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.4.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d7178ebe9 code=0x7ffc0000
[  120.549542][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.567791][ T5952] usb 3-1: palm_os_3_probe - error -110 getting connection information
[  120.576182][ T5952] visor 3-1:1.0: probe with driver visor failed with error -110
[  121.166530][ T6788] netlink: 4388 bytes leftover after parsing attributes in process `syz.3.179'.
[  121.444209][ T5952] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  121.666235][ T5952] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  121.756793][ T5952] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  121.791947][ T5952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  121.913007][ T5952] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  121.944956][ T5952] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  122.002752][ T5952] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  122.080805][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  122.107863][ T5952] usb 5-1: Product: syz
[  122.126585][ T5952] usb 5-1: Manufacturer: syz
[  122.142332][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  122.171858][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  122.184987][ T5952] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  122.192104][ T5952] cdc_wdm 5-1:1.0: Unknown control protocol
[  122.899176][  T981] usb 5-1: USB disconnect, device number 13
[  122.929614][ T5952] usb 3-1: USB disconnect, device number 6
[  123.096454][ T6804] sctp: [Deprecated]: syz.2.184 (pid 6804) Use of struct sctp_assoc_value in delayed_ack socket option.
[  123.096454][ T6804] Use struct sctp_sack_info instead
[  123.132931][ T6789] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  123.137402][ T6804] openvswitch: netlink: Multiple metadata blocks provided
[  123.206747][ T6814] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  123.335270][ T6817] netlink: 9280 bytes leftover after parsing attributes in process `syz.0.186'.
[  123.704786][  T981] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  123.834915][  T981] usb 5-1: device descriptor read/64, error -71
[  124.074917][  T981] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  124.146345][ T6845] block device autoloading is deprecated and will be removed.
[  124.155402][ T6845] syz.2.194: attempt to access beyond end of device
[  124.155402][ T6845] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  124.224879][  T981] usb 5-1: device descriptor read/64, error -71
[  124.637611][  T981] usb usb5-port1: attempt power cycle
[  124.893527][ T5952] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  125.134709][ T5867] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  125.295153][ T5867] usb 4-1: Using ep0 maxpacket: 16
[  125.306451][ T5867] usb 4-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config
[  125.328687][ T5867] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  125.356505][ T5952] usb 2-1: Using ep0 maxpacket: 16
[  125.371093][ T5867] usb 4-1: New USB device found, idVendor=04f8, idProduct=0a30, bcdDevice=ce.47
[  125.381515][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=197, SerialNumber=3
[  125.391548][ T5867] usb 4-1: Product: syz
[  125.401658][ T5867] usb 4-1: Manufacturer: syz
[  125.472956][ T5952] usb 2-1: config 0 has no interfaces?
[  125.516568][ T5867] usb 4-1: SerialNumber: syz
[  125.615331][ T5867] usb 4-1: config 0 descriptor??
[  126.144735][ T5952] usb 2-1: New USB device found, idVendor=0458, idProduct=704a, bcdDevice=3a.55
[  126.163989][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.184348][ T5952] usb 2-1: Product: syz
[  126.224442][ T6866] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  126.342927][ T5952] usb 2-1: Manufacturer: syz
[  126.431308][ T5952] usb 2-1: SerialNumber: syz
[  126.450274][ T5952] usb 2-1: config 0 descriptor??
[  126.929044][ T5867] usb 2-1: USB disconnect, device number 10
[  127.213025][ T6885] tipc: Started in network mode
[  127.222748][ T6885] tipc: Node identity 2eb64e781bb7, cluster identity 4711
[  127.231327][ T6885] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.234622][   T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  127.240199][ T6885] syzkaller0: entered promiscuous mode
[  127.258289][ T6885] syzkaller0: entered allmulticast mode
[  127.284776][ T5952] usb 5-1: new low-speed USB device number 17 using dummy_hcd
[  127.296428][ T6883] FAULT_INJECTION: forcing a failure.
[  127.296428][ T6883] name failslab, interval 1, probability 0, space 0, times 0
[  127.347887][ T6883] CPU: 1 UID: 0 PID: 6883 Comm: syz.1.202 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  127.347914][ T6883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  127.347926][ T6883] Call Trace:
[  127.347933][ T6883]  <TASK>
[  127.347942][ T6883]  dump_stack_lvl+0x189/0x250
[  127.347970][ T6883]  ? __pfx____ratelimit+0x10/0x10
[  127.347997][ T6883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.348021][ T6883]  ? __pfx__printk+0x10/0x10
[  127.348049][ T6883]  ? fs_reclaim_acquire+0x7d/0x100
[  127.348079][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.348099][ T6883]  ? __pfx___might_resched+0x10/0x10
[  127.348116][ T6883]  ? lock_acquire+0x5f/0x360
[  127.348178][ T6883]  should_fail_ex+0x414/0x560
[  127.348207][ T6883]  should_failslab+0xa8/0x100
[  127.348240][ T6883]  __kmalloc_noprof+0xcb/0x4f0
[  127.348266][ T6883]  ? skcipher_recvmsg+0xc6/0x11c0
[  127.348292][ T6883]  ? sock_kmalloc+0xd6/0x160
[  127.348315][ T6883]  sock_kmalloc+0xd6/0x160
[  127.348337][ T6883]  af_alg_alloc_areq+0x8d/0x260
[  127.348362][ T6883]  skcipher_recvmsg+0x356/0x11c0
[  127.348391][ T6883]  ? aa_sk_perm+0x81e/0x950
[  127.348425][ T6883]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  127.348453][ T6883]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  127.348476][ T6883]  ? security_socket_recvmsg+0x7e/0x2e0
[  127.348499][ T6883]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  127.348526][ T6883]  sock_recvmsg+0x229/0x270
[  127.348553][ T6883]  sock_read_iter+0x231/0x2f0
[  127.348578][ T6883]  ? __pfx_sock_read_iter+0x10/0x10
[  127.348606][ T6883]  ? bpf_lsm_file_permission+0x9/0x20
[  127.348630][ T6883]  ? security_file_permission+0x75/0x290
[  127.348659][ T6883]  ? rw_verify_area+0x2a6/0x4d0
[  127.348685][ T6883]  ? import_ubuf+0xfb/0x1d0
[  127.348709][ T6883]  aio_read+0x30e/0x470
[  127.348732][ T6883]  ? __pfx_aio_read+0x10/0x10
[  127.348757][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.348779][ T6883]  ? lock_release+0x4b/0x3e0
[  127.348810][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.348829][ T6883]  ? lock_release+0x4b/0x3e0
[  127.348863][ T6883]  io_submit_one+0x768/0x1310
[  127.348891][ T6883]  ? __pfx_io_submit_one+0x10/0x10
[  127.348911][ T6883]  ? __might_fault+0xb0/0x130
[  127.348942][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.348963][ T6883]  ? lock_acquire+0x5f/0x360
