last executing test programs:

17m0.350657066s ago: executing program 2 (id=374):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7ff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000380)={'vlan0\x00', 0x77a7})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000000000080000000000000cb759f060764a6cbfef01c3a3805ba3b18c2ca43ab93b321f7174ae1d00699e0a1650cd198598e66d511f9abc455311a162004a6ab9089ad0945c77018ce4b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timer_settime(0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000680)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_on}]})
r8 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r8, &(0x7f0000000200)='./file1\x00', 0x800, 0x1)
link(&(0x7f0000000940)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100)='./file0\x00')
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0xfffffffd, 0xd7b})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r8)

16m58.518581899s ago: executing program 2 (id=381):
syz_io_uring_setup(0x4504, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x178, 0x1414, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_macvtap\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0xfffffffffffffc56, 0x33, 'gre0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_team\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x15, 0x5, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r5 = socket(0xa, 0x3, 0x87)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RSYMLINK(r6, &(0x7f0000000100)={0x14, 0x11, 0x1, {0x4, 0x1}}, 0x14)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r7=>0x0})
socket$inet6(0xa, 0x2, 0x0)
pwritev(r0, &(0x7f0000000500)=[{&(0x7f0000000180)="4a0f6981b303b463fdb1f98acd934657068dab16275d34d51f82234eff20c91798b118e346de07fa2c4415fc8aa371e2c17a1423733f75bab66f5636697e2b649d7950587950efd1b59b078bb11dd8dc386ceae6d9486b8309fb54db06cf5f54b44ab7fbbc84d3dcde523f3d", 0x6c}, {&(0x7f0000000280)="5cf396f8e63b20fcaa8d2f81dda0ec3a3fac67a6ad9a0b1ad7357a0d7b48fa1d629f21893350de53ecee65d0bb4c16f90ba3bfd74b16840ab7631127f3778e8b5001652145ec822ef82ace9c6554c4db41d6197642b1b8e79b1d0eda7ca47a3a8f52a88d7ceb50dfb2b91739bec10f07851879867e0bcdf7d7815026022974962379e577830262bc08a2d124c834785b453668c9d660d2c0331ebdc8a8160dbc9099da978608a6b55851757894", 0xad}, {&(0x7f0000000380)="09d473b8e816e47debb2179b4d859a6b67713b36d01cfdcbe6f4de63fd9881df34e2fbd3410ad87e8fbe50978aa8abf08c3a7d67d08a552f3f76e1887f2aebad7d0ab2d5eb38d0ac9d9e33bbaade7c12fb0f0a3223b329f08e001cce4ca695624fdf08eeafcbf8951343f2275d5ad3fd90f263d4b32c8912a6c7682065f91a9cc23494cd3ef27008438a4fcc8399849892a375d425deb3a83d1fbeb7ac270f2ee96935ee7ac7dd773a486493d9c4fc28a4ae2578e9959bc8d236fa77a6ae360b0542398c2bef89b4f8097b3bf4efc1e6b7", 0xd1}, {&(0x7f0000000480)="7ae7dc247384163a48aaeeb403820ca4f7f1076fc67b7bbea3431615c089ac4e00d67fa5db2f5a6ccd5d0c797b6a737cbe15368da363658aed19c33083025e404c2f6deb0a96c83ef9825bb9ee8bbf3a579a34957cfe", 0x56}], 0x4, 0x6, 0x7)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@remote, 0x79, r7})
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x8936, &(0x7f0000000000))

16m55.572481367s ago: executing program 2 (id=386):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000002060108000034e4a9f7a2e3d7ff3150ec000000000a00fffe050004000300000005000400000000000900020073797a3100000000050074810e8159c5fb920400020000001c0007801800018014000240fc0200000000000000000000000000011fd345197a0cde5395d8f1d523db059b3292c58b"], 0x5c}}, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$null(0xffffffffffffff9c, 0x0, 0x2980, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newsa={0x154, 0x1a, 0x633, 0x0, 0x25dfdbfd, {{@in=@private=0xa010101, @in=@broadcast, 0x0, 0x4000, 0x4e24, 0x8001, 0x0, 0x20}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x323, 0x0, 0x0, 0xfffffffffffffffd, 0x4000, 0x92be}, {0x0, 0x40000, 0x0, 0x2}, {0x0, 0x0, 0xca09}, 0x70bd29, 0x3502, 0xa, 0x0, 0x0, 0x10}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@loopback}}]}, 0x154}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01082cbd7000000000000c00000008000300", @ANYRES32=r5, @ANYBLOB="3000508011000a0056bee339084eeef16f162471f4000000080007"], 0x58}, 0x1, 0x0, 0x0, 0x44151}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=@delpolicy={0x70, 0x14, 0x1, 0x0, 0x25dfdbfb, {{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x7}}, [@sec_ctx={0xc}, @mark={0xc}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0x70}}, 0x4004040)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
semtimedop(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)

16m53.763467358s ago: executing program 2 (id=391):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
setxattr$trusted_overlay_opaque(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340), &(0x7f00000003c0), 0x2, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@local}, 0x0, @in6=@private2}}, &(0x7f0000000200)=0xe8)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x4, 0x0, {<r2=>r0}, {r1}, 0x100000003, 0xf})
setpgid(0x0, r2)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x8c8000, 0x0)
lsetxattr(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280)=@known='trusted.overlay.nlink\x00', &(0x7f00000002c0)='-/:@$!\x00', 0x7, 0x1)

16m53.648679226s ago: executing program 2 (id=393):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x400}, 0x1c)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r2], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x89727a31546dcc43, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
prctl$PR_SET_PDEATHSIG(0x25, 0x2000000000034)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f00000005c0)={'ip6tnl0\x00', &(0x7f0000000500)={'ip6gre0\x00', 0x0, 0x29, 0x2, 0x7a, 0x0, 0x1a, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8000, 0x700, 0x2, 0x9}})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000880)={r5, 0x20, &(0x7f0000000840)={&(0x7f0000000700)=""/126, 0x7e, 0x0, &(0x7f0000000780)=""/186, 0xba}}, 0x10)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000140)={0x40, 0x14, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

16m50.451068542s ago: executing program 2 (id=402):
syz_open_dev$I2C(0x0, 0x0, 0x2080)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0900000004000000e27f0000010000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000010cb9c5b8300000000ff0000000000f2330d5f64bed90000000000000000000081"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x12e010, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0)
r8 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x408042, 0xbe599c78853d95a5)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
fcntl$setlease(r8, 0x400, 0x1)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000180)={0x4, 0xffffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

16m50.26358861s ago: executing program 32 (id=402):
syz_open_dev$I2C(0x0, 0x0, 0x2080)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0900000004000000e27f0000010000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000010cb9c5b8300000000ff0000000000f2330d5f64bed90000000000000000000081"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x12e010, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0)
r8 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x408042, 0xbe599c78853d95a5)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
fcntl$setlease(r8, 0x400, 0x1)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000180)={0x4, 0xffffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

58.955459439s ago: executing program 0 (id=3681):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_ep_write(r0, 0x6, 0x94, &(0x7f0000000000)="e3a4f34c7f3c5ceb5a965280b4e1b16463015f0535b2fa929cbb65479fc99b06c74fe6308f467a73be7f5687713cee3735b49949892fcd58cae05ad919f7907236300bfac425e52bf52124b4add2b8df4c77069537ffacf76b3246aba587fc19774b27c7d2bee7271632cf423bebf08b796213bf41cc646621a1cf61f67fface8b4d77b373102c6902d4236c6c094754cc0a4c31")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xb6280638)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0)
write$char_usb(r3, 0x0, 0x0)

55.888211917s ago: executing program 4 (id=3690):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @local}], 0x10)
listen(r0, 0x7)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000200)={0x18, 0x2, {0xfeff, @local}}, 0x1e)
connect$pptp(r3, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[], 0xd0}}, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8)

55.719971304s ago: executing program 0 (id=3692):
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004b6fd0004800000ffffffffeeff0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000004c0)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

55.594271812s ago: executing program 5 (id=3693):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000640)={0x14, 0x0, 0x0}, &(0x7f00000009c0)={0x34, &(0x7f0000000800)={0x0, 0xb, 0x4d, "16c0644af8df9a322d623567172cb8a2547cf5594c25b568a042ff7515ea7b73a78e64cb187eda1de45560f6cb46bc5addfc49e555c0c690536a1842dacad56040ef060d4c5aec039f0dc63c4c"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0xfb}, &(0x7f0000000900)={0x20, 0x0, 0x26, {0x24, "10fe4e5649748a455a14ef6bea485aef88530da65d3aea347b9021f2b8e8a9263f69cace"}}, &(0x7f0000000940)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000980)={0x20, 0x0, 0x1, 0xf}})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, 0xffffffffffffffff, 0x0)
semget$private(0x0, 0x1, 0xd)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

53.912298922s ago: executing program 0 (id=3694):
syz_extract_tcp_res(&(0x7f0000000140)={<r0=>0x41424344}, 0x101, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000200)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x15, 0x4, 0x3, 0x3f, 0x5c, 0x66, 0x0, 0xdd, 0x1, 0x0, @private=0xa010100, @private=0xa010102, {[@timestamp_prespec={0x44, 0x24, 0x7b, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff800000}, {@loopback, 0x9}, {@loopback, 0x800}, {@loopback, 0xc}]}, @rr={0x7, 0x1b, 0x4, [@multicast2, @rand_addr=0x64010101, @loopback, @private=0xa010100, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}, @address_reply={0x12, 0x0, 0x0, 0x7}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast2, @local}, {{0x0, 0x4e22, r0, 0x41424344, 0x0, 0x2, 0x5, 0x4}}}}}}, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4)
r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000080)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000009c0), &(0x7f00000002c0)=0x8)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4627, 0xffffff81, @empty, 0x80}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000055c0)=[{{&(0x7f0000001640)={0xa, 0xf, 0xfffffc01, @ipv4={'\x00', '\xff\xff', @loopback}, 0xe}, 0x1c, &(0x7f0000002880)=[{&(0x7f0000000040)="9c43", 0xffe3}], 0x1}}], 0x1, 0x4001c00)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000000040), 0x4)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7f, 0xffffffff})
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000480)='GPL\x00', 0x4000, 0x0, 0x0, 0x1e00, 0x46, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

53.701303003s ago: executing program 4 (id=3695):
socket(0x10, 0x803, 0x0)
setitimer(0x0, &(0x7f0000000080)={{0x8840000, 0x200}, {0x0, 0x8}}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x2a800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340), 0x28000, 0x0)
read$FUSE(r2, &(0x7f000000b180)={0x2020}, 0x2020)

53.687408333s ago: executing program 3 (id=3696):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000300)="0fc71c3e2e0f09b8010000000f01d92e360f01cfb805000000b9003000000f01c1b9800000c00f3235002000000f300f01cfb930030000b800800000ba000000000f302e0f015d0b66b801018ed8", 0x4e}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='[', 0x1, 0x20004840, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_pts(0xffffffffffffffff, 0x4142)
ioctl$GIO_FONT(r4, 0x4b60, &(0x7f0000000640)=""/151)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
add_key(&(0x7f00000002c0)='cifs.idmap\x00', &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f00000003c0)={0xed, 0x0, 0x8000000000000000})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
clock_gettime(0x0, &(0x7f0000000000)={<r6=>0x0, <r7=>0x0})
timerfd_settime(0xffffffffffffffff, 0x5, &(0x7f0000000080)={{r6, r7+60000000}}, &(0x7f00000000c0))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

53.428946273s ago: executing program 0 (id=3697):
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0xd7, 0xe8, 0xc2, 0x20, 0x19d2, 0x50fc, 0xcf8b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0xc0, 0x0, 0x8, [{{0x9, 0x4, 0xf9, 0x5, 0x0, 0xe0, 0x1, 0x3, 0xd1}}]}}]}}, 0x0)
r0 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d, 0x8a01}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x20000000)
ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x0, 0xa)
openat(r3, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r3, 0xc0505350, &(0x7f0000000840)={{0x4, 0x7}, {0x2, 0x2}, 0x4, 0x0, 0x7})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000d1de95"], &(0x7f0000000180)='syzkaller\x00'}, 0x94)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001c00357428bd7000fed3df2502000000", @ANYRES32=r5, @ANYBLOB="4000b00408000100e00000020a0002"], 0x30}, 0x1, 0x0, 0x0, 0x20004001}, 0x80c0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000800)='bcache_alloc\x00', r4, 0x0, 0x4}, 0x18)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={'\x00\f\x00', 0x0, 0x5, 0x2, 0x0, 0x9, "00000000020000000000002100", "00004702", "0300", "97ad3700", ["fdffffff84a438dfc5d5c010", "d78cb8b0211a83be12ff0bff", "0000efffffffffffbfff00"]})
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000140)={"4497acf4", 0xb, 0x5, 0x0, 0xffffffff, 0x1000006, 'U\x00', "1575a859", "0725eade", '\'q6O', ["aabe8459c62224475793e8a7", "7f9ce2d2c4f439ff80e1d1c8", "fa0700f22b42a3023be516d1"]})
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, &(0x7f0000000040)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x5, 0x5, 0x7, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x35, 0x4, 0x2}, 0x50)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, 0x0, &(0x7f00000004c0))
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xe, &(0x7f0000000400)=ANY=[@ANYRES8=0x0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r7}, &(0x7f0000000080), &(0x7f0000000380)=r6}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f00000008c0)="3295db9d6f643fa2538b7eb7baf77f6ee7d2454a5cb2a9ffed8d9468d10a5390332afc30e46a70cb0ed5dc35dc04177bae98dc9b544032b7c497bda9b6ab601c696dd5e497d7cd17c477be63f43199f44936fbffda30bdcd64e4061c3097142af90d5a81052fc00ffce5e1fb15fdce87afedacf43ff74b4ff6834d8b1f77b80a1c9353c5c9a84a076f080875ca506325ce32d5993fd63cd1016fbd58aedd90f8d0c6ce49dcb96f152741dfc728bf8245e0e11c184ffade9b1a6983718596bb8108fcb105e240606fee33ef10a169e6bf5025a6a7d5f3de6182039dac47e7d5fa7224c1770fbcfe253e75e7307bf0072fb1789e802c2db253be3f2de8a39f82c0d10b8679d89cc318589ebd1ec0e3dc047e6b14ca2f736ad607fe8e6330a3c26ecc35dda076967fcf079d4e6eb98a7d5dcac7df7b814abdb9eab59c7a3b8ce74b31", &(0x7f0000000500)=""/190}, 0x20)

