last executing test programs:

14.173649233s ago: executing program 0 (id=4691):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x100010, 0xffffffffffffffff, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x200)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000680)=0x7fff0000)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000002e40))
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000000c0)={0x24, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x100010, 0xffffffffffffffff, 0x0) (async)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x200) (async)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000680)=0x7fff0000) (async)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000002e40)) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) (async)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000000c0)={0x24, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)

10.975884132s ago: executing program 0 (id=4697):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001040", 0x38, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x8, {[@md5sig={0x13, 0x12, "345f8cf949a01b515682f44cecac91ba"}, @md5sig={0x1d, 0x2, "d2b653e0c9d32072c19dd6ca814b7d7b"}]}}}}}}}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000001ac0)=[{{&(0x7f0000000140)=@ax25={{0x3, @netrom}, [@default, @netrom, @netrom, @rose, @bcast, @default, @bcast, @rose]}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000200)=""/16, 0x10}, {&(0x7f0000000240)=""/247, 0xf7}, {&(0x7f0000000340)=""/45, 0x2d}, {&(0x7f0000000440)=""/114, 0x72}], 0x4, &(0x7f00000004c0)=""/10, 0xa}, 0x9}, {{&(0x7f0000000500)=@alg, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000580)=""/81, 0x51}, {&(0x7f0000000600)=""/246, 0xf6}, {&(0x7f0000000700)=""/118, 0x76}, {&(0x7f0000000780)=""/169, 0xa9}, {&(0x7f0000000880)=""/136, 0x88}, {&(0x7f0000000940)=""/78, 0x4e}, {&(0x7f00000009c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001a00)=""/173, 0xad}, 0x9}], 0x2, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r3, 0x1)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4)
recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a440000102e0d703010902bf0002010650000904000001020d00000524060001052400a9b30d240f01020000000300ff000606241a0c001407240a050905580c241b04000200a90c0900030424"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)

10.642458975s ago: executing program 4 (id=4701):
socket$kcm(0x29, 0x5, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x14, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x2})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

9.232587109s ago: executing program 1 (id=4702):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="380000003e0007012fbd7000fcdbdf25047c000004000000200001800600"], 0x38}}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r7)
r8 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r8, &(0x7f0000000440)=""/212, 0xd4)
write$tun(r3, &(0x7f0000004c40)=ANY=[@ANYRES64=r3], 0x4c2)
write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12)

9.231694105s ago: executing program 4 (id=4704):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01f, 0x324841)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r2 = syz_clone(0x10ae00, &(0x7f00000002c0)="c12ff9c0c8a5133ac894ec88fa0ab9360806aef9becf9d8cd3bd91b6cd2d6ffb44d0dc159f7169c25000d2072f7866b407dcc4ad891d8bebad3cb530be9a844ffcfac299254a76fa6bf0903b9a46d5d34387dd5417e47724fe0386fa10a31a5d3a2dc3dbe0c70fb92aafeb13a8bf8efa44241c7771c83d8df080b2d3265cefc168ae0e807ed598b0544b87a53d87096bca8fd5c80706854af3ac359557d025bef4b13c223775809f3302a00fd1c28ef445e09b8387c3eb6794780c81fb282a8537910540c340eea26efc5af1d4841147", 0xd0, &(0x7f00000000c0), &(0x7f0000000440), &(0x7f0000001940)="1857d698db77692d26d1a36fd53bd62e62c71e86be189927149f5e2ca2787a76f4d09639bb83247dcf27f1d46929f3287e1fac8baa0464a60a2de156754bece3c5b4f68bc885956eafe1b0d8d2705575099dba15d10ffd856208b477a7ca122f4435f0843762ff212b059044e7413a949f6fa015b23411147f9639e782567ba3f4992ff9e414c2b0daf534fd345e0719f31e1d6ccd8f500c43d4adb151cf7fc0d89fb21b0ff630aa411a069e65d4ef8a89b65267c622ba25e0f78d25a44e2312cb87c1f28885306abc6bc7bc376038b1bdc2450413768f533616346e8428ac8bff743885607b0bf5eab03bcc587bf3a6369b20b40a2561c819b5eac8c66daba2561db11a1399652271b29167d96dd741c113684251d15302c66e656a274b95f5e331ac28196a49437af058ad726df3949c73606a4176df07d38d2713dfd46bb4e4c47ba798eb3df4ca806ce9cd8e49efb8952d4918c38e07b2c2677d47bd3733a6818ea74c7f5a23ca083d4bd10281d128c1b52cad533dde7470fd09d62de26b4d346cbf03e2ad5345876a6bb743857564bc3f4334aca9af38d5ffee333c64b612b1edbbf8a14de1c210021dad95a05bd577111cdd60f702b170926c526cb0b43712d4de53735f70569e911174a148e6acf1d237edf376c0a656b29c907ae81506d5a7bd291179164d46ba4eccbe566f66e03b483f8a2bf709926fcac69da0101ea8635d41fba5149b3f12da892f1cb923d5f34aca67e4ecc8af399bd3a4fcac09c81aee8c447d88981d3e8b281cfcd2181aa72dc74d6ce9524bb2e6a2b74d8e1724364bd2d5eeeb88ceb55298166570f4a8046a4a07e898e59f057e31379562478e2e08c081f0b5d955313cb81deb9afbc5074cbfe6a76fc22935e0c44c7876a1befa70b0d2d10c0666456732c955618afac016c36788b88026dee0b7a4274b295b4808c8c91a5890e9add25e89b26e53ccc7bfcbf626afea7787a9e8c0c5e491c5fc497edd81230842b57aad8d005023d82786136488df0690861367f0443d7fdbeab64cafa451b5da53e6fb9893db342441744d7a1ebdebfbf80c1e4c7e2e0f19fb4b3f6f356c110f31d59fb62729c671102a80fc21860b2865b628ad41e741e5c87bcffad2a158906c71fb0b56b96f4fcd2d641c97b39fcc8cc3b4d5a8fc4651a007a9d343579a8e180b62955d842a37d84170339d08a173967bc044b9bc8ea6c21803af29594a7706dfeb08795776afd17fd91484b6233ec059884d13cfcba8ee21b70929225f1bd6a74db7e115e902293ce78fdaa5992d79253b9d7d392506a25901015b5339ed0fab6e0093dfe056a460cb57d1cc1af866f58f95bd58efe173143f2519f1b827c259ac6a91eea546f2aa9cbbbcf694064b8ba790f94e8490972b68c1b8ce6671fc3e57ed65a9fabe1e1e63f55edd26b5c887225f4ea68c21df39169a5ce1cded19a6a2bea854a62035d9ab3672e7dca47b83414f6a5e3c9b50639ee06c77259c3ad9587193edd9131db56f46bb78f70a2dfcebe3215c8f160df63fde32e5fa5a1a59810a440edc8299df91d4ca4cea0a58dfa802a67c2d8e951a3d16473947b34d20aadcfddd9281f08c7fe89cf2098412da83e7b5821f909e5dc3579d1cd462cae97584202bea73d5b56f24f37c6d1202795f9b46f83a204dfb11d67b62734f7f123ca10e72e12a70ec60ea9941f23f6b41e20463da6e0e5f65e2bb0daa224c351e137b2fb81ef62e33fae795dc1bed0887a625e033ada0b7a27c6ec8c25cd96d7e55fcf1844944a65b92f17a39f44551b3e37f388e0442c7e7e87d4defc6d3872611d4cea17254e1aa303d4946585597016768a23919a369b4b62d5a7a29921e2810419f8e36642163c826bf7307acb0a2ca9daf13c9c3c96a64139770534bf028957fbe5580d08b5a705e9b1de1f36639a500395428d8cdd94fc740dc5b1bdff796cf2c6ded3db815165e9c5362ad6a76ceecc43ec35afdc0865289f48275f50ee6d9a124d2edbe02795b0a3de961257ebe1d81667c8a7b7f89b27b8d0a861d640ebd2070301262be2eafde1cd60aca3f56f65e9c18a442749b8a43e4b8f91e56495b5bd98a3f8d3879677231e9e2a5bd6c264afb600c18e53d2309f5f7f295563f873ac935d6dc9e32571361f0d6ffa91cd236168aeb9da75cee45b32604f0c0b4765e19e5a8a3923fb94a68e82dc917bcce2dbd83e66820d0492e016d1aae436bf856487f0b4d066f7323ee81751ec6b80990241ece8f8a2580f426e403ea08902f46aad2e8e22c5fc3f1bd261bd31388e3254b77600aa1f4cc3f680afa9a08f74d54e0755eb27810c1ae1d80d79f2047002e68083ea156f683d6c1f09d87c2e862da9d51e10f6c0641ca81feaf72e1f10835303adfe3fee1ab40059704baa788032c5ee8166a0d5353fe66986266c566b5394dffc52d9fd476e826d0242b751c53d4f01d0830c25d377c4d69cbd4a23efede7b6a289d518f16844793b3cb1a428d52346f36c28709309f7707f96bf4f1857f74ea83d1ee74adb987b070e83c4a2a441740fbd8fe91f63038f29145d3c41751cd28440d864e4d646cb41d4cdd92ec864cb4b1196207652549ef76a254684b2c03e836aeca75373580c8eef373c2a98dd969c42a227b9fb9e96b36b7cd87c9be4aec99d0caaaacb3b791ae42e4e7568597a0580a3ade3d1397bda2fb01719a876e83df1268a66a3cd7b09f00b062e78f65cc29a1697db5f6de6da04051609876a4611b4b73809db21dcdefd70860b05eb600c539545c7cc922f9fe3d60a8c2575436b5efb9d494305a82775afc959222278bb7db44fe71ca4bd33a9af962e092984b1ac8b714e72cfec35ed9ba7bdf23b168282b16ac9a536da8b9328937c3f3cfbfeab54b3985bea9fd255e7ab112f6b0874c41009d53ca90917baf3e33a8c65dbc826f7388d5dbe93210e78f2f1ff0dc0cb67d87eec17e4d4e5adbb903dde7e658cc975685105a1d3b85cce1dba31562d9c4d5e02188992556c7981046f8c018c5076c8611c152dfed5cf66b44e6e2a4f3902c1084f5159be55ac5ffb21413087e0879db830c3f81b26ce667fac7e2067ad0e581dbc958bd4dcf65b9baf20cad335cb4c7ea71dbdbe258a9d081a642488d4448aa37715ad939a0025feb86fcd5160b672e219be5d31c930735aefca2ccb2e82e007a82b1b1312198a2fdc3fb2a652c0ed1c7d433bae85afd835c3c7ee4795a87cef9df682bae363fcac3b1105e914c270cc2eda0ea716360bb8c6421dbe529f7099f38eb560c64ebc42feb60f576b4ec167785799bb4bdf0cc920799e465ec44cdab042344b406b3258e0e9a5a05a9070d9d7308110119751d465611571c1b53a08725876217a679bd665b1800e5abb3498edb0f4a953f04e23a8a1001139d05fe7d41f945713330ba8296b30ae901177a5de862c9b8313758eb3861c7ba976a8041a9562ff754c04eb326caca3d289b5ab9114a20ac4142286348cc75725d7e3066a45b4611992630993ff12fe25d0ef357ea29ec877c85eab6701e9c2e2045456b3432a376189578cf356a25abc451d46ab75a625032d2fa898c29c85407968b87beb2a15b28ac5d1bd2e1e0ffc4ce086cabfd361b863ea07b21671124cba184898b0f99e9afc4087de3b85891d5e2cb9dcf936dce676181575112ebad52f9ea8742d14cd64fb653ad249fe4ff2ea359b4d803e6a28dc12e05b1c0038330c0b3a8f1e1b1cb33a3ade03925d041d2678d2545cf858875212bd05d0b9f4d27ac509d596ba1c5457d378b00e8cc8483118ed4582a2b5659c25fda7372bfc06688053bdb35b02493eb3b35d31fb99451eef0919cc692b4c3359cf2c988a48f1209bce35237a1e8445189212360917ddfe490f1b98449a207046b167ce3e5c00e6e93e86c860e474c7b37ffc9799ca4a7fcc952abb5e40f5c808f3fb23ce5f691462d9ec274a831b6eb8ced953a5c2408ce81fd629a94f904f82d045e1a6e24486f0579c68536d61de6292678f77d1c8bf9c21f6e5f2c2df0e473051fb06b41c0d55d4d4f80c58f66095e44527c7718bb24c1bfbafcb9a7d3d2138f2b09193f86fd9d381d03b21de25884e0150f514fab3d83a148db52152bee2f1102150bfa38db06c6119cdcea7339501630538254393d24d616f5205eb612103f25e54db9c850bd92f89dde32097f506e75ce7869c874267844ed36ca99b13192472a3bd5e8f1751519ffdd392e819cf80ac96e50425c9898f29ccce0ec278b143224742f82de61d1ebfef57cd2c28702ca86cce7d788cb7b4a363f407fa56670609133340e283d73a8daad39d0ab33b50a7d79")
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000400)={0x1, r2})
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000040)={0x6, 0x0, [{0xa50, 0x0, 0x5}, {0x830, 0x0, 0x1}, {0x27e, 0x0, 0x8000000000000000}, {0x3fd, 0x0, 0x81}, {0x998, 0x0, 0xc19}, {0x849, 0x0, 0x9}]})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000001800)={'#! ', './file1/../file0', [{0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xff\xff\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\x8d5\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x86\xca\xd0k\xb0\x1b\xe96\xedpm\xcc\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\xf7\x81\xf4\xa9j\xc9\xbb\xf8\xf2K\"\x86\xf5h\xf5;\xd2\xaf\x9b\xea\xef-\xd7\xd6\xfa\x97-*\\\x98bE\r\xdc\x89\xd8&\x91\x1c+\x15\x89\xd7\xa7ceT\xea`5\xf9\x88\n \xdcA\xa6\x10\x93\"\xa4Y\x84\xee\xb2\xf9\xa9\x80uf\xab\xb3\xd1\x10i\x94x\x0f\xee\x94j2\xf9\x9ah\xf3b\x19P4\\\xad\xbaX]\xbc\xbbTA\x17d\a\x8fa\xe0\xc3K\x959'}], 0xa, "0002783348b29e7bcaf3e29c2593b929f38db16e33ea96f57d"}, 0x10e)
write$UHID_INPUT(r3, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x482, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r5, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x18, 0x0, 0x73976972ba3f4b55, 0x0, 0x0, {0x8}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000140)=0xa, 0x4)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
fremovexattr(r6, &(0x7f0000000040)=@known='system.sockprotoname\x00')
syz_emit_ethernet(0x2e, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
prctl$PR_CAPBSET_DROP(0x18, 0x2)
capset(&(0x7f0000000100)={0x19980330}, &(0x7f0000000140)={0x3, 0x7, 0x1d000000, 0xffff4ae5, 0xffffffff, 0x511c})
capset(&(0x7f0000001400)={0x19980330}, &(0x7f0000001440)={0xeff9, 0x1, 0x6, 0x6, 0x6, 0xfffffffa})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0)
msync(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6)
syz_emit_ethernet(0x2a, &(0x7f00000003c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @random, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x9, @multicast, @private=0xa010102, @local, @dev={0xac, 0x14, 0x14, 0xe}}}}}, &(0x7f0000000480)={0x0, 0x3, [0xbcd, 0x7e5, 0x44f, 0xbf0]})
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x7c, 0x8000000000003, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c5500c30003000800000008000200190000000000000000000b00", [0x400004, 0xffffffffffffffff]}})

9.142908313s ago: executing program 3 (id=4705):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = epoll_create1(0x0)
unshare(0x4000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r3, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)

9.051662135s ago: executing program 4 (id=4706):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x7, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x4})
fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x0, 0x0, 0x2})
fcntl$lock(r2, 0x6, &(0x7f0000000000))
r3 = getpid()
ptrace$ARCH_MAP_VDSO_64(0x1e, r3, 0x2, 0x2003)
sched_setattr(0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
rseq(0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_open_dev$vcsn(&(0x7f00000002c0), 0x80000, 0x200002)
r5 = openat$binderfs(0xffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x806, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r5, 0xc018620c, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x700})
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x20, 0x12, 0xa01, 0x4, 0x3000000, {0x80, 0x2}, [@nested={0xc, 0x0, 0x0, 0x1, [@nested={0x5, 0x135, 0x0, 0x1, [@generic="cd"]}]}]}, 0x20}}, 0x0)
preadv2(r7, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/78, 0x4e}, {&(0x7f0000000200)=""/69, 0x45}, {&(0x7f0000000380)=""/170, 0xaa}, {&(0x7f0000000440)=""/87, 0x57}], 0x4, 0x2, 0x4, 0xa)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784c", 0x1f)

8.2584189s ago: executing program 2 (id=4707):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x1800000b, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @remote}}}, 0x108)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000340)=ANY=[], 0x0)
sendmsg(r4, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800)
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
r6 = socket(0xf, 0xa, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000040)={0x1d, r7, 0x8000000000000002, {0x2, 0x1}}, 0x18)
sendmmsg$unix(r6, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000300)="eac8b532", 0x4}], 0x2, 0x0, 0x0, 0x810}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r6, 0x111, 0x1, 0xfffffff3, 0x4)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

7.460800495s ago: executing program 0 (id=4708):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc010)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0xd231c4f959ad4808)
r2 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x7, 0x4002}, 0x90)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x5, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000004)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x74, 0x0, 0x0, 0x7fff0000}]})
fsopen(0x0, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

7.361042036s ago: executing program 3 (id=4709):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
mmap(&(0x7f0000287000/0x1000)=nil, 0x1000, 0x300000a, 0x4000010, r0, 0x4004000)
mbind(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000000000)=0x1, 0x0, 0x3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
fchmod(r0, 0x12)

7.010052435s ago: executing program 1 (id=4710):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
r2 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x10, 0x6, @link_local}, 0x14)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x30, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x80}, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x100, {0x9, 0x6, "506380", 0x1, 0x6c, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1}}}}}}}, 0x0)

6.670573627s ago: executing program 1 (id=4711):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
connect$unix(r0, &(0x7f0000000580)=@abs={0x1, 0x0, 0x4e20}, 0x15)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@my=0x0})
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r6, 0x7a6, &(0x7f0000000040))
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYRES8=r7, @ANYRES64=r1], 0xc4}}, 0x0)
r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x6, 0x1)
ioctl$EVIOCGSW(r8, 0x8040451b, &(0x7f0000000400)=""/106)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r10, 0x4020aed2, &(0x7f0000000500)={0xeeef0000, 0x39237680e25edb43, 0x8})
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="11072abd7000fcdbdf250500000008000300b8"], 0x1c}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000)
shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000100)=""/143)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x2, &(0x7f00000004c0)=[{0xb212, 0x4, 0x59, 0x40}, {0x81, 0xc7, 0x6, 0x5}]})