[  127.348996][ T6883]  ? lock_release+0x4b/0x3e0
[  127.349026][ T6883]  ? __might_fault+0xcc/0x130
[  127.349056][ T6883]  __se_sys_io_submit+0x185/0x2f0
[  127.349089][ T6883]  ? __pfx___se_sys_io_submit+0x10/0x10
[  127.349119][ T6883]  ? ksys_write+0x22a/0x250
[  127.349159][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.349182][ T6883]  do_syscall_64+0xfa/0x3b0
[  127.349212][ T6883]  ? rcu_is_watching+0x15/0xb0
[  127.349231][ T6883]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.349252][ T6883]  ? clear_bhb_loop+0x60/0xb0
[  127.349275][ T6883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.349296][ T6883] RIP: 0033:0x7f31ff58ebe9
[  127.349314][ T6883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.349332][ T6883] RSP: 002b:00007f32004d9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  127.349354][ T6883] RAX: ffffffffffffffda RBX: 00007f31ff7b5fa0 RCX: 00007f31ff58ebe9
[  127.349370][ T6883] RDX: 0000200000000580 RSI: 0000000000000001 RDI: 00007f32004b7000
[  127.349384][ T6883] RBP: 00007f32004d9090 R08: 0000000000000000 R09: 0000000000000000
[  127.349397][ T6883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.349410][ T6883] R13: 00007f31ff7b6038 R14: 00007f31ff7b5fa0 R15: 00007f31ff8dfa28
[  127.349432][ T6883]  </TASK>
[  127.514196][   T10] usb 1-1: device descriptor read/64, error -71
[  127.699557][ T6885] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  127.938815][ T5867] usb 4-1: USB disconnect, device number 16
[  128.034152][  T981] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  128.114812][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  128.184808][  T981] usb 3-1: Using ep0 maxpacket: 16
[  128.192001][  T981] usb 3-1: config 0 has an invalid interface number: 49 but max is 0
[  128.201579][  T981] usb 3-1: config 0 has no interface number 0
[  128.208609][  T981] usb 3-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16
[  128.219303][  T981] usb 3-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  128.231597][  T981] usb 3-1: config 0 interface 49 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  128.242218][  T981] usb 3-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  128.254242][   T10] usb 1-1: device descriptor read/64, error -71
[  128.256750][  T981] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[  128.271215][  T981] usb 3-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3
[  128.283203][  T981] usb 3-1: Product: syz
[  128.288207][  T981] usb 3-1: Manufacturer: syz
[  128.292854][  T981] usb 3-1: SerialNumber: syz
[  128.302009][  T981] usb 3-1: config 0 descriptor??
[  128.307811][ T6885] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  128.354971][ T5867] tipc: Node number set to 889278072
[  128.364417][   T10] usb usb1-port1: attempt power cycle
[  128.534404][ T5952] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  128.704344][   T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  128.733062][ T5952] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.753386][ T5952] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.781247][   T10] usb 1-1: device descriptor read/8, error -71
[  128.790712][ T5952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  128.799932][ T5952] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.812682][ T5952] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.822471][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.830595][ T5952] usb 5-1: Product: syz
[  128.834979][ T5952] usb 5-1: Manufacturer: syz
[  128.844926][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  128.850765][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  128.853774][ T6884] tipc: Resetting bearer <eth:syzkaller0>
[  128.857093][ T5952] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  128.868630][ T5952] cdc_wdm 5-1:1.0: Unknown control protocol
[  128.888927][  T981] usb 3-1: USB disconnect, device number 7
[  128.909193][ T6884] tipc: Disabling bearer <eth:syzkaller0>
[  129.034204][   T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  129.054753][   T10] usb 1-1: device descriptor read/8, error -71
[  129.157528][ T5952] usb 5-1: USB disconnect, device number 18
[  129.184579][   T10] usb usb1-port1: unable to enumerate USB device
[  129.425071][  T981] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  129.574788][  T981] usb 4-1: Using ep0 maxpacket: 32
[  129.582760][  T981] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  129.592661][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.601377][  T981] usb 4-1: Product: syz
[  129.606254][  T981] usb 4-1: Manufacturer: syz
[  129.610857][  T981] usb 4-1: SerialNumber: syz
[  129.617688][  T981] usb 4-1: config 0 descriptor??
[  129.625621][  T981] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  129.634280][ T5952] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  129.796656][ T5952] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  129.807057][ T5952] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.819627][ T5952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  129.829516][ T5952] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.845825][ T5952] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  129.857422][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  129.865502][ T5952] usb 5-1: Product: syz
[  129.870150][ T5952] usb 5-1: Manufacturer: syz
[  129.888391][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  129.893655][ T5952] cdc_wdm 5-1:1.0: skipping garbage
[  129.906909][ T5952] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  129.912862][ T5952] cdc_wdm 5-1:1.0: Unknown control protocol
[  129.964756][ T5867] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  129.978125][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  129.978143][   T30] audit: type=1326 audit(1755555987.767:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f31ff58ebe9 code=0x7ffc0000
[  130.045648][   T30] audit: type=1326 audit(1755555987.827:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f31ff58ebe9 code=0x7ffc0000
[  130.128896][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.139939][ T5867] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  130.150303][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.160847][ T5867] usb 3-1: config 0 descriptor??
[  130.352821][ T6945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.424541][   T10] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  130.474251][ T6947] netlink: 12 bytes leftover after parsing attributes in process `syz.2.217'.
[  130.628080][   T10] usb 1-1: Using ep0 maxpacket: 8
[  130.631148][   T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  130.631178][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.631200][   T10] usb 1-1: Product: syz
[  130.631217][   T10] usb 1-1: Manufacturer: syz
[  130.631232][   T10] usb 1-1: SerialNumber: syz
[  130.632869][   T10] usb 1-1: config 0 descriptor??