53.272169466s ago: executing program 1 (id=3698):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x37}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000100)=0x3)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000340)={0x5, 0x0, [{}, {}, {}, {}, {}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

52.555073197s ago: executing program 5 (id=3699):
socketpair(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000480)={0x8, 'team_slave_1\x00', {'tunl0\x00'}})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x40}}, 0x20000000)
r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000009, 0x2012, r0, 0x0)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
close(0xffffffffffffffff)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
close(0x3)
r1 = getpid()
syz_pidfd_open(r1, 0x0)

52.171172814s ago: executing program 5 (id=3700):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x40, 0x101100)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x0, 0x1, 0xfffffffc, 0x6, 0x4, 0x0, "5d0c21fcec1e0000000000000000b2ff", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r5, r5, r5}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xc, &(0x7f00000006c0)=@framed={{0x18, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000380)={0xffffff07, 0x100, "8c749713864f33cc6d21cfa7df910d11471366238181c7a008db11883c7c3686", 0x2ce5, 0x6, 0x8000, 0x8, 0x1, 0x3, 0x7, 0xde1, [0x4, 0x1, 0x4, 0x8]})
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '@\x00', 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7, 0x0, 0x0, 0xf}}}}}}}, 0x0)

52.170800247s ago: executing program 1 (id=3701):
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x85, "00000000000000000000ffff00"})
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xa, 0x80, 0x1, 0x1, 0x8, "c098e7b0bd21430de428cf78b7adfdec60be6a", 0x1, 0x5})
syz_open_pts(0xffffffffffffffff, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
setpriority(0x2, 0x0, 0x1)
pwritev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="11", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r2, r3, 0x0, 0x8000fb00)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x28, 0x0, 0x0)

51.55472157s ago: executing program 3 (id=3702):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_ep_write(r0, 0x6, 0x94, &(0x7f0000000000)="e3a4f34c7f3c5ceb5a965280b4e1b16463015f0535b2fa929cbb65479fc99b06c74fe6308f467a73be7f5687713cee3735b49949892fcd58cae05ad919f7907236300bfac425e52bf52124b4add2b8df4c77069537ffacf76b3246aba587fc19774b27c7d2bee7271632cf423bebf08b796213bf41cc646621a1cf61f67fface8b4d77b373102c6902d4236c6c094754cc0a4c31")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xb6280638)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0)
write$char_usb(r3, 0x0, 0x0)

51.192882209s ago: executing program 1 (id=3703):
syz_open_dev$I2C(0x0, 0x0, 0x2080)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0900000004000000e27f00000100000012000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000010cb9c5b8300000000ff0000000000f2330d5f64bed90000000000000000000081"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x12e010, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x408042, 0xbe599c78853d95a5)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000180)={0x4, 0xffffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

49.378665769s ago: executing program 1 (id=3704):
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004b6fd0004800000ffffffffeeff0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000004c0)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

49.251561952s ago: executing program 0 (id=3705):
r0 = socket(0x400000000010, 0x3, 0x0)
unshare(0x20000400)
unshare(0x22000100) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0x2}, 0x6) (async)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0) (async)
fchown(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x89ff, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x10, 0x400, 0x20040001, 0x0, 0x7, 0x0, 0x0, 0xb1}}) (async)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x2700, 0x4)

49.069606852s ago: executing program 4 (id=3706):
socket$alg(0x26, 0x5, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
getdents(r0, &(0x7f0000001ec0)=""/4092, 0xffc)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x141080)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f00000000c0)=0x8004)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000700)=0x31)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r4, 0x4112, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, 0x0, &(0x7f0000000140))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
gettid()
r6 = syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x2})
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x1, 0xf0}, 0x1}, 0x2a)
connect$can_j1939(r7, 0x0, 0x0)
sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
r9 = fcntl$dupfd(r7, 0x406, r7)
bind$can_j1939(r9, &(0x7f0000000040)={0x1d, r8, 0x2, {0x0, 0xff}, 0xfe}, 0x18)
r10 = socket(0xa, 0x3, 0x3a)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7, {0x1fffe, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5, 0xff, 0x8, 0x0, "d20bddda92e75aec79ff0300d28001000b0000000000001000000900"}})
setsockopt$MRT6_FLUSH(r10, 0x29, 0xd1, &(0x7f0000000040)=0xb4a576444e33d728, 0x4)

48.884604303s ago: executing program 1 (id=3707):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x400}, 0x1c)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r4, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x89727a31546dcc43, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
prctl$PR_SET_PDEATHSIG(0x25, 0x2000000000034)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f00000005c0)={'ip6tnl0\x00', &(0x7f0000000500)={'ip6gre0\x00', <r5=>0x0, 0x29, 0x2, 0x7a, 0x0, 0x1a, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8000, 0x700, 0x2, 0x9}})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000880)={r4, 0x20, &(0x7f0000000840)={&(0x7f0000000700)=""/126, 0x7e, <r6=>0x0, &(0x7f0000000780)=""/186, 0xba}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1a, 0x11, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe8, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@btf_id={0x18, 0xb, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='GPL\x00', 0x7, 0xb9, &(0x7f0000000440)=""/185, 0x41000, 0x10, '\x00', r5, @fallback=0x28, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x2, 0x5, 0x6, 0xfffffff4}, 0x10, r6, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000008c0)=[{0x1, 0x3, 0x6, 0x6}, {0x2, 0x1, 0x6, 0x4}], 0x10, 0x200}, 0x94)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000140)={0x40, 0x14, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$uac1(0x4, 0xe4, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd2, 0x3, 0x1, 0x0, 0x70, 0x40, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x8}, [@mixer_unit={0xa, 0x24, 0x4, 0x5, 0x7f, "c7b33bc642"}, @output_terminal={0x9, 0x24, 0x3, 0x1, 0x303, 0x1, 0x4, 0xda}, @feature_unit={0xd, 0x24, 0x6, 0x6, 0x2, 0x3, [0x6, 0x8, 0x8], 0x8}, @selector_unit={0x6, 0x24, 0x5, 0x1, 0xcc, '/'}, @extension_unit={0xb, 0x24, 0x8, 0x6, 0x6, 0x8, "a3aa02f2"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0xff, 0x2, 0x7, 0x5, "62a40d"}, @as_header={0x7, 0x24, 0x1, 0x4, 0xd, 0x1001}, @as_header={0x7, 0x24, 0x1, 0x1, 0x60, 0x1002}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xbb, 0x4, 0x9, 0x8, "d1", "99"}, @as_header={0x7, 0x24, 0x1, 0xf8, 0x1, 0x3}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x8, 0xff, 0xb8, {0x7, 0x25, 0x1, 0x83, 0x10, 0x67c}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x3, 0x3, 0x3b, 0x7, "99eb14e5"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x0, 0x1, 0x6, 0x2, 'Z', "90c40a"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xe4, 0xf1, 0xd4, {0x7, 0x25, 0x1, 0x3, 0x8, 0x6}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0x7, 0x0, 0xf1, 0x10, 0x80}, 0x54, &(0x7f00000001c0)={0x5, 0xf, 0x54, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0xf, 0x5, 0x5}, @generic={0x48, 0x10, 0xa, "af68c5e12fb39dd583a2c352ba487ad906e7893e39169625f3b9a214cdc6de2264a3936cb692990d038e95c286d2a696b97a59f32189de003b391f086385295a8d160fd457"}]}, 0x3, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x82c}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x41a}}]})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)

48.259279727s ago: executing program 4 (id=3708):
syz_extract_tcp_res(&(0x7f0000000140)={<r0=>0x41424344}, 0x101, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000200)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x15, 0x4, 0x3, 0x3f, 0x5c, 0x66, 0x0, 0xdd, 0x1, 0x0, @private=0xa010100, @private=0xa010102, {[@timestamp_prespec={0x44, 0x24, 0x7b, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff800000}, {@loopback, 0x9}, {@loopback, 0x800}, {@loopback, 0xc}]}, @rr={0x7, 0x1b, 0x4, [@multicast2, @rand_addr=0x64010101, @loopback, @private=0xa010100, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}, @address_reply={0x12, 0x0, 0x0, 0x7}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast2, @local}, {{0x0, 0x4e22, r0, 0x41424344, 0x0, 0x2, 0x5, 0x4}}}}}}, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4)
r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000080)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000009c0), &(0x7f00000002c0)=0x8)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4627, 0xffffff81, @empty, 0x80}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000055c0)=[{{&(0x7f0000001640)={0xa, 0xf, 0xfffffc01, @ipv4={'\x00', '\xff\xff', @loopback}, 0xe}, 0x1c, &(0x7f0000002880)=[{&(0x7f0000000040)="9c43", 0xffe3}], 0x1}}], 0x1, 0x4001c00)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000000040), 0x4)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7f, 0xffffffff})
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000480)='GPL\x00', 0x4000, 0x0, 0x0, 0x1e00, 0x46, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

48.258578942s ago: executing program 3 (id=3709):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40000080)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
sendmsg$SMC_PNETID_DEL(r3, 0x0, 0x880)
setsockopt$inet6_mreq(r2, 0x29, 0x1c, 0x0, 0x0)
r5 = socket(0x11, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmmsg(r5, 0x0, 0x0, 0x8090)
setsockopt$WPAN_WANTLQI(r5, 0x0, 0x3, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000002c0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_retopts={{0x30, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0x83, 0x3, 0xf}, @generic={0x89, 0x3, "11"}, @noop, @ssrr={0x89, 0x13, 0x81, [@empty, @multicast1, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop, @end]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xcb}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}], 0x78}, 0x8010)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0xc)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000580)=[{0x0, 0x0, &(0x7f0000000540)=[{0x0}], 0x1, 0x0, 0x0, 0x20004080}], 0x1, 0x0)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/10, 0xa}, {&(0x7f0000000980)=""/146, 0x92}], 0x2}, 0x20)
r9 = openat$binfmt_format(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xfffffffe}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x50}}, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r9, 0x400c6615, &(0x7f00000001c0)={0x0, @aes256, 0x0, @desc4})
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4)

48.137767223s ago: executing program 4 (id=3710):
socketpair(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000480)={0x8, 'team_slave_1\x00', {'tunl0\x00'}})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x40}}, 0x20000000)
r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000009, 0x2012, r0, 0x0)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
close(0xffffffffffffffff)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
close(0x3)
r1 = getpid()
syz_pidfd_open(r1, 0x0)

48.098276848s ago: executing program 3 (id=3711):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000600)={@mcast1, @private1, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x8, 0x5, 0x8, 0x500, 0x200000000000000})

47.863539236s ago: executing program 3 (id=3712):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_targets\x00')
name_to_handle_at(r0, &(0x7f0000000240)='./mnt\x00', &(0x7f0000000200)=@FILEID_BTRFS_WITHOUT_PARENT={0x28, 0x4e, {0x0, 0x6e6, 0x4, 0xaf, 0x98, 0x7}}, 0x0, 0x600)

47.740936803s ago: executing program 3 (id=3713):
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x85, "00000000000000000000ffff00"})
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xa, 0x80, 0x1, 0x1, 0x8, "c098e7b0bd21430de428cf78b7adfdec60be6a", 0x1, 0x5})
syz_open_pts(0xffffffffffffffff, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
setpriority(0x2, 0x0, 0x1)
pwritev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="11", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r2, r3, 0x0, 0x8000fb00)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x28, 0x0, 0x0)

47.725361756s ago: executing program 4 (id=3714):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x2000201a})
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x19a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60eaff0201642c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
r3 = dup(r1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f0000000480)=@ethtool_gfeatures={0x2e, 0x10000000000000e1}})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0000001baaaaaaaaaabbaaaaaaaaaabb86dd698bd9fb0420060100000000000099ddce897c1687a04fba6a00000000000000000001fe8800000000735021aa7557cfc80cc95c3e"], 0x5a)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ecryptfs\x00', 0x0, 0x0)

47.711929979s ago: executing program 5 (id=3715):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000180)={0x11, 0x5, r2, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x14)
getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x9, @mcast1, 0xfffff339}, 0x1c)
socket$xdp(0x2c, 0x3, 0x0)
pipe(0x0)
r3 = syz_io_uring_setup(0x891, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0x2, 0xbfdffdfc}, &(0x7f0000000000)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

39.943456067s ago: executing program 0 (id=3716):
socket(0x10, 0x803, 0x0)
setitimer(0x0, &(0x7f0000000080)={{0x8840000, 0x200}, {0x0, 0x8}}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x2a800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340), 0x28000, 0x0)
read$FUSE(r2, &(0x7f000000b180)={0x2020}, 0x2020)

39.942599563s ago: executing program 5 (id=3717):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
r0 = syz_io_uring_setup(0x16ba, &(0x7f0000000680)={0x0, 0x10007d89, 0x10100, 0x3, 0x85}, &(0x7f0000000540), &(0x7f0000000700))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x36, 0x36}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000980)={@multicast1, @local, <r3=>0x0}, &(0x7f00000009c0)=0xc)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="98090000", @ANYRES16=0x0, @ANYBLOB="000428bd7000ffdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="4401028038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000800000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="0800070000000000400001002400010071756575655f4b640000000000000000000000000000000010000000000000000500030003e8ffff070004001406000008000600", @ANYRES32=0x0, @ANYBLOB="44000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000008000100", @ANYRES32=0x0, @ANYBLOB="300102803c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400050000003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000b00040072616e646f6d000044000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000001400040007000702092b00007f2b01c17f00000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400f7ffffff08000100", @ANYRES32=0x0, @ANYBLOB="bc0002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f6964000000000000000000000000000000000000000000000000050003000300000008000400bbbf000008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0002028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040000000000080007000000000040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000100004006c6f616462616c616e63650044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b7570000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000010000008000600", @ANYRES32=0x0, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000104000008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="f400028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="f801028040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00004c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000001c00040040000707020000008000048001010000060002020100010038000100240001006c625f73746174735f726566726573685f696e74657276616c0000000000000005000300030000000800040089d5000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000700000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000700000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400ff07000008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400cf00000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000000000008000100", @ANYRES32=0x0, @ANYBLOB="30010280400001002400010071756575655f696400000000000000000000000000000000000000000000000005000300", @ANYRES32=r2, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000500000008000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000500030003000000080004000800000038000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000005000300030000000800040005000000"], 0x998}, 0x1, 0x0, 0x0, 0xc081}, 0x800)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socket$l2tp6(0xa, 0x2, 0x73)
getpgid(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200"], 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r0, 0x1d39, 0xcec, 0x0, 0x0, 0x0)