6.416874308s ago: executing program 4 (id=4712):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x1, @empty, 0xffbffffe}, 0x0, {[0x9, 0x0, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x7]}}, 0x5c)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x303}, "ae7e447394f2c4ee", "b607fb99b52c115477681d7206781a06", "0e8a7508", "9a18a62955b60623"}, 0x28)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r4, &(0x7f00000006c0)=[{&(0x7f00000005c0)="23ccaba1401d36d3d03d682ba47a8c2e0c5a5a5ed9131f73330e9e04295317ff97adac5549724581ef66f12aab8672659fb2b2b1f47546616b1e6f350a5bab3e49c7e52d6451f736cc13dbaa0792b73eda52278a769ee442ffd157512eae59b17dadfcb93af0a51fef7706dcd70f7d06e5409833e8cd578e5f73661abedacab46e02d12fbe7c3d9e54f068e26a20d338e6cc8316f6ad768c9c3d411dd535434386ccf1a972f547595740eac2b50108a4c2a264267ca6a64dd01a046829db5183c4d36dd8df2ad10f92dacfdebeca046a", 0xd0}], 0x1)
ioctl$NBD_DISCONNECT(r4, 0xab08)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r4, 0x4068aea3, &(0x7f0000000240))
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f0000000040)=0x200, 0x8)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x474283, 0x0, 0x14}, 0x20)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)=0x3)
ioctl$TIOCSSOFTCAR(r7, 0x541a, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000013c0)=@newtfilter={0x88c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0xfff3, 0x3}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x860, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_POLICE={0x848, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x8, 0x10, 0xb, 0x70000000, {0x3, 0x1, 0xfff, 0x5, 0x3400, 0x2d2b}, {0x2, 0x2, 0x7f, 0x7, 0x2, 0x7}, 0xb6f, 0xffff, 0x7ff}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7f, 0x6, 0x9, 0xe, 0x7, 0x70, 0xfffffffa, 0xe2c, 0x7, 0x2c7, 0x9805, 0x8, 0x0, 0x1, 0x800, 0x1, 0x8, 0x9cda, 0x0, 0x7ff, 0xaf, 0x9, 0xffffa58d, 0x9, 0x5, 0x1, 0x5, 0x44, 0xe, 0x5784, 0xddc, 0x7, 0x9, 0x9, 0x1000, 0x2, 0x3, 0xa9ea237, 0x4c3f, 0x8, 0x3, 0xb8, 0x81, 0x5, 0x1, 0xfffffff8, 0x7ff, 0x3, 0x0, 0xa41, 0x2, 0x6, 0x40000000, 0x8, 0x7, 0xcb0a, 0x5, 0x5, 0x7, 0x2, 0x80000000, 0x5, 0xfffffff5, 0x0, 0xc, 0x7, 0x1, 0x9, 0x1, 0x200, 0x93, 0x47cb, 0x53, 0xc, 0x81, 0x1400000, 0x101, 0x1, 0x9, 0x2, 0xfffffff7, 0x4, 0x8, 0xee, 0x8, 0xa131, 0x4, 0x885e, 0x6, 0x200, 0x3ff, 0x4, 0x3, 0x3590, 0x1dcea407, 0x40, 0x9, 0x0, 0x24000, 0x4, 0x5c35, 0xca3, 0x81, 0xfff, 0xfffffffe, 0xd1, 0x5486, 0x1, 0x266100a9, 0x80000000, 0x4, 0xb7b, 0x7, 0x8, 0x1000, 0xa0, 0x7748, 0x1, 0xfffffa6d, 0x10, 0x6, 0x128e5fcd, 0xfff, 0xfffffffa, 0x1, 0x8, 0xf, 0x4, 0xe, 0xe, 0x8, 0x8, 0xed4, 0x8000, 0x1755, 0x8, 0x7, 0x1, 0xdf3b, 0x0, 0x8001, 0x4, 0x8, 0x4, 0x6, 0xf3, 0xff, 0x8001, 0x7, 0x1000, 0x8, 0x2, 0x8, 0x80, 0x7, 0x2, 0xffffffc0, 0x8, 0xed0, 0x5, 0x4, 0x6, 0x3, 0x1000, 0x7f, 0x8, 0xfffff694, 0xffffc4e5, 0x3, 0x5, 0xb, 0xf4c, 0xe1, 0x1, 0x5, 0x80000001, 0x0, 0x8506, 0xff, 0x3, 0xd81, 0x3, 0x7ff, 0x8, 0x6, 0x6, 0x6, 0x7, 0x30, 0x8, 0xe, 0x2, 0x8, 0x5, 0x0, 0x3, 0x7, 0x600, 0x2fc6, 0x800, 0x101, 0x8, 0x297, 0x59, 0x5, 0xd, 0x9, 0x0, 0x7ff, 0xe12, 0x4, 0x7, 0xf26d, 0x8000, 0x9, 0x1c47, 0x1e, 0xfffff001, 0x1, 0x54d3, 0xe567, 0x6, 0x80000001, 0x7, 0x7fff, 0xfffffeff, 0x4, 0x0, 0xffff, 0x3, 0x7, 0x7fe, 0x3ff, 0x9, 0x7, 0x99, 0x505, 0x6, 0x8, 0x0, 0xb8, 0x6, 0x3, 0x0, 0x1, 0xffffff72, 0x9, 0x2, 0x1, 0x0, 0x800, 0x9, 0x80, 0x7, 0xd6e7, 0x8]}, @TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x7, 0x4, 0x7, 0xffff, 0x22a, 0x2, 0x9, 0x4, 0x28, 0x4, 0x8b, 0x7, 0x7fffffff, 0x1, 0x1, 0x3, 0x9, 0x2, 0x8, 0x8, 0xb, 0x40, 0x7ffffffd, 0x2, 0x9, 0x1ff, 0x8f0, 0x800, 0x0, 0x9f7d, 0x8, 0x7, 0x8, 0xb, 0x101, 0x100, 0xffffffff, 0x9, 0x59, 0x2, 0x0, 0x5, 0x8, 0x4, 0x0, 0x3, 0x2, 0x0, 0x200, 0x7, 0x5, 0x6, 0x200, 0x7fffffff, 0x27, 0xfffffff4, 0x0, 0x5, 0xffffffff, 0x1, 0x8, 0xab0, 0x17518, 0x0, 0x2000002, 0x3, 0x10000, 0x8, 0x3, 0x4d74, 0x89, 0x9, 0x8f44, 0xf, 0x3, 0x2, 0x950, 0x5, 0x8, 0xe8, 0x1, 0x3, 0x9, 0x0, 0x7, 0x4, 0x7, 0x6, 0x80000000, 0x12, 0x8, 0x3, 0xd, 0xfffffffe, 0x7, 0x6f94, 0x6, 0x9, 0xa, 0x75, 0xfffffffa, 0x8, 0x1, 0xd69d, 0x1, 0x3, 0x1, 0x872, 0x0, 0x8, 0xb1, 0x8, 0x84e3, 0x1, 0x2, 0x6, 0x6, 0x6, 0x8, 0x4, 0xffffffff, 0xfffffff9, 0x7, 0x6, 0x7ff, 0x5323, 0x4, 0x7fffffff, 0x1, 0xd, 0x200, 0x9a, 0x9, 0x3549, 0xfffffff7, 0x81, 0x6, 0x7, 0x6, 0x4, 0xff, 0x101, 0xfff, 0x7, 0xf287a40, 0x800, 0xfffffff8, 0x2, 0xd, 0x5, 0xfe53, 0x294, 0xd15b, 0x0, 0x8000, 0x200, 0xb, 0x9, 0xffffffff, 0xc94c, 0x9, 0x101, 0x6, 0x6, 0xffffff4c, 0x2, 0x7f, 0xfc, 0x0, 0xffffffff, 0x3ff, 0x400, 0x4, 0x0, 0x1, 0x8000, 0x0, 0x8, 0x8000, 0x1ff, 0x8881, 0x4, 0x2, 0x5, 0x5, 0x1, 0xc, 0x10, 0x2, 0xe, 0x5, 0x3, 0x5, 0xffb7, 0xb, 0x7, 0x80000000, 0x8, 0x6, 0x1ff, 0x5d, 0x40000, 0xb, 0x40, 0x5, 0x5, 0x8, 0x2aacb09, 0xd30e, 0x7, 0x10001, 0x8, 0xfff, 0x1000, 0x0, 0x0, 0xa4, 0x7, 0x0, 0xc0, 0x6, 0x784, 0x2, 0xe76d, 0x0, 0xfff, 0x1, 0x80000001, 0x6, 0x9, 0x6, 0x7, 0x1, 0x1, 0x0, 0x0, 0x4, 0x1, 0x4, 0x94e6, 0x80000000, 0xee2, 0x8, 0x9, 0x5, 0x2, 0xfffff800, 0x400, 0x8, 0xfff, 0x2, 0x8, 0x5, 0x5, 0x5a9]}]}]}}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004804)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r10, 0x84, 0x2, &(0x7f0000000140)={0x56c, 0x4, 0xbbf7, 0x9}, 0x8)

6.355157513s ago: executing program 3 (id=4713):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x64, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x40}, 0x94)
r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYRES64=0x0, @ANYBLOB="e9d0dd2d75eab308387378f642a64a6bd6d5e5e0e86a06614f39fe1d8578fecb2616ba08df756f13fdc3512b816a1275da95414e4ce0c8f31120c5e69c1fc6238f846ec4d2d0c8c0f27ffc8c9d37956dc87d2636566d4d1449f7189c", @ANYRESHEX=r0], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0xfffffffffffffc4a}})
syz_open_dev$char_usb(0xc, 0xb4, 0x22000004)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
syz_usb_disconnect(r1)
ioctl$SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, 0x0)

5.685608912s ago: executing program 2 (id=4714):
r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x86) (async)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) (async)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x157]}, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x9c385212e6415ae8, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fffffff}]})
listxattr(0x0, 0x0, 0x0) (async)
r3 = syz_io_uring_setup(0x6934, &(0x7f0000000300)={0x0, 0xd615, 0x10100, 0xffffffff, 0x100000, 0x0, r2}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
ioctl$KVM_CAP_HYPERV_TLBFLUSH(r2, 0x4068aea3, &(0x7f0000000440))
close(r6) (async)
r7 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x15a}) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x0) (async)
io_uring_enter(r7, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) (async)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffe}}) (async)
io_uring_enter(r3, 0x44fd, 0x3, 0x1, 0x0, 0x0) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r9, &(0x7f0000000000)={0x0, 0x31, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r10, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x9, 0x13, @l2={'ib', 0x3a, 'team0\x00'}}}}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x200c48a4) (async)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r10, 0x20, 0x70bd26, 0x25dfdbfe, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", ""]}, 0x28}}, 0x4) (async)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8) (async)
r11 = gettid()
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r11}, &(0x7f0000044000)=<r12=>0x0)
timer_settime(r12, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
r13 = fsmount(r0, 0x0, 0x0)
renameat2(r13, &(0x7f0000000340)='./bus\x00', r13, &(0x7f0000002200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

5.520142443s ago: executing program 2 (id=4715):
r0 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0xa00, 0x6, 0x0) (fail_nth: 2)

5.471783287s ago: executing program 0 (id=4716):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x884, 0x2c, 0xd27, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xd, 0xffff}, {}, {0x5}}, [@filter_kind_options=@f_basic={{0xa}, {0x854, 0x2, [@TCA_BASIC_POLICE={0x850, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x5, 0x41, 0x7fffffff, 0x68, 0x5, 0x2, 0x2000, 0x8, 0xd74c, 0x8, 0xa, 0x4, 0x5, 0x2, 0x7, 0xfffffffd, 0xb, 0x1, 0x0, 0x1ff, 0x4, 0x8, 0x5, 0x0, 0x4, 0x7fffffff, 0xf52, 0x2, 0x3, 0x9, 0x2, 0x2, 0x40, 0x1, 0x7, 0xb067, 0xd, 0x0, 0x3, 0x3, 0xb, 0x7, 0x1, 0x2, 0xff, 0x6, 0x5c, 0x400, 0x3, 0x3, 0x6, 0xda4, 0x201, 0x3, 0x8, 0xfffffff9, 0x1, 0x8, 0x9, 0x6, 0x0, 0x5, 0x2, 0x5, 0xc, 0x5, 0x101, 0x4, 0x9, 0xfffffffb, 0x3, 0x80000000, 0xfffffff7, 0x7ff, 0x0, 0x4, 0x499, 0x8, 0x7, 0x0, 0xffffff7f, 0x3, 0x6, 0x2, 0xf633, 0xf1, 0xa, 0x2, 0xfffffff6, 0x2, 0xff, 0x40, 0x1, 0x3, 0x8000, 0x3, 0x9, 0x456, 0x0, 0xeb, 0xffffffff, 0x9, 0x8, 0x40, 0x3, 0x9, 0xe, 0x4962, 0x5, 0x76d, 0xb, 0x54b, 0x8, 0x7, 0x1, 0x9, 0x3, 0x81, 0x6, 0x6, 0x7, 0x1, 0x2, 0x2, 0x80000001, 0x8, 0xffffffff, 0x9aba, 0x1e3, 0xc, 0x80, 0x5, 0x8000, 0x4, 0x400, 0x401, 0x90, 0xa60, 0x6, 0xffffff25, 0x0, 0x2, 0x9a, 0x80, 0x0, 0x7f, 0x5, 0x9, 0x10000, 0x618a, 0x6, 0xfffffff3, 0x0, 0x80000000, 0xf, 0x3, 0x2, 0xd, 0x7fff, 0x400, 0xffff8001, 0x5, 0x9, 0x9, 0x8001, 0x0, 0x6, 0x9, 0x10001, 0xc, 0x1, 0xb, 0x98000000, 0x5, 0xfffffff7, 0x0, 0x4, 0x2, 0x6, 0x9, 0x4, 0x6, 0x10000, 0x200, 0x4, 0x6, 0x7fffffff, 0x1ff, 0x8, 0x7b4c, 0x4b7b, 0x8, 0x7fff, 0xe66d, 0x40, 0x1, 0xfffffff7, 0x6, 0x19c, 0x3, 0x101, 0x10000, 0x6, 0x9, 0xb2, 0x7, 0xfb1, 0x6, 0x8, 0x200000, 0x81, 0x3, 0xfffffffd, 0xfffffff9, 0x2, 0x0, 0x8001, 0x2, 0x1000, 0x8, 0x7fe00000, 0x4, 0x8, 0x1, 0xfffffff1, 0x7, 0x4, 0x8fad, 0xbb, 0x3, 0x4, 0x80000000, 0xfffffff8, 0x1, 0x8, 0x8, 0x7, 0x0, 0x0, 0x1, 0xb, 0x3, 0x8, 0x7, 0x2, 0x82a, 0x401, 0x50b, 0xfdb4, 0x8000, 0x4, 0x3, 0x586, 0x9, 0x1c]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x2, 0x2, 0xd, 0x50000000, 0x1ff, 0x8530, 0x3ff, 0xc0, 0x3, 0x2, 0x8, 0x8276, 0x6, 0x9cb6, 0x44bd4947, 0x9, 0x7, 0x10001, 0x200, 0xfff, 0xffff7360, 0xf, 0xb, 0x5, 0x4, 0xfffeffff, 0xfff, 0xffff, 0x7fff, 0x0, 0x1, 0x3, 0x4, 0x0, 0x0, 0x2, 0xffff0000, 0x3, 0x0, 0x3, 0x6, 0x2, 0xa, 0x3, 0x6509, 0x4, 0x8, 0xd83, 0xff, 0x8000, 0x101, 0x6, 0x20000000, 0x3, 0xa77, 0xa64d, 0x8, 0x1c1a, 0x0, 0x8, 0x40, 0x0, 0x2, 0x9, 0x4c, 0xd55, 0x5068f63a, 0x7, 0x5b, 0x40, 0x9, 0xfffffffd, 0x9, 0xb6d, 0x2e, 0x31, 0x9, 0x9e4, 0x1, 0x1, 0x10000, 0x401, 0x3, 0x7ff, 0xe31d, 0x400, 0xfc40, 0x5, 0x2, 0x10, 0x7, 0x7fff, 0x3, 0x2, 0x1, 0xa, 0x6, 0x81, 0xd0, 0x1, 0xe, 0xe0, 0xc0000, 0x8, 0x6, 0x6, 0x0, 0x6, 0x2, 0x80, 0x1, 0x8, 0x0, 0x9, 0x8, 0x3, 0xfffffff8, 0x9, 0xe85, 0x8000, 0x7, 0x5, 0x1, 0x2, 0x2, 0x2, 0x3, 0x4, 0x0, 0xf274, 0x4, 0x3, 0x1, 0x8, 0x0, 0x6, 0x10, 0x5, 0x1000, 0x5, 0x4, 0x4, 0x8, 0x2, 0x0, 0x3, 0x4ef, 0x81b1c8ea, 0x1, 0x2, 0x6, 0x7, 0x1, 0x0, 0x35, 0x1, 0x401, 0x3, 0xff, 0xd7, 0x2, 0x9, 0x1, 0xba1c, 0x5, 0x0, 0x1, 0xfff, 0x3, 0x4, 0x67c36367, 0x6, 0x7, 0x2, 0x83a, 0x942, 0x10, 0x1, 0x10001, 0x8, 0x3, 0x254, 0xffffffff, 0xecdb, 0x9, 0x200, 0x1000, 0x5, 0x2, 0x8, 0x100, 0x7fffffff, 0x78, 0xfffffffa, 0x0, 0x0, 0xc, 0x1ff, 0xee48, 0x0, 0x9, 0x1, 0x1, 0x1, 0x2, 0xe, 0x8, 0x3, 0x1000, 0xd0e, 0xc6, 0x1, 0xcf5, 0xb20, 0x4, 0x9a51, 0x8bd0, 0xce, 0x80, 0x0, 0x9, 0xd6, 0xc81, 0xfff, 0x4, 0x200, 0x0, 0x6, 0x8, 0x101, 0x32, 0x9dd, 0x7, 0x100, 0x38, 0xe, 0x6, 0xe, 0x6, 0x100, 0x6, 0x8, 0xb, 0xffff3583, 0x7, 0x9, 0x5, 0xfffffff9, 0x9db, 0x80000001, 0x5, 0x6ac6, 0x1000, 0x1, 0xfb]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffffb}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x3, 0xc, 0x6, {0x6, 0x0, 0x3, 0xd42, 0x8, 0x4}, {0x7, 0x0, 0x5, 0x7, 0x3, 0x2}, 0x3, 0x7ff, 0x3}}]}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

5.153232487s ago: executing program 2 (id=4717):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6(0xa, 0x5, 0x6)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffff5d}, 0x1c)
listen(r0, 0x50)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000000)=0x7fd, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty, 0x4}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$kcm(0x29, 0x5, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r2, 0x81044804, &(0x7f0000000400)={0x1, 0x2})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$lan78xx(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000500)={0x18, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="005f0b72089e9e58aac329374b53d8b1453606"], &(0x7f0000000440)=ANY=[], 0x0, 0x0}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

5.115607611s ago: executing program 0 (id=4718):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @local=@item_4={0x3, 0x2, 0x0, "53743ff6"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0xa0000)
ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000200)=""/198)

4.964870855s ago: executing program 4 (id=4719):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a0102030109022400010700800b0904bb06023ae50400"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f0000000e80)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="400d21000000de"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4733, 0x10100, 0x0, 0x24d, 0x0, r4}, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x1200}, 0x1})
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x84080)
write$P9_RRENAME(r8, &(0x7f00000000c0)={0x7, 0x15, 0x2}, 0x7)
io_uring_enter(r5, 0x234f, 0xb1e6, 0x1, 0x0, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r9, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r9, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)='(', 0x1}], 0x1}}], 0x1, 0x40000)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r10, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r11 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r11, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="2400000020000103000000004000000002000000000000040000000008001b"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x4044004)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
socket(0x2, 0x80805, 0x0)
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r12, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)

4.718077551s ago: executing program 1 (id=4720):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
lstat(0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x20000000}}, &(0x7f00000003c0)='GPL\x00', 0xc, 0x1005, &(0x7f0000001840)=""/4101, 0x0, 0x20}, 0x94)
r0 = fsmount(0xffffffffffffffff, 0x1, 0xf4)
connect$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0x2, @loopback}}, 0x1e)