[  130.638256][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  130.716747][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  130.716775][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  130.717007][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  130.717025][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  130.717211][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  130.717229][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  130.717303][   T24] usb 5-1: USB disconnect, device number 19
[  130.717416][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  130.717437][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  130.717455][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  131.172653][  T981] gspca_topro: reg_w err -110
[  131.204900][  T981] gspca_topro: Sensor soi763a
[  131.224876][   T24] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  131.420466][  T981] usb 4-1: USB disconnect, device number 17
[  131.606887][ T6888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.620014][ T6888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.664984][   T10] usb 1-1: USB disconnect, device number 19
[  131.680460][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  131.699915][   T24] usb 5-1: unable to read config index 0 descriptor/start: -71
[  131.708855][   T24] usb 5-1: can't read configurations, error -71
[  133.235604][ T6972] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  133.514827][ T5867] usbhid 3-1:0.0: can't add hid device: -71
[  133.520873][ T5867] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  133.594679][ T5867] usb 3-1: USB disconnect, device number 8
[  133.777930][ T6990] capability: warning: `syz.1.233' uses deprecated v2 capabilities in a way that may be insecure
[  133.966846][ T6995] netlink: 40 bytes leftover after parsing attributes in process `syz.3.234'.
[  134.134140][ T5952] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  134.314136][ T5952] usb 3-1: Using ep0 maxpacket: 32
[  134.358405][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  134.425624][ T5952] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  134.467160][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.476689][ T5952] usb 3-1: Product: syz
[  134.483804][ T5952] usb 3-1: Manufacturer: syz
[  134.491052][ T5952] usb 3-1: SerialNumber: syz
[  134.505291][ T5952] usb 3-1: config 0 descriptor??
[  134.505293][   T24] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  134.533566][ T5952] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  134.576251][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  134.594310][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  134.605857][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  134.624406][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  134.638232][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  134.647420][ T5867] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  134.647688][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.674927][    T9] usb 4-1: config 0 descriptor??
[  134.692965][   T24] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  134.716137][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.725145][   T24] usb 2-1: Product: syz
[  134.729411][   T24] usb 2-1: Manufacturer: syz
[  134.736865][   T24] usb 2-1: SerialNumber: syz
[  134.743255][   T24] usb 2-1: config 0 descriptor??
[  134.866538][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.877265][ T5867] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  134.891417][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.959470][ T5867] usb 1-1: config 0 descriptor??
[  135.098928][    T9] plantronics 0003:047F:FFFF.0003: unbalanced collection at end of report description
[  135.110283][    T9] plantronics 0003:047F:FFFF.0003: parse failed
[  135.118770][    T9] plantronics 0003:047F:FFFF.0003: probe with driver plantronics failed with error -22
[  135.165485][   T24] airspy 2-1:0.0: Board ID: 00
[  135.170546][   T24] airspy 2-1:0.0: Firmware version: 
[  135.389898][    T9] usb 4-1: USB disconnect, device number 18
[  135.427584][ T7022] netlink: 12 bytes leftover after parsing attributes in process `syz.0.241'.
[  135.768564][ T7015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  135.795028][ T7015] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.074419][ T5952] gspca_topro: reg_w err -110
[  136.104091][ T5952] gspca_topro: Sensor soi763a
[  136.222127][ T7032] netlink: 'syz.4.243': attribute type 27 has an invalid length.
[  136.225056][  T981] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  136.434887][  T981] usb 4-1: Using ep0 maxpacket: 8
[  136.448068][  T981] usb 4-1: unable to get BOS descriptor or descriptor too short
[  136.458156][  T981] usb 4-1: config 4 interface 0 has no altsetting 0
[  136.469598][  T981] usb 4-1: string descriptor 0 read error: -22
[  136.476533][  T981] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  136.488481][  T981] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  136.503772][    T9] usb 3-1: USB disconnect, device number 9
[  136.586845][ T7032] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.594321][ T7032] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.627801][  T981] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  136.656250][   T24] airspy 2-1:0.0: usb_control_msg() failed -110 request 12
[  136.669895][   T24] airspy 2-1:0.0: Registered as swradio24
[  136.693162][  T981] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  136.711940][   T24] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  136.738781][  T981] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  136.777352][  T981] usb 4-1: media controller created
[  136.861615][ T7032] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.909489][ T7032] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.978131][  T981] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  137.052233][ T7032] bridge1: left promiscuous mode
[  137.133979][   T59] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  137.145988][   T59] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  137.161832][   T59] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  137.174089][   T59] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  137.317052][   T43] usb 2-1: USB disconnect, device number 11
[  137.423432][ T7050] netlink: 28 bytes leftover after parsing attributes in process `syz.1.246'.
[  138.095833][  T981] zl10353_read_register: readreg error (reg=127, ret==0)
[  138.179244][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  138.185708][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  138.281163][ T5867] usbhid 1-1:0.0: can't add hid device: -71
[  138.301009][ T5867] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  138.335662][ T5867] usb 1-1: USB disconnect, device number 20
[  138.494277][ T7076] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.252'.
[  138.886902][ T7084] binder: BINDER_SET_CONTEXT_MGR already set
[  138.910410][ T7084] binder: 7082:7084 ioctl 4018620d 2000000000c0 returned -16
[  138.929067][ T7083] binder_alloc: binder_alloc_mmap_handler: 7082 200000ffd000-200001000000 already mapped failed -16
[  138.970470][ T7086] binder: BINDER_SET_CONTEXT_MGR already set
[  139.013820][    T9] usb 4-1: USB disconnect, device number 19
[  139.064520][ T7086] binder: 7082:7086 ioctl 4018620d 200000000040 returned -16
[  139.096097][ T7083] binder: 7082:7083 ioctl c0306201 2000000003c0 returned -14
[  139.162616][ T7084] binder_alloc: binder_alloc_mmap_handler: 7082 200000000000-200000004000 already mapped failed -16
[  139.504891][  T981] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  139.677211][  T981] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  139.699883][  T981] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  139.733771][  T981] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  139.775394][  T981] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  139.824842][  T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.837370][  T981] usb 1-1: Product: syz
[  139.841589][  T981] usb 1-1: Manufacturer: syz
[  139.847205][  T981] usb 1-1: SerialNumber: syz
[  139.853686][  T981] usb 1-1: config 0 descriptor??
[  139.861026][ T7093] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  139.871730][ T7093] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  139.888174][  T981] usb 1-1: ucan: probing device on interface #0
[  139.888981][ T7105] program syz.4.262 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.048114][ T7113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'.
[  140.128823][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.3.265'.