35.919274808s ago: executing program 1 (id=3718):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r0, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x400000c, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r1=>0x0, &(0x7f0000000a40)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{0x0}], 0x1})
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r4, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r3}, 0x20)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f0000005800)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)=""/184, 0xb8}], 0x1}, 0x7}], 0x1, 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x3, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

33.629935438s ago: executing program 5 (id=3719):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x85, "00000000000000000000ffff00"})
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0xa, 0x80, 0x1, 0x1, 0x8, "c098e7b0bd21430de428cf78b7adfdec60be6a", 0x1, 0x5})
syz_open_pts(r0, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x28, 0x0, 0x0)

30.556879294s ago: executing program 33 (id=3713):
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x85, "00000000000000000000ffff00"})
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xa, 0x80, 0x1, 0x1, 0x8, "c098e7b0bd21430de428cf78b7adfdec60be6a", 0x1, 0x5})
syz_open_pts(0xffffffffffffffff, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
setpriority(0x2, 0x0, 0x1)
pwritev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="11", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r2, r3, 0x0, 0x8000fb00)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x28, 0x0, 0x0)

15.819795507s ago: executing program 34 (id=3714):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x2000201a})
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x19a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60eaff0201642c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)
r3 = dup(r1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f0000000480)=@ethtool_gfeatures={0x2e, 0x10000000000000e1}})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0000001baaaaaaaaaabbaaaaaaaaaabb86dd698bd9fb0420060100000000000099ddce897c1687a04fba6a00000000000000000001fe8800000000735021aa7557cfc80cc95c3e"], 0x5a)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ecryptfs\x00', 0x0, 0x0)

10.499905767s ago: executing program 35 (id=3716):
socket(0x10, 0x803, 0x0)
setitimer(0x0, &(0x7f0000000080)={{0x8840000, 0x200}, {0x0, 0x8}}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x2a800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340), 0x28000, 0x0)
read$FUSE(r2, &(0x7f000000b180)={0x2020}, 0x2020)

5.261236937s ago: executing program 36 (id=3718):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r0, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x400000c, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r1=>0x0, &(0x7f0000000a40)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{0x0}], 0x1})
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r4, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r3}, 0x20)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f0000005800)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)=""/184, 0xb8}], 0x1}, 0x7}], 0x1, 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x3, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 37 (id=3719):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x85, "00000000000000000000ffff00"})
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0xa, 0x80, 0x1, 0x1, 0x8, "c098e7b0bd21430de428cf78b7adfdec60be6a", 0x1, 0x5})
syz_open_pts(r0, 0x100)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x28, 0x0, 0x0)

kernel console output (not intermixed with test programs):