3.300047947s ago: executing program 3 (id=4721):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
timer_create(0x0, 0x0, &(0x7f0000000000)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r1)
r2 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r2, &(0x7f0000000440)=""/212, 0xd4)
write$tun(0xffffffffffffffff, &(0x7f0000004c40)=ANY=[@ANYRES64], 0x4c2)

3.220636693s ago: executing program 3 (id=4722):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r3 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@private=0xa010102, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x2, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x3502, 0x1, 0x0, 0xfb, 0x6, 0x9}}, 0xe4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000000, 0x0, 0x9, 0xb49, 0x800009, 0x8, 0x9}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b750009058389b5"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x101000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40881)
unshare(0x2c060000)
unshare(0x24020400)
unlink(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00')
sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)='i', 0x1, 0x4050, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r6 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r6, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001032cbd700efffbdf2502000000000000010000000008002c004e244e24"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.069458565s ago: executing program 1 (id=4723):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
get_thread_area(&(0x7f0000000000)={0xc})
r0 = openat$dir(0xffffff9c, &(0x7f00000000c0)='./file0\x00', 0x10002, 0x22)
r1 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x200, 0x80)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10)
bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x2}}, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x1, 0xfffffffd}}, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd1, &(0x7f0000000140)=0x3, 0x4)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
r7 = socket$inet6(0xa, 0x8000000000080001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x84)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="010000000a00460400000007ff010000000000000000000000000001faffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000838b77af9554e48583dd5dfcdb88d82eec26c714663d450c8d6e268a588acdce7cc7c79656578a4fa20f13e63d9756feddfb1c07bd725830c7ae8ebcc9c2936dce14637d53ed65ccaf209a8b20849aced4ef04b80f0dcce14b66a7a2e04de79ffca5e63ac130dbed305a0070813c943b9c48427e39c4aa9f0aafd4049ebc05cdb15a67976db5ad1dae653a59de7b4c9cca"], 0x8c)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0xfffffffe, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40010)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0xfffffffffffffd2e, 0x8000, 0x3}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x4, 0x1c1301)

1.987102518s ago: executing program 2 (id=4724):
unshare(0x20000400)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x356}, &(0x7f00000008c0)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x70a, 0x41e3, 0x0, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0x6, 0x0)
write$binfmt_misc(r5, &(0x7f0000000140)='N', 0x1)
connect$pppl2tp(r5, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x2, 0x2, 0x1, {0xa, 0x4e23, 0xe2a, @local, 0x400}}}, 0x32)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0)

1.871992547s ago: executing program 0 (id=4725):
syz_usb_connect(0x0, 0x51, &(0x7f0000000000)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63dd0000000009050300000000000009050cf2010002060209050f000000400000090507c6"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$swradio(&(0x7f0000000300), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000008c0)={0xb, @pix_mp={0x0, 0x38305543}})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$hwrng(0xffffff9c, &(0x7f0000000080), 0x581000, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000640)={<r4=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000080)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xffffffff, @empty, 0x2}, {0xa, 0x4e23, 0x8, @mcast2, 0x1}, r4, 0x1}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r4, 0x5}}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@ipv4_newaddr={0x34, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1f}, [@IFA_LOCAL={0x8, 0x2, @private=0xa010100}, @IFA_CACHEINFO={0x14, 0x6, {0x42f, 0x2, 0x0, 0x2}}]}, 0x34}}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x181c82, 0x0)

1.401039434s ago: executing program 1 (id=4726):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000000040)=0x10000, 0x4)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)}], 0x1}, 0x4048043)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x5c)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
listen(r2, 0x8)
accept4$inet(r2, &(0x7f0000000100), 0x0, 0x80800)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$vhost_vsock(0xffffff9c, &(0x7f0000000240), 0x2, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
accept4(0xffffffffffffffff, &(0x7f0000000040)=@alg, &(0x7f00000000c0)=0x80, 0x80800)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x481, 0x0)
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40603d07, &(0x7f0000000180)={0xfffffffe})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x5)

935.344879ms ago: executing program 2 (id=4727):
socket$kcm(0x29, 0x5, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x14, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x18, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="005f0b72089e9e58aac329374b53d8b1453606"], &(0x7f0000000440)=ANY=[], 0x0, 0x0}, 0x0)

773.576346ms ago: executing program 4 (id=4728):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="380000003e0007012fbd7000fcdbdf25047c0000040000002000018006000600800a000014"], 0x38}}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r7)
r8 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r8, &(0x7f0000000440)=""/212, 0xd4)
write$tun(r3, &(0x7f0000004c40)=ANY=[@ANYRES64=r3], 0x4c2)
write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12)

0s ago: executing program 3 (id=4729):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x884, 0x2c, 0xd27, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xd, 0xffff}, {}, {0x5}}, [@filter_kind_options=@f_basic={{0xa}, {0x854, 0x2, [@TCA_BASIC_POLICE={0x850, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x5, 0x41, 0x7fffffff, 0x68, 0x5, 0x2, 0x2000, 0x8, 0xd74c, 0x8, 0xa, 0x4, 0x5, 0x2, 0x7, 0xfffffffd, 0xb, 0x1, 0x0, 0x1ff, 0x4, 0x8, 0x5, 0x0, 0x4, 0x7fffffff, 0xf52, 0x2, 0x3, 0x9, 0x2, 0x2, 0x40, 0x1, 0x7, 0xb067, 0xd, 0x0, 0x3, 0x3, 0xb, 0x7, 0x1, 0x2, 0xff, 0x6, 0x5c, 0x400, 0x3, 0x3, 0x6, 0xda4, 0x201, 0x3, 0x8, 0xfffffff9, 0x1, 0x8, 0x9, 0x6, 0x0, 0x5, 0x2, 0x5, 0xc, 0x5, 0x101, 0x4, 0x9, 0xfffffffb, 0x3, 0x80000000, 0xfffffff7, 0x7ff, 0x0, 0x4, 0x499, 0x8, 0x7, 0x0, 0xffffff7f, 0x3, 0x6, 0x2, 0xf633, 0xf1, 0xa, 0x2, 0xfffffff6, 0x2, 0xff, 0x40, 0x1, 0x3, 0x8000, 0x3, 0x9, 0x456, 0x0, 0xeb, 0xffffffff, 0x9, 0x8, 0x40, 0x3, 0x9, 0xe, 0x4962, 0x5, 0x76d, 0xb, 0x54b, 0x8, 0x7, 0x1, 0x9, 0x3, 0x81, 0x6, 0x6, 0x7, 0x1, 0x2, 0x2, 0x80000001, 0x8, 0xffffffff, 0x9aba, 0x1e3, 0xc, 0x80, 0x5, 0x8000, 0x4, 0x400, 0x401, 0x90, 0xa60, 0x6, 0xffffff25, 0x0, 0x2, 0x9a, 0x80, 0x0, 0x7f, 0x5, 0x9, 0x10000, 0x618a, 0x6, 0xfffffff3, 0x0, 0x80000000, 0xf, 0x3, 0x2, 0xd, 0x7fff, 0x400, 0xffff8001, 0x5, 0x9, 0x9, 0x8001, 0x0, 0x6, 0x9, 0x10001, 0xc, 0x1, 0xb, 0x98000000, 0x5, 0xfffffff7, 0x0, 0x4, 0x2, 0x6, 0x9, 0x4, 0x6, 0x10000, 0x200, 0x4, 0x6, 0x7fffffff, 0x1ff, 0x8, 0x7b4c, 0x4b7b, 0x8, 0x7fff, 0xe66d, 0x40, 0x1, 0xfffffff7, 0x6, 0x19c, 0x3, 0x101, 0x10000, 0x6, 0x9, 0xb2, 0x7, 0xfb1, 0x6, 0x8, 0x200000, 0x81, 0x3, 0xfffffffd, 0xfffffff9, 0x2, 0x0, 0x8001, 0x2, 0x1000, 0x8, 0x7fe00000, 0x4, 0x8, 0x1, 0xfffffff1, 0x7, 0x4, 0x8fad, 0xbb, 0x3, 0x4, 0x80000000, 0xfffffff8, 0x1, 0x8, 0x8, 0x7, 0x0, 0x0, 0x1, 0xb, 0x3, 0x8, 0x7, 0x2, 0x82a, 0x401, 0x50b, 0xfdb4, 0x8000, 0x4, 0x3, 0x586, 0x9, 0x1c]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x2, 0x2, 0xd, 0x50000000, 0x1ff, 0x8530, 0x3ff, 0xc0, 0x3, 0x2, 0x8, 0x8276, 0x6, 0x9cb6, 0x44bd4947, 0x9, 0x7, 0x10001, 0x200, 0xfff, 0xffff7360, 0xf, 0xb, 0x5, 0x4, 0xfffeffff, 0xfff, 0xffff, 0x7fff, 0x0, 0x1, 0x3, 0x4, 0x0, 0x0, 0x2, 0xffff0000, 0x3, 0x0, 0x3, 0x6, 0x2, 0xa, 0x3, 0x6509, 0x4, 0x8, 0xd83, 0xff, 0x8000, 0x101, 0x6, 0x20000000, 0x3, 0xa77, 0xa64d, 0x8, 0x1c1a, 0x0, 0x8, 0x40, 0x0, 0x2, 0x9, 0x4c, 0xd55, 0x5068f63a, 0x7, 0x5b, 0x40, 0x9, 0xfffffffd, 0x9, 0xb6d, 0x2e, 0x31, 0x9, 0x9e4, 0x1, 0x1, 0x10000, 0x401, 0x3, 0x7ff, 0xe31d, 0x400, 0xfc40, 0x5, 0x2, 0x10, 0x7, 0x7fff, 0x3, 0x2, 0x1, 0xa, 0x6, 0x81, 0xd0, 0x1, 0xe, 0xe0, 0xc0000, 0x8, 0x6, 0x6, 0x0, 0x6, 0x2, 0x80, 0x1, 0x8, 0x0, 0x9, 0x8, 0x3, 0xfffffff8, 0x9, 0xe85, 0x8000, 0x7, 0x5, 0x1, 0x2, 0x2, 0x2, 0x3, 0x4, 0x0, 0xf274, 0x4, 0x3, 0x1, 0x8, 0x0, 0x6, 0x10, 0x5, 0x1000, 0x5, 0x4, 0x4, 0x8, 0x2, 0x0, 0x3, 0x4ef, 0x81b1c8ea, 0x1, 0x2, 0x6, 0x7, 0x1, 0x0, 0x35, 0x1, 0x401, 0x3, 0xff, 0xd7, 0x2, 0x9, 0x1, 0xba1c, 0x5, 0x0, 0x1, 0xfff, 0x3, 0x4, 0x67c36367, 0x6, 0x7, 0x2, 0x83a, 0x942, 0x10, 0x1, 0x10001, 0x8, 0x3, 0x254, 0xffffffff, 0xecdb, 0x9, 0x200, 0x1000, 0x5, 0x2, 0x8, 0x100, 0x7fffffff, 0x78, 0xfffffffa, 0x0, 0x0, 0xc, 0x1ff, 0xee48, 0x0, 0x9, 0x1, 0x1, 0x1, 0x2, 0xe, 0x8, 0x3, 0x1000, 0xd0e, 0xc6, 0x1, 0xcf5, 0xb20, 0x4, 0x9a51, 0x8bd0, 0xce, 0x80, 0x0, 0x9, 0xd6, 0xc81, 0xfff, 0x4, 0x200, 0x0, 0x6, 0x8, 0x101, 0x32, 0x9dd, 0x7, 0x100, 0x38, 0xe, 0x6, 0xe, 0x6, 0x100, 0x6, 0x8, 0xb, 0xffff3583, 0x7, 0x9, 0x5, 0xfffffff9, 0x9db, 0x80000001, 0x5, 0x6ac6, 0x1000, 0x1, 0xfb]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffffb}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x3, 0xc, 0x6, {0x6, 0x0, 0x3, 0xd42, 0x8, 0x4}, {0x7, 0x0, 0x5, 0x7, 0x3, 0x2}, 0x3, 0x7ff, 0x3}}]}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

kernel console output (not intermixed with test programs):