[  140.150233][ T7119] vlan2: entered allmulticast mode
[  140.158852][ T7119] veth0_to_bond: entered allmulticast mode
[  140.325453][ T7126] raw_sendmsg: syz.4.267 forgot to set AF_INET. Fix it!
[  140.531098][  T981] usb 1-1: ucan: could not read protocol version, ret=-71
[  140.539710][  T981] usb 1-1: ucan: probe failed; try to update the device firmware
[  140.550407][  T981] usb 1-1: USB disconnect, device number 21
[  141.087072][ T7141] binder: BINDER_SET_CONTEXT_MGR already set
[  141.182947][ T7141] binder: 7140:7141 ioctl 4018620d 2000000000c0 returned -16
[  141.193745][ T7142] binder: BINDER_SET_CONTEXT_MGR already set
[  141.201173][ T7142] binder: 7140:7142 ioctl 4018620d 200000000040 returned -16
[  141.217741][ T7141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.271'.
[  141.338684][ T7147] netlink: del zone limit has 4 unknown bytes
[  142.044289][    T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  142.235627][    T9] usb 4-1: Using ep0 maxpacket: 16
[  142.242315][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  142.252082][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.424611][    T9] usb 4-1: config 0 descriptor??
[  142.538789][    T9] gspca_main: sonixj-2.14.0 probing 0471:0327
[  143.039639][ T7182] dvmrp0: entered allmulticast mode
[  143.226912][ T5952] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  143.425642][ T5952] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.438933][ T5952] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  143.485670][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.503729][ T5952] usb 3-1: config 0 descriptor??
[  143.522774][ T5952] pwc: Askey VC010 type 2 USB webcam detected.
[  143.644101][   T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  143.824263][   T10] usb 1-1: Using ep0 maxpacket: 8
[  143.833648][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.844638][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  143.854538][   T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.865590][   T10] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  143.875036][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.896933][   T10] hub 1-1:1.0: bad descriptor, ignoring hub
[  143.902931][   T10] hub 1-1:1.0: probe with driver hub failed with error -5
[  143.932287][ T5952] pwc: recv_control_msg error -32 req 02 val 2b00
[  143.981399][   T10] cdc_wdm 1-1:1.0: skipping garbage
[  144.015438][   T10] cdc_wdm 1-1:1.0: skipping garbage
[  144.021425][   T10] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  144.100853][ T7186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.120360][ T7186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.187955][ T5952] pwc: recv_control_msg error -71 req 02 val 2700
[  144.303542][ T5942] usb 1-1: USB disconnect, device number 22
[  144.316401][ T5952] pwc: recv_control_msg error -71 req 02 val 2c00
[  144.340439][ T5952] pwc: recv_control_msg error -71 req 04 val 1000
[  144.356504][ T5952] pwc: recv_control_msg error -71 req 04 val 1300
[  144.363619][ T5952] pwc: recv_control_msg error -71 req 04 val 1400
[  144.376417][ T5952] pwc: recv_control_msg error -71 req 02 val 2000
[  144.385300][ T5952] pwc: recv_control_msg error -71 req 02 val 2100
[  144.392104][ T5952] pwc: recv_control_msg error -71 req 04 val 1500
[  144.407021][ T5952] pwc: recv_control_msg error -71 req 02 val 2500
[  144.420777][ T5952] pwc: recv_control_msg error -71 req 02 val 2400
[  144.431560][ T5952] pwc: recv_control_msg error -71 req 02 val 2600
[  144.452038][ T5952] pwc: recv_control_msg error -71 req 02 val 2900
[  144.466170][ T5952] pwc: recv_control_msg error -71 req 02 val 2800
[  144.475784][ T5952] pwc: recv_control_msg error -71 req 04 val 1100
[  144.482581][ T5952] pwc: recv_control_msg error -71 req 04 val 1200
[  144.507207][ T5952] pwc: Registered as video103.
[  144.527114][ T5952] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10
[  144.554282][ T5996] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  144.574428][ T5952] usb 3-1: USB disconnect, device number 10
[  144.759002][ T5996] usb 5-1: Using ep0 maxpacket: 32
[  144.773633][ T5996] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.783923][ T5996] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  144.849904][ T5996] usb 5-1: config 0 interface 0 has no altsetting 0
[  145.005998][ T5996] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  145.044347][ T5996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.104679][ T7219] netlink: 12 bytes leftover after parsing attributes in process `syz.0.292'.
[  145.169284][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[  145.169631][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[  145.169874][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[  145.170130][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[  145.171372][    T9] gspca_sonixj: reg_w1 err -71
[  145.171416][    T9] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  145.172541][    T9] usb 4-1: USB disconnect, device number 20
[  145.217018][ T5996] usb 5-1: config 0 descriptor??
[  145.869269][ T5996] corsair-cpro 0003:1B1C:0C10.0004: hidraw0: USB HID v0.00 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0
[  145.966880][ T5996] corsair-cpro 0003:1B1C:0C10.0004: probe with driver corsair-cpro failed with error -38
[  146.208337][ T7226] netlink: 28 bytes leftover after parsing attributes in process `syz.3.294'.
[  146.556924][  T981] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  146.673377][ T7232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.688460][ T7232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.730142][ T7233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.752422][ T7232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.752614][ T7233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.805498][  T981] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  146.821986][  T981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.841282][  T981] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  146.861792][ T7232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.884622][  T981] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  146.924127][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  146.945634][  T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.968301][  T981] usb 4-1: config 0 descriptor??
[  147.289350][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.298'.
[  147.374167][ T5952] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  147.381290][  T981] holtek_kbd 0003:04D9:A055.0005: unbalanced delimiter at end of report description
[  147.418790][  T981] holtek_kbd 0003:04D9:A055.0005: probe with driver holtek_kbd failed with error -22
[  147.602485][ T7253] pimreg: entered allmulticast mode
[  147.613896][ T7253] dvmrp0: left allmulticast mode
[  147.619831][ T7253] pimreg: left allmulticast mode
[  147.625618][  T981] usb 4-1: USB disconnect, device number 21
[  147.634339][ T5952] usb 3-1: Using ep0 maxpacket: 32
[  147.698702][ T5867] usb 5-1: USB disconnect, device number 22
[  147.706049][ T5952] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  147.718675][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.727073][ T5952] usb 3-1: Product: syz
[  147.731427][ T5952] usb 3-1: Manufacturer: syz
[  147.737644][ T5952] usb 3-1: SerialNumber: syz
[  147.747433][ T5952] usb 3-1: config 0 descriptor??