  T993] usb 4-1: config 0 interface 167 altsetting 1 endpoint 0x6 has an invalid bInterval 46, changing to 7
[ 1045.069227][  T993] usb 4-1: config 0 interface 167 altsetting 1 endpoint 0x6 has invalid maxpacket 8278, setting to 1024
[ 1045.069251][  T993] usb 4-1: config 0 interface 167 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1045.069276][  T993] usb 4-1: config 0 interface 167 has no altsetting 0
[ 1045.991334][ T5866] gspca_sunplus: reg_w_riv err -110
[ 1045.991431][ T5866] sunplus 6-1:0.0: probe with driver sunplus failed with error -110
[ 1046.094979][  T993] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63
[ 1046.095009][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1046.095026][  T993] usb 4-1: Product: syz
[ 1046.095040][  T993] usb 4-1: Manufacturer: syz
[ 1046.095052][  T993] usb 4-1: SerialNumber: syz
[ 1046.100808][  T993] usb 4-1: config 0 descriptor??
[ 1046.102218][T16861] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1046.265452][T16868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1046.291695][T16868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1046.723730][ T5866] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 1046.876463][ T5866] usb 5-1: Using ep0 maxpacket: 8
[ 1046.887537][ T5866] usb 5-1: config 0 has an invalid interface number: 239 but max is 0
[ 1046.887565][ T5866] usb 5-1: config 0 has no interface number 0
[ 1046.887617][ T5866] usb 5-1: config 0 interface 239 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1046.891810][ T5866] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[ 1046.891835][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1046.891859][ T5866] usb 5-1: Product: syz
[ 1046.891872][ T5866] usb 5-1: Manufacturer: syz
[ 1046.891884][ T5866] usb 5-1: SerialNumber: syz
[ 1046.920623][ T5866] usb 5-1: config 0 descriptor??
[ 1047.082361][  T993] usbtest 4-1:0.167: couldn't get endpoints, -22
[ 1047.082455][  T993] usbtest 4-1:0.167: probe with driver usbtest failed with error -22
[ 1047.114140][  T993] usb 4-1: USB disconnect, device number 84
[ 1047.345738][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1047.370804][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1047.372282][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1047.389591][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1047.401845][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1047.518546][ T5866] ath6kl: Failed to submit usb control message: -71
[ 1047.518592][ T5866] ath6kl: unable to send the bmi data to the device: -71
[ 1047.518606][ T5866] ath6kl: Unable to send get target info: -71
[ 1047.519641][ T5866] ath6kl: Failed to init ath6kl core: -71
[ 1047.521106][ T5866] ath6kl_usb 5-1:0.239: probe with driver ath6kl_usb failed with error -71
[ 1047.536227][ T5866] usb 5-1: USB disconnect, device number 83
[ 1048.455269][   T31] usb 6-1: USB disconnect, device number 83
[ 1049.553747][ T5801] Bluetooth: hci3: command tx timeout
[ 1050.012444][  T993] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1050.174722][  T993] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1050.174805][  T993] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1050.174827][  T993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1050.273646][  T993] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1050.572500][ T1511] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1050.801950][T16917] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1051.032066][ T1511] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1051.110004][T16920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1051.110320][T16920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1051.332837][ T1511] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1051.348296][  T993] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[ 1051.348317][  T993] stv0680 4-1:4.0: STV(e): camera ping failed!!
[ 1051.349553][  T993] stv0680 4-1:4.0: last error: 87,  command = 0xb1
[ 1051.557460][ T5888] usb 4-1: USB disconnect, device number 85
[ 1051.584060][ T5801] Bluetooth: hci3: command 0x041b tx timeout
[ 1052.057107][ T1511] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.175719][T16940] kvm: kvm [16939]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x186) = 0x8000
[ 1054.183773][T11644] Bluetooth: hci3: command 0x041b tx timeout
[ 1054.610055][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.610128][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1057.462767][T16951] 9p: Unknown access argument ������Gr��dR�e�^���Z٭�: -22
[ 1057.481663][T11644] Bluetooth: hci3: command 0x041b tx timeout
[ 1057.802339][T16881] chnl_net:caif_netlink_parms(): no params data found
[ 1058.857927][T16975] loop6: detected capacity change from 0 to 7
[ 1059.025546][T16975] Dev loop6: unable to read RDB block 7
[ 1059.025585][T16975]  loop6: AHDI p1 p2 p3
[ 1059.025610][T16975] loop6: partition table partially beyond EOD, truncated
[ 1059.025799][T16975] loop6: p1 start 184549376 is beyond EOD, truncated
[ 1059.025818][T16975] loop6: p2 start 83886080 is beyond EOD, truncated
[ 1059.108605][T16972] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1059.506111][T11644] Bluetooth: hci3: command 0x041b tx timeout
[ 1060.026313][T16881] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1060.026392][T16881] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1060.026551][T16881] bridge_slave_0: entered allmulticast mode
[ 1060.028447][T16881] bridge_slave_0: entered promiscuous mode
[ 1060.096443][T16881] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1060.104076][T16881] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1060.104329][T16881] bridge_slave_1: entered allmulticast mode
[ 1060.136532][T16881] bridge_slave_1: entered promiscuous mode
[ 1060.509426][ T1511] bridge_slave_1: left allmulticast mode
[ 1060.509445][ T1511] bridge_slave_1: left promiscuous mode
[ 1060.509587][ T1511] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1060.689936][ T1511] bridge_slave_0: left allmulticast mode
[ 1060.697621][ T1511] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1060.750017][T16994] kvm: kvm [16992]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x186) = 0x8000
[ 1061.008420][   T37] kauditd_printk_skb: 25 callbacks suppressed
[ 1061.008432][   T37] audit: type=1326 audit(2000000252.019:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.008460][   T37] audit: type=1326 audit(2000000252.019:3076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.010512][   T37] audit: type=1326 audit(2000000252.019:3077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.010541][   T37] audit: type=1326 audit(2000000252.019:3078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.010564][   T37] audit: type=1326 audit(2000000252.019:3079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.011182][   T37] audit: type=1326 audit(2000000252.019:3080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.011209][   T37] audit: type=1326 audit(2000000252.019:3081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.011242][   T37] audit: type=1326 audit(2000000252.019:3082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.011767][   T37] audit: type=1326 audit(2000000252.019:3083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.011802][   T37] audit: type=1326 audit(2000000252.019:3084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16999 comm="syz.0.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff39a19efc9 code=0x7ffc0000
[ 1061.416222][T17000] Process accounting resumed
[ 1064.325754][ T1511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1064.390151][ T1511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1064.444556][ T1511] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1064.466216][ T1511] bond0 (unregistering): Released all slaves
[ 1064.679577][T17006] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3360'.
[ 1064.788243][T16881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1064.856615][T16881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1066.583845][ T5866] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 1066.743728][ T5866] usb 5-1: Using ep0 maxpacket: 32
[ 1066.746307][ T5866] usb 5-1: config 0 has an invalid interface number: 167 but max is 0
[ 1066.746330][ T5866] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1066.746346][ T5866] usb 5-1: config 0 has no interface number 0
[ 1066.746392][ T5866] usb 5-1: config 0 interface 167 altsetting 1 bulk endpoint 0xA has invalid maxpacket 1024
[ 1066.746413][ T5866] usb 5-1: config 0 interface 167 altsetting 1 endpoint 0x6 has an invalid bInterval 46, changing to 7
[ 1066.746444][ T5866] usb 5-1: config 0 interface 167 altsetting 1 endpoint 0x6 has invalid maxpacket 8278, setting to 1024
[ 1066.746460][ T5866] usb 5-1: config 0 interface 167 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1066.746474][ T5866] usb 5-1: config 0 interface 167 has no altsetting 0
[ 1066.749328][ T5866] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63
[ 1066.749351][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1066.749361][ T5866] usb 5-1: Product: syz
[ 1066.749368][ T5866] usb 5-1: Manufacturer: syz
[ 1066.749376][ T5866] usb 5-1: SerialNumber: syz
[ 1066.890503][ T5866] usb 5-1: config 0 descriptor??
[ 1066.891204][T17045] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1066.919726][T16881] team0: Port device team_slave_0 added
[ 1067.011268][T16881] team0: Port device team_slave_1 added
[ 1067.413759][ T5888] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[ 1067.605683][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1067.605727][ T5888] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1067.605749][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.613179][ T5888] usb 6-1: config 0 descriptor??
[ 1067.802091][   T37] kauditd_printk_skb: 81 callbacks suppressed
[ 1067.802109][   T37] audit: type=1326 audit(2000000258.809:3166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.802154][   T37] audit: type=1326 audit(2000000258.809:3167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.803082][   T37] audit: type=1326 audit(2000000258.809:3168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.803132][   T37] audit: type=1326 audit(2000000258.809:3169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.803172][   T37] audit: type=1326 audit(2000000258.809:3170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.925035][   T37] audit: type=1326 audit(2000000258.809:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.925093][   T37] audit: type=1326 audit(2000000258.819:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.925187][   T37] audit: type=1326 audit(2000000258.819:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.925235][   T37] audit: type=1326 audit(2000000258.829:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1067.925339][   T37] audit: type=1326 audit(2000000258.829:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17058 comm="syz.3.3371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1068.178822][ T5866] usbtest 5-1:0.167: couldn't get endpoints, -22
[ 1068.178881][ T5866] usbtest 5-1:0.167: probe with driver usbtest failed with error -22
[ 1068.243829][ T5866] usb 5-1: USB disconnect, device number 84
[ 1068.419491][ T5888] logitech-djreceiver 0003:046D:C71F.0024: reserved main item tag 0xd
[ 1068.419531][ T5888] logitech-djreceiver 0003:046D:C71F.0024: unknown main item tag 0x5
[ 1068.566547][ T5888] logitech-djreceiver 0003:046D:C71F.0024: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.5-1/input0
[ 1068.663367][ T5888] usb 6-1: USB disconnect, device number 84
[ 1068.781932][T17073] fido_id[17073]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1068.932991][T16881] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1068.933007][T16881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1068.933030][T16881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1069.048870][T16881] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1069.048881][T16881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1069.048895][T16881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1069.663779][ T1511] hsr_slave_0: left promiscuous mode
[ 1069.971847][T17088] hub 9-0:1.0: USB hub found
[ 1069.991505][T17088] hub 9-0:1.0: 1 port detected
[ 1070.574071][ T1511] hsr_slave_1: left promiscuous mode
[ 1070.575099][ T1511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1070.575124][ T1511] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1070.615614][ T1511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1070.615641][ T1511] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1070.702560][ T1511] batadv0: left promiscuous mode
[ 1070.702706][ T1511] veth1_macvtap: left promiscuous mode
[ 1070.702809][ T1511] veth0_macvtap: left promiscuous mode
[ 1070.703120][ T1511] veth1_vlan: left promiscuous mode
[ 1070.703312][ T1511] veth0_vlan: left promiscuous mode
[ 1072.434551][T17102] Process accounting resumed
[ 1076.114293][ T1511] team0 (unregistering): Port device team_slave_1 removed
[ 1076.324169][ T1511] team0 (unregistering): Port device team_slave_0 removed
[ 1078.413811][T16449] usb 4-1: new full-speed USB device number 86 using dummy_hcd
[ 1078.635362][T16449] usb 4-1: config 255 has too many interfaces: 249, using maximum allowed: 32
[ 1078.635379][T16449] usb 4-1: config 255 has an invalid descriptor of length 132, skipping remainder of the config
[ 1078.635389][T16449] usb 4-1: config 255 has 0 interfaces, different from the descriptor's value: 249
[ 1078.638974][T16449] usb 4-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[ 1078.638990][T16449] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1078.639000][T16449] usb 4-1: Product: syz
[ 1078.639007][T16449] usb 4-1: Manufacturer: syz
[ 1078.639014][T16449] usb 4-1: SerialNumber: syz
[ 1079.835468][T17143] FAULT_INJECTION: forcing a failure.
[ 1079.835468][T17143] name failslab, interval 1, probability 0, space 0, times 0
[ 1079.835491][T17143] CPU: 1 UID: 0 PID: 17143 Comm: syz.0.3387 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1079.835504][T17143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1079.835511][T17143] Call Trace:
[ 1079.835516][T17143]  <TASK>
[ 1079.835521][T17143]  dump_stack_lvl+0x189/0x250
[ 1079.835541][T17143]  ? __pfx____ratelimit+0x10/0x10
[ 1079.835554][T17143]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1079.835567][T17143]  ? __pfx__printk+0x10/0x10
[ 1079.835582][T17143]  ? __pfx___might_resched+0x10/0x10
[ 1079.835593][T17143]  ? fs_reclaim_acquire+0x7d/0x100
[ 1079.835609][T17143]  should_fail_ex+0x46c/0x600
[ 1079.835626][T17143]  should_failslab+0xa8/0x100
[ 1079.835640][T17143]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1079.835654][T17143]  ? iopt_alloc_pages+0x85/0x4a0
[ 1079.835665][T17143]  ? rt_spin_unlock+0x161/0x200
[ 1079.835678][T17143]  iopt_alloc_pages+0x85/0x4a0
[ 1079.835691][T17143]  iopt_alloc_user_pages+0x42/0xe0
[ 1079.835703][T17143]  iopt_map_user_pages+0x4e/0xd0
[ 1079.835719][T17143]  iommufd_ioas_map+0x392/0x4c0
[ 1079.835735][T17143]  ? __pfx_iommufd_ioas_map+0x10/0x10
[ 1079.835750][T17143]  iommufd_fops_ioctl+0x461/0x580
[ 1079.835764][T17143]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1079.835782][T17143]  ? __fget_files+0x3a6/0x420
[ 1079.835796][T17143]  ? __fget_files+0x2a/0x420
[ 1079.835810][T17143]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1079.835819][T17143]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1079.835831][T17143]  __se_sys_ioctl+0xff/0x170
[ 1079.835843][T17143]  do_syscall_64+0xfa/0xfa0
[ 1079.835854][T17143]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1079.835866][T17143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1079.835876][T17143]  ? clear_bhb_loop+0x60/0xb0
[ 1079.835888][T17143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1079.835897][T17143] RIP: 0033:0x7ff39a19efc9
[ 1079.835907][T17143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1079.835916][T17143] RSP: 002b:00007ff398406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.835929][T17143] RAX: ffffffffffffffda RBX: 00007ff39a3f5fa0 RCX: 00007ff39a19efc9
[ 1079.835936][T17143] RDX: 00002000000002c0 RSI: 0000000000003b85 RDI: 0000000000000009
[ 1079.835943][T17143] RBP: 00007ff398406090 R08: 0000000000000000 R09: 0000000000000000
[ 1079.835949][T17143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1079.835955][T17143] R13: 00007ff39a3f6038 R14: 00007ff39a3f5fa0 R15: 00007ffef02a1608
[ 1079.835972][T17143]  </TASK>
[ 1079.853695][   T31] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1080.003699][   T31] usb 5-1: Using ep0 maxpacket: 8
[ 1080.056747][   T31] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1080.056775][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1080.056793][   T31] usb 5-1: Product: syz
[ 1080.056806][   T31] usb 5-1: Manufacturer: syz
[ 1080.056820][   T31] usb 5-1: SerialNumber: syz
[ 1080.062170][   T31] usb 5-1: config 0 descriptor??
[ 1080.240824][T16881] hsr_slave_0: entered promiscuous mode
[ 1080.241980][T16881] hsr_slave_1: entered promiscuous mode
[ 1080.322775][   T31] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1080.715891][T17141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1080.716589][T17141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1080.872624][T16449] usb 4-1: USB disconnect, device number 86
[ 1081.566426][   T31] gspca_sunplus: reg_w_riv err -71
[ 1081.566485][   T31] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[ 1081.569564][   T31] usb 5-1: USB disconnect, device number 85
[ 1082.140441][ T1511] IPVS: stop unused estimator thread 0...
[ 1085.001170][T17209] fuse: Unknown parameter '0x0000000000000006'
[ 1085.070562][   T37] kauditd_printk_skb: 82 callbacks suppressed
[ 1085.070580][   T37] audit: type=1326 audit(2000000276.079:3258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101852][   T37] audit: type=1326 audit(2000000276.079:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101895][   T37] audit: type=1326 audit(2000000276.079:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101918][   T37] audit: type=1326 audit(2000000276.079:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101942][   T37] audit: type=1326 audit(2000000276.079:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101965][   T37] audit: type=1326 audit(2000000276.079:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.101989][   T37] audit: type=1326 audit(2000000276.079:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.102013][   T37] audit: type=1326 audit(2000000276.079:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.102037][   T37] audit: type=1326 audit(2000000276.079:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1085.102059][   T37] audit: type=1326 audit(2000000276.079:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17206 comm="syz.3.3398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1091.129511][   T31] IPVS: starting estimator thread 0...
[ 1091.192519][T17253] tipc: Started in network mode
[ 1091.192548][T17253] tipc: Node identity 62b475e7a067, cluster identity 4711
[ 1091.193072][T17253] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1091.214131][T17253] syzkaller0: entered promiscuous mode
[ 1091.214146][T17253] syzkaller0: entered allmulticast mode
[ 1091.223791][T17255] IPVS: using max 10 ests per chain, 24000 per kthread
[ 1092.015811][T17258] 9p: Unknown access argument ������Gr��dR�e�^���Z٭�: -22