 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1267.061847][T16735] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1267.083007][T16735] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[ 1267.285165][ T5954] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1267.304029][T16735] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.304031][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1267.304056][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1267.389277][ T5954] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1267.443760][ T5954] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1267.444735][T16735] usb 1-1: config 0 descriptor??
[ 1267.474658][ T5954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.498784][ T5954] usb 5-1: config 0 descriptor??
[ 1268.022235][ T5954] plantronics 0003:047F:FFFF.00B8: ignoring exceeding usage max
[ 1268.283493][T16735] uclogic 0003:5543:0042.00B9: item fetching failed at offset 3/7
[ 1268.317642][T16735] uclogic 0003:5543:0042.00B9: parse failed
[ 1268.320521][ T5954] plantronics 0003:047F:FFFF.00B8: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1268.348918][T16735] uclogic 0003:5543:0042.00B9: probe with driver uclogic failed with error -22
[ 1269.280605][T21739] block nbd0: Attempted send on invalid socket
[ 1269.331841][T21739] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1269.535747][T11458] usb 5-1: reset high-speed USB device number 11 using dummy_hcd
[ 1269.682683][T11458] usb 5-1: device descriptor read/64, error -32
[ 1269.886393][ T5874] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1269.941822][ T5900] usb 1-1: USB disconnect, device number 25
[ 1269.997130][T11458] usb 5-1: reset high-speed USB device number 11 using dummy_hcd
[ 1270.047831][ T5874] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1270.099264][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1270.138529][T11458] usb 5-1: device descriptor read/64, error -32
[ 1270.149760][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1270.238767][ T5874] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1270.274312][ T5874] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1270.300578][ T5874] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1270.333257][ T5874] usb 2-1: Manufacturer: syz
[ 1270.360274][ T5874] usb 2-1: config 0 descriptor??
[ 1270.403723][T11458] usb 5-1: reset high-speed USB device number 11 using dummy_hcd
[ 1270.525586][ T5900] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1270.685472][ T5900] usb 1-1: Using ep0 maxpacket: 32
[ 1270.696931][ T5900] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1270.712355][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1270.720512][T11458] usb 5-1: device not accepting address 11, error -71
[ 1270.731936][ T5900] usb 1-1: config 0 descriptor??
[ 1270.740247][ T5900] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1270.887982][ T5874] appleir 0003:05AC:8243.00BA: unknown main item tag 0x0
[ 1270.961102][ T5874] appleir 0003:05AC:8243.00BA: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1271.151416][T21746] usb 5-1: string descriptor 0 read error: -71
[ 1271.295765][T21762] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1271.332205][T16469] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1271.496886][ T5954] usb 5-1: USB disconnect, device number 11
[ 1271.530383][T16469] usb 3-1: config 127 has an invalid interface number: 194 but max is 2
[ 1271.538982][T16469] usb 3-1: config 127 has an invalid interface number: 231 but max is 2
[ 1271.604451][T16469] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[ 1271.614968][T16469] usb 3-1: config 127 has 2 interfaces, different from the descriptor's value: 3
[ 1271.648692][T16469] usb 3-1: config 127 has no interface number 0
[ 1271.655197][T16469] usb 3-1: config 127 has no interface number 1
[ 1271.713343][T16469] usb 3-1: config 127 interface 231 altsetting 0 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[ 1271.782088][T16469] usb 3-1: config 127 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1271.802500][T16469] usb 3-1: config 127 interface 194 has no altsetting 0
[ 1271.836593][T16469] usb 3-1: New USB device found, idVendor=08ca, idProduct=0021, bcdDevice=ab.ed
[ 1271.849985][T16469] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1271.858825][ T5900] gspca_sunplus: reg_w_riv err -110
[ 1271.864960][ T5900] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[ 1271.874691][T16469] usb 3-1: Product: syz
[ 1271.880649][T16469] usb 3-1: Manufacturer: syz
[ 1271.887009][T16469] usb 3-1: SerialNumber: syz
[ 1271.911352][ T5874] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1271.920359][ T5874] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1271.996554][ T5874] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1272.039467][ T5874] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1272.048461][ T5874] rtc rtc0: __rtc_set_alarm: err=-22
[ 1272.177513][T16469] aiptek 3-1:127.194: interface has no int in endpoints, but must have minimum 1
[ 1272.208370][T16469] aiptek 3-1:127.231: interface has no int in endpoints, but must have minimum 1
[ 1272.226711][T16469] usb 3-1: USB disconnect, device number 7
[ 1272.247835][ T5874] usb 1-1: USB disconnect, device number 26
[ 1273.421408][T16469] usb 2-1: USB disconnect, device number 6
[ 1274.005954][T21778] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1274.664492][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1274.675867][T21775] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 1274.836654][T21775] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1274.842742][T21775] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1274.896225][T21775] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1274.915550][T21790] block nbd0: Attempted send on invalid socket
[ 1274.972296][T21790] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1275.165747][T16734] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1275.358978][T16734] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1275.424679][T16734] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1275.466587][ T5900] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1275.469186][T16734] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1275.515305][T16734] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1275.586743][T16734] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1275.598471][T16734] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1275.638156][T16734] usb 4-1: config 0 descriptor??
[ 1275.645976][ T5900] usb 2-1: Using ep0 maxpacket: 32
[ 1275.652788][ T5900] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 1275.655431][ T5874] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1275.661307][ T5900] usb 2-1: config 0 has no interface number 0
[ 1275.697219][ T5900] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1275.723707][ T5900] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1275.744739][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.755592][ T5900] usb 2-1: Product: syz
[ 1275.759773][ T5900] usb 2-1: Manufacturer: syz
[ 1275.764476][ T5900] usb 2-1: SerialNumber: syz
[ 1275.772134][ T5900] usb 2-1: config 0 descriptor??
[ 1275.782084][ T5900] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1275.801371][ T5900] em28xx 2-1:0.132: Video interface 132 found:
[ 1275.855591][ T5874] usb 1-1: Using ep0 maxpacket: 32
[ 1275.884906][ T5874] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1275.918716][ T5874] usb 1-1: config 120 has an invalid interface number: 86 but max is 0
[ 1275.963884][ T5874] usb 1-1: config 120 has no interface number 0
[ 1275.984300][ T5874] usb 1-1: New USB device found, idVendor=12d1, idProduct=9c20, bcdDevice=e5.af
[ 1276.000929][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1276.036005][ T5874] usb 1-1: Product: syz
[ 1276.040224][ T5874] usb 1-1: Manufacturer: syz
[ 1276.057107][ T5874] usb 1-1: SerialNumber: syz
[ 1276.105574][T17117] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 1276.156970][T16734] plantronics 0003:047F:FFFF.00BB: ignoring exceeding usage max
[ 1276.180219][T16734] plantronics 0003:047F:FFFF.00BB: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1276.194416][ T5900] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 1276.265055][ T5900] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1276.282779][T17117] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1276.284119][ T5900] em28xx 2-1:0.132: board has no eeprom
[ 1276.297646][ T5874] huawei_cdc_ncm 1-1:120.86: More than one union descriptor, skipping ...
[ 1276.312524][T17117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1276.323561][ T5874] huawei_cdc_ncm 1-1:120.86: CDC Union missing and no IAD found
[ 1276.336296][ T5874] huawei_cdc_ncm 1-1:120.86: bind() failure
[ 1276.342589][T17117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1276.369048][ T5874] usb 1-1: USB disconnect, device number 27
[ 1276.375056][T17117] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1276.375436][ T5900] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1276.404079][ T5900] em28xx 2-1:0.132: analog set to bulk mode.
[ 1276.405188][T17117] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1276.423685][ T5954] em28xx 2-1:0.132: Registering V4L2 extension
[ 1276.438879][T17117] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1276.452382][ T5900] usb 2-1: USB disconnect, device number 7
[ 1276.457394][T17117] usb 3-1: Manufacturer: syz
[ 1276.471460][ T5900] em28xx 2-1:0.132: Disconnecting em28xx
[ 1276.483148][T17117] usb 3-1: config 0 descriptor??
[ 1276.641865][ T5954] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 1276.654479][ T5954] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 1276.663260][ T5954] em28xx 2-1:0.132: No AC97 audio processor
[ 1276.679503][ T5954] usb 2-1: Decoder not found
[ 1276.684359][ T5954] em28xx 2-1:0.132: failed to create media graph
[ 1276.694971][ T5954] em28xx 2-1:0.132: V4L2 device video103 deregistered
[ 1276.712821][ T5954] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 1276.722084][ T5900] em28xx 2-1:0.132: Closing input extension
[ 1276.742042][ T5900] em28xx 2-1:0.132: Freeing device
[ 1276.744268][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1276.885471][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1276.915834][T17117] appleir 0003:05AC:8243.00BC: unknown main item tag 0x0
[ 1276.944650][T17117] appleir 0003:05AC:8243.00BC: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1276.965818][ T5867] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1277.605541][T16469] usb 4-1: reset high-speed USB device number 122 using dummy_hcd
[ 1277.782061][T16469] usb 4-1: device descriptor read/64, error -32
[ 1278.035614][T16469] usb 4-1: reset high-speed USB device number 122 using dummy_hcd
[ 1278.383675][T16469] usb 4-1: device descriptor read/64, error -32
[ 1278.385588][T17117] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1278.545667][T17117] usb 1-1: Using ep0 maxpacket: 8
[ 1278.553156][T17117] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[ 1278.561915][T17117] usb 1-1: config 0 has no interface number 0
[ 1278.580524][T17117] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1278.654860][T17117] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1278.762760][T17117] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1278.790220][T17117] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1278.823983][T17117] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1278.844561][T17117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1279.082657][T17117] usb 1-1: config 0 descriptor??
[ 1279.111252][T17117] ldusb 1-1:0.55: LD USB Device #2 now attached to major 180 minor 2
[ 1279.276409][ T5900] usb 4-1: USB disconnect, device number 122
[ 1280.417271][ T5874] usb 3-1: USB disconnect, device number 8
[ 1280.476332][ T5900] usb 1-1: USB disconnect, device number 28
[ 1280.494416][ T5900] ldusb 1-1:0.55: LD USB Device #2 now disconnected
[ 1281.081029][T21882] block nbd0: Attempted send on invalid socket
[ 1281.125540][T21882] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1281.246393][T17117] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1281.514903][T17117] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1281.579517][T17117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1281.640095][T17117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1281.712438][T17117] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1281.728846][T17117] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1281.751700][T17117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1281.827653][T17117] usb 5-1: config 0 descriptor??
[ 1282.024991][T21906] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1282.056894][T21906] block device autoloading is deprecated and will be removed.
[ 1282.273971][T17117] plantronics 0003:047F:FFFF.00BD: ignoring exceeding usage max
[ 1282.311487][T17117] plantronics 0003:047F:FFFF.00BD: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1282.503015][T21919] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4349'.
[ 1283.625740][T16469] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1283.786520][ T5900] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[ 1283.798463][T16469] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1283.898944][T16469] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1283.933284][T16469] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1283.952161][T16469] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1283.994693][T16469] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1284.014824][T16469] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1284.025456][ T5900] usb 5-1: device descriptor read/64, error -32
[ 1284.033128][T16469] usb 1-1: Manufacturer: syz
[ 1284.100591][T16469] usb 1-1: config 0 descriptor??
[ 1284.276167][ T5900] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[ 1284.417638][ T5900] usb 5-1: device descriptor read/64, error -32
[ 1284.558953][T16469] appleir 0003:05AC:8243.00BE: unknown main item tag 0x0
[ 1284.633047][T16469] appleir 0003:05AC:8243.00BE: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[ 1284.675435][ T5900] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[ 1284.754178][T21940] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1284.783615][ T5900] usb 5-1: device descriptor read/8, error -32
[ 1284.794914][T21926] usb 5-1: string descriptor 0 read error: -32
[ 1285.035854][ T5900] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[ 1285.098638][ T5900] usb 5-1: device descriptor read/8, error -32
[ 1285.235615][ T5900] raw-gadget.0 gadget.4: failed to queue suspend event
[ 1285.262454][T11458] usb 5-1: USB disconnect, device number 12
[ 1285.293408][T11458] raw-gadget.0 gadget.4: failed to queue reset event
[ 1285.397634][T11458] raw-gadget.0 gadget.4: failed to queue resume event
[ 1285.405639][T16735] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1285.498233][T21892] raw-gadget.0 gadget.4: failed to queue suspend event
[ 1285.505315][T21892] raw-gadget.0 gadget.4: failed to queue disconnect event
[ 1285.513859][T11458] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1285.555498][T16735] usb 2-1: Using ep0 maxpacket: 32
[ 1285.563596][T16735] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1285.573157][T16735] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1285.591047][T16735] usb 2-1: config 0 descriptor??
[ 1285.612742][T16735] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1286.715663][T16735] gspca_sunplus: reg_w_riv err -110
[ 1286.721110][T16735] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[ 1286.959558][T11458] usb 1-1: USB disconnect, device number 29
[ 1286.973956][T16735] usb 2-1: USB disconnect, device number 8
[ 1287.485489][T11458] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1287.647758][T21975] block nbd0: Attempted send on invalid socket
[ 1287.655668][T21975] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1287.720285][T11458] usb 1-1: Using ep0 maxpacket: 32
[ 1287.833737][T11458] usb 1-1: config 0 has an invalid interface number: 170 but max is 0
[ 1287.853358][T11458] usb 1-1: config 0 has no interface number 0
[ 1287.879750][T11458] usb 1-1: config 0 interface 170 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1288.066618][T11458] usb 1-1: config 0 interface 170 has no altsetting 0
[ 1288.091709][T11458] usb 1-1: New USB device found, idVendor=3277, idProduct=0072, bcdDevice=d4.e5
[ 1288.133457][T11458] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.158158][T11458] usb 1-1: Product: syz
[ 1288.172555][T11458] usb 1-1: Manufacturer: syz
[ 1288.195761][T11458] usb 1-1: SerialNumber: syz
[ 1288.230458][T11458] usb 1-1: config 0 descriptor??
[ 1288.256799][T11458] usb 1-1: Found UVC 0.00 device syz (3277:0072)
[ 1288.279339][T11458] usb 1-1: No valid video chain found.
[ 1289.146150][T21991] FAULT_INJECTION: forcing a failure.
[ 1289.146150][T21991] name failslab, interval 1, probability 0, space 0, times 0
[ 1289.196111][T21991] CPU: 0 UID: 0 PID: 21991 Comm: syz.3.4374 Not tainted syzkaller #0 PREEMPT(full) 
[ 1289.196138][T21991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1289.196150][T21991] Call Trace:
[ 1289.196158][T21991]  <TASK>
[ 1289.196166][T21991]  dump_stack_lvl+0x189/0x250
[ 1289.196192][T21991]  ? __pfx____ratelimit+0x10/0x10
[ 1289.196211][T21991]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1289.196231][T21991]  ? __pfx__printk+0x10/0x10
[ 1289.196251][T21991]  ? nfnetlink_rcv+0x26a/0x2520
[ 1289.196275][T21991]  ? ____sys_sendmsg+0x505/0x830
[ 1289.196303][T21991]  ? __sys_sendmsg+0x164/0x220
[ 1289.196333][T21991]  should_fail_ex+0x414/0x560
[ 1289.196362][T21991]  should_failslab+0xa8/0x100
[ 1289.196385][T21991]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1289.196405][T21991]  ? skb_clone+0x212/0x3a0
[ 1289.196431][T21991]  skb_clone+0x212/0x3a0
[ 1289.196456][T21991]  __netlink_deliver_tap+0x404/0x850
[ 1289.196488][T21991]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1289.196509][T21991]  netlink_deliver_tap+0x19c/0x1b0
[ 1289.196529][T21991]  netlink_sendskb+0x68/0x140
[ 1289.196556][T21991]  netlink_unicast+0x397/0x9e0
[ 1289.196577][T21991]  ? __asan_memcpy+0x40/0x70
[ 1289.196605][T21991]  ? __pfx_netlink_unicast+0x10/0x10
[ 1289.196639][T21991]  netlink_rcv_skb+0x28c/0x470
[ 1289.196659][T21991]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1289.196685][T21991]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1289.196716][T21991]  ? bpf_lsm_capable+0x9/0x20
[ 1289.196737][T21991]  ? security_capable+0x7e/0x2e0
[ 1289.196768][T21991]  nfnetlink_rcv+0x26a/0x2520
[ 1289.196796][T21991]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1289.196827][T21991]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1289.196859][T21991]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1289.196880][T21991]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1289.196916][T21991]  ? ref_tracker_free+0x63a/0x7d0
[ 1289.196935][T21991]  ? __asan_memcpy+0x40/0x70
[ 1289.196953][T21991]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1289.196988][T21991]  ? skb_clone+0x246/0x3a0
[ 1289.197013][T21991]  ? __netlink_deliver_tap+0x807/0x850
[ 1289.197032][T21991]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1289.197058][T21991]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1289.197085][T21991]  netlink_unicast+0x82c/0x9e0
[ 1289.197116][T21991]  ? __pfx_netlink_unicast+0x10/0x10
[ 1289.197141][T21991]  ? netlink_sendmsg+0x642/0xb30
[ 1289.197156][T21991]  ? skb_put+0x11b/0x210
[ 1289.197180][T21991]  netlink_sendmsg+0x805/0xb30
[ 1289.197208][T21991]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1289.197230][T21991]  ? __import_iovec+0x5d4/0x7f0
[ 1289.197250][T21991]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1289.197270][T21991]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1289.197295][T21991]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1289.197313][T21991]  __sock_sendmsg+0x21c/0x270
[ 1289.197341][T21991]  ____sys_sendmsg+0x505/0x830
[ 1289.197368][T21991]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1289.197406][T21991]  ___sys_sendmsg+0x21f/0x2a0
[ 1289.197428][T21991]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1289.197485][T21991]  ? __fget_files+0x2a/0x420
[ 1289.197500][T21991]  ? __fget_files+0x3a0/0x420
[ 1289.197526][T21991]  __sys_sendmsg+0x164/0x220
[ 1289.197549][T21991]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1289.197586][T21991]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1289.197609][T21991]  __do_fast_syscall_32+0xb6/0x2b0
[ 1289.197628][T21991]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1289.197649][T21991]  do_fast_syscall_32+0x34/0x80
[ 1289.197666][T21991]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1289.197685][T21991] RIP: 0023:0xf7fd3539
[ 1289.197701][T21991] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1289.197715][T21991] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1289.197735][T21991] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0
[ 1289.197747][T21991] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1289.197758][T21991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1289.197769][T21991] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1289.197780][T21991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1289.197803][T21991]  </TASK>
[ 1289.602025][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1290.191127][T11458] usb 1-1: USB disconnect, device number 30
[ 1290.715483][ T5900] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1291.092816][ T5900] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1291.107659][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.121644][T22021] fuse: blksize only supported for fuseblk
[ 1291.127674][ T5945] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1291.172022][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.187481][ T5900] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1291.218742][ T5900] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1291.256796][ T5900] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1291.318668][ T5945] usb 2-1: Using ep0 maxpacket: 16
[ 1291.325715][T11458] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1291.359066][ T5900] usb 3-1: Manufacturer: syz
[ 1291.380413][ T5945] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1291.402369][ T5900] usb 3-1: config 0 descriptor??
[ 1291.411890][ T5945] usb 2-1: config 0 has no interface number 0
[ 1291.419313][ T5945] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1291.434272][ T5945] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1291.469781][ T5945] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1291.483820][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1291.503236][T11458] usb 5-1: Using ep0 maxpacket: 16
[ 1291.520588][T11458] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1291.538278][ T5945] usb 2-1: Product: syz
[ 1291.597532][T11458] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1291.614383][ T5945] usb 2-1: SerialNumber: syz
[ 1291.743260][ T5945] usb 2-1: config 0 descriptor??
[ 1291.773323][T11458] usb 5-1: config 0 has no interfaces?
[ 1291.826068][ T5945] cm109 2-1:0.8: invalid payload size 0, expected 4
[ 1291.833871][T11458] usb 5-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[ 1291.854355][ T5945] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input82
[ 1291.868589][ T5900] appleir 0003:05AC:8243.00BF: unknown main item tag 0x0
[ 1291.876559][T11458] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1291.899168][T11458] usb 5-1: Product: syz
[ 1291.904446][ T5900] appleir 0003:05AC:8243.00BF: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1291.924988][T11458] usb 5-1: Manufacturer: syz