[  147.759653][ T5952] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  148.493872][ T7265] program syz.3.305 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  149.365487][ T5952] gspca_topro: reg_w err -110
[  149.404367][ T5952] gspca_topro: Sensor soi763a
[  149.898722][    T9] usb 3-1: USB disconnect, device number 11
[  150.185050][ T7284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[  150.552640][ T7288] syz_tun: entered allmulticast mode
[  151.664968][ T5942] psmouse serio2: Failed to reset mouse on : -5
[  151.913152][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.316'.
[  152.115285][ T5952] usb 2-1: new low-speed USB device number 13 using dummy_hcd
[  152.277185][ T5952] usb 2-1: Invalid ep0 maxpacket: 16
[  152.414274][ T5952] usb 2-1: new low-speed USB device number 14 using dummy_hcd
[  152.568415][ T5952] usb 2-1: Invalid ep0 maxpacket: 16
[  152.597064][ T5952] usb usb2-port1: attempt power cycle
[  152.954326][ T5952] usb 2-1: new low-speed USB device number 15 using dummy_hcd
[  152.974611][ T5952] usb 2-1: Invalid ep0 maxpacket: 16
[  153.014807][ T5867] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  153.104273][ T5952] usb 2-1: new low-speed USB device number 16 using dummy_hcd
[  153.138894][ T5952] usb 2-1: Invalid ep0 maxpacket: 16
[  153.146632][ T5952] usb usb2-port1: unable to enumerate USB device
[  153.164776][ T5867] usb 3-1: Using ep0 maxpacket: 32
[  153.171289][ T5867] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  153.186623][ T5867] usb 3-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.40
[  153.196547][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.205404][ T5867] usb 3-1: Product: syz
[  153.209592][ T5867] usb 3-1: Manufacturer: syz
[  153.214971][ T5867] usb 3-1: SerialNumber: syz
[  153.228916][ T5867] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input12
[  153.274116][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  153.414207][   T10] usb 5-1: device descriptor read/64, error -71
[  153.434752][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.463010][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.483153][ T7337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.499863][ T7337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.510435][ T5217] bcm5974 3-1:1.0: could not read from device
[  153.518555][ T5217] bcm5974 3-1:1.0: could not read from device
[  153.531290][ T5867] usb 3-1: USB disconnect, device number 12
[  153.539306][ T5217] bcm5974 3-1:1.0: could not read from device
[  153.565403][ T5217] bcm5974 3-1:1.0: could not read from device
[  153.664554][   T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  153.785459][ T7347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.324'.
[  153.806759][   T10] usb 5-1: device descriptor read/64, error -71
[  153.918033][   T10] usb usb5-port1: attempt power cycle
[  154.289041][   T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  154.336493][   T10] usb 5-1: device descriptor read/8, error -71
[  154.544188][ T5952] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  154.584202][   T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  154.622458][ T7362] tipc: Started in network mode
[  154.628675][ T7362] tipc: Node identity f2db1197ad41, cluster identity 4711
[  154.636222][   T10] usb 5-1: device descriptor read/8, error -71
[  154.642625][ T7362] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.702597][ T7362] syzkaller0: entered promiscuous mode
[  154.708690][ T7362] syzkaller0: entered allmulticast mode
[  154.719206][ T7362] tipc: Resetting bearer <eth:syzkaller0>
[  154.726512][ T5952] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  154.735834][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.735925][ T7361] tipc: Resetting bearer <eth:syzkaller0>
[  154.750856][ T5952] usb 3-1: config 0 descriptor??
[  154.756120][   T10] usb usb5-port1: unable to enumerate USB device
[  154.764479][ T5952] cp210x 3-1:0.0: cp210x converter detected
[  154.771023][ T7361] tipc: Disabling bearer <eth:syzkaller0>
[  155.168077][ T5952] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  155.185024][ T5952] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71
[  155.199951][ T5952] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  155.214345][ T5952] usb 3-1: cp210x converter now attached to ttyUSB0
[  155.214899][   T24] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  155.229466][   T43] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  155.255573][ T5952] usb 3-1: USB disconnect, device number 13
[  155.267824][ T5952] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  155.291094][ T5952] cp210x 3-1:0.0: device disconnected
[  155.384611][   T24] usb 2-1: device descriptor read/64, error -71
[  155.407055][   T43] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  155.425940][   T43] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  155.443469][   T43] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  155.455010][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.471300][ T7371] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  155.478988][ T5942] misc userio: Buffer overflowed, userio client isn't keeping up
[  155.489041][   T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  155.624662][   T24] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  155.764606][   T24] usb 2-1: device descriptor read/64, error -71
[  155.875209][   T24] usb usb2-port1: attempt power cycle
[  155.964726][   T43] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  156.114678][   T43] usb 3-1: Using ep0 maxpacket: 8
[  156.120956][   T43] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  156.129819][   T43] usb 3-1: config 0 has no interface number 0
[  156.138527][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  156.235027][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.246214][   T43] usb 3-1: Product: syz
[  156.250538][   T43] usb 3-1: Manufacturer: syz
[  156.257824][   T43] usb 3-1: SerialNumber: syz
[  156.266406][   T43] usb 3-1: config 0 descriptor??
[  156.304267][   T24] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  156.325480][   T24] usb 2-1: device descriptor read/8, error -71
[  156.331251][ T7379] program syz.4.334 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.477436][   T43] uvcvideo 3-1:0.31: probe with driver uvcvideo failed with error -22
[  156.489122][   T43] usb 3-1: USB disconnect, device number 14
[  156.545379][ T5942] input: PS/2 Generic Mouse as /devices/serio2/input/input11
[  156.569732][   T24] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  156.607067][   T24] usb 2-1: device descriptor read/8, error -71
[  156.714829][   T24] usb usb2-port1: unable to enumerate USB device
[  156.764547][ T5942] psmouse serio2: Failed to enable mouse on 
[  156.972467][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802933a800: rx timeout, send abort
[  156.981440][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802933a800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  156.995820][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888055f12c00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  157.074866][ T5942] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  157.145018][   T24] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  157.225034][ T5942] usb 4-1: Using ep0 maxpacket: 8
[  157.238109][ T5942] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  157.249168][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.259200][ T5942] usb 4-1: Product: syz
[  157.263463][ T5942] usb 4-1: Manufacturer: syz
[  157.268723][ T5942] usb 4-1: SerialNumber: syz
[  157.276511][ T5942] usb 4-1: config 0 descriptor??