[ 1092.050653][T17260] tipc: Resetting bearer <eth:syzkaller0>
[ 1092.155061][T17252] tipc: Resetting bearer <eth:syzkaller0>
[ 1092.299574][ T5937] tipc: Node number set to 3268638183
[ 1092.545479][T17252] tipc: Disabling bearer <eth:syzkaller0>
[ 1092.766606][   T37] kauditd_printk_skb: 22 callbacks suppressed
[ 1092.766624][   T37] audit: type=1326 audit(2000000283.779:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766663][   T37] audit: type=1326 audit(2000000283.779:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766701][   T37] audit: type=1326 audit(2000000283.779:3292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766744][   T37] audit: type=1326 audit(2000000283.779:3293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766784][   T37] audit: type=1326 audit(2000000283.779:3294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766821][   T37] audit: type=1326 audit(2000000283.779:3295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766860][   T37] audit: type=1326 audit(2000000283.779:3296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766899][   T37] audit: type=1326 audit(2000000283.779:3297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766942][   T37] audit: type=1326 audit(2000000283.779:3298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1092.766981][   T37] audit: type=1326 audit(2000000283.779:3299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17277 comm="syz.4.3409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1093.016624][T16881] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1093.102517][T16881] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1093.228037][T16881] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1093.347653][T16881] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1093.543730][  T993] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1093.720425][  T993] usb 4-1: Using ep0 maxpacket: 16
[ 1093.722710][  T993] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[ 1093.722733][  T993] usb 4-1: config 0 has no interface number 0
[ 1093.722782][  T993] usb 4-1: config 0 interface 128 altsetting 6 endpoint 0x8 has an invalid bInterval 25, changing to 8
[ 1093.722806][  T993] usb 4-1: config 0 interface 128 altsetting 6 endpoint 0xB has an invalid bInterval 36, changing to 9
[ 1093.722830][  T993] usb 4-1: config 0 interface 128 has no altsetting 0
[ 1093.779713][  T993] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91
[ 1093.779740][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.779759][  T993] usb 4-1: Product: syz
[ 1093.779773][  T993] usb 4-1: Manufacturer: syz
[ 1093.779786][  T993] usb 4-1: SerialNumber: syz
[ 1093.817473][  T993] usb 4-1: config 0 descriptor??
[ 1093.851951][  T993] radio-si470x 4-1:0.128: could not find interrupt in endpoint
[ 1093.852037][  T993] radio-si470x 4-1:0.128: probe with driver radio-si470x failed with error -5
[ 1093.852546][  T993] usbhid 4-1:0.128: couldn't find an input interrupt endpoint
[ 1093.926688][T16881] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1094.025426][  T993] usb 4-1: USB disconnect, device number 87
[ 1094.070272][T16881] 8021q: adding VLAN 0 to HW filter on device team0
[ 1094.128343][T17061] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1094.128522][T17061] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1094.235873][ T1289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1094.242659][ T1289] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1095.179855][T17314] FAULT_INJECTION: forcing a failure.
[ 1095.179855][T17314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1095.179888][T17314] CPU: 1 UID: 0 PID: 17314 Comm: syz.3.3415 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1095.179909][T17314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1095.179920][T17314] Call Trace:
[ 1095.179927][T17314]  <TASK>
[ 1095.179936][T17314]  dump_stack_lvl+0x189/0x250
[ 1095.179966][T17314]  ? __pfx____ratelimit+0x10/0x10
[ 1095.179987][T17314]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1095.180011][T17314]  ? __pfx__printk+0x10/0x10
[ 1095.180031][T17314]  ? __might_fault+0xb0/0x130
[ 1095.180066][T17314]  should_fail_ex+0x46c/0x600
[ 1095.180095][T17314]  _copy_from_user+0x2d/0xb0
[ 1095.180115][T17314]  ___sys_sendmsg+0x158/0x2a0
[ 1095.180139][T17314]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1095.180195][T17314]  ? __fget_files+0x2a/0x420
[ 1095.180217][T17314]  ? __fget_files+0x3a6/0x420
[ 1095.180249][T17314]  __x64_sys_sendmsg+0x1a1/0x260
[ 1095.180272][T17314]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1095.180303][T17314]  ? __pfx_ksys_write+0x10/0x10
[ 1095.180322][T17314]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[ 1095.180346][T17314]  ? syscall_user_dispatch+0x4f/0x90
[ 1095.180375][T17314]  do_syscall_64+0xfa/0xfa0
[ 1095.180395][T17314]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1095.180415][T17314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.180434][T17314]  ? clear_bhb_loop+0x60/0xb0
[ 1095.180455][T17314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.180472][T17314] RIP: 0033:0x7fa1c331efc9
[ 1095.180488][T17314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1095.180502][T17314] RSP: 002b:00007fa1c157e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1095.180522][T17314] RAX: ffffffffffffffda RBX: 00007fa1c3575fa0 RCX: 00007fa1c331efc9
[ 1095.180541][T17314] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003
[ 1095.180553][T17314] RBP: 00007fa1c157e090 R08: 0000000000000000 R09: 0000000000000000
[ 1095.180565][T17314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1095.180575][T17314] R13: 00007fa1c3576038 R14: 00007fa1c3575fa0 R15: 00007ffdb3f5f858
[ 1095.180607][T17314]  </TASK>
[ 1096.025022][T17327] fuse: Unknown parameter '0x0000000000000006'
[ 1096.058934][T16881] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1096.288893][T16881] veth0_vlan: entered promiscuous mode
[ 1096.345456][T16881] veth1_vlan: entered promiscuous mode
[ 1096.493693][  T993] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1096.564187][T16881] veth0_macvtap: entered promiscuous mode
[ 1096.581692][T16881] veth1_macvtap: entered promiscuous mode
[ 1096.628727][  T993] usb 4-1: device descriptor read/64, error -71
[ 1096.677033][T16881] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1096.701265][T17280] Process accounting resumed
[ 1096.707834][T16881] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1096.738330][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1096.738808][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1096.739965][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1096.740004][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1096.888087][  T993] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1097.620526][  T993] usb 4-1: device descriptor read/64, error -71
[ 1097.758990][  T993] usb usb4-port1: attempt power cycle
[ 1098.183735][  T993] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1098.205189][  T993] usb 4-1: device descriptor read/8, error -71
[ 1098.226663][ T5964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1098.226683][ T5964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1098.511261][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1098.511282][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1098.623805][  T993] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1098.662834][  T993] usb 4-1: device descriptor read/8, error -71
[ 1098.767522][  T993] usb usb4-port1: unable to enumerate USB device
[ 1099.389232][T17351] hub 9-0:1.0: USB hub found
[ 1099.390177][T17351] hub 9-0:1.0: 1 port detected
[ 1099.722582][   T37] kauditd_printk_skb: 20 callbacks suppressed
[ 1099.722599][   T37] audit: type=1326 audit(2000000290.729:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722645][   T37] audit: type=1326 audit(2000000290.729:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722687][   T37] audit: type=1326 audit(2000000290.729:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722724][   T37] audit: type=1326 audit(2000000290.729:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722766][   T37] audit: type=1326 audit(2000000290.729:3324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722804][   T37] audit: type=1326 audit(2000000290.729:3325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722844][   T37] audit: type=1326 audit(2000000290.729:3326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.722883][   T37] audit: type=1326 audit(2000000290.729:3327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.723856][   T37] audit: type=1326 audit(2000000290.729:3328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1099.723902][   T37] audit: type=1326 audit(2000000290.729:3329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17356 comm="syz.3.3422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1101.374497][   T31] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[ 1101.519487][ T5896] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1102.573361][   T31] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1102.573420][   T31] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1102.573443][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1102.634012][ T5896] usb 2-1: Using ep0 maxpacket: 8
[ 1102.636521][ T5896] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1102.636573][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1102.636599][ T5896] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1102.636624][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1102.636647][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1102.639457][ T5896] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1102.639508][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1102.639534][ T5896] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1102.639557][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1102.639580][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1102.640988][ T5896] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1102.641036][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1102.641061][ T5896] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1102.641084][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1102.641108][ T5896] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1102.745116][   T31] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1102.779605][ T5896] usb 2-1: string descriptor 0 read error: -22
[ 1102.779752][ T5896] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1102.779781][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1104.109450][ T5896] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1104.255168][ T5896] usb 2-1: USB disconnect, device number 86
[ 1104.339661][   T31] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[ 1104.339682][   T31] stv0680 6-1:4.0: STV(e): camera ping failed!!
[ 1104.340084][   T31] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[ 1104.340100][   T31] stv0680 6-1:4.0: last error: 0,  command = 0x0
[ 1104.392386][   T31] usb 6-1: USB disconnect, device number 85
[ 1106.681855][T17429] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.3436'.
[ 1106.805109][   T31] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1106.965353][   T31] usb 4-1: Using ep0 maxpacket: 8
[ 1106.970968][   T31] usb 4-1: config 0 has an invalid interface number: 239 but max is 0
[ 1106.970993][   T31] usb 4-1: config 0 has no interface number 0
[ 1106.971040][   T31] usb 4-1: config 0 interface 239 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1107.015524][   T31] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[ 1107.015552][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.015571][   T31] usb 4-1: Product: syz
[ 1107.015584][   T31] usb 4-1: Manufacturer: syz
[ 1107.015598][   T31] usb 4-1: SerialNumber: syz
[ 1107.058310][   T31] usb 4-1: config 0 descriptor??
[ 1107.501072][   T31] ath6kl: Failed to submit usb control message: -71
[ 1107.501123][   T31] ath6kl: unable to send the bmi data to the device: -71
[ 1107.501136][   T31] ath6kl: Unable to send get target info: -71
[ 1107.526985][   T31] ath6kl: Failed to init ath6kl core: -71
[ 1107.528504][   T31] ath6kl_usb 4-1:0.239: probe with driver ath6kl_usb failed with error -71
[ 1107.570716][   T31] usb 4-1: USB disconnect, device number 92
[ 1107.780528][T17442] fuse: Unknown parameter '0x0000000000000006'
[ 1107.823772][ T5801] Bluetooth: hci1: command 0x0406 tx timeout
[ 1108.068069][T17448] loop6: detected capacity change from 0 to 7
[ 1108.084457][T17448] Dev loop6: unable to read RDB block 7
[ 1108.084512][T17448]  loop6: unable to read partition table
[ 1108.084748][T17448] loop6: partition table beyond EOD, truncated
[ 1108.084767][T17448] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1108.233866][T17451] FAULT_INJECTION: forcing a failure.
[ 1108.233866][T17451] name failslab, interval 1, probability 0, space 0, times 0
[ 1108.233899][T17451] CPU: 1 UID: 0 PID: 17451 Comm: syz.3.3443 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1108.233920][T17451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1108.233932][T17451] Call Trace:
[ 1108.233940][T17451]  <TASK>
[ 1108.233948][T17451]  dump_stack_lvl+0x189/0x250
[ 1108.233978][T17451]  ? __pfx____ratelimit+0x10/0x10
[ 1108.234001][T17451]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1108.234025][T17451]  ? __pfx__printk+0x10/0x10
[ 1108.234061][T17451]  should_fail_ex+0x46c/0x600
[ 1108.234088][T17451]  ? skb_clone+0x212/0x3a0
[ 1108.234108][T17451]  should_failslab+0xa8/0x100
[ 1108.234133][T17451]  ? skb_clone+0x212/0x3a0
[ 1108.234151][T17451]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 1108.234182][T17451]  skb_clone+0x212/0x3a0
[ 1108.234238][T17451]  __netlink_deliver_tap+0x404/0x850
[ 1108.234271][T17451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1108.234290][T17451]  netlink_deliver_tap+0x19c/0x1b0
[ 1108.234310][T17451]  __netlink_sendskb+0x47/0x90
[ 1108.234335][T17451]  netlink_dump+0xa84/0xe90
[ 1108.234365][T17451]  ? __pfx_netlink_dump+0x10/0x10
[ 1108.234380][T17451]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1108.234402][T17451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1108.234451][T17451]  __netlink_dump_start+0x5cb/0x7e0
[ 1108.234484][T17451]  rtnetlink_rcv_msg+0x9eb/0xb70
[ 1108.234511][T17451]  ? __pfx_inet6_dump_fib+0x10/0x10
[ 1108.234530][T17451]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1108.234554][T17451]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1108.234576][T17451]  ? ref_tracker_free+0x61e/0x7c0
[ 1108.234598][T17451]  ? __pfx_rtnl_dumpit+0x10/0x10
[ 1108.234621][T17451]  ? __pfx_inet6_dump_fib+0x10/0x10
[ 1108.234639][T17451]  ? __skb_clone+0x63/0x7a0
[ 1108.234668][T17451]  netlink_rcv_skb+0x208/0x470
[ 1108.234686][T17451]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1108.234712][T17451]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1108.234744][T17451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1108.234770][T17451]  netlink_unicast+0x846/0xa10
[ 1108.234804][T17451]  ? __pfx_netlink_unicast+0x10/0x10
[ 1108.234830][T17451]  ? netlink_sendmsg+0x642/0xb30
[ 1108.234846][T17451]  ? skb_put+0x11b/0x210
[ 1108.234869][T17451]  netlink_sendmsg+0x805/0xb30
[ 1108.234885][T17451]  ? is_bpf_text_address+0x26/0x2b0
[ 1108.234919][T17451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1108.234946][T17451]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1108.234969][T17451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1108.234989][T17451]  __sock_sendmsg+0x21c/0x270
[ 1108.235014][T17451]  ____sys_sendmsg+0x508/0x820
[ 1108.235037][T17451]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1108.235067][T17451]  ? import_iovec+0x74/0xa0
[ 1108.235091][T17451]  ___sys_sendmsg+0x21f/0x2a0
[ 1108.235114][T17451]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1108.235174][T17451]  ? __fget_files+0x2a/0x420
[ 1108.235217][T17451]  ? __fget_files+0x3a6/0x420
[ 1108.235252][T17451]  __x64_sys_sendmsg+0x1a1/0x260
[ 1108.235275][T17451]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1108.235306][T17451]  ? __pfx_ksys_write+0x10/0x10
[ 1108.235333][T17451]  ? do_syscall_64+0xbe/0xfa0
[ 1108.235358][T17451]  do_syscall_64+0xfa/0xfa0
[ 1108.235377][T17451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1108.235398][T17451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.235416][T17451]  ? clear_bhb_loop+0x60/0xb0
[ 1108.235438][T17451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.235455][T17451] RIP: 0033:0x7fa1c331efc9
[ 1108.235473][T17451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1108.235488][T17451] RSP: 002b:00007fa1c157e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1108.235508][T17451] RAX: ffffffffffffffda RBX: 00007fa1c3575fa0 RCX: 00007fa1c331efc9
[ 1108.235522][T17451] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[ 1108.235533][T17451] RBP: 00007fa1c157e090 R08: 0000000000000000 R09: 0000000000000000
[ 1108.235544][T17451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.235556][T17451] R13: 00007fa1c3576038 R14: 00007fa1c3575fa0 R15: 00007ffdb3f5f858
[ 1108.235589][T17451]  </TASK>
[ 1109.033028][T16449] IPVS: starting estimator thread 0...
[ 1109.113936][T17467] IPVS: using max 10 ests per chain, 24000 per kthread
[ 1110.088054][T17483] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1111.780085][T17499] loop6: detected capacity change from 0 to 524288000
[ 1111.866644][T17499] support for the xor transformation has been removed.
[ 1113.203753][T10219] usb 4-1: new full-speed USB device number 93 using dummy_hcd
[ 1113.357439][T10219] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1113.357464][T10219] usb 4-1: config 0 has no interface number 0
[ 1113.357518][T10219] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1113.361455][T10219] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1113.361480][T10219] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1113.361497][T10219] usb 4-1: Product: syz
[ 1113.361509][T10219] usb 4-1: SerialNumber: syz
[ 1113.433530][T10219] usb 4-1: config 0 descriptor??
[ 1113.444943][T10219] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1113.574597][ T5937] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1113.844250][ T5937] usb 5-1: device descriptor read/64, error -71
[ 1114.274624][ T5937] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1114.573807][ T5937] usb 5-1: device descriptor read/64, error -71
[ 1114.688514][ T5937] usb usb5-port1: attempt power cycle
[ 1114.697932][T17519] bond2: entered promiscuous mode
[ 1114.697957][T17519] bond2: entered allmulticast mode
[ 1114.698450][T17519] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1114.855656][T17528] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1114.869779][ T5918] usb 4-1: USB disconnect, device number 93
[ 1115.043756][ T5937] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1115.064452][ T5937] usb 5-1: device descriptor read/8, error -71
[ 1115.097367][ T5896] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1115.136791][T17532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1115.137540][T17532] syzkaller0: entered promiscuous mode
[ 1115.137553][T17532] syzkaller0: entered allmulticast mode
[ 1115.231593][T17532] tipc: Resetting bearer <eth:syzkaller0>
[ 1115.275445][T17531] tipc: Resetting bearer <eth:syzkaller0>