[ 1291.936140][T11458] usb 5-1: SerialNumber: syz
[ 1291.957341][T11458] usb 5-1: config 0 descriptor??
[ 1292.059481][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1292.365275][T22038] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1292.649891][    C0] cm109_urb_ctl_callback: 46 callbacks suppressed
[ 1292.649915][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.664795][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.672168][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.681521][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.689427][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.696903][T11458] usb 2-1: USB disconnect, device number 9
[ 1292.702835][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1292.702850][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1292.764982][T11458] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1293.690692][T22051] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4396'.
[ 1293.845150][T22054] FAULT_INJECTION: forcing a failure.
[ 1293.845150][T22054] name failslab, interval 1, probability 0, space 0, times 0
[ 1293.868758][T22054] CPU: 0 UID: 0 PID: 22054 Comm: syz.2.4397 Not tainted syzkaller #0 PREEMPT(full) 
[ 1293.868785][T22054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1293.868796][T22054] Call Trace:
[ 1293.868804][T22054]  <TASK>
[ 1293.868812][T22054]  dump_stack_lvl+0x189/0x250
[ 1293.868837][T22054]  ? __pfx____ratelimit+0x10/0x10
[ 1293.868856][T22054]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1293.868876][T22054]  ? __pfx__printk+0x10/0x10
[ 1293.868904][T22054]  ? __pfx___might_resched+0x10/0x10
[ 1293.868920][T22054]  ? fs_reclaim_acquire+0x7d/0x100
[ 1293.868942][T22054]  should_fail_ex+0x414/0x560
[ 1293.868970][T22054]  should_failslab+0xa8/0x100
[ 1293.869003][T22054]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1293.869025][T22054]  ? __pfx_nf_tables_abort+0x10/0x10
[ 1293.869044][T22054]  ? __alloc_skb+0x112/0x2d0
[ 1293.869067][T22054]  __alloc_skb+0x112/0x2d0
[ 1293.869089][T22054]  netlink_ack+0x146/0xa50
[ 1293.869113][T22054]  ? __kasan_kmalloc+0x93/0xb0
[ 1293.869144][T22054]  nfnetlink_rcv+0x2290/0x2520
[ 1293.869197][T22054]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1293.869236][T22054]  ? ref_tracker_free+0x63a/0x7d0
[ 1293.869279][T22054]  ? __netlink_deliver_tap+0x807/0x850
[ 1293.869297][T22054]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1293.869330][T22054]  netlink_unicast+0x82c/0x9e0
[ 1293.869362][T22054]  ? __pfx_netlink_unicast+0x10/0x10
[ 1293.869387][T22054]  ? netlink_sendmsg+0x642/0xb30
[ 1293.869404][T22054]  ? skb_put+0x11b/0x210
[ 1293.869426][T22054]  netlink_sendmsg+0x805/0xb30
[ 1293.869454][T22054]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1293.869474][T22054]  ? __import_iovec+0x5d4/0x7f0
[ 1293.869493][T22054]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1293.869513][T22054]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1293.869531][T22054]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1293.869551][T22054]  __sock_sendmsg+0x21c/0x270
[ 1293.869577][T22054]  ____sys_sendmsg+0x505/0x830
[ 1293.869604][T22054]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1293.869639][T22054]  ___sys_sendmsg+0x21f/0x2a0
[ 1293.869662][T22054]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1293.869718][T22054]  ? __fget_files+0x2a/0x420
[ 1293.869732][T22054]  ? __fget_files+0x3a0/0x420
[ 1293.869758][T22054]  __sys_sendmsg+0x164/0x220
[ 1293.869781][T22054]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1293.869817][T22054]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.869838][T22054]  __do_fast_syscall_32+0xb6/0x2b0
[ 1293.869857][T22054]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.869878][T22054]  do_fast_syscall_32+0x34/0x80
[ 1293.869898][T22054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1293.869918][T22054] RIP: 0023:0xf7f35539
[ 1293.869933][T22054] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1293.869948][T22054] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1293.869967][T22054] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 1293.869985][T22054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1293.869996][T22054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1293.870006][T22054] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1293.870017][T22054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1293.870044][T22054]  </TASK>
[ 1294.188631][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1294.597625][ T5945] usb 5-1: USB disconnect, device number 14
[ 1294.605962][ T5900] usb 3-1: USB disconnect, device number 9
[ 1294.794390][T22073] FAULT_INJECTION: forcing a failure.
[ 1294.794390][T22073] name failslab, interval 1, probability 0, space 0, times 0
[ 1294.813363][T22073] CPU: 1 UID: 0 PID: 22073 Comm: syz.0.4406 Not tainted syzkaller #0 PREEMPT(full) 
[ 1294.813387][T22073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1294.813398][T22073] Call Trace:
[ 1294.813406][T22073]  <TASK>
[ 1294.813415][T22073]  dump_stack_lvl+0x189/0x250
[ 1294.813439][T22073]  ? __pfx____ratelimit+0x10/0x10
[ 1294.813459][T22073]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1294.813480][T22073]  ? __pfx__printk+0x10/0x10
[ 1294.813499][T22073]  ? netlink_unicast+0x82c/0x9e0
[ 1294.813525][T22073]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1294.813543][T22073]  ? __do_fast_syscall_32+0xb6/0x2b0
[ 1294.813569][T22073]  should_fail_ex+0x414/0x560
[ 1294.813595][T22073]  should_failslab+0xa8/0x100
[ 1294.813619][T22073]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1294.813639][T22073]  ? skb_clone+0x212/0x3a0
[ 1294.813678][T22073]  skb_clone+0x212/0x3a0
[ 1294.813699][T22073]  __netlink_deliver_tap+0x404/0x850
[ 1294.813728][T22073]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1294.813748][T22073]  netlink_deliver_tap+0x19c/0x1b0
[ 1294.813764][T22073]  netlink_sendskb+0x68/0x140
[ 1294.813788][T22073]  netlink_unicast+0x397/0x9e0
[ 1294.813809][T22073]  ? __asan_memcpy+0x40/0x70
[ 1294.813836][T22073]  ? __pfx_netlink_unicast+0x10/0x10
[ 1294.813870][T22073]  netlink_rcv_skb+0x28c/0x470
[ 1294.813889][T22073]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1294.813910][T22073]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1294.813939][T22073]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1294.813966][T22073]  netlink_unicast+0x82c/0x9e0
[ 1294.814005][T22073]  ? __pfx_netlink_unicast+0x10/0x10
[ 1294.814031][T22073]  ? netlink_sendmsg+0x642/0xb30
[ 1294.814047][T22073]  ? skb_put+0x11b/0x210
[ 1294.814070][T22073]  netlink_sendmsg+0x805/0xb30
[ 1294.814098][T22073]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1294.814120][T22073]  ? __import_iovec+0x5d4/0x7f0
[ 1294.814139][T22073]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1294.814159][T22073]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1294.814177][T22073]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1294.814196][T22073]  __sock_sendmsg+0x21c/0x270
[ 1294.814223][T22073]  ____sys_sendmsg+0x505/0x830
[ 1294.814249][T22073]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1294.814286][T22073]  ___sys_sendmsg+0x21f/0x2a0
[ 1294.814309][T22073]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1294.814362][T22073]  ? __fget_files+0x2a/0x420
[ 1294.814377][T22073]  ? __fget_files+0x3a0/0x420
[ 1294.814403][T22073]  __sys_sendmsg+0x164/0x220
[ 1294.814426][T22073]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1294.814463][T22073]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1294.814485][T22073]  __do_fast_syscall_32+0xb6/0x2b0
[ 1294.814505][T22073]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1294.814527][T22073]  do_fast_syscall_32+0x34/0x80
[ 1294.814546][T22073]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1294.814567][T22073] RIP: 0023:0xf7f81539
[ 1294.814582][T22073] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1294.814597][T22073] RSP: 002b:00000000f547655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1294.814616][T22073] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[ 1294.814628][T22073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1294.814638][T22073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1294.814648][T22073] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1294.814659][T22073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1294.814687][T22073]  </TASK>
[ 1296.046982][T22090] netlink: 'syz.3.4410': attribute type 2 has an invalid length.
[ 1296.750284][ T5900] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1296.935767][ T5945] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 1296.947510][ T5900] usb 2-1: Using ep0 maxpacket: 32
[ 1296.982367][ T5900] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1296.998949][ T5900] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1297.030068][ T5900] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1297.042291][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1297.050926][ T5900] usb 2-1: Product: syz
[ 1297.080132][ T5900] usb 2-1: Manufacturer: syz
[ 1297.086337][ T5945] usb 4-1: Using ep0 maxpacket: 8
[ 1297.099090][ T5945] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1297.106876][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1297.121368][ T5900] usb 2-1: SerialNumber: syz
[ 1297.128586][ T5945] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1297.147652][ T5900] usb 2-1: config 0 descriptor??
[ 1297.172678][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1297.204698][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1297.247402][ T5945] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1297.255008][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1297.321208][ T5945] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1297.348546][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1297.440285][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1297.470068][ T5945] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1297.482203][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1297.507461][ T5945] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1297.539537][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1297.576588][ T5945] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1297.613785][ T5945] usb 4-1: string descriptor 0 read error: -22
[ 1297.621056][ T5945] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1297.637415][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1297.673827][ T5945] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1297.881546][ T5945] usb 4-1: USB disconnect, device number 123
[ 1298.635794][T22102] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1298.647008][T22102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4413'.
[ 1299.001375][ T5954] usb 2-1: USB disconnect, device number 10
[ 1299.285479][T16735] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1299.467701][T16735] usb 1-1: Using ep0 maxpacket: 16
[ 1299.573166][T16735] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1299.591568][T16735] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1299.603604][T16735] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1299.785836][T16735] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1299.794890][T16735] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.806649][T16735] usb 1-1: config 0 descriptor??
[ 1300.066595][T22119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4420'.
[ 1300.170093][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.176595][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.405300][T16735] HID 045e:07da: Invalid code 65791 type 1
[ 1300.477630][T16735] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.00C0/input/input83
[ 1300.527055][T16735] microsoft 0003:045E:07DA.00C0: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 1300.995832][T16734] usb 1-1: USB disconnect, device number 31
[ 1302.354932][T22150] netlink: 168 bytes leftover after parsing attributes in process `syz.2.4427'.
[ 1303.131506][T22160] sctp: [Deprecated]: syz.2.4431 (pid 22160) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1303.131506][T22160] Use struct sctp_sack_info instead
[ 1303.457087][ T5954] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1303.591965][T22140] block nbd0: Attempted send on invalid socket
[ 1303.601524][T22140] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1303.677296][ T5954] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1303.688581][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.711668][ T5954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1303.722069][ T5954] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1303.737505][ T5954] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1303.747969][ T5954] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1303.756335][ T5954] usb 5-1: Manufacturer: syz
[ 1303.764283][ T5954] usb 5-1: config 0 descriptor??
[ 1304.186160][ T5954] appleir 0003:05AC:8243.00C1: unknown main item tag 0x0
[ 1304.248893][ T5954] appleir 0003:05AC:8243.00C1: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[ 1305.271450][T22196] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4442'.
[ 1305.304369][T22196] input: syz0 as /devices/virtual/input/input84
[ 1305.635626][T16734] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1305.842007][T16734] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1305.854134][T16734] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1305.870715][T16734] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1305.895379][   T30] audit: type=1326 audit(1758681505.704:5420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1305.912079][T16734] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.917460][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1306.020000][T22196] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1306.052109][   T30] audit: type=1326 audit(1758681505.704:5421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=15 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.115256][T16734] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1306.196529][T17117] usb 5-1: USB disconnect, device number 15
[ 1306.247281][   T30] audit: type=1326 audit(1758681505.704:5422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.269369][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1306.365570][   T30] audit: type=1326 audit(1758681505.704:5423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.387570][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1306.444009][   T30] audit: type=1326 audit(1758681505.704:5424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.467763][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1306.681058][   T30] audit: type=1326 audit(1758681505.704:5425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.703173][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1306.874612][   T30] audit: type=1326 audit(1758681505.704:5426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.911241][   T30] audit: type=1326 audit(1758681505.704:5427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1306.938254][   T30] audit: type=1326 audit(1758681505.714:5428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1307.032228][   T30] audit: type=1326 audit(1758681505.714:5429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22199 comm="syz.1.4444" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc7539 code=0x7ffc0000
[ 1307.054321][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1307.595905][T17117] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[ 1307.756577][T17117] usb 3-1: Using ep0 maxpacket: 32
[ 1307.772095][T17117] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1307.805829][T17117] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1307.819389][T17117] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1307.841130][T17117] usb 3-1: Product: syz
[ 1307.962898][T17117] usb 3-1: Manufacturer: syz
[ 1307.974403][T17117] usb 3-1: SerialNumber: syz
[ 1308.110589][T17117] usb 3-1: config 0 descriptor??
[ 1308.126809][T22220] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1308.138771][T17117] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1308.162326][T17117] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1308.317825][T22229] block nbd0: Attempted send on invalid socket
[ 1308.325308][T22229] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1308.529690][ T5945] usb 4-1: USB disconnect, device number 124
[ 1308.733158][T22241] FAULT_INJECTION: forcing a failure.
[ 1308.733158][T22241] name failslab, interval 1, probability 0, space 0, times 0
[ 1308.746343][T22241] CPU: 0 UID: 0 PID: 22241 Comm: syz.4.4456 Not tainted syzkaller #0 PREEMPT(full) 
[ 1308.746367][T22241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1308.746378][T22241] Call Trace:
[ 1308.746387][T22241]  <TASK>
[ 1308.746396][T22241]  dump_stack_lvl+0x189/0x250
[ 1308.746422][T22241]  ? __pfx____ratelimit+0x10/0x10
[ 1308.746442][T22241]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1308.746462][T22241]  ? __pfx__printk+0x10/0x10
[ 1308.746488][T22241]  ? __pfx___might_resched+0x10/0x10
[ 1308.746506][T22241]  ? fs_reclaim_acquire+0x7d/0x100
[ 1308.746528][T22241]  should_fail_ex+0x414/0x560
[ 1308.746557][T22241]  should_failslab+0xa8/0x100
[ 1308.746582][T22241]  __kmalloc_noprof+0xcb/0x4f0
[ 1308.746603][T22241]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1308.746620][T22241]  ? sock_kmalloc+0xd6/0x160
[ 1308.746647][T22241]  sock_kmalloc+0xd6/0x160
[ 1308.746671][T22241]  hash_recvmsg+0x1d4/0x840
[ 1308.746700][T22241]  ? __pfx_hash_recvmsg+0x10/0x10
[ 1308.746724][T22241]  sock_recvmsg_nosec+0x183/0x1c0
[ 1308.746752][T22241]  ____sys_recvmsg+0x3aa/0x460
[ 1308.746783][T22241]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1308.746802][T22241]  ? get_compat_msghdr+0x37e/0x4a0
[ 1308.746833][T22241]  ? rcu_is_watching+0x15/0xb0
[ 1308.746851][T22241]  ? ___sys_recvmsg+0x1c4/0x510
[ 1308.746878][T22241]  ___sys_recvmsg+0x1b5/0x510
[ 1308.746905][T22241]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1308.746952][T22241]  ? __fget_files+0x3a0/0x420
[ 1308.746980][T22241]  do_recvmmsg+0x36a/0x770
[ 1308.747010][T22241]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1308.747044][T22241]  ? __pfx_vfs_write+0x10/0x10
[ 1308.747100][T22241]  __sys_recvmmsg+0x19d/0x280
[ 1308.747124][T22241]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1308.747144][T22241]  ? ksys_write+0x22a/0x250
[ 1308.747175][T22241]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1308.747201][T22241]  __do_fast_syscall_32+0xb6/0x2b0
[ 1308.747221][T22241]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1308.747244][T22241]  do_fast_syscall_32+0x34/0x80
[ 1308.747263][T22241]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1308.747283][T22241] RIP: 0023:0xf7f36539
[ 1308.747299][T22241] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1308.747314][T22241] RSP: 002b:00000000f53e455c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1308.747333][T22241] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080003700
[ 1308.747346][T22241] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000
[ 1308.747357][T22241] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1308.747367][T22241] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1308.747378][T22241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1308.747405][T22241]  </TASK>
[ 1309.475468][ T5945] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1309.521207][T16734] usb 3-1: USB disconnect, device number 10
[ 1309.668204][ T5945] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1309.687638][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1310.108469][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1310.137616][ T5945] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1310.152560][ T5945] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1310.163045][ T5945] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1310.187364][ T5945] usb 4-1: Manufacturer: syz
[ 1310.208231][ T5945] usb 4-1: config 0 descriptor??
[ 1310.324231][T22257] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4460'.
[ 1310.639622][ T5945] appleir 0003:05AC:8243.00C2: unknown main item tag 0x0
[ 1310.660741][ T5945] appleir 0003:05AC:8243.00C2: hiddev1,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1311.067134][T22266] FAULT_INJECTION: forcing a failure.
[ 1311.067134][T22266] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.092104][T22266] CPU: 0 UID: 0 PID: 22266 Comm: syz.4.4465 Not tainted syzkaller #0 PREEMPT(full) 
[ 1311.092130][T22266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1311.092141][T22266] Call Trace:
[ 1311.092149][T22266]  <TASK>
[ 1311.092158][T22266]  dump_stack_lvl+0x189/0x250
[ 1311.092184][T22266]  ? __pfx____ratelimit+0x10/0x10
[ 1311.092203][T22266]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1311.092223][T22266]  ? __pfx__printk+0x10/0x10
[ 1311.092257][T22266]  should_fail_ex+0x414/0x560
[ 1311.092285][T22266]  _copy_to_user+0x31/0xb0
[ 1311.092309][T22266]  simple_read_from_buffer+0xe1/0x170
[ 1311.092337][T22266]  proc_fail_nth_read+0x1b3/0x220
[ 1311.092360][T22266]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1311.092383][T22266]  ? rw_verify_area+0x2a6/0x4d0
[ 1311.092403][T22266]  ? __lock_acquire+0xab9/0xd20
[ 1311.092423][T22266]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1311.092444][T22266]  vfs_read+0x200/0xa30
[ 1311.092463][T22266]  ? fdget_pos+0x247/0x320
[ 1311.092483][T22266]  ? __pfx___mutex_lock+0x10/0x10
[ 1311.092503][T22266]  ? __pfx_vfs_read+0x10/0x10
[ 1311.092525][T22266]  ? __fget_files+0x2a/0x420
[ 1311.092546][T22266]  ? __fget_files+0x3a0/0x420
[ 1311.092560][T22266]  ? __fget_files+0x2a/0x420
[ 1311.092585][T22266]  ksys_read+0x145/0x250
[ 1311.092609][T22266]  ? __pfx_ksys_read+0x10/0x10
[ 1311.092634][T22266]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1311.092657][T22266]  __do_fast_syscall_32+0xb6/0x2b0
[ 1311.092685][T22266]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1311.092707][T22266]  do_fast_syscall_32+0x34/0x80
[ 1311.092727][T22266]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1311.092746][T22266] RIP: 0023:0xf7f36539
[ 1311.092762][T22266] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1311.092777][T22266] RSP: 002b:00000000f5426590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1311.092796][T22266] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5426620
[ 1311.092808][T22266] RDX: 000000000000000f RSI: 00000000f73c5ff4 RDI: 0000000000000000
[ 1311.092819][T22266] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1311.092830][T22266] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1311.092841][T22266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1311.092866][T22266]  </TASK>
[ 1311.575466][T17117] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1311.767678][T22274] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1311.783184][T22274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4468'.
[ 1311.876879][T17117] usb 2-1: Using ep0 maxpacket: 16
[ 1311.940646][T17117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1311.964542][T11458] usb 4-1: USB disconnect, device number 125
[ 1311.965426][T17117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1312.049162][T17117] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1312.253507][T17117] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1312.293436][T17117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1312.324245][T17117] usb 2-1: config 0 descriptor??
[ 1312.935780][T17117] HID 045e:07da: Invalid code 65791 type 1
[ 1312.956984][T17117] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.00C3/input/input85