[  157.306272][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.320309][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.331885][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  157.345708][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  157.355868][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.369199][   T24] usb 5-1: config 0 descriptor??
[  157.491803][ T5942] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  157.539813][ T7396] netlink: 32 bytes leftover after parsing attributes in process `syz.2.340'.
[  157.602086][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  157.607300][ T7400] tipc: Failed to remove unknown binding: 66,1,1/889278072:4097708549/4097708551
[  157.627235][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  157.648882][   T24] usb 5-1: USB disconnect, device number 27
[  157.954758][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  158.063782][   T10] usb 1-1: USB disconnect, device number 23
[  158.106967][   T24] usb 5-1: Using ep0 maxpacket: 32
[  158.125813][   T24] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  158.135259][   T24] usb 5-1: config 0 has no interface number 0
[  158.141826][   T24] usb 5-1: config 0 interface 89 has no altsetting 0
[  158.157204][   T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  158.168791][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.178758][   T24] usb 5-1: Product: syz
[  158.183068][   T24] usb 5-1: Manufacturer: syz
[  158.188500][   T24] usb 5-1: SerialNumber: syz
[  158.197014][   T24] usb 5-1: config 0 descriptor??
[  158.205657][   T24] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  158.215824][   T24] em28xx 5-1:0.89: Video interface 89 found: bulk
[  158.254186][ T5952] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  158.427275][ T5952] usb 2-1: Using ep0 maxpacket: 16
[  158.468354][ T7414] loop2: detected capacity change from 0 to 7
[  158.476405][ T7414] Dev loop2: unable to read RDB block 7
[  158.482046][ T7414]  loop2: unable to read partition table
[  158.488953][ T7414] loop2: partition table beyond EOD, truncated
[  158.490915][ T5952] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  158.505980][ T7414] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  158.539997][ T5952] usb 2-1: config 0 has no interface number 0
[  158.549459][ T7414] netlink: 24 bytes leftover after parsing attributes in process `syz.2.345'.
[  158.554123][ T5952] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  158.570006][ T5952] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  158.580327][ T5952] usb 2-1: config 0 interface 41 has no altsetting 0
[  158.592576][ T5952] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  158.602176][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.610894][   T24] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  158.611141][ T5952] usb 2-1: Product: syz
[  158.621616][ T5952] usb 2-1: Manufacturer: syz
[  158.626947][ T5952] usb 2-1: SerialNumber: syz
[  158.670630][ T5952] usb 2-1: config 0 descriptor??
[  158.681612][ T7405] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  158.689957][ T7405] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  158.703557][ T7414] netlink: 'syz.2.345': attribute type 10 has an invalid length.
[  158.730176][ T7414] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  158.909625][ T7405] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  158.927873][ T7405] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  158.971391][ T5942] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  158.983820][ T5942] usb 4-1: USB disconnect, device number 22
[  159.039461][   T24] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  159.049074][   T24] em28xx 5-1:0.89: board has no eeprom
[  159.334872][   T24] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  159.344973][   T24] em28xx 5-1:0.89: analog set to bulk mode.
[  159.351051][ T5942] em28xx 5-1:0.89: Registering V4L2 extension
[  159.544810][   T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  159.694903][   T43] usb 1-1: Using ep0 maxpacket: 32
[  159.710227][   T43] usb 1-1: unable to get BOS descriptor or descriptor too short
[  159.726596][   T43] usb 1-1: unable to read config index 0 descriptor/start: -71
[  159.753453][   T43] usb 1-1: can't read configurations, error -71
[  159.867722][ T7402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.978626][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  160.115406][ T7402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.123503][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.142829][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.153770][ T5942] em28xx 5-1:0.89: writing to i2c device at 0x4a failed (error=-5)
[  160.171714][ T5942] em28xx 5-1:0.89: writing to i2c device at 0x4a failed (error=-5)
[  160.185414][    T9] usb 3-1: Using ep0 maxpacket: 8
[  160.186764][   T24] usb 5-1: USB disconnect, device number 28
[  160.198786][ T5942] em28xx 5-1:0.89: writing to i2c device at 0x4a failed (error=-19)
[  160.198960][    T9] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  160.208993][   T24] em28xx 5-1:0.89: Disconnecting em28xx
[  160.251626][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.273868][    T9] usb 3-1: config 179 has no interface number 0
[  160.277190][ T5942] em28xx 5-1:0.89: Config register raw data: 0xffffffed
[  160.284397][ T5952] dm9601 2-1:0.41 (unnamed net_device) (uninitialized): MDIO read error: -71
[  160.303031][ T5942] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  160.305765][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  160.315196][ T5942] em28xx 5-1:0.89: No AC97 audio processor
[  160.331986][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.341600][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.360348][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  160.360531][ T5942] usb 5-1: Decoder not found
[  160.388378][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  160.409314][    T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  160.425394][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.438733][    T9] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  160.438742][ T5942] em28xx 5-1:0.89: failed to create media graph
[  160.438779][ T5942] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  160.465338][ T5952] dm9601 2-1:0.41 eth1: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, ae:d2:e1:a3:12:0f
[  160.688738][    T9] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  160.699582][ T5942] em28xx 5-1:0.89: Registering snapshot button...
[  160.700190][ T5942] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input14
[  160.704883][ T5942] em28xx 5-1:0.89: Remote control support is not available for this card.