[ 1115.276580][ T5896] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.276633][ T5896] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1115.276651][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.287605][ T5896] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1115.323737][ T5937] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1115.344512][ T5937] usb 5-1: device descriptor read/8, error -71
[ 1115.425335][T17531] tipc: Disabling bearer <eth:syzkaller0>
[ 1115.454955][ T5937] usb usb5-port1: unable to enumerate USB device
[ 1115.717634][   T37] kauditd_printk_skb: 20 callbacks suppressed
[ 1115.717651][   T37] audit: type=1326 audit(2000000306.729:3350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.717694][   T37] audit: type=1326 audit(2000000306.729:3351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.718636][   T37] audit: type=1326 audit(2000000306.729:3352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.718679][   T37] audit: type=1326 audit(2000000306.729:3353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.718718][   T37] audit: type=1326 audit(2000000306.729:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.719542][   T37] audit: type=1326 audit(2000000306.729:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.719587][   T37] audit: type=1326 audit(2000000306.729:3356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.719626][   T37] audit: type=1326 audit(2000000306.729:3357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.720424][   T37] audit: type=1326 audit(2000000306.729:3358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.720467][   T37] audit: type=1326 audit(2000000306.729:3359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17538 comm="syz.3.3468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1115.910996][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.911065][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.916018][ T5937] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[ 1116.946712][T17545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1116.947216][T17545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.057951][ T5896] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[ 1117.057971][ T5896] stv0680 2-1:4.0: STV(e): camera ping failed!!
[ 1117.154350][ T5896] stv0680 2-1:4.0: last error: 87,  command = 0xb1
[ 1117.232079][T17544] Process accounting resumed
[ 1117.281958][ T5937] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1117.281985][ T5937] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1117.282009][ T5937] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1117.282029][ T5937] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1117.282066][ T5937] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1117.282088][ T5937] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.353551][ T5937] usb 6-1: config 0 descriptor??
[ 1117.384337][ T5888] usb 2-1: USB disconnect, device number 87
[ 1117.568419][ T5937] hdpvr 6-1:0.0: firmware version 0x8 dated 
[ 1117.683894][ T5896] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1117.838706][ T5896] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[ 1117.838735][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.838754][ T5896] usb 5-1: Product: syz
[ 1117.838767][ T5896] usb 5-1: Manufacturer: syz
[ 1117.838780][ T5896] usb 5-1: SerialNumber: syz
[ 1117.846569][ T5896] usb 5-1: config 0 descriptor??
[ 1117.885964][ T5896] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 1117.912168][ T5896] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1117.913521][ T5896] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 1117.943749][ T5896] usb 5-1: media controller created
[ 1117.984841][ T5896] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1118.139474][ T5896] DVB: Unable to find symbol mt352_attach()
[ 1118.200316][ T5937] hdpvr 6-1:0.0: Could not setup controls
[ 1118.201028][ T5937] hdpvr 6-1:0.0: registering videodev failed
[ 1118.234533][ T5937] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71
[ 1118.240695][ T5937] usb 6-1: USB disconnect, device number 86
[ 1118.371703][ T5896] DVB: Unable to find symbol nxt6000_attach()
[ 1118.371718][ T5896] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 1119.069631][ T5896] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input24
[ 1119.078756][ T5896] dvb-usb: schedule remote query interval to 1000 msecs.
[ 1119.078776][ T5896] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 1119.078793][ T5896] dvb-usb: bulk message failed: -22 (7/0)
[ 1119.078807][ T5896] dvb-usb: bulk message failed: -22 (7/0)
[ 1119.102172][ T5896] usb 5-1: USB disconnect, device number 90
[ 1119.581492][T17575] fuse: Bad value for 'user_id'
[ 1119.581512][T17575] fuse: Bad value for 'user_id'
[ 1119.681248][ T5896] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 1121.069727][T17578] geneve2: entered promiscuous mode
[ 1121.069753][T17578] geneve2: entered allmulticast mode
[ 1121.353686][ T5937] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1121.533696][ T5937] usb 5-1: Using ep0 maxpacket: 8
[ 1121.558603][ T5937] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1121.558637][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1121.558651][ T5937] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1121.558664][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1121.558677][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1121.561989][ T5937] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1121.562039][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1121.562053][ T5937] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1121.562066][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1121.562078][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1121.563099][ T5937] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1121.563139][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1121.563152][ T5937] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1121.563165][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1121.563178][ T5937] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1121.567478][ T5937] usb 5-1: string descriptor 0 read error: -22
[ 1121.567562][ T5937] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1121.567574][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1121.773256][ T5937] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1121.839818][ T5937] usb 5-1: USB disconnect, device number 91
[ 1122.227164][T17600] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1123.833717][T16449] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[ 1123.987005][T16449] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1123.987038][T16449] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1123.987066][T16449] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1123.987084][T16449] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1123.987120][T16449] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1123.987145][T16449] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1123.995946][T16449] usb 6-1: config 0 descriptor??
[ 1124.171954][T17616] kvm: kvm [17615]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[ 1124.200720][T16449] hdpvr 6-1:0.0: firmware version 0x8 dated 
[ 1124.413817][   T37] kauditd_printk_skb: 75 callbacks suppressed
[ 1124.413833][   T37] audit: type=1326 audit(2000000315.419:3435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.413933][   T37] audit: type=1326 audit(2000000315.419:3436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.413974][   T37] audit: type=1326 audit(2000000315.419:3437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414013][   T37] audit: type=1326 audit(2000000315.419:3438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414097][   T37] audit: type=1326 audit(2000000315.419:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414135][   T37] audit: type=1326 audit(2000000315.419:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414171][   T37] audit: type=1326 audit(2000000315.419:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414255][   T37] audit: type=1326 audit(2000000315.419:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414293][   T37] audit: type=1326 audit(2000000315.419:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.414330][   T37] audit: type=1326 audit(2000000315.419:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17609 comm="syz.5.3488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1124.850614][T16449] hdpvr 6-1:0.0: Could not setup controls
[ 1124.851021][T16449] hdpvr 6-1:0.0: registering videodev failed
[ 1124.890216][T16449] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71
[ 1124.958083][T16449] usb 6-1: USB disconnect, device number 87
[ 1125.088176][T17630] fuse: Bad value for 'user_id'
[ 1125.088195][T17630] fuse: Bad value for 'user_id'
[ 1126.418382][T17641] FAULT_INJECTION: forcing a failure.
[ 1126.418382][T17641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1126.418414][T17641] CPU: 0 UID: 0 PID: 17641 Comm: syz.4.3499 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1126.418435][T17641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1126.418446][T17641] Call Trace:
[ 1126.418454][T17641]  <TASK>
[ 1126.418463][T17641]  dump_stack_lvl+0x189/0x250
[ 1126.418491][T17641]  ? __pfx____ratelimit+0x10/0x10
[ 1126.418513][T17641]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1126.418536][T17641]  ? __pfx__printk+0x10/0x10
[ 1126.418558][T17641]  ? __might_fault+0xb0/0x130
[ 1126.418591][T17641]  should_fail_ex+0x46c/0x600
[ 1126.418627][T17641]  _copy_from_user+0x2d/0xb0
[ 1126.418646][T17641]  ___sys_sendmsg+0x158/0x2a0
[ 1126.418669][T17641]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1126.418725][T17641]  ? __fget_files+0x2a/0x420
[ 1126.418747][T17641]  ? __fget_files+0x3a6/0x420
[ 1126.418780][T17641]  __x64_sys_sendmsg+0x1a1/0x260
[ 1126.418803][T17641]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1126.418833][T17641]  ? __pfx_ksys_write+0x10/0x10
[ 1126.418859][T17641]  ? do_syscall_64+0xbe/0xfa0
[ 1126.418885][T17641]  do_syscall_64+0xfa/0xfa0
[ 1126.418904][T17641]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1126.418924][T17641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1126.418942][T17641]  ? clear_bhb_loop+0x60/0xb0
[ 1126.418964][T17641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1126.418982][T17641] RIP: 0033:0x7f678f94efc9
[ 1126.418998][T17641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1126.419014][T17641] RSP: 002b:00007f678dbae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1126.419034][T17641] RAX: ffffffffffffffda RBX: 00007f678fba5fa0 RCX: 00007f678f94efc9
[ 1126.419048][T17641] RDX: 0000000020040040 RSI: 0000200000000d00 RDI: 0000000000000005
[ 1126.419061][T17641] RBP: 00007f678dbae090 R08: 0000000000000000 R09: 0000000000000000
[ 1126.419073][T17641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1126.419084][T17641] R13: 00007f678fba6038 R14: 00007f678fba5fa0 R15: 00007ffd442b08b8
[ 1126.419116][T17641]  </TASK>
[ 1126.603724][ T5937] usb 4-1: new full-speed USB device number 94 using dummy_hcd
[ 1128.795466][ T5937] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1128.795491][ T5937] usb 4-1: can't read configurations, error -71
[ 1130.143931][ T5937] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1130.319712][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1130.319730][ T5937] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1130.319742][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1130.319752][ T5937] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1130.319774][ T5937] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1130.319785][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.323159][ T5937] usb 4-1: config 0 descriptor??
[ 1130.562537][ T5937] hdpvr 4-1:0.0: firmware version 0x8 dated 
[ 1130.766481][   T37] kauditd_printk_skb: 34 callbacks suppressed
[ 1130.766499][   T37] audit: type=1326 audit(2000000321.779:3479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.766675][   T37] audit: type=1326 audit(2000000321.779:3480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.766991][   T37] audit: type=1326 audit(2000000321.779:3481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.767233][   T37] audit: type=1326 audit(2000000321.779:3482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.767411][   T37] audit: type=1326 audit(2000000321.779:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.767604][   T37] audit: type=1326 audit(2000000321.779:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.767817][   T37] audit: type=1326 audit(2000000321.779:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.768045][   T37] audit: type=1326 audit(2000000321.779:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.768247][   T37] audit: type=1326 audit(2000000321.779:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1130.768605][   T37] audit: type=1326 audit(2000000321.779:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17679 comm="syz.3.3511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1131.664685][T17690] fuse: Bad value for 'user_id'
[ 1131.664704][T17690] fuse: Bad value for 'user_id'
[ 1131.783731][ T5937] hdpvr 4-1:0.0: Could not setup controls
[ 1131.784516][ T5937] hdpvr 4-1:0.0: registering videodev failed
[ 1131.841428][ T5937] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -71
[ 1131.874008][ T5937] usb 4-1: USB disconnect, device number 96
[ 1134.000808][T17699] pimreg: entered allmulticast mode
[ 1134.024753][T17699] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1134.024872][T17699] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1135.483776][ T5937] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[ 1135.637411][ T5937] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1135.637445][ T5937] usb 5-1: config 0 has no interface number 0
[ 1135.637487][ T5937] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1135.642130][ T5937] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1135.642147][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1135.642157][ T5937] usb 5-1: Product: syz
[ 1135.642165][ T5937] usb 5-1: SerialNumber: syz
[ 1135.680085][T17738] tipc: Enabled bearer <ib:wg1>, priority 0
[ 1135.721354][ T5937] usb 5-1: config 0 descriptor??
[ 1135.738091][ T5937] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[ 1135.843755][ T5888] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1136.043722][ T5888] usb 2-1: Using ep0 maxpacket: 32
[ 1136.199457][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1136.213816][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1136.213861][ T5888] usb 2-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[ 1136.213881][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.480498][ T5888] usb 2-1: config 0 descriptor??
[ 1137.641573][ T5888] smartjoyplus 0003:0925:8866.0025: item fetching failed at offset 1/5
[ 1137.642002][ T5888] smartjoyplus 0003:0925:8866.0025: parse failed
[ 1137.642039][ T5888] smartjoyplus 0003:0925:8866.0025: probe with driver smartjoyplus failed with error -22
[ 1137.727141][ T5888] usb 2-1: USB disconnect, device number 88
[ 1137.857322][T17750] loop6: detected capacity change from 0 to 7
[ 1137.860952][T17750] Dev loop6: unable to read RDB block 7
[ 1137.860980][T17750]  loop6: unable to read partition table
[ 1137.861115][T17750] loop6: partition table beyond EOD, truncated
[ 1137.861126][T17750] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1137.962233][ T5896] usb 5-1: USB disconnect, device number 92
[ 1137.988791][   T37] kauditd_printk_skb: 24 callbacks suppressed
[ 1137.988808][   T37] audit: type=1326 audit(2000000328.999:3513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.988947][   T37] audit: type=1326 audit(2000000328.999:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.990315][   T37] audit: type=1326 audit(2000000328.999:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.990542][   T37] audit: type=1326 audit(2000000328.999:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.990683][   T37] audit: type=1326 audit(2000000328.999:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.991977][   T37] audit: type=1326 audit(2000000328.999:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.992022][   T37] audit: type=1326 audit(2000000328.999:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.992060][   T37] audit: type=1326 audit(2000000328.999:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.993068][   T37] audit: type=1326 audit(2000000328.999:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1137.993113][   T37] audit: type=1326 audit(2000000328.999:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17753 comm="syz.3.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1138.229953][T10219] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[ 1138.474675][T10219] usb 6-1: Using ep0 maxpacket: 8
[ 1139.238813][T10219] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[ 1139.238840][T10219] usb 6-1: config 0 has no interface number 0
[ 1139.238886][T10219] usb 6-1: config 0 interface 239 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1139.242313][T10219] usb 6-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[ 1139.242340][T10219] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1139.242359][T10219] usb 6-1: Product: syz
[ 1139.242372][T10219] usb 6-1: Manufacturer: syz
[ 1139.242385][T10219] usb 6-1: SerialNumber: syz
[ 1139.315491][T10219] usb 6-1: config 0 descriptor??
[ 1139.455624][T17757] Process accounting resumed
[ 1139.642849][T10219] ath6kl: Failed to submit usb control message: -71
[ 1139.642895][T10219] ath6kl: unable to send the bmi data to the device: -71
[ 1139.642909][T10219] ath6kl: Unable to send get target info: -71
[ 1139.673040][T10219] ath6kl: Failed to init ath6kl core: -71
[ 1139.681511][T10219] ath6kl_usb 6-1:0.239: probe with driver ath6kl_usb failed with error -71
[ 1139.701089][T10219] usb 6-1: USB disconnect, device number 88
[ 1139.973718][   T31] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1141.219307][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1141.219349][   T31] usb 2-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1141.219370][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.263138][   T31] usb 2-1: config 0 descriptor??
[ 1141.454468][T17782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3537'.
[ 1142.228522][   T31] logitech-djreceiver 0003:046D:C71F.0026: reserved main item tag 0xd
[ 1142.228557][   T31] logitech-djreceiver 0003:046D:C71F.0026: unknown main item tag 0x5
[ 1142.293936][   T31] logitech-djreceiver 0003:046D:C71F.0026: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.1-1/input0
[ 1142.502139][ T5937] usb 2-1: USB disconnect, device number 89
[ 1142.768129][T17797] FAULT_INJECTION: forcing a failure.
[ 1142.768129][T17797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1142.768162][T17797] CPU: 0 UID: 0 PID: 17797 Comm: syz.3.3540 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1142.768182][T17797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1142.768192][T17797] Call Trace:
[ 1142.768200][T17797]  <TASK>
[ 1142.768212][T17797]  dump_stack_lvl+0x189/0x250
[ 1142.768242][T17797]  ? __pfx____ratelimit+0x10/0x10
[ 1142.768263][T17797]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1142.768287][T17797]  ? __pfx__printk+0x10/0x10
[ 1142.768306][T17797]  ? __might_fault+0xb0/0x130
[ 1142.768341][T17797]  should_fail_ex+0x46c/0x600