[ 1312.998618][T17117] microsoft 0003:045E:07DA.00C3: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1313.235777][T11458] usb 2-1: USB disconnect, device number 11
[ 1314.214479][T22303] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1314.253502][T22298] block nbd0: Attempted send on invalid socket
[ 1314.370051][T22298] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1314.747614][T22316] FAULT_INJECTION: forcing a failure.
[ 1314.747614][T22316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1314.878716][T22316] CPU: 0 UID: 0 PID: 22316 Comm: syz.2.4480 Not tainted syzkaller #0 PREEMPT(full) 
[ 1314.878740][T22316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1314.878749][T22316] Call Trace:
[ 1314.878755][T22316]  <TASK>
[ 1314.878760][T22316]  dump_stack_lvl+0x189/0x250
[ 1314.878776][T22316]  ? __pfx____ratelimit+0x10/0x10
[ 1314.878788][T22316]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1314.878799][T22316]  ? __pfx__printk+0x10/0x10
[ 1314.878819][T22316]  should_fail_ex+0x414/0x560
[ 1314.878837][T22316]  _copy_to_user+0x31/0xb0
[ 1314.878852][T22316]  simple_read_from_buffer+0xe1/0x170
[ 1314.878870][T22316]  proc_fail_nth_read+0x1b3/0x220
[ 1314.878884][T22316]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1314.878896][T22316]  ? rw_verify_area+0x2a6/0x4d0
[ 1314.878909][T22316]  ? __lock_acquire+0xab9/0xd20
[ 1314.878923][T22316]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1314.878934][T22316]  vfs_read+0x200/0xa30
[ 1314.878947][T22316]  ? fdget_pos+0x247/0x320
[ 1314.878958][T22316]  ? __pfx___mutex_lock+0x10/0x10
[ 1314.878971][T22316]  ? __pfx_vfs_read+0x10/0x10
[ 1314.878985][T22316]  ? __fget_files+0x2a/0x420
[ 1314.878996][T22316]  ? __fget_files+0x3a0/0x420
[ 1314.879004][T22316]  ? __fget_files+0x2a/0x420
[ 1314.879018][T22316]  ksys_read+0x145/0x250
[ 1314.879032][T22316]  ? __pfx_ksys_read+0x10/0x10
[ 1314.879047][T22316]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1314.879059][T22316]  __do_fast_syscall_32+0xb6/0x2b0
[ 1314.879072][T22316]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1314.879084][T22316]  do_fast_syscall_32+0x34/0x80
[ 1314.879095][T22316]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1314.879108][T22316] RIP: 0023:0xf7f35539
[ 1314.879118][T22316] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1314.879126][T22316] RSP: 002b:00000000f5405590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1314.879138][T22316] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5405620
[ 1314.879145][T22316] RDX: 000000000000000f RSI: 00000000f73c5ff4 RDI: 0000000000000000
[ 1314.879151][T22316] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1314.879157][T22316] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1314.879163][T22316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1314.879178][T22316]  </TASK>
[ 1314.925688][ T5874] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1314.927560][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1315.123063][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1315.394567][ T5874] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1315.424137][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1315.499636][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1315.524955][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1315.573420][ T5874] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1315.584179][ T5874] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1315.637789][ T5874] usb 1-1: Manufacturer: syz
[ 1315.648039][ T5874] usb 1-1: config 0 descriptor??
[ 1316.219756][ T5874] appleir 0003:05AC:8243.00C4: unknown main item tag 0x0
[ 1316.247842][ T5874] appleir 0003:05AC:8243.00C4: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[ 1316.290132][T22336] fuse: Bad value for 'fd'
[ 1316.537156][ T5874] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1316.735788][ T5874] usb 5-1: Using ep0 maxpacket: 16
[ 1316.743623][ T5874] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1316.754995][ T5874] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1316.769260][ T5874] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1316.796893][ T5874] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1316.829540][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1316.846637][ T5874] usb 5-1: config 0 descriptor??
[ 1317.266805][ T5874] usbhid 5-1:0.0: can't add hid device: -71
[ 1317.298044][ T5874] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1317.332431][ T5874] usb 5-1: USB disconnect, device number 16
[ 1317.721867][T22354] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1318.375512][T11458] usb 1-1: USB disconnect, device number 32
[ 1319.321049][ T5945] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1319.770508][ T5945] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1319.784064][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1319.804672][ T5945] usb 5-1: Product: syz
[ 1319.818423][ T5945] usb 5-1: Manufacturer: syz
[ 1319.832010][ T5945] usb 5-1: SerialNumber: syz
[ 1319.862310][T22378] FAULT_INJECTION: forcing a failure.
[ 1319.862310][T22378] name failslab, interval 1, probability 0, space 0, times 0
[ 1319.863865][ T5945] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1319.893123][T22378] CPU: 1 UID: 0 PID: 22378 Comm: syz.0.4498 Not tainted syzkaller #0 PREEMPT(full) 
[ 1319.893147][T22378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1319.893157][T22378] Call Trace:
[ 1319.893165][T22378]  <TASK>
[ 1319.893174][T22378]  dump_stack_lvl+0x189/0x250
[ 1319.893199][T22378]  ? __pfx____ratelimit+0x10/0x10
[ 1319.893218][T22378]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1319.893238][T22378]  ? __pfx__printk+0x10/0x10
[ 1319.893265][T22378]  ? ktime_get+0x3e/0x1f0
[ 1319.893288][T22378]  should_fail_ex+0x414/0x560
[ 1319.893317][T22378]  should_failslab+0xa8/0x100
[ 1319.893343][T22378]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1319.893366][T22378]  ? __alloc_skb+0x112/0x2d0
[ 1319.893393][T22378]  __alloc_skb+0x112/0x2d0
[ 1319.893416][T22378]  tcp_stream_alloc_skb+0x3d/0x340
[ 1319.893443][T22378]  tcp_write_xmit+0xeec/0x67f0
[ 1319.893511][T22378]  __tcp_push_pending_frames+0x97/0x360
[ 1319.893536][T22378]  tcp_rcv_established+0x1012/0x1eb0
[ 1319.893564][T22378]  ? rt_is_expired+0x1c/0x2d0
[ 1319.893591][T22378]  ? __pfx_tcp_rcv_established+0x10/0x10
[ 1319.893612][T22378]  ? rt_is_expired+0x1c/0x2d0
[ 1319.893630][T22378]  ? rt_is_expired+0x1c/0x2d0
[ 1319.893650][T22378]  ? rt_is_expired+0x250/0x2d0
[ 1319.893668][T22378]  ? __pfx_ipv4_dst_check+0x10/0x10
[ 1319.893687][T22378]  ? __pfx_ipv4_dst_check+0x10/0x10
[ 1319.893708][T22378]  tcp_v4_do_rcv+0xa23/0xce0
[ 1319.893733][T22378]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[ 1319.893748][T22378]  __release_sock+0x21c/0x350
[ 1319.893779][T22378]  release_sock+0x5f/0x1f0
[ 1319.893799][T22378]  sk_wait_data+0x1fe/0x4a0
[ 1319.893829][T22378]  ? __pfx_sk_wait_data+0x10/0x10
[ 1319.893851][T22378]  ? __pfx_woken_wake_function+0x10/0x10
[ 1319.893879][T22378]  ? __tcp_send_ack+0x2a1/0x620
[ 1319.893903][T22378]  tcp_recvmsg_locked+0xd65/0x3660
[ 1319.893963][T22378]  ? __pfx_tcp_recvmsg_locked+0x10/0x10
[ 1319.893991][T22378]  ? __lock_acquire+0xab9/0xd20
[ 1319.894026][T22378]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1319.894043][T22378]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1319.894068][T22378]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1319.894099][T22378]  tcp_recvmsg+0x216/0x810
[ 1319.894121][T22378]  ? __pfx_tcp_recvmsg+0x10/0x10
[ 1319.894145][T22378]  ? aa_sk_perm+0x81e/0x950
[ 1319.894166][T22378]  ? sock_rps_record_flow+0x19/0x410
[ 1319.894183][T22378]  inet_recvmsg+0x147/0x250
[ 1319.894202][T22378]  ? __pfx_inet_recvmsg+0x10/0x10
[ 1319.894226][T22378]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1319.894243][T22378]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1319.894266][T22378]  sock_recvmsg+0x1a8/0x270
[ 1319.894293][T22378]  __sys_recvfrom+0x1f6/0x340
[ 1319.894316][T22378]  ? __pfx___sys_recvfrom+0x10/0x10
[ 1319.894333][T22378]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1319.894364][T22378]  ? __fget_files+0x3a0/0x420
[ 1319.894391][T22378]  ? ksys_write+0x22a/0x250
[ 1319.894418][T22378]  __ia32_compat_sys_recvfrom+0xe4/0x100
[ 1319.894444][T22378]  __do_fast_syscall_32+0xb6/0x2b0
[ 1319.894463][T22378]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1319.894485][T22378]  do_fast_syscall_32+0x34/0x80
[ 1319.894505][T22378]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1319.894524][T22378] RIP: 0023:0xf7f81539
[ 1319.894541][T22378] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1319.894556][T22378] RSP: 002b:00000000f545555c EFLAGS: 00000206 ORIG_RAX: 0000000000000173
[ 1319.894574][T22378] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[ 1319.894587][T22378] RDX: 00000000fffffd0b RSI: 00000000c9100120 RDI: 0000000000000000
[ 1319.894599][T22378] RBP: 00000000fffffd25 R08: 0000000000000000 R09: 0000000000000000
[ 1319.894610][T22378] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1319.894621][T22378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1319.894648][T22378]  </TASK>
[ 1320.270382][ T5900] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1320.325563][T17117] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1320.655589][T17117] usb 4-1: Using ep0 maxpacket: 32
[ 1320.816016][ T5945] usb 5-1: USB disconnect, device number 17
[ 1321.001254][T17117] usb 4-1: device descriptor read/all, error -71
[ 1321.047766][T22384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4500'.
[ 1321.332685][T22392] kAFS: unparsable volume name
[ 1321.475646][T16734] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1321.485556][ T5874] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[ 1321.626049][T16734] usb 1-1: Using ep0 maxpacket: 16
[ 1321.633876][T16734] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1321.652719][ T5874] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1321.665607][T16734] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1321.681139][ T5874] usb 3-1: config 0 interface 0 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1321.697328][ T5900] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1321.704379][T16734] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1321.706107][ T5900] ath9k_htc: Failed to initialize the device
[ 1321.713945][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1321.730233][T16734] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1321.736229][ T5945] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1321.740215][ T5874] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[ 1321.759558][T16734] usb 1-1: config 0 descriptor??
[ 1321.768756][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1321.781389][ T5874] usb 3-1: config 0 descriptor??
[ 1321.808665][ T5874] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1321.865905][T17117] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1322.009961][T16734] usbhid 1-1:0.0: can't add hid device: -71
[ 1322.028575][T17117] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1322.044369][T16734] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1322.063102][T17117] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1322.084810][T16734] usb 1-1: USB disconnect, device number 33
[ 1322.109462][T17117] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1322.132709][T17117] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1322.162958][T17117] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1322.192258][T17117] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1322.217978][T17117] usb 4-1: Manufacturer: syz
[ 1322.274900][T22410] futex_wake_op: syz.0.4508 tries to shift op by 32; fix this program
[ 1322.290600][T17117] usb 4-1: config 0 descriptor??
[ 1322.545676][ T5900] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1322.710650][T17117] appleir 0003:05AC:8243.00C5: unknown main item tag 0x0
[ 1322.748549][T17117] appleir 0003:05AC:8243.00C5: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1323.135424][ T5900] usb 1-1: Using ep0 maxpacket: 8
[ 1323.144136][ T5900] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1323.156675][T22427] FAULT_INJECTION: forcing a failure.
[ 1323.156675][T22427] name failslab, interval 1, probability 0, space 0, times 0
[ 1323.156798][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1323.174284][T22427] CPU: 1 UID: 0 PID: 22427 Comm: syz.4.4513 Not tainted syzkaller #0 PREEMPT(full) 
[ 1323.174308][T22427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1323.174320][T22427] Call Trace:
[ 1323.174330][T22427]  <TASK>
[ 1323.174339][T22427]  dump_stack_lvl+0x189/0x250
[ 1323.174364][T22427]  ? __pfx____ratelimit+0x10/0x10
[ 1323.174383][T22427]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1323.174402][T22427]  ? __pfx__printk+0x10/0x10
[ 1323.174429][T22427]  ? __pfx___might_resched+0x10/0x10
[ 1323.174451][T22427]  should_fail_ex+0x414/0x560
[ 1323.174485][T22427]  should_failslab+0xa8/0x100
[ 1323.174510][T22427]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1323.174532][T22427]  ? call_usermodehelper_setup+0x8e/0x270
[ 1323.174554][T22427]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1323.174579][T22427]  call_usermodehelper_setup+0x8e/0x270
[ 1323.174601][T22427]  ? __pfx_free_modprobe_argv+0x10/0x10
[ 1323.174627][T22427]  __request_module+0x39f/0x5e0
[ 1323.174655][T22427]  ? rtnl_link_ops_get+0x23/0x250
[ 1323.174674][T22427]  ? __pfx___request_module+0x10/0x10
[ 1323.174707][T22427]  ? rtnl_link_ops_get+0x23/0x250
[ 1323.174723][T22427]  ? rtnl_link_ops_get+0x23/0x250
[ 1323.174742][T22427]  ? rtnl_link_ops_get+0x215/0x250
[ 1323.174764][T22427]  rtnl_newlink+0x64f/0x1c70
[ 1323.174793][T22427]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1323.174815][T22427]  ? __lock_acquire+0xab9/0xd20
[ 1323.174847][T22427]  ? __lock_acquire+0xab9/0xd20
[ 1323.174880][T22427]  ? __lock_acquire+0xab9/0xd20
[ 1323.174920][T22427]  ? is_bpf_text_address+0x26/0x2b0
[ 1323.174947][T22427]  ? is_bpf_text_address+0x292/0x2b0
[ 1323.174968][T22427]  ? is_bpf_text_address+0x26/0x2b0
[ 1323.174997][T22427]  ? __lock_acquire+0xab9/0xd20
[ 1323.175041][T22427]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1323.175058][T22427]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1323.175079][T22427]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1323.175096][T22427]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1323.175115][T22427]  ? lock_acquire+0x175/0x360
[ 1323.175148][T22427]  netlink_rcv_skb+0x208/0x470
[ 1323.175164][T22427]  ? __lock_acquire+0xab9/0xd20
[ 1323.175185][T22427]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1323.175205][T22427]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1323.175233][T22427]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1323.175258][T22427]  netlink_unicast+0x82c/0x9e0
[ 1323.175289][T22427]  ? __pfx_netlink_unicast+0x10/0x10
[ 1323.175314][T22427]  ? netlink_sendmsg+0x642/0xb30
[ 1323.175330][T22427]  ? skb_put+0x11b/0x210
[ 1323.175352][T22427]  netlink_sendmsg+0x805/0xb30
[ 1323.175378][T22427]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1323.175399][T22427]  ? __import_iovec+0x5d4/0x7f0
[ 1323.175417][T22427]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1323.175436][T22427]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1323.175454][T22427]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1323.175478][T22427]  __sock_sendmsg+0x21c/0x270
[ 1323.175503][T22427]  ____sys_sendmsg+0x505/0x830
[ 1323.175529][T22427]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1323.175564][T22427]  ___sys_sendmsg+0x21f/0x2a0
[ 1323.175586][T22427]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1323.175640][T22427]  ? __fget_files+0x2a/0x420
[ 1323.175655][T22427]  ? __fget_files+0x3a0/0x420
[ 1323.175679][T22427]  __sys_sendmsg+0x164/0x220
[ 1323.175702][T22427]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1323.175736][T22427]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1323.175757][T22427]  __do_fast_syscall_32+0xb6/0x2b0
[ 1323.175776][T22427]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1323.175797][T22427]  do_fast_syscall_32+0x34/0x80
[ 1323.175816][T22427]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1323.175835][T22427] RIP: 0023:0xf7f36539
[ 1323.175851][T22427] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1323.175866][T22427] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1323.175884][T22427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[ 1323.175896][T22427] RDX: 0000000004004850 RSI: 0000000000000000 RDI: 0000000000000000
[ 1323.175907][T22427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1323.175918][T22427] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1323.175928][T22427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1323.175955][T22427]  </TASK>
[ 1323.188891][T22427] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4513'.
[ 1323.225388][ T5900] usb 1-1: config 0 has no interface number 0
[ 1323.645576][ T5900] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1323.674439][ T5900] usb 1-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=ba.de
[ 1323.684780][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1323.711204][T22429] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4514'.
[ 1323.763877][ T5900] usb 1-1: config 0 descriptor??
[ 1323.793048][ T5900] usb 1-1: bad CDC descriptors
[ 1323.805212][ T5900] cdc_acm 1-1:0.1: Zero length descriptor references
[ 1323.813363][ T5900] cdc_acm 1-1:0.1: probe with driver cdc_acm failed with error -22
[ 1324.651136][ T5954] usb 3-1: USB disconnect, device number 11
[ 1324.754640][T16735] usb 1-1: USB disconnect, device number 34
[ 1325.129571][T16734] usb 4-1: USB disconnect, device number 127
[ 1325.224670][T22453] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4521'.
[ 1325.319060][T22453] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4521'.
[ 1326.159834][T22461] loop8: detected capacity change from 0 to 7
[ 1326.215851][T22461] Dev loop8: unable to read RDB block 7
[ 1326.225628][T22461]  loop8: AHDI p1 p2 p3
[ 1326.229822][T22461] loop8: partition table partially beyond EOD, truncated
[ 1326.237040][T22461] loop8: p1 start 1601398130 is beyond EOD, truncated
[ 1326.243833][T22461] loop8: p2 start 1702059890 is beyond EOD, truncated
[ 1326.403753][T22462] Dev loop8: unable to read RDB block 7
[ 1326.409565][T22462]  loop8: AHDI p1 p2 p3
[ 1326.413813][T22462] loop8: partition table partially beyond EOD, truncated
[ 1326.421471][T22462] loop8: p1 start 1601398130 is beyond EOD, truncated
[ 1326.428597][T22462] loop8: p2 start 1702059890 is beyond EOD, truncated
[ 1326.453525][T22470] netlink: 'syz.0.4525': attribute type 21 has an invalid length.
[ 1326.512372][T22470] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4525'.
[ 1326.518296][T22475] batadv1: entered promiscuous mode
[ 1326.528293][T22475] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1326.543836][T22470] netlink: 'syz.0.4525': attribute type 4 has an invalid length.
[ 1326.563695][T22470] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4525'.
[ 1327.414382][T22483] block nbd0: Attempted send on invalid socket
[ 1327.422038][T22483] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1327.845776][ T5900] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 1328.087639][T22500] loop8: detected capacity change from 0 to 7
[ 1328.237122][ T5900] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1328.258329][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1328.275706][T22500] Dev loop8: unable to read RDB block 7
[ 1328.281497][T22500]  loop8: AHDI p1 p2 p3
[ 1328.285855][T22500] loop8: partition table partially beyond EOD, truncated
[ 1328.293211][T22500] loop8: p1 start 1601398130 is beyond EOD, truncated
[ 1328.300173][T22500] loop8: p2 start 1702059890 is beyond EOD, truncated
[ 1328.329042][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1328.369604][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1328.394584][ T5900] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1328.405595][ T5900] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1328.425680][ T5900] usb 5-1: Manufacturer: syz
[ 1328.434910][T22499] Dev loop8: unable to read RDB block 7
[ 1328.466048][ T5900] usb 5-1: config 0 descriptor??
[ 1328.479653][T22499]  loop8: AHDI p1 p2 p3
[ 1328.498079][T22499] loop8: partition table partially beyond EOD, truncated
[ 1328.511845][T22499] loop8: p1 start 1601398130 is beyond EOD, truncated
[ 1328.530416][T22499] loop8: p2 start 1702059890 is beyond EOD, truncated
[ 1328.885530][T22505] blktrace: Concurrent blktraces are not allowed on loop8
[ 1328.904757][ T5900] appleir 0003:05AC:8243.00C6: unknown main item tag 0x0
[ 1328.925106][ T5900] appleir 0003:05AC:8243.00C6: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[ 1329.194095][T22509] tipc: Enabled bearer <eth:vlan1>, priority 10
[ 1329.396427][ T5954] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 1329.516872][T22517] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4538'.
[ 1329.618675][ T5954] usb 4-1: not running at top speed; connect to a high speed hub
[ 1329.631029][ T5954] usb 4-1: config 2 has an invalid interface number: 1 but max is 0
[ 1329.643242][ T5954] usb 4-1: config 2 contains an unexpected descriptor of type 0x1, skipping
[ 1329.655504][ T5900] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[ 1329.826799][ T5954] usb 4-1: config 2 has an invalid interface number: 30 but max is 0
[ 1329.851833][ T5954] usb 4-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[ 1329.936781][ T5954] usb 4-1: config 2 has no interface number 0
[ 1330.203570][ T5954] usb 4-1: config 2 interface 1 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[ 1330.282031][ T5900] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1330.305523][T16734] tipc: Node number set to 3884632643
[ 1330.342282][ T5954] usb 4-1: config 2 interface 1 altsetting 5 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[ 1330.363686][ T5900] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1330.424106][ T5945] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[ 1330.625714][ T5900] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1330.635732][ T5954] usb 4-1: config 2 interface 1 altsetting 5 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[ 1330.656292][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1330.668210][ T5954] usb 4-1: config 2 interface 1 altsetting 5 has 6 endpoint descriptors, different from the interface descriptor's value: 16
[ 1330.722758][ T5900] usb 3-1: config 0 descriptor??
[ 1330.735386][ T5954] usb 4-1: too many endpoints for config 2 interface 30 altsetting 74: 64, using maximum allowed: 30
[ 1330.754692][ T5900] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1330.765722][ T5900] dvb-usb: bulk message failed: -22 (3/0)
[ 1330.772068][ T5954] usb 4-1: config 2 interface 30 altsetting 74 endpoint 0xF has invalid maxpacket 1024, setting to 1023
[ 1330.812932][ T5900] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1330.822549][ T5954] usb 4-1: config 2 interface 30 altsetting 74 has a duplicate endpoint with address 0x7, skipping
[ 1330.849917][ T5900] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1330.860313][ T5954] usb 4-1: config 2 interface 30 altsetting 74 has an invalid descriptor for endpoint zero, skipping
[ 1330.882973][ T5900] usb 3-1: media controller created
[ 1330.910675][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1330.919126][ T5954] usb 4-1: config 2 interface 30 altsetting 74 endpoint 0xB has invalid maxpacket 1023, setting to 64
[ 1330.962351][ T5954] usb 4-1: config 2 interface 30 altsetting 74 endpoint 0x5 has invalid maxpacket 1032, setting to 64
[ 1330.986830][ T5900] dvb-usb: bulk message failed: -22 (6/0)