[  160.704919][   T24] em28xx 5-1:0.89: Closing input extension
[  160.704934][   T24] em28xx 5-1:0.89: Deregistering snapshot button
[  160.708507][   T24] ==================================================================
[  160.708522][   T24] BUG: KASAN: slab-use-after-free in media_device_unregister+0x141/0x400
[  160.708554][   T24] Read of size 8 at addr ffff8880217a4210 by task kworker/1:0/24
[  160.708568][   T24] 
[  160.708577][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  160.708595][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  160.708607][   T24] Workqueue: usb_hub_wq hub_event
[  160.708629][   T24] Call Trace:
[  160.708634][   T24]  <TASK>
[  160.708641][   T24]  dump_stack_lvl+0x189/0x250
[  160.708661][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.708678][   T24]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.708696][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.708711][   T24]  ? lock_release+0x4b/0x3e0
[  160.708736][   T24]  ? __virt_addr_valid+0x1c8/0x5c0
[  160.708756][   T24]  ? __virt_addr_valid+0x4a5/0x5c0
[  160.708777][   T24]  print_report+0xca/0x240
[  160.708791][   T24]  ? media_device_unregister+0x141/0x400
[  160.708816][   T24]  kasan_report+0x118/0x150
[  160.708839][   T24]  ? media_device_unregister+0x141/0x400
[  160.708867][   T24]  media_device_unregister+0x141/0x400
[  160.708895][   T24]  em28xx_release_resources+0xac/0x240
[  160.708915][   T24]  em28xx_usb_disconnect+0x19f/0x2f0
[  160.708934][   T24]  usb_unbind_interface+0x26b/0x910
[  160.708958][   T24]  ? __pfx_usb_unbind_interface+0x10/0x10
[  160.708979][   T24]  device_release_driver_internal+0x4d9/0x800
[  160.709001][   T24]  bus_remove_device+0x34d/0x410
[  160.709025][   T24]  device_del+0x511/0x8e0
[  160.709042][   T24]  ? kfree+0x18e/0x440
[  160.709062][   T24]  ? __pfx_device_del+0x10/0x10
[  160.709077][   T24]  ? kobject_put+0x446/0x480
[  160.709104][   T24]  usb_disable_device+0x3e9/0x8a0
[  160.709126][   T24]  usb_disconnect+0x330/0x950
[  160.709144][   T24]  hub_event+0x1cf5/0x4a20
[  160.709172][   T24]  ? do_raw_spin_lock+0x121/0x290
[  160.709192][   T24]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  160.709217][   T24]  ? __pfx_hub_event+0x10/0x10
[  160.709243][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.709258][   T24]  ? lock_acquire+0x5f/0x360
[  160.709283][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.709304][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  160.709320][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  160.709336][   T24]  process_scheduled_works+0xade/0x17b0
[  160.709361][   T24]  ? __pfx_process_scheduled_works+0x10/0x10
[  160.709382][   T24]  worker_thread+0x8a0/0xda0
[  160.709406][   T24]  kthread+0x70e/0x8a0
[  160.709427][   T24]  ? __pfx_worker_thread+0x10/0x10
[  160.709442][   T24]  ? __pfx_kthread+0x10/0x10
[  160.709462][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  160.709482][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.709503][   T24]  ? __pfx_kthread+0x10/0x10
[  160.709522][   T24]  ret_from_fork+0x3f9/0x770
[  160.709538][   T24]  ? __pfx_ret_from_fork+0x10/0x10
[  160.709556][   T24]  ? __switch_to_asm+0x39/0x70
[  160.709577][   T24]  ? __switch_to_asm+0x33/0x70
[  160.709597][   T24]  ? __pfx_kthread+0x10/0x10
[  160.709616][   T24]  ret_from_fork_asm+0x1a/0x30
[  160.709643][   T24]  </TASK>
[  160.709649][   T24] 
[  160.709653][   T24] Allocated by task 5942:
[  160.709661][   T24]  kasan_save_track+0x3e/0x80
[  160.709680][   T24]  __kasan_kmalloc+0x93/0xb0
[  160.709700][   T24]  __kmalloc_cache_noprof+0x230/0x3d0
[  160.709720][   T24]  em28xx_v4l2_init+0x10b/0x2e70
[  160.709738][   T24]  em28xx_init_extension+0x11d/0x1c0
[  160.709753][   T24]  process_scheduled_works+0xade/0x17b0
[  160.709766][   T24]  worker_thread+0x8a0/0xda0
[  160.709780][   T24]  kthread+0x70e/0x8a0
[  160.709798][   T24]  ret_from_fork+0x3f9/0x770
[  160.709812][   T24]  ret_from_fork_asm+0x1a/0x30
[  160.709833][   T24] 
[  160.709837][   T24] Freed by task 5942:
[  160.709844][   T24]  kasan_save_track+0x3e/0x80
[  160.709862][   T24]  kasan_save_free_info+0x46/0x50
[  160.709877][   T24]  __kasan_slab_free+0x5b/0x80
[  160.709897][   T24]  kfree+0x18e/0x440
[  160.709914][   T24]  em28xx_v4l2_init+0x1683/0x2e70
[  160.709932][   T24]  em28xx_init_extension+0x11d/0x1c0
[  160.709948][   T24]  process_scheduled_works+0xade/0x17b0
[  160.709961][   T24]  worker_thread+0x8a0/0xda0
[  160.709975][   T24]  kthread+0x70e/0x8a0
[  160.709992][   T24]  ret_from_fork+0x3f9/0x770
[  160.710006][   T24]  ret_from_fork_asm+0x1a/0x30
[  160.710026][   T24] 
[  160.710030][   T24] The buggy address belongs to the object at ffff8880217a4000
[  160.710030][   T24]  which belongs to the cache kmalloc-8k of size 8192
[  160.710044][   T24] The buggy address is located 528 bytes inside of
[  160.710044][   T24]  freed 8192-byte region [ffff8880217a4000, ffff8880217a6000)
[  160.710061][   T24] 
[  160.710065][   T24] The buggy address belongs to the physical page:
[  160.710079][   T24] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x217a0
[  160.710097][   T24] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  160.710110][   T24] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  160.710128][   T24] page_type: f5(slab)
[  160.710143][   T24] raw: 00fff00000000040 ffff88801a442280 ffffea0000922a00 dead000000000003
[  160.710158][   T24] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  160.710173][   T24] head: 00fff00000000040 ffff88801a442280 ffffea0000922a00 dead000000000003
[  160.710187][   T24] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  160.710202][   T24] head: 00fff00000000003 ffffea000085e801 00000000ffffffff 00000000ffffffff
[  160.710217][   T24] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  160.710231][   T24] page dumped because: kasan: bad access detected
[  160.710243][   T24] page_owner tracks the page as allocated