[ 1142.768368][T17797]  _copy_from_user+0x2d/0xb0
[ 1142.768386][T17797]  kstrtouint_from_user+0xc4/0x170
[ 1142.768413][T17797]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1142.768454][T17797]  proc_fail_nth_write+0x88/0x200
[ 1142.768474][T17797]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1142.768498][T17797]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1142.768516][T17797]  vfs_write+0x287/0xb40
[ 1142.768545][T17797]  ? __pfx_vfs_write+0x10/0x10
[ 1142.768561][T17797]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1142.768589][T17797]  ? mutex_lock_nested+0x154/0x1d0
[ 1142.768604][T17797]  ? fdget_pos+0x253/0x320
[ 1142.768635][T17797]  ksys_write+0x14b/0x260
[ 1142.768654][T17797]  ? __fget_files+0x2a/0x420
[ 1142.768675][T17797]  ? __pfx_ksys_write+0x10/0x10
[ 1142.768698][T17797]  ? do_syscall_64+0xbe/0xfa0
[ 1142.768722][T17797]  do_syscall_64+0xfa/0xfa0
[ 1142.768734][T17797]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1142.768746][T17797]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1142.768756][T17797]  ? clear_bhb_loop+0x60/0xb0
[ 1142.768768][T17797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1142.768778][T17797] RIP: 0033:0x7fa1c331da7f
[ 1142.768788][T17797] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1142.768797][T17797] RSP: 002b:00007fa1c155d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1142.768808][T17797] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa1c331da7f
[ 1142.768815][T17797] RDX: 0000000000000001 RSI: 00007fa1c155d0a0 RDI: 0000000000000005
[ 1142.768822][T17797] RBP: 00007fa1c155d090 R08: 0000000000000000 R09: 0000000000000000
[ 1142.768828][T17797] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1142.768834][T17797] R13: 00007fa1c3576128 R14: 00007fa1c3576090 R15: 00007ffdb3f5f858
[ 1142.768851][T17797]  </TASK>
[ 1143.033119][T17795] fido_id[17795]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1145.527131][T17818] FAULT_INJECTION: forcing a failure.
[ 1145.527131][T17818] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1145.527162][T17818] CPU: 0 UID: 0 PID: 17818 Comm: syz.1.3547 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1145.527182][T17818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1145.527193][T17818] Call Trace:
[ 1145.527200][T17818]  <TASK>
[ 1145.527208][T17818]  dump_stack_lvl+0x189/0x250
[ 1145.527238][T17818]  ? __pfx____ratelimit+0x10/0x10
[ 1145.527258][T17818]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1145.527282][T17818]  ? __pfx__printk+0x10/0x10
[ 1145.527313][T17818]  should_fail_ex+0x46c/0x600
[ 1145.527344][T17818]  strncpy_from_user+0x36/0x290
[ 1145.527368][T17818]  getname_flags+0xf3/0x540
[ 1145.527396][T17818]  do_sys_openat2+0xbc/0x1c0
[ 1145.527415][T17818]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1145.527433][T17818]  ? ksys_write+0x230/0x260
[ 1145.527456][T17818]  ? __pfx_ksys_write+0x10/0x10
[ 1145.527478][T17818]  __x64_sys_open+0x11e/0x150
[ 1145.527500][T17818]  do_syscall_64+0xfa/0xfa0
[ 1145.527519][T17818]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1145.527539][T17818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1145.527557][T17818]  ? clear_bhb_loop+0x60/0xb0
[ 1145.527579][T17818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1145.527596][T17818] RIP: 0033:0x7f2495afefc9
[ 1145.527611][T17818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1145.527623][T17818] RSP: 002b:00007f2493d3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1145.527637][T17818] RAX: ffffffffffffffda RBX: 00007f2495d56090 RCX: 00007f2495afefc9
[ 1145.527647][T17818] RDX: 00000000000000ac RSI: 0000000000040080 RDI: 00002000000000c0
[ 1145.527662][T17818] RBP: 00007f2493d3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1145.527673][T17818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1145.527681][T17818] R13: 00007f2495d56128 R14: 00007f2495d56090 R15: 00007ffe1cda6a48
[ 1145.527705][T17818]  </TASK>
[ 1145.536567][ T5888] usb 4-1: new full-speed USB device number 97 using dummy_hcd
[ 1145.743671][ T5888] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1145.743696][ T5888] usb 4-1: config 0 has no interface number 0
[ 1145.743744][ T5888] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1145.746022][ T5888] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1145.746046][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1145.746065][ T5888] usb 4-1: Product: syz
[ 1145.746077][ T5888] usb 4-1: SerialNumber: syz
[ 1145.763547][ T5888] usb 4-1: config 0 descriptor??
[ 1145.786643][ T5888] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1146.112206][ T5888] usb 4-1: USB disconnect, device number 97
[ 1146.928336][T17782] team0 (unregistering): Port device team_slave_0 removed
[ 1147.115139][T17782] team0 (unregistering): Port device team_slave_1 removed
[ 1147.924448][T10219] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[ 1147.941729][   T37] kauditd_printk_skb: 22 callbacks suppressed
[ 1147.941746][   T37] audit: type=1326 audit(2000000338.949:3545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.941790][   T37] audit: type=1326 audit(2000000338.949:3546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.942520][   T37] audit: type=1326 audit(2000000338.949:3547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.942560][   T37] audit: type=1326 audit(2000000338.949:3548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.942596][   T37] audit: type=1326 audit(2000000338.949:3549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.943277][   T37] audit: type=1326 audit(2000000338.949:3550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.943317][   T37] audit: type=1326 audit(2000000338.949:3551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.943355][   T37] audit: type=1326 audit(2000000338.949:3552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.957055][   T37] audit: type=1326 audit(2000000338.969:3553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1147.957103][   T37] audit: type=1326 audit(2000000338.969:3554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17835 comm="syz.3.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1148.886740][T11644] Bluetooth: hci5: command 0x0406 tx timeout
[ 1149.184525][T10219] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1149.184572][T10219] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1149.184593][T10219] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.195209][T10219] usb 6-1: config 0 descriptor??
[ 1149.318962][T17840] Process accounting resumed
[ 1152.083707][ T5888] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1152.204217][T10219] usbhid 6-1:0.0: can't add hid device: -71
[ 1152.204339][T10219] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1152.212039][T10219] usb 6-1: USB disconnect, device number 89
[ 1152.344892][T17860] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1152.345938][T17860] syzkaller0: entered promiscuous mode
[ 1152.345960][T17860] syzkaller0: entered allmulticast mode
[ 1152.357225][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1152.357251][ T5888] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1152.357275][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1152.357295][ T5888] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1152.357331][ T5888] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1152.357350][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1152.365713][ T5888] usb 5-1: config 0 descriptor??
[ 1152.577558][T17866] tipc: Resetting bearer <eth:syzkaller0>
[ 1152.586560][ T5888] hdpvr 5-1:0.0: firmware version 0x8 dated 
[ 1152.614253][T17859] tipc: Resetting bearer <eth:syzkaller0>
[ 1153.728807][T16449] tipc: Node number set to 2367600596
[ 1153.741553][   T37] kauditd_printk_skb: 60 callbacks suppressed
[ 1153.741571][   T37] audit: type=1326 audit(2000000344.749:3615): auid=4294967295 uid=16832 gid=0 ses=4294967295 subj=_ pid=17847 comm="syz.4.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1153.742199][   T37] audit: type=1326 audit(2000000344.749:3616): auid=4294967295 uid=16832 gid=0 ses=4294967295 subj=_ pid=17847 comm="syz.4.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1153.790940][   T37] audit: type=1326 audit(2000000344.799:3617): auid=4294967295 uid=16832 gid=0 ses=4294967295 subj=_ pid=17847 comm="syz.4.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1153.793271][   T37] audit: type=1326 audit(2000000344.799:3618): auid=4294967295 uid=16832 gid=0 ses=4294967295 subj=_ pid=17847 comm="syz.4.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1153.797293][   T37] audit: type=1326 audit(2000000344.809:3619): auid=4294967295 uid=16832 gid=0 ses=4294967295 subj=_ pid=17847 comm="syz.4.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1153.840040][T17859] tipc: Disabling bearer <eth:syzkaller0>
[ 1154.110672][T17872] 9p: Unknown access argument ������Gr��dR�e�^���Z٭�: -22
[ 1154.222274][ T5888] hdpvr 5-1:0.0: Could not setup controls
[ 1154.223015][ T5888] hdpvr 5-1:0.0: registering videodev failed
[ 1154.241288][ T5888] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -71
[ 1154.250067][ T5888] usb 5-1: USB disconnect, device number 93
[ 1154.718600][T17885] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3566'.
[ 1154.718629][T17885] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3566'.
[ 1154.791917][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1154.806259][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1154.927740][ T5888] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[ 1156.286010][T17893] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1156.287184][T17893] syzkaller0: entered promiscuous mode
[ 1156.287206][T17893] syzkaller0: entered allmulticast mode
[ 1156.336126][ T5888] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1156.336178][ T5888] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1156.336198][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.377329][ T5888] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1156.511626][T17896] tipc: Resetting bearer <eth:syzkaller0>
[ 1156.824400][T17890] tipc: Resetting bearer <eth:syzkaller0>
[ 1157.480030][ T5888] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[ 1157.480130][ T5888] stv0680 6-1:4.0: STV(e): camera ping failed!!
[ 1157.556195][T17883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.556749][T17883] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.605014][ T5888] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[ 1157.605038][ T5888] stv0680 6-1:4.0: last error: 0,  command = 0x0
[ 1157.792907][ T5888] usb 6-1: USB disconnect, device number 90
[ 1157.945563][T17910] loop6: detected capacity change from 0 to 7
[ 1157.947731][T17910] Dev loop6: unable to read RDB block 7
[ 1157.947775][T17910]  loop6: unable to read partition table
[ 1157.947999][T17910] loop6: partition table beyond EOD, truncated
[ 1157.948016][T17910] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1158.157715][T17890] tipc: Disabling bearer <eth:syzkaller0>
[ 1158.950164][T17922] fuse: Unknown parameter '0x0000000000000006'
[ 1159.682312][T17924] tipc: Started in network mode
[ 1159.682340][T17924] tipc: Node identity 76d540d81353, cluster identity 4711
[ 1159.682539][T17924] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1160.424452][T17929] syzkaller0: entered promiscuous mode
[ 1160.424474][T17929] syzkaller0: entered allmulticast mode
[ 1160.476964][T17915] tipc: Resetting bearer <eth:syzkaller0>
[ 1160.530424][T17943] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3581'.
[ 1160.530455][T17943] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3581'.
[ 1160.753734][ T5918] tipc: Node number set to 1703297240
[ 1160.963149][T17913] tipc: Resetting bearer <eth:syzkaller0>
[ 1161.258203][T17913] tipc: Disabling bearer <eth:syzkaller0>
[ 1161.263277][   T37] audit: type=1326 audit(2000000352.269:3620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.263388][   T37] audit: type=1326 audit(2000000352.269:3621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953457][   T37] audit: type=1326 audit(2000000352.279:3622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953512][   T37] audit: type=1326 audit(2000000352.279:3623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953556][   T37] audit: type=1326 audit(2000000352.279:3624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953677][   T37] audit: type=1326 audit(2000000352.279:3625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953719][   T37] audit: type=1326 audit(2000000352.279:3626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953768][   T37] audit: type=1326 audit(2000000352.279:3627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953809][   T37] audit: type=1326 audit(2000000352.279:3628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1161.953849][   T37] audit: type=1326 audit(2000000352.279:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17954 comm="syz.5.3585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1162.257879][ T5968] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[ 1162.464418][ T5968] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1162.464443][ T5968] usb 5-1: config 0 has no interface number 0
[ 1162.464489][ T5968] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1162.472901][ T5968] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1162.472929][ T5968] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1162.472947][ T5968] usb 5-1: Product: syz
[ 1162.472960][ T5968] usb 5-1: SerialNumber: syz
[ 1162.544773][ T5968] usb 5-1: config 0 descriptor??
[ 1162.563289][ T5968] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[ 1164.503316][T17949] kvm: pic: non byte write
[ 1165.179899][T17986] fuse: Unknown parameter '0x0000000000000006'
[ 1165.675715][T17987] 9p: Unknown access argument ������Gr��dR�e�^���Z٭�: -22
[ 1165.942076][T10219] usb 5-1: USB disconnect, device number 94
[ 1166.288059][   T37] kauditd_printk_skb: 44 callbacks suppressed
[ 1166.288078][   T37] audit: type=1326 audit(2000000357.209:3674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.453703][   T37] audit: type=1326 audit(2000000357.459:3675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.453756][   T37] audit: type=1326 audit(2000000357.459:3676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.500255][   T37] audit: type=1326 audit(2000000357.509:3677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.500304][   T37] audit: type=1326 audit(2000000357.509:3678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.500341][   T37] audit: type=1326 audit(2000000357.509:3679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1166.501399][   T37] audit: type=1326 audit(2000000357.509:3680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17996 comm="syz.5.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f81d63defc9 code=0x7ffc0000
[ 1167.601229][T18015] loop6: detected capacity change from 0 to 7
[ 1167.604013][T18015] Dev loop6: unable to read RDB block 7
[ 1167.604055][T18015]  loop6: unable to read partition table
[ 1167.604270][T18015] loop6: partition table beyond EOD, truncated
[ 1167.604287][T18015] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1167.703770][T10219] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[ 1167.767883][ T5968] IPVS: starting estimator thread 0...
[ 1167.771214][T18018] tipc: Started in network mode
[ 1167.771263][T18018] tipc: Node identity 1efd1bda6c9a, cluster identity 4711
[ 1167.771467][T18018] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1167.772520][T18018] syzkaller0: entered promiscuous mode
[ 1167.772541][T18018] syzkaller0: entered allmulticast mode
[ 1167.855955][T10219] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1167.855981][T10219] usb 4-1: config 0 has no interface number 0
[ 1167.856030][T10219] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1167.858246][T10219] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1167.858271][T10219] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1167.858289][T10219] usb 4-1: Product: syz
[ 1167.858302][T10219] usb 4-1: SerialNumber: syz
[ 1167.863904][T18019] IPVS: using max 8 ests per chain, 19200 per kthread
[ 1167.870869][T10219] usb 4-1: config 0 descriptor??
[ 1167.881465][T10219] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1168.084068][ T5918] usb 4-1: USB disconnect, device number 98
[ 1168.126472][T18022] tipc: Resetting bearer <eth:syzkaller0>
[ 1168.184449][T18017] tipc: Resetting bearer <eth:syzkaller0>
[ 1168.827080][ T5968] tipc: Node number set to 1919359962
[ 1169.251325][   T37] audit: type=1326 audit(2000000360.259:3681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18030 comm="syz.4.3608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1169.251376][   T37] audit: type=1326 audit(2000000360.259:3682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18030 comm="syz.4.3608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1169.252296][   T37] audit: type=1326 audit(2000000360.259:3683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18030 comm="syz.4.3608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1169.544693][T18017] tipc: Disabling bearer <eth:syzkaller0>
[ 1170.694314][T18036] Process accounting resumed
[ 1171.299313][T18002] Process accounting resumed
[ 1174.023752][T10219] usb 6-1: new full-speed USB device number 91 using dummy_hcd
[ 1174.181385][T10219] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[ 1174.181411][T10219] usb 6-1: config 0 has no interface number 0
[ 1174.181486][T10219] usb 6-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1174.183820][T10219] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1174.183844][T10219] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1174.183862][T10219] usb 6-1: Product: syz
[ 1174.183873][T10219] usb 6-1: SerialNumber: syz
[ 1174.205629][T10219] usb 6-1: config 0 descriptor??
[ 1174.222876][T10219] usbhid 6-1:0.8: couldn't find an input interrupt endpoint
[ 1174.309891][ T5801] Bluetooth: hci3: command 0x041b tx timeout
[ 1174.452054][T18081] kvm: pic: non byte write
[ 1175.979184][ T5896] usb 6-1: USB disconnect, device number 91
[ 1177.604156][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.604207][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1179.853371][T16449] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 1180.003703][T16449] usb 6-1: Using ep0 maxpacket: 8
[ 1180.005959][T16449] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1180.006013][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1180.006039][T16449] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1180.006063][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1180.006087][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1180.007678][T16449] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1180.007732][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1180.007756][T16449] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1180.007779][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1180.007802][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1180.009511][T16449] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1180.009559][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1180.009584][T16449] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1180.009607][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1180.009630][T16449] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1180.012891][T16449] usb 6-1: string descriptor 0 read error: -22