[ 1331.005497][ T5900] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1331.025295][ T5954] usb 4-1: config 2 interface 30 altsetting 74 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[ 1331.079245][ T5900] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input86
[ 1331.095858][ T5954] usb 4-1: config 2 interface 30 altsetting 74 has a duplicate endpoint with address 0x3, skipping
[ 1331.143942][ T5954] usb 4-1: config 2 interface 30 altsetting 74 endpoint 0x9 has invalid maxpacket 512, setting to 64
[ 1331.155200][ T5900] dvb-usb: schedule remote query interval to 150 msecs.
[ 1331.180741][ T5900] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1331.190611][ T5954] usb 4-1: config 2 interface 30 altsetting 74 has a duplicate endpoint with address 0xF, skipping
[ 1331.222494][ T5954] usb 4-1: config 2 interface 30 altsetting 74 has 10 endpoint descriptors, different from the interface descriptor's value: 64
[ 1331.265482][ T5954] usb 4-1: config 2 interface 1 has no altsetting 0
[ 1331.295407][ T5954] usb 4-1: config 2 interface 30 has no altsetting 0
[ 1331.329955][ T5954] usb 4-1: New USB device found, idVendor=09fb, idProduct=602e, bcdDevice=be.df
[ 1331.341298][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.364075][T22531] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4541'.
[ 1331.373248][ T5900] dvb-usb: error while querying for an remote control event.
[ 1331.404452][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1331.429769][T16469] usb 5-1: USB disconnect, device number 18
[ 1331.452001][ T5954] usb 4-1: Product: syz
[ 1331.462597][ T5954] usb 4-1: Manufacturer: syz
[ 1331.477461][ T5954] usb 4-1: SerialNumber: syz
[ 1331.542676][ T5954] usb 4-1: Interface #30 referenced by multiple IADs
[ 1331.558997][T22515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1331.595584][ T5900] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.606211][ T5900] dvb-usb: error while querying for an remote control event.
[ 1331.617056][T22515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1331.687212][T22515] Failed to get privilege flags for destination (handle=0x0:0x0)
[ 1331.794719][T16469] dvb-usb: bulk message failed: -22 (1/0)
[ 1331.805715][T16469] dvb-usb: error while querying for an remote control event.
[ 1331.835443][T16735] usb 3-1: USB disconnect, device number 12
[ 1331.856311][ T5954] ftdi_sio 4-1:2.1: FTDI USB Serial Device converter detected
[ 1331.948547][T16735] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1332.051680][ T5954] ftdi_sio ttyUSB0: unknown device type: 0xbedf
[ 1332.125711][ T5954] usb 4-1: USB disconnect, device number 2
[ 1332.144511][ T5954] ftdi_sio 4-1:2.1: device disconnected
[ 1332.244662][T22544] netlink: 'syz.0.4545': attribute type 1 has an invalid length.
[ 1332.285489][T17117] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[ 1332.596997][T17117] usb 5-1: config 27 has an invalid descriptor of length 150, skipping remainder of the config
[ 1332.607476][T17117] usb 5-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1332.621447][T17117] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1332.627490][T22544] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1332.635413][T17117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1333.094516][T22550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1333.135932][T22550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1333.652463][T22562] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4548'.
[ 1333.661829][T22562] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1333.773109][T22553] Can't find ip_set type hash:ip,
[ 1334.295455][T22574] block nbd0: Attempted send on invalid socket
[ 1334.301646][T22574] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1335.074751][T22562] block nbd0: Attempted send on invalid socket
[ 1335.134424][T22562] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1335.194550][T16734] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[ 1335.315705][T22581] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4550'.
[ 1335.465607][T16734] usb 2-1: device descriptor read/64, error -71
[ 1335.606969][T17117] usb 5-1: string descriptor 0 read error: -71
[ 1335.666869][T17117] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1335.705549][T16734] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[ 1335.832922][T17117] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1335.886361][T16734] usb 2-1: device descriptor read/64, error -71
[ 1335.895851][T17117] usb 5-1: USB disconnect, device number 19
[ 1336.237142][T16734] usb usb2-port1: attempt power cycle
[ 1336.395712][ T5954] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1336.456896][T17117] usb 5-1: new low-speed USB device number 20 using dummy_hcd
[ 1336.469819][T22592] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4553'.
[ 1336.583440][ T5954] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1336.615472][T16734] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[ 1336.628505][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1336.659888][T17117] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1336.675638][T16734] usb 2-1: device descriptor read/8, error -71
[ 1336.695460][T17117] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1336.725470][T17117] usb 5-1: config 0 has no interface number 0
[ 1336.737768][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1336.752729][T17117] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1336.762067][ T5954] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1336.784134][   T30] kauditd_printk_skb: 14 callbacks suppressed
[ 1336.784150][   T30] audit: type=1326 audit(1758681536.674:5444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22594 comm="syz.2.4554" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f35539 code=0x0
[ 1336.795441][T17117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1336.819873][ T5954] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1336.841756][ T5954] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1336.851866][ T5954] usb 1-1: Manufacturer: syz
[ 1336.959485][ T5954] usb 1-1: config 0 descriptor??
[ 1336.975258][T17117] usb 5-1: config 0 descriptor??
[ 1336.993616][T17117] iowarrior 5-1:0.1: no interrupt-in endpoint found
[ 1337.000355][T16734] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[ 1337.030009][T16734] usb 2-1: device descriptor read/8, error -71
[ 1337.085575][ T5900] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1337.145746][T16734] usb usb2-port1: unable to enumerate USB device
[ 1337.544348][ T5954] appleir 0003:05AC:8243.00C7: unknown main item tag 0x0
[ 1337.556928][ T5900] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1337.582396][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1337.606242][ T5954] appleir 0003:05AC:8243.00C7: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[ 1337.654856][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1337.699803][ T5900] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1337.798452][ T5900] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1337.809947][ T5900] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1338.016184][ T5900] usb 3-1: Manufacturer: syz
[ 1338.025214][ T5900] usb 3-1: config 0 descriptor??
[ 1338.955834][T17117] usb 5-1: USB disconnect, device number 20
[ 1339.694276][ T5867] Bluetooth: hci1: ACL packet for unknown connection handle 201
[ 1339.717166][T22618] netlink: 172 bytes leftover after parsing attributes in process `syz.0.4557'.
[ 1339.746904][T16469] usb 1-1: USB disconnect, device number 35
[ 1339.792050][T22618] openvswitch: netlink: Flow key attr not present in new flow.
[ 1340.159847][ T5900] usbhid 3-1:0.0: can't add hid device: -71
[ 1340.178415][ T5900] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1340.209370][ T5900] usb 3-1: USB disconnect, device number 13
[ 1340.245647][T16469] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1340.405706][T16469] usb 1-1: Using ep0 maxpacket: 32
[ 1340.417889][T16469] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1340.428492][T16469] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1340.772071][T16469] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1340.804606][T16469] usb 1-1: config 1 has no interface number 0
[ 1340.833127][T16469] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1340.856700][T16469] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1340.884746][T16469] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1340.936851][T22638] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4564'.
[ 1340.945994][T22638] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1341.162757][T22638] block nbd0: Attempted send on invalid socket
[ 1341.175180][T16469] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1341.183989][T22638] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1341.217566][T22639] input: syz1 as /devices/virtual/input/input87
[ 1341.254151][T16469] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[ 1341.505853][T22646] sctp: [Deprecated]: syz.0.4557 (pid 22646) Use of int in maxseg socket option.
[ 1341.505853][T22646] Use struct sctp_assoc_value instead
[ 1341.694221][T22648] netlink: 'syz.2.4566': attribute type 21 has an invalid length.
[ 1341.702491][T22648] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4566'.
[ 1341.954529][T22648] netlink: 'syz.2.4566': attribute type 4 has an invalid length.
[ 1341.978945][T22648] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4566'.
[ 1342.029958][T22639] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1342.036540][T22639] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[ 1342.118825][T22651] batadv1: entered promiscuous mode
[ 1342.149003][T22651] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1342.218301][T22639] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1342.242774][T22639] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1342.515013][T22660] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4569'.
[ 1342.530017][T22659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4569'.
[ 1342.635194][T22639] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1342.641450][T22639] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1342.673105][T22659] dummy0: entered promiscuous mode
[ 1342.692857][T22659] macvtap1: entered promiscuous mode
[ 1342.722483][T22659] macvtap1: entered allmulticast mode
[ 1342.742561][T22659] dummy0: entered allmulticast mode
[ 1342.886215][ T5954] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1342.954374][T22668] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1342.983858][T22639] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1343.002812][T22639] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 1343.091822][ T5954] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1343.127902][ T5954] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1343.178859][ T5954] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1343.211652][T22667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4570'.
[ 1343.216099][ T5954] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1343.292976][T22667] netlink: 'syz.1.4570': attribute type 15 has an invalid length.
[ 1343.342497][ T5954] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1343.378943][ T5954] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1343.404015][T22667] vxlan0: entered promiscuous mode
[ 1343.443880][ T5954] usb 4-1: Manufacturer: syz
[ 1343.445388][T10825] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1343.492764][ T5954] usb 4-1: config 0 descriptor??
[ 1343.497374][T10825] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1343.512331][   T30] audit: type=1326 audit(1758681543.404:5445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22673 comm="syz.4.4572" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f36539 code=0x0
[ 1343.515395][T10825] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1343.564387][T16469] snd_usb_pod 1-1:1.1: set_interface failed
[ 1343.605659][T10825] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1343.625906][T16469] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[ 1343.647951][T16469] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1343.678146][T16469] usb 1-1: USB disconnect, device number 36
[ 1343.881935][T17117] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 1343.942386][ T5954] appleir 0003:05AC:8243.00C8: unknown main item tag 0x0
[ 1343.979668][ T5954] appleir 0003:05AC:8243.00C8: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1344.148532][T17117] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1344.161249][T17117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1344.445709][T17117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1344.959034][T17117] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1345.169937][T17117] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1345.182060][T17117] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1345.214906][T17117] usb 5-1: Manufacturer: syz
[ 1345.264369][T17117] usb 5-1: config 0 descriptor??
[ 1346.007813][ T5954] usb 4-1: USB disconnect, device number 3
[ 1347.332194][T17117] usbhid 5-1:0.0: can't add hid device: -71
[ 1347.341019][T17117] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1347.429684][T17117] usb 5-1: USB disconnect, device number 21
[ 1348.088683][T22708] block nbd0: Attempted send on invalid socket
[ 1348.095962][T22708] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1348.366508][T22728] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4582'.
[ 1348.619030][T22732] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4583'.
[ 1349.528192][T22735] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4584'.
[ 1350.365505][T22747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4589'.
[ 1350.529944][T17117] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[ 1350.653446][T22755] FAULT_INJECTION: forcing a failure.
[ 1350.653446][T22755] name failslab, interval 1, probability 0, space 0, times 0
[ 1350.704289][T22753] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1350.709193][T22755] CPU: 1 UID: 0 PID: 22755 Comm: syz.4.4591 Not tainted syzkaller #0 PREEMPT(full) 
[ 1350.709218][T22755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1350.709229][T22755] Call Trace:
[ 1350.709237][T22755]  <TASK>
[ 1350.709245][T22755]  dump_stack_lvl+0x189/0x250
[ 1350.709269][T22755]  ? __pfx____ratelimit+0x10/0x10
[ 1350.709288][T22755]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1350.709308][T22755]  ? __pfx__printk+0x10/0x10
[ 1350.709335][T22755]  ? __pfx___might_resched+0x10/0x10
[ 1350.709350][T22755]  ? fs_reclaim_acquire+0x7d/0x100
[ 1350.709371][T22755]  should_fail_ex+0x414/0x560
[ 1350.709398][T22755]  should_failslab+0xa8/0x100
[ 1350.709422][T22755]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1350.709443][T22755]  ? __pfx_nf_tables_abort+0x10/0x10
[ 1350.709462][T22755]  ? __alloc_skb+0x112/0x2d0
[ 1350.709484][T22755]  __alloc_skb+0x112/0x2d0
[ 1350.709507][T22755]  netlink_ack+0x146/0xa50
[ 1350.709529][T22755]  ? __kasan_kmalloc+0x93/0xb0
[ 1350.709558][T22755]  nfnetlink_rcv+0x2290/0x2520
[ 1350.709617][T22755]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1350.709685][T22755]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1350.709719][T22755]  netlink_unicast+0x82c/0x9e0
[ 1350.709751][T22755]  ? __pfx_netlink_unicast+0x10/0x10
[ 1350.709775][T22755]  ? netlink_sendmsg+0x642/0xb30
[ 1350.709792][T22755]  ? skb_put+0x11b/0x210
[ 1350.709814][T22755]  netlink_sendmsg+0x805/0xb30
[ 1350.709840][T22755]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1350.709861][T22755]  ? __import_iovec+0x5d4/0x7f0
[ 1350.709880][T22755]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1350.709899][T22755]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1350.709917][T22755]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1350.709936][T22755]  __sock_sendmsg+0x21c/0x270
[ 1350.709962][T22755]  ____sys_sendmsg+0x505/0x830
[ 1350.709988][T22755]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1350.710023][T22755]  ___sys_sendmsg+0x21f/0x2a0
[ 1350.710046][T22755]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1350.710100][T22755]  ? __fget_files+0x2a/0x420
[ 1350.710114][T22755]  ? __fget_files+0x3a0/0x420
[ 1350.710140][T22755]  __sys_sendmsg+0x164/0x220
[ 1350.710162][T22755]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1350.710197][T22755]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1350.710221][T22755]  __do_fast_syscall_32+0xb6/0x2b0
[ 1350.710241][T22755]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1350.710261][T22755]  do_fast_syscall_32+0x34/0x80
[ 1350.710280][T22755]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1350.710299][T22755] RIP: 0023:0xf7f36539
[ 1350.710314][T22755] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1350.710328][T22755] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1350.710347][T22755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1350.710359][T22755] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1350.710369][T22755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1350.710380][T22755] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1350.710390][T22755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1350.710415][T22755]  </TASK>
[ 1350.757811][T17117] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1351.044121][T17117] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1351.074251][T17117] usb 3-1: config 0 descriptor??
[ 1351.362944][T22742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1351.590966][T22742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1351.669306][T17117] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1351.688503][T17117] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1352.228885][T22780] F2FS-fs: Conflicting test_dummy_encryption options
[ 1352.268024][T22780] input: syz1 as /devices/virtual/input/input88
[ 1352.483716][T22781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4598'.
[ 1352.845453][T22781] tc_dump_action: action bad kind
[ 1353.155452][T16469] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 1353.345501][T16469] usb 4-1: Using ep0 maxpacket: 8
[ 1353.356374][T16469] usb 4-1: too many configurations: 30, using maximum allowed: 8
[ 1353.476422][T22790] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4599'.
[ 1354.183650][T16469] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1354.196109][T16469] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1354.244310][ T5900] usb 3-1: USB disconnect, device number 14
[ 1354.254196][T16469] usb 4-1: Product: syz
[ 1354.285115][T16469] usb 4-1: Manufacturer: syz
[ 1354.437288][T16469] usb 4-1: SerialNumber: syz
[ 1354.476454][T16469] usb 4-1: config 0 descriptor??
[ 1354.955093][T22799] block nbd0: Attempted send on invalid socket
[ 1354.961732][T22799] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1355.437750][T16469] gspca_main: 04a5:3003 too many config
[ 1355.472819][T16469] usb 4-1: USB disconnect, device number 4
[ 1355.609447][T22808] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1355.873094][T22818] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4608'.
[ 1357.588251][T22841] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4614'.
[ 1357.834946][T22843] input: syz1 as /devices/virtual/input/input89
[ 1357.866565][T22843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4615'.
[ 1358.387671][T22854] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1358.840569][T22873] FAULT_INJECTION: forcing a failure.
[ 1358.840569][T22873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1358.879668][T22873] CPU: 1 UID: 0 PID: 22873 Comm: syz.3.4627 Not tainted syzkaller #0 PREEMPT(full) 
[ 1358.879694][T22873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1358.879704][T22873] Call Trace:
[ 1358.879713][T22873]  <TASK>
[ 1358.879721][T22873]  dump_stack_lvl+0x189/0x250
[ 1358.879746][T22873]  ? __pfx____ratelimit+0x10/0x10
[ 1358.879765][T22873]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1358.879785][T22873]  ? __pfx__printk+0x10/0x10
[ 1358.879806][T22873]  ? __might_fault+0xb0/0x130
[ 1358.879839][T22873]  should_fail_ex+0x414/0x560
[ 1358.879867][T22873]  _copy_from_user+0x2d/0xb0
[ 1358.879889][T22873]  __ia32_compat_sys_setrlimit+0xcc/0x1b0
[ 1358.879912][T22873]  ? __pfx___ia32_compat_sys_setrlimit+0x10/0x10
[ 1358.879941][T22873]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1358.879962][T22873]  __do_fast_syscall_32+0xb6/0x2b0
[ 1358.879983][T22873]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1358.880005][T22873]  do_fast_syscall_32+0x34/0x80
[ 1358.880024][T22873]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1358.880043][T22873] RIP: 0023:0xf7fd3539
[ 1358.880059][T22873] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1358.880083][T22873] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 000000000000004b
[ 1358.880102][T22873] RAX: ffffffffffffffda RBX: 0000000002000000 RCX: 0000000080000300
[ 1358.880115][T22873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1358.880125][T22873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1358.880135][T22873] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1358.880145][T22873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1358.880172][T22873]  </TASK>
[ 1359.094504][T22877] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4628'.
[ 1359.284458][T22882] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1359.438666][T22882] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1359.550453][T22885] debugfs: '!' already exists in 'ieee80211'
[ 1361.148081][T22921] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[ 1361.687335][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.693681][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.868441][T22927] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[ 1362.573411][T22921] block nbd0: Attempted send on invalid socket
[ 1362.731651][T22921] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1363.354030][T22947] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4648'.
[ 1363.448014][T22946] debugfs: '!' already exists in 'ieee80211'
[ 1363.881308][T22923] block nbd0: Attempted send on invalid socket
[ 1363.939683][T22923] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1365.053822][ T5954] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1365.118783][T22961] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1365.268149][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1365.279697][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1365.307904][ T5954] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1365.350857][ T5954] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1365.372235][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.397125][ T5954] usb 1-1: config 0 descriptor??
[ 1366.113189][T22979] binder: 22974:22979 ioctl 400c620e 80000140 returned -22
[ 1366.568680][ T5954] plantronics 0003:047F:FFFF.00C9: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1367.083854][T22983] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4657'.
[ 1367.156233][ T5874] usb 1-1: USB disconnect, device number 37
[ 1367.855504][ T5874] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[ 1368.046491][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[ 1368.062318][ T5874] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[ 1368.071867][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1368.080313][ T5874] usb 2-1: Product: syz
[ 1368.084548][ T5874] usb 2-1: Manufacturer: syz
[ 1368.093832][ T5874] usb 2-1: SerialNumber: syz
[ 1368.100989][T23001] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[ 1368.176974][ T5874] usb 2-1: config 0 descriptor??
[ 1368.742270][ T5874] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1368.758962][ T5874] hub 2-1:0.0: probe with driver hub failed with error -5