[  160.710249][   T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5599, tgid 5599 (S50crond), ts 46693554686, free_ts 46692936889
[  160.710277][   T24]  post_alloc_hook+0x240/0x2a0
[  160.710299][   T24]  get_page_from_freelist+0x21e4/0x22c0
[  160.710314][   T24]  __alloc_frozen_pages_noprof+0x181/0x370
[  160.710330][   T24]  alloc_pages_mpol+0x232/0x4a0
[  160.710351][   T24]  allocate_slab+0x8a/0x370
[  160.710366][   T24]  ___slab_alloc+0xbeb/0x1410
[  160.710388][   T24]  __kmalloc_cache_noprof+0x296/0x3d0
[  160.710409][   T24]  tomoyo_init_log+0x111f/0x1f70
[  160.710423][   T24]  tomoyo_supervisor+0x340/0x1480
[  160.710437][   T24]  tomoyo_env_perm+0x149/0x1e0
[  160.710456][   T24]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  160.710476][   T24]  tomoyo_bprm_check_security+0x11c/0x180
[  160.710492][   T24]  security_bprm_check+0x89/0x270
[  160.710515][   T24]  bprm_execve+0x8ee/0x1450
[  160.710534][   T24]  do_execveat_common+0x510/0x6a0
[  160.710555][   T24]  __x64_sys_execve+0x94/0xb0
[  160.710573][   T24] page last free pid 5599 tgid 5599 stack trace:
[  160.710582][   T24]  __free_frozen_pages+0xbc4/0xd30
[  160.710604][   T24]  __put_partials+0x156/0x1a0
[  160.710616][   T24]  put_cpu_partial+0x17c/0x250
[  160.710630][   T24]  __slab_free+0x2d5/0x3c0
[  160.710644][   T24]  qlist_free_all+0x97/0x140
[  160.710661][   T24]  kasan_quarantine_reduce+0x148/0x160
[  160.710680][   T24]  __kasan_slab_alloc+0x22/0x80
[  160.710699][   T24]  __kmalloc_cache_noprof+0x1be/0x3d0
[  160.710719][   T24]  tomoyo_init_log+0x183/0x1f70
[  160.710733][   T24]  tomoyo_supervisor+0x340/0x1480
[  160.710747][   T24]  tomoyo_env_perm+0x149/0x1e0
[  160.710765][   T24]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  160.710784][   T24]  tomoyo_bprm_check_security+0x11c/0x180
[  160.710801][   T24]  security_bprm_check+0x89/0x270
[  160.710823][   T24]  bprm_execve+0x8ee/0x1450
[  160.710842][   T24]  do_execveat_common+0x510/0x6a0
[  160.710862][   T24] 
[  160.710866][   T24] Memory state around the buggy address:
[  160.710875][   T24]  ffff8880217a4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.710886][   T24]  ffff8880217a4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.710897][   T24] >ffff8880217a4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.710906][   T24]                          ^
[  160.710915][   T24]  ffff8880217a4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.710926][   T24]  ffff8880217a4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.710934][   T24] ==================================================================
[  160.710947][   T24] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  160.710958][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  160.710977][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  160.710987][   T24] Workqueue: usb_hub_wq hub_event
[  160.711008][   T24] Call Trace:
[  160.711014][   T24]  <TASK>
[  160.711020][   T24]  dump_stack_lvl+0x99/0x250
[  160.711039][   T24]  ? __asan_memcpy+0x40/0x70
[  160.711057][   T24]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.711076][   T24]  ? __pfx__printk+0x10/0x10
[  160.711103][   T24]  vpanic+0x281/0x750
[  160.711121][   T24]  ? __pfx_print_hex_dump+0x10/0x10
[  160.711144][   T24]  ? __pfx_vpanic+0x10/0x10
[  160.711167][   T24]  panic+0xb9/0xc0
[  160.711185][   T24]  ? __pfx_panic+0x10/0x10
[  160.711202][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.711218][   T24]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  160.711248][   T24]  ? media_device_unregister+0x141/0x400
[  160.711274][   T24]  check_panic_on_warn+0x89/0xb0
[  160.711296][   T24]  ? media_device_unregister+0x141/0x400
[  160.711321][   T24]  end_report+0x78/0x160
[  160.711342][   T24]  kasan_report+0x129/0x150
[  160.711365][   T24]  ? media_device_unregister+0x141/0x400
[  160.711393][   T24]  media_device_unregister+0x141/0x400
[  160.711421][   T24]  em28xx_release_resources+0xac/0x240
[  160.711441][   T24]  em28xx_usb_disconnect+0x19f/0x2f0
[  160.711460][   T24]  usb_unbind_interface+0x26b/0x910
[  160.711484][   T24]  ? __pfx_usb_unbind_interface+0x10/0x10
[  160.711506][   T24]  device_release_driver_internal+0x4d9/0x800
[  160.711527][   T24]  bus_remove_device+0x34d/0x410
[  160.711553][   T24]  device_del+0x511/0x8e0
[  160.711570][   T24]  ? kfree+0x18e/0x440
[  160.711590][   T24]  ? __pfx_device_del+0x10/0x10
[  160.711605][   T24]  ? kobject_put+0x446/0x480
[  160.711633][   T24]  usb_disable_device+0x3e9/0x8a0
[  160.711655][   T24]  usb_disconnect+0x330/0x950
[  160.711674][   T24]  hub_event+0x1cf5/0x4a20
[  160.711706][   T24]  ? do_raw_spin_lock+0x121/0x290
[  160.711727][   T24]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  160.711753][   T24]  ? __pfx_hub_event+0x10/0x10
[  160.711771][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.711786][   T24]  ? lock_acquire+0x5f/0x360
[  160.711811][   T24]  ? rcu_is_watching+0x15/0xb0
[  160.711826][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  160.711841][   T24]  ? process_scheduled_works+0x9ef/0x17b0
[  160.711857][   T24]  process_scheduled_works+0xade/0x17b0
[  160.711883][   T24]  ? __pfx_process_scheduled_works+0x10/0x10
[  160.711905][   T24]  worker_thread+0x8a0/0xda0
[  160.711929][   T24]  kthread+0x70e/0x8a0
[  160.711950][   T24]  ? __pfx_worker_thread+0x10/0x10
[  160.711966][   T24]  ? __pfx_kthread+0x10/0x10
[  160.711986][   T24]  ? _raw_spin_unlock_irq+0x23/0x50
[  160.712005][   T24]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.712026][   T24]  ? __pfx_kthread+0x10/0x10
[  160.712046][   T24]  ret_from_fork+0x3f9/0x770
[  160.712063][   T24]  ? __pfx_ret_from_fork+0x10/0x10
[  160.712081][   T24]  ? __switch_to_asm+0x39/0x70
[  160.712102][   T24]  ? __switch_to_asm+0x33/0x70
[  160.712123][   T24]  ? __pfx_kthread+0x10/0x10
[  160.712142][   T24]  ret_from_fork_asm+0x1a/0x30
[  160.712170][   T24]  </TASK>
[  160.712501][   T24] Kernel Offset: disabled