[ 1368.847327][T23012] block nbd0: Attempted send on invalid socket
[ 1368.853548][T23012] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1369.089582][ T5874] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input90
[ 1369.193567][T23017] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[ 1369.203164][ T5874] input: failed to attach handler mousedev to device input90, error: -5
[ 1369.617292][T23021] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1370.180701][T23026] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4667'.
[ 1371.381465][ T5900] usb 2-1: USB disconnect, device number 16
[ 1371.830681][T23044] Set syz1 is full, maxelem 65536 reached
[ 1373.078441][T23067] FAULT_INJECTION: forcing a failure.
[ 1373.078441][T23067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1373.091822][T23067] CPU: 1 UID: 0 PID: 23067 Comm: syz.2.4678 Not tainted syzkaller #0 PREEMPT(full) 
[ 1373.091837][T23067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1373.091843][T23067] Call Trace:
[ 1373.091848][T23067]  <TASK>
[ 1373.091853][T23067]  dump_stack_lvl+0x189/0x250
[ 1373.091871][T23067]  ? __pfx____ratelimit+0x10/0x10
[ 1373.091882][T23067]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1373.091894][T23067]  ? __pfx__printk+0x10/0x10
[ 1373.091908][T23067]  ? __might_fault+0xb0/0x130
[ 1373.091927][T23067]  should_fail_ex+0x414/0x560
[ 1373.091945][T23067]  _copy_from_user+0x2d/0xb0
[ 1373.091959][T23067]  get_compat_msghdr+0xad/0x4a0
[ 1373.091974][T23067]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1373.091987][T23067]  ? rcu_is_watching+0x15/0xb0
[ 1373.091996][T23067]  ? ___sys_recvmsg+0x1c4/0x510
[ 1373.092012][T23067]  ___sys_recvmsg+0x17f/0x510
[ 1373.092028][T23067]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1373.092052][T23067]  ? __fget_files+0x3a0/0x420
[ 1373.092073][T23067]  do_recvmmsg+0x36a/0x770
[ 1373.092090][T23067]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1373.092110][T23067]  ? __pfx_vfs_write+0x10/0x10
[ 1373.092131][T23067]  __sys_recvmmsg+0x19d/0x280
[ 1373.092145][T23067]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1373.092156][T23067]  ? ksys_write+0x22a/0x250
[ 1373.092174][T23067]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1373.092188][T23067]  __do_fast_syscall_32+0xb6/0x2b0
[ 1373.092200][T23067]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1373.092213][T23067]  do_fast_syscall_32+0x34/0x80
[ 1373.092224][T23067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1373.092236][T23067] RIP: 0023:0xf7f35539
[ 1373.092245][T23067] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1373.092254][T23067] RSP: 002b:00000000f540555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1373.092265][T23067] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[ 1373.092272][T23067] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[ 1373.092278][T23067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1373.092284][T23067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1373.092290][T23067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1373.092304][T23067]  </TASK>
[ 1374.007030][T23076] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[ 1374.161974][T23076] block nbd0: Attempted send on invalid socket
[ 1374.182426][T23076] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1377.379698][ T5874] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[ 1377.646976][T23132] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4692'.
[ 1377.939582][T23126] openvswitch: netlink: Message has 20 unknown bytes.
[ 1378.006484][ T5874] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1378.023558][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1378.050512][ T5874] usb 1-1: config 0 descriptor??
[ 1378.102934][ T5874] cp210x 1-1:0.0: cp210x converter detected
[ 1378.359854][T23129] block nbd0: Attempted send on invalid socket
[ 1378.393375][T23129] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1378.505581][ T5874] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -121
[ 1378.513282][ T5874] cp210x 1-1:0.0: querying part number failed
[ 1378.546416][ T5874] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1378.620667][T23120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1378.648923][T23120] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1379.555516][T17117] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1379.725057][T17117] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1379.768765][T17117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1379.779921][T17117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1379.789814][T17117] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1379.804736][T17117] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1379.830673][T23146] FAULT_INJECTION: forcing a failure.
[ 1379.830673][T23146] name failslab, interval 1, probability 0, space 0, times 0
[ 1379.844637][T17117] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1379.863866][T17117] usb 3-1: Manufacturer: syz
[ 1379.877096][T23146] CPU: 1 UID: 0 PID: 23146 Comm: syz.3.4696 Not tainted syzkaller #0 PREEMPT(full) 
[ 1379.877112][T23146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1379.877118][T23146] Call Trace:
[ 1379.877123][T23146]  <TASK>
[ 1379.877128][T23146]  dump_stack_lvl+0x189/0x250
[ 1379.877145][T23146]  ? __pfx____ratelimit+0x10/0x10
[ 1379.877156][T23146]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1379.877168][T23146]  ? __pfx__printk+0x10/0x10
[ 1379.877183][T23146]  ? __pfx___might_resched+0x10/0x10
[ 1379.877193][T23146]  ? fs_reclaim_acquire+0x7d/0x100
[ 1379.877205][T23146]  should_fail_ex+0x414/0x560
[ 1379.877224][T23146]  should_failslab+0xa8/0x100
[ 1379.877240][T23146]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1379.877253][T23146]  ? __anon_vma_prepare+0xcb/0x4a0
[ 1379.877269][T23146]  __anon_vma_prepare+0xcb/0x4a0
[ 1379.877282][T23146]  ? __handle_mm_fault+0x12cf/0x5440
[ 1379.877298][T23146]  __handle_mm_fault+0x4b2d/0x5440
[ 1379.877325][T23146]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1379.877346][T23146]  ? follow_page_pte+0x7ef/0x13e0
[ 1379.877363][T23146]  handle_mm_fault+0x40a/0x8e0
[ 1379.877381][T23146]  __get_user_pages+0x1699/0x2ce0
[ 1379.877411][T23146]  populate_vma_page_range+0x29f/0x3a0
[ 1379.877425][T23146]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1379.877435][T23146]  ? apply_vma_lock_flags+0x344/0x3c0
[ 1379.877449][T23146]  ? down_read+0x1ad/0x2e0
[ 1379.877463][T23146]  __mm_populate+0x24c/0x380
[ 1379.877476][T23146]  ? __pfx___mm_populate+0x10/0x10
[ 1379.877489][T23146]  ? up_write+0x1c4/0x420
[ 1379.877503][T23146]  do_mlock+0x625/0x740
[ 1379.877519][T23146]  ? __pfx_do_mlock+0x10/0x10
[ 1379.877530][T23146]  ? fput+0xa0/0xd0
[ 1379.877541][T23146]  ? ksys_write+0x22a/0x250
[ 1379.877558][T23146]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1379.877572][T23146]  __ia32_sys_mlock+0x5f/0x70
[ 1379.877583][T23146]  __do_fast_syscall_32+0xb6/0x2b0
[ 1379.877596][T23146]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1379.877608][T23146]  do_fast_syscall_32+0x34/0x80
[ 1379.877619][T23146]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1379.877631][T23146] RIP: 0023:0xf7fd3539
[ 1379.877641][T23146] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1379.877650][T23146] RSP: 002b:00000000f54c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000096
[ 1379.877661][T23146] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1379.877669][T23146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1379.877675][T23146] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1379.877680][T23146] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1379.877687][T23146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1379.877701][T23146]  </TASK>
[ 1380.235724][ T5900] usb 1-1: USB disconnect, device number 38
[ 1380.262817][ T5900] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1380.281947][ T5900] cp210x 1-1:0.0: device disconnected
[ 1380.440962][T23150] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1380.470393][T17117] usb 3-1: config 0 descriptor??
[ 1380.887395][T17117] appleir 0003:05AC:8243.00CA: unknown main item tag 0x0
[ 1380.935014][T17117] appleir 0003:05AC:8243.00CA: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1381.229206][T17117] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[ 1381.400751][T17117] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[ 1381.411160][T17117] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1381.452953][T17117] usb 1-1: config 220 has no interface number 2
[ 1381.491969][T17117] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1381.506072][T17117] usb 1-1: config 220 interface 0 has no altsetting 0
[ 1381.512905][T17117] usb 1-1: config 220 interface 76 has no altsetting 0
[ 1381.554948][T17117] usb 1-1: config 220 interface 1 has no altsetting 0
[ 1381.581107][T17117] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1381.603180][T17117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1381.637482][T17117] usb 1-1: Product: syz
[ 1381.641703][T17117] usb 1-1: Manufacturer: syz
[ 1381.672185][T17117] usb 1-1: SerialNumber: syz
[ 1382.397936][T23172] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[ 1382.638524][T23179] binder: 23173:23179 ioctl c018620c 800000c0 returned -22
[ 1383.146585][T16734] usb 3-1: USB disconnect, device number 15
[ 1383.301529][T17117] usb 1-1: selecting invalid altsetting 0
[ 1383.307799][T17117] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[ 1383.314142][T17117] usb 1-1: No valid video chain found.
[ 1383.325482][T17117] usb 1-1: selecting invalid altsetting 0
[ 1383.331646][T17117] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[ 1383.342786][T17117] usb 1-1: USB disconnect, device number 39
[ 1383.440519][T23166] block nbd0: Attempted send on invalid socket
[ 1383.478695][T23166] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1385.187659][T16734] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1385.338100][T16734] usb 4-1: device descriptor read/64, error -71
[ 1385.595850][T16734] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 1385.689689][T23213] FAULT_INJECTION: forcing a failure.
[ 1385.689689][T23213] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1385.735461][T16734] usb 4-1: device descriptor read/64, error -71
[ 1385.775779][T23213] CPU: 1 UID: 0 PID: 23213 Comm: syz.2.4715 Not tainted syzkaller #0 PREEMPT(full) 
[ 1385.775805][T23213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1385.775816][T23213] Call Trace:
[ 1385.775822][T23213]  <TASK>
[ 1385.775827][T23213]  dump_stack_lvl+0x189/0x250
[ 1385.775844][T23213]  ? __pfx____ratelimit+0x10/0x10
[ 1385.775856][T23213]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1385.775867][T23213]  ? __pfx__printk+0x10/0x10
[ 1385.775881][T23213]  ? __might_fault+0xb0/0x130
[ 1385.775901][T23213]  should_fail_ex+0x414/0x560
[ 1385.775919][T23213]  _copy_from_user+0x2d/0xb0
[ 1385.775933][T23213]  load_msg+0x1f5/0x3b0
[ 1385.775948][T23213]  do_mq_timedsend+0x372/0xa90
[ 1385.775963][T23213]  ? ksys_write+0x1cb/0x250
[ 1385.775980][T23213]  ? __pfx_do_mq_timedsend+0x10/0x10
[ 1385.775995][T23213]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1385.776015][T23213]  __ia32_sys_mq_timedsend_time32+0x16f/0x210
[ 1385.776031][T23213]  ? __pfx___ia32_sys_mq_timedsend_time32+0x10/0x10
[ 1385.776046][T23213]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1385.776058][T23213]  __do_fast_syscall_32+0xb6/0x2b0
[ 1385.776071][T23213]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1385.776083][T23213]  do_fast_syscall_32+0x34/0x80
[ 1385.776094][T23213]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1385.776106][T23213] RIP: 0023:0xf7f35539
[ 1385.776115][T23213] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1385.776124][T23213] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000117
[ 1385.776136][T23213] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[ 1385.776143][T23213] RDX: 0000000000000a00 RSI: 0000000000000006 RDI: 0000000000000000
[ 1385.776148][T23213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1385.776154][T23213] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1385.776159][T23213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1385.776173][T23213]  </TASK>
[ 1385.983015][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1386.206029][T16734] usb usb4-port1: attempt power cycle
[ 1386.465502][   T24] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1386.525626][T16469] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1386.585437][T16734] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1386.618095][T16734] usb 4-1: device descriptor read/8, error -71
[ 1386.625407][   T24] usb 1-1: device descriptor read/64, error -71
[ 1386.625450][ T5900] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1386.677505][T16469] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1386.695841][T16469] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1386.725929][T16469] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1386.756044][T16469] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1386.780484][T16469] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1386.793290][T16469] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1386.803791][ T5900] usb 5-1: Using ep0 maxpacket: 32
[ 1386.814918][ T5900] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1386.825593][T16469] usb 3-1: Manufacturer: syz
[ 1386.839808][ T5900] usb 5-1: config 7 has an invalid interface number: 187 but max is 0
[ 1386.852952][T16469] usb 3-1: config 0 descriptor??
[ 1386.859768][ T5900] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1386.883467][ T5900] usb 5-1: config 7 has no interface number 0
[ 1386.895509][   T24] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 1386.898518][ T5900] usb 5-1: config 7 interface 187 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1386.903237][T16734] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 1386.922550][ T5900] usb 5-1: config 7 interface 187 has no altsetting 0
[ 1386.934189][ T5900] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1386.958541][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1386.976286][T16734] usb 4-1: device descriptor read/8, error -71
[ 1386.980605][ T5900] usb 5-1: Product: syz
[ 1387.017181][ T5900] usb 5-1: Manufacturer: syz
[ 1387.053433][ T5900] usb 5-1: SerialNumber: syz
[ 1387.086770][   T24] usb 1-1: device descriptor read/64, error -71
[ 1387.093560][T16734] usb usb4-port1: unable to enumerate USB device
[ 1387.195821][   T24] usb usb1-port1: attempt power cycle
[ 1387.283629][ T5900] usb 5-1: Not enough endpoints found in device, aborting!
[ 1387.303968][T16469] appleir 0003:05AC:8243.00CB: unknown main item tag 0x0
[ 1387.361605][T16469] appleir 0003:05AC:8243.00CB: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1387.545978][   T24] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[ 1387.576903][   T24] usb 1-1: device descriptor read/8, error -71
[ 1387.815719][   T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[ 1387.868875][   T24] usb 1-1: device descriptor read/8, error -71
[ 1387.989058][   T24] usb usb1-port1: unable to enumerate USB device
[ 1388.563680][   T24] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[ 1388.773299][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[ 1388.837800][   T24] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[ 1388.885589][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1388.901394][   T24] usb 4-1: Product: syz
[ 1388.915838][   T24] usb 4-1: Manufacturer: syz
[ 1388.925489][   T24] usb 4-1: SerialNumber: syz
[ 1388.939838][   T24] usb 4-1: config 0 descriptor??
[ 1388.959321][   T24] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1388.965591][   T24] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1388.977484][   T24] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input91
[ 1389.423960][ T5900] usb 3-1: USB disconnect, device number 16
[ 1389.746880][ T5874] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[ 1389.927689][ T5874] usb 1-1: Using ep0 maxpacket: 8
[ 1389.937035][ T5874] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1389.948659][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 1389.981779][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[ 1390.015180][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1390.048849][ T5874] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[ 1390.071614][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1390.099969][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1390.198373][ T5874] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1390.272239][ T5874] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[ 1390.305598][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1390.380304][ T5954] usb 5-1: USB disconnect, device number 22
[ 1390.383205][ T5874] usb 1-1: Product: syz
[ 1390.420963][ T5874] usb 1-1: Manufacturer: syz
[ 1390.442941][ T5874] usb 1-1: SerialNumber: syz
[ 1390.471352][ T5874] usb 1-1: config 0 descriptor??
[ 1390.523210][T23251] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1390.550360][ T5874] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1390.732010][T23268] openvswitch: netlink: Key 0 has unexpected len 16 expected 0
[ 1391.227519][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] SMP KASAN PTI
[ 1391.239442][    C0] KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
[ 1391.247860][    C0] CPU: 0 UID: 0 PID: 21557 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[ 1391.257403][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1391.267451][    C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[ 1391.275258][    C0] RIP: 0010:snd_usbmidi_do_output+0x199/0x560
[ 1391.281314][    C0] Code: 5c 24 48 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 c8 83 ec f8 48 8b 1b 4c 8d ab 88 00 00 00 4d 89 ef 49 c1 ef 03 <43> 0f b6 04 37 84 c0 0f 85 44 02 00 00 41 c7 45 00 00 00 00 00 48
[ 1391.300912][    C0] RSP: 0018:ffffc90000007ab8 EFLAGS: 00010006
[ 1391.306962][    C0] RAX: 1ffff1100e662501 RBX: 0000000000000000 RCX: ffff88802ea5bc00
[ 1391.314918][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000007
[ 1391.322871][    C0] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[ 1391.330823][    C0] R10: dffffc0000000000 R11: fffff52000000f34 R12: 0000000000000001
[ 1391.338788][    C0] R13: 0000000000000088 R14: dffffc0000000000 R15: 0000000000000011
[ 1391.346745][    C0] FS:  0000000000000000(0000) GS:ffff888125c12000(0000) knlGS:0000000000000000
[ 1391.355660][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1391.362226][    C0] CR2: 00007fb59a26f790 CR3: 00000000648e6000 CR4: 00000000003526f0
[ 1391.370185][    C0] DR0: 0000000000000400 DR1: 0000000000000000 DR2: 0000000000004520
[ 1391.378137][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1391.386090][    C0] Call Trace:
[ 1391.389351][    C0]  <IRQ>
[ 1391.392182][    C0]  snd_usbmidi_error_timer+0x316/0x660
[ 1391.397628][    C0]  call_timer_fn+0x17b/0x5f0
[ 1391.402248][    C0]  ? __pfx_snd_usbmidi_error_timer+0x10/0x10
[ 1391.408221][    C0]  ? call_timer_fn+0xbe/0x5f0
[ 1391.412902][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1391.418019][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1391.423223][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1391.428416][    C0]  ? __pfx_snd_usbmidi_error_timer+0x10/0x10
[ 1391.434381][    C0]  __run_timer_base+0x61a/0x860
[ 1391.439224][    C0]  ? ktime_get+0x3e/0x1f0
[ 1391.443551][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1391.448916][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 1391.455148][    C0]  run_timer_softirq+0xb7/0x180
[ 1391.459986][    C0]  handle_softirqs+0x283/0x870
[ 1391.464731][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[ 1391.469480][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1391.474747][    C0]  __irq_exit_rcu+0xca/0x1f0
[ 1391.479318][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1391.484498][    C0]  irq_exit_rcu+0x9/0x30
[ 1391.488734][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1391.494380][    C0]  </IRQ>
[ 1391.497299][    C0]  <TASK>
[ 1391.500222][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1391.506198][    C0] RIP: 0010:lock_release+0x2b5/0x3e0
[ 1391.511481][    C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 0b 6f 03 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[ 1391.531077][    C0] RSP: 0018:ffffc9000e76f818 EFLAGS: 00000206
[ 1391.537134][    C0] RAX: 9e766301d22e5e00 RBX: 0000000000000202 RCX: 9e766301d22e5e00
[ 1391.545095][    C0] RDX: 0000000000000003 RSI: ffffffff8dba99ac RDI: ffffffff8be33f80
[ 1391.553050][    C0] RBP: ffff88802ea5c768 R08: 0000000000000000 R09: ffffffff8b42cc20
[ 1391.561004][    C0] R10: dffffc0000000000 R11: ffffed100b218717 R12: 0000000000000003
[ 1391.568959][    C0] R13: 0000000000000003 R14: ffffffff8e13a0e0 R15: ffff88802ea5bc00
[ 1391.576919][    C0]  ? batadv_iv_ogm_schedule+0x430/0xf00
[ 1391.582467][    C0]  ? batadv_iv_ogm_schedule+0x430/0xf00
[ 1391.588026][    C0]  batadv_iv_ogm_schedule+0x715/0xf00
[ 1391.593404][    C0]  ? batadv_iv_ogm_schedule+0x430/0xf00
[ 1391.598936][    C0]  ? __pfx_batadv_iv_ogm_schedule+0x10/0x10
[ 1391.604821][    C0]  ? batadv_send_skb_packet+0x45d/0x6d0
[ 1391.610362][    C0]  batadv_iv_send_outstanding_bat_ogm_packet+0x6c6/0x7e0
[ 1391.617385][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1391.623091][    C0]  process_scheduled_works+0xae1/0x17b0
[ 1391.628627][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1391.634593][    C0]  worker_thread+0x8a0/0xda0
[ 1391.639174][    C0]  kthread+0x70e/0x8a0
[ 1391.643235][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1391.648332][    C0]  ? __pfx_kthread+0x10/0x10
[ 1391.652906][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1391.658093][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1391.663274][    C0]  ? __pfx_kthread+0x10/0x10
[ 1391.667847][    C0]  ret_from_fork+0x439/0x7d0
[ 1391.672420][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1391.677513][    C0]  ? __switch_to_asm+0x39/0x70
[ 1391.682266][    C0]  ? __switch_to_asm+0x33/0x70
[ 1391.687015][    C0]  ? __pfx_kthread+0x10/0x10
[ 1391.691591][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1391.696346][    C0]  </TASK>
[ 1391.699359][    C0] Modules linked in:
[ 1391.703245][    C0] ---[ end trace 0000000000000000 ]---
[ 1391.708682][    C0] RIP: 0010:snd_usbmidi_do_output+0x199/0x560
[ 1391.714742][    C0] Code: 5c 24 48 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 c8 83 ec f8 48 8b 1b 4c 8d ab 88 00 00 00 4d 89 ef 49 c1 ef 03 <43> 0f b6 04 37 84 c0 0f 85 44 02 00 00 41 c7 45 00 00 00 00 00 48
[ 1391.734417][    C0] RSP: 0018:ffffc90000007ab8 EFLAGS: 00010006
[ 1391.740470][    C0] RAX: 1ffff1100e662501 RBX: 0000000000000000 RCX: ffff88802ea5bc00
[ 1391.748427][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000007
[ 1391.756391][    C0] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[ 1391.764372][    C0] R10: dffffc0000000000 R11: fffff52000000f34 R12: 0000000000000001
[ 1391.772357][    C0] R13: 0000000000000088 R14: dffffc0000000000 R15: 0000000000000011
[ 1391.780330][    C0] FS:  0000000000000000(0000) GS:ffff888125c12000(0000) knlGS:0000000000000000
[ 1391.789260][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1391.795856][    C0] CR2: 00007fb59a26f790 CR3: 00000000648e6000 CR4: 00000000003526f0
[ 1391.803822][    C0] DR0: 0000000000000400 DR1: 0000000000000000 DR2: 0000000000004520
[ 1391.811788][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1391.819752][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 1391.827070][    C0] Kernel Offset: disabled
[ 1391.831379][    C0] Rebooting in 86400 seconds..