[ 1180.012981][T16449] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1180.012993][T16449] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.833470][T16449] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1180.970365][ T5888] usb 6-1: USB disconnect, device number 92
[ 1184.368704][T18179] FAULT_INJECTION: forcing a failure.
[ 1184.368704][T18179] name failslab, interval 1, probability 0, space 0, times 0
[ 1184.368762][T18179] CPU: 1 UID: 0 PID: 18179 Comm: syz.1.3653 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1184.368783][T18179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1184.368794][T18179] Call Trace:
[ 1184.368802][T18179]  <TASK>
[ 1184.368811][T18179]  dump_stack_lvl+0x189/0x250
[ 1184.368841][T18179]  ? __pfx____ratelimit+0x10/0x10
[ 1184.368863][T18179]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1184.368888][T18179]  ? __pfx__printk+0x10/0x10
[ 1184.368915][T18179]  ? __pfx___might_resched+0x10/0x10
[ 1184.368934][T18179]  ? fs_reclaim_acquire+0x7d/0x100
[ 1184.368963][T18179]  should_fail_ex+0x46c/0x600
[ 1184.368992][T18179]  should_failslab+0xa8/0x100
[ 1184.369018][T18179]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1184.369042][T18179]  ? sctp_association_new+0x89/0x25f0
[ 1184.369073][T18179]  sctp_association_new+0x89/0x25f0
[ 1184.369113][T18179]  sctp_connect_new_asoc+0x2c5/0x690
[ 1184.369142][T18179]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1184.369170][T18179]  ? __rcu_read_unlock+0x84/0xe0
[ 1184.369189][T18179]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1184.369214][T18179]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1184.369230][T18179]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1184.369251][T18179]  sctp_sendmsg+0x14fd/0x2590
[ 1184.369288][T18179]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1184.369311][T18179]  ? __lock_acquire+0xab9/0xd20
[ 1184.369351][T18179]  ? sock_rps_record_flow+0x19/0x410
[ 1184.369379][T18179]  ? inet_sendmsg+0x2f4/0x370
[ 1184.369400][T18179]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1184.369427][T18179]  __sock_sendmsg+0x19c/0x270
[ 1184.369455][T18179]  __sys_sendto+0x3c7/0x520
[ 1184.369476][T18179]  ? __pfx___sys_sendto+0x10/0x10
[ 1184.369528][T18179]  ? ksys_write+0x230/0x260
[ 1184.369559][T18179]  __x64_sys_sendto+0xde/0x100
[ 1184.369581][T18179]  do_syscall_64+0xfa/0xfa0
[ 1184.369605][T18179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.369622][T18179]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1184.369639][T18179]  ? clear_bhb_loop+0x60/0xb0
[ 1184.369660][T18179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.369678][T18179] RIP: 0033:0x7f2495afefc9
[ 1184.369695][T18179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1184.369710][T18179] RSP: 002b:00007f2493d1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1184.369730][T18179] RAX: ffffffffffffffda RBX: 00007f2495d56180 RCX: 00007f2495afefc9
[ 1184.369744][T18179] RDX: 0000000000020000 RSI: 0000200000000040 RDI: 0000000000000007
[ 1184.369756][T18179] RBP: 00007f2493d1c090 R08: 0000200000000100 R09: 000000000000001c
[ 1184.369768][T18179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1184.369779][T18179] R13: 00007f2495d56218 R14: 00007f2495d56180 R15: 00007ffe1cda6a48
[ 1184.369812][T18179]  </TASK>
[ 1185.963762][T10219] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1186.273722][T10219] usb 5-1: Using ep0 maxpacket: 8
[ 1186.276887][T10219] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.276941][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1186.276966][T10219] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.276988][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1186.277012][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1186.283401][T10219] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.283454][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1186.283478][T10219] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.283499][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1186.283520][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1186.285328][T10219] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.285382][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1186.285406][T10219] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.285429][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1186.285452][T10219] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1186.316032][T10219] usb 5-1: string descriptor 0 read error: -22
[ 1186.316179][T10219] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1186.316200][T10219] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1187.121358][T10219] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1187.133119][T10219] usb 5-1: USB disconnect, device number 95
[ 1188.382283][T18220] syzkaller1: entered promiscuous mode
[ 1188.382307][T18220] syzkaller1: entered allmulticast mode
[ 1188.803760][ T5888] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1189.793682][ T5888] usb 5-1: Using ep0 maxpacket: 16
[ 1189.796921][ T5888] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1189.796951][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1189.799972][ T5888] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1189.799997][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.800015][ T5888] usb 5-1: Product: syz
[ 1189.800028][ T5888] usb 5-1: Manufacturer: syz
[ 1189.800041][ T5888] usb 5-1: SerialNumber: syz
[ 1189.873275][ T5888] usb 5-1: config 0 descriptor??
[ 1189.881467][ T5888] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1189.881499][ T5888] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[ 1190.705000][   T37] kauditd_printk_skb: 26 callbacks suppressed
[ 1190.705019][   T37] audit: type=1326 audit(2000000381.719:3710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.705629][   T37] audit: type=1326 audit(2000000381.719:3711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.706928][   T37] audit: type=1326 audit(2000000381.719:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.706975][   T37] audit: type=1326 audit(2000000381.719:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.707381][   T37] audit: type=1326 audit(2000000381.719:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.707701][   T37] audit: type=1326 audit(2000000381.719:3715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.735005][   T37] audit: type=1326 audit(2000000381.719:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.735058][   T37] audit: type=1326 audit(2000000381.719:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.735099][   T37] audit: type=1326 audit(2000000381.719:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.735144][   T37] audit: type=1326 audit(2000000381.719:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18224 comm="syz.4.3671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678f94efc9 code=0x7ffc0000
[ 1190.847684][ T5888] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 1190.852903][ T5888] em28xx 5-1:0.0: Config register raw data: 0xb4
[ 1190.852922][ T5888] em28xx 5-1:0.0: I2S Audio (3 sample rate(s))
[ 1190.852936][ T5888] em28xx 5-1:0.0: No AC97 audio processor
[ 1192.459504][T10219] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1192.459974][  T983] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 1192.486371][ T5968] usb 5-1: USB disconnect, device number 96
[ 1192.663810][  T983] usb 2-1: Using ep0 maxpacket: 8
[ 1192.663912][T10219] usb 6-1: Using ep0 maxpacket: 8
[ 1192.665892][T10219] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1192.665915][T10219] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1192.669087][T10219] usb 6-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[ 1192.669104][T10219] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1192.669114][T10219] usb 6-1: Product: syz
[ 1192.669233][T10219] usb 6-1: Manufacturer: syz
[ 1192.669242][T10219] usb 6-1: SerialNumber: syz
[ 1192.669440][  T983] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1192.669459][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1192.669468][  T983] usb 2-1: Product: syz
[ 1192.669475][  T983] usb 2-1: Manufacturer: syz
[ 1192.669482][  T983] usb 2-1: SerialNumber: syz
[ 1192.679557][T10219] usb 6-1: config 0 descriptor??
[ 1192.689386][  T983] usb 2-1: config 0 descriptor??
[ 1192.953230][  T983] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1193.177622][ T5968] usb 6-1: USB disconnect, device number 93
[ 1194.275906][T18269] can: request_module (can-proto-0) failed.
[ 1194.298131][  T983] gspca_sunplus: reg_w_riv err -71
[ 1194.298190][  T983] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[ 1194.301278][  T983] usb 2-1: USB disconnect, device number 90
[ 1194.323836][ T5896] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1194.433818][ T5918] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[ 1194.473738][ T5896] usb 4-1: Using ep0 maxpacket: 16
[ 1194.476127][ T5896] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1194.476156][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1194.479215][ T5896] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1194.479240][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.479258][ T5896] usb 4-1: Product: syz
[ 1194.479271][ T5896] usb 4-1: Manufacturer: syz
[ 1194.479284][ T5896] usb 4-1: SerialNumber: syz
[ 1194.492264][ T5896] usb 4-1: config 0 descriptor??
[ 1194.515683][ T5896] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1194.515715][ T5896] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 1194.583838][ T5918] usb 6-1: Using ep0 maxpacket: 16
[ 1194.588521][ T5918] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1194.588548][ T5918] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[ 1194.588634][ T5918] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[ 1194.598631][ T5918] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 1194.598707][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.598727][ T5918] usb 6-1: Product: syz
[ 1194.598739][ T5918] usb 6-1: Manufacturer: syz
[ 1194.598752][ T5918] usb 6-1: SerialNumber: syz
[ 1194.620252][ T5918] usb 6-1: config 0 descriptor??
[ 1194.630091][T18266] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[ 1194.733133][ T5918] mcba_usb 6-1:0.0 can0: failed tx_urb -90
[ 1194.733202][ T5918] mcba_usb 6-1:0.0 can0: Failed to send cmd (169)
[ 1194.733273][ T5918] mcba_usb 6-1:0.0 can0: failed tx_urb -90
[ 1194.733296][ T5918] mcba_usb 6-1:0.0 can0: Failed to send cmd (169)
[ 1194.733338][ T5918] mcba_usb 6-1:0.0: Microchip CAN BUS Analyzer connected
[ 1194.840367][ T5918] usb 6-1: USB disconnect, device number 94
[ 1194.886368][ T5918] mcba_usb 6-1:0.0 can0: device disconnected
[ 1195.649888][ T5896] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1195.651135][ T5896] em28xx 4-1:0.0: Config register raw data: 0xb4
[ 1195.651154][ T5896] em28xx 4-1:0.0: I2S Audio (3 sample rate(s))
[ 1195.651166][ T5896] em28xx 4-1:0.0: No AC97 audio processor
[ 1195.851368][   T37] kauditd_printk_skb: 114 callbacks suppressed
[ 1195.851380][   T37] audit: type=1326 audit(2000000386.859:3834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1195.851746][   T37] audit: type=1326 audit(2000000386.859:3835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa1c331ebcb code=0x7ffc0000
[ 1195.852041][   T37] audit: type=1326 audit(2000000386.859:3836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa1c331ebcb code=0x7ffc0000
[ 1195.852438][   T37] audit: type=1326 audit(2000000386.859:3837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa1c3351885 code=0x7ffc0000
[ 1196.053043][   T37] audit: type=1326 audit(2000000387.059:3838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1196.055685][   T37] audit: type=1326 audit(2000000387.059:3839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1196.057395][   T37] audit: type=1326 audit(2000000387.069:3840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa1c331ebcb code=0x7ffc0000
[ 1196.062303][   T37] audit: type=1326 audit(2000000387.069:3841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa1c331ebcb code=0x7ffc0000
[ 1196.064756][   T37] audit: type=1326 audit(2000000387.069:3842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa1c3351885 code=0x7ffc0000
[ 1196.265072][   T37] audit: type=1326 audit(2000000387.279:3843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18263 comm="syz.3.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1c331efc9 code=0x7ffc0000
[ 1196.283074][T18301] loop6: detected capacity change from 0 to 7
[ 1196.473752][ T5968] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 1196.596962][T17564] Dev loop6: unable to read RDB block 7
[ 1196.597005][T17564]  loop6: unable to read partition table
[ 1196.597245][T17564] loop6: partition table beyond EOD, truncated
[ 1196.605102][ T5896] usb 4-1: USB disconnect, device number 99
[ 1196.632447][T18301] Dev loop6: unable to read RDB block 7
[ 1196.633156][T18301]  loop6: unable to read partition table
[ 1196.918105][T18301] loop6: partition table beyond EOD, truncated
[ 1197.105691][T18301] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1197.819161][ T5968] usb 6-1: Using ep0 maxpacket: 8
[ 1197.843718][ T5968] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1197.843747][ T5968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1197.843766][ T5968] usb 6-1: Product: syz
[ 1197.843779][ T5968] usb 6-1: Manufacturer: syz
[ 1197.843792][ T5968] usb 6-1: SerialNumber: syz
[ 1197.905880][ T5968] usb 6-1: config 0 descriptor??
[ 1197.998165][T18310] Process accounting resumed
[ 1198.159557][ T5968] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1198.183940][ T5968] gspca_sunplus: reg_w_riv err -71
[ 1198.184028][ T5968] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[ 1198.189161][ T5968] usb 6-1: USB disconnect, device number 95
[ 1199.338324][T18325] kvm: pic: non byte write
[ 1200.553788][ T5968] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1200.883749][ T5968] usb 4-1: Using ep0 maxpacket: 8
[ 1200.886560][ T5968] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1200.886594][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1200.886609][ T5968] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1200.886622][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1200.886634][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1200.887616][ T5968] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1200.887664][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1200.887679][ T5968] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1200.887692][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1200.887704][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1200.888718][ T5968] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1200.888769][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1200.888788][ T5968] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1200.888803][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1200.888815][ T5968] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1201.995143][ T5968] usb 4-1: string descriptor 0 read error: -22
[ 1201.996742][ T5968] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1201.996768][ T5968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1202.445413][ T5968] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1202.522653][ T5968] usb 4-1: USB disconnect, device number 100
[ 1202.733235][T18367] loop6: detected capacity change from 0 to 7
[ 1202.750681][T18367] Dev loop6: unable to read RDB block 7
[ 1202.750725][T18367]  loop6: unable to read partition table
[ 1202.750947][T18367] loop6: partition table beyond EOD, truncated
[ 1202.763711][T18367] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1203.653725][ T5918] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1203.813698][ T5918] usb 2-1: Using ep0 maxpacket: 16
[ 1203.816093][ T5918] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1203.816122][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1203.822117][ T5918] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1203.822142][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1203.822161][ T5918] usb 2-1: Product: syz
[ 1203.822174][ T5918] usb 2-1: Manufacturer: syz
[ 1203.822187][ T5918] usb 2-1: SerialNumber: syz
[ 1203.902414][ T5918] usb 2-1: config 0 descriptor??
[ 1203.922395][ T5918] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1203.922415][ T5918] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[ 1204.826842][T18389] cgroup: fork rejected by pids controller in /syz3
[ 1205.692060][T11644] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1205.732001][   T37] kauditd_printk_skb: 40 callbacks suppressed
[ 1205.732018][   T37] audit: type=1326 audit(2000000396.699:3884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.732061][   T37] audit: type=1326 audit(2000000396.699:3885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.732097][   T37] audit: type=1326 audit(2000000396.699:3886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.733673][   T37] audit: type=1326 audit(2000000396.739:3887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.736277][   T37] audit: type=1326 audit(2000000396.749:3888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.737553][   T37] audit: type=1326 audit(2000000396.749:3889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.738753][   T37] audit: type=1326 audit(2000000396.749:3890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.739055][   T37] audit: type=1326 audit(2000000396.749:3891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.740302][   T37] audit: type=1326 audit(2000000396.749:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1205.741576][   T37] audit: type=1326 audit(2000000396.749:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18372 comm="syz.1.3707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2495afefc9 code=0x7ffc0000
[ 1206.794031][ T5918] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 1206.795624][ T5918] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[ 1206.795962][ T5918] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[ 1206.795972][ T5918] em28xx 2-1:0.0: No AC97 audio processor
[ 1207.776050][T11644] Bluetooth: hci3: command 0x041b tx timeout
[ 1214.876601][ T5918] usb 2-1: USB disconnect, device number 91
[ 1214.882496][ T5918] em28xx 2-1:0.0: Disconnecting em28xx
[ 1214.904674][ T5918] em28xx 2-1:0.0: Freeing device
[ 1239.287885][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.287956][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1249.579638][T11644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1249.794130][T11644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1250.783903][T11644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1253.811339][T11644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1253.813352][T11644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1257.234399][T11644] Bluetooth: hci0: command tx timeout
[ 1260.236061][T11644] Bluetooth: hci0: command tx timeout
[ 1262.494001][T11644] Bluetooth: hci0: command tx timeout
[ 1266.083922][T11644] Bluetooth: hci0: command tx timeout
[ 1285.885663][ T5801] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1287.908415][ T5801] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1288.878834][ T5801] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1288.880150][ T5801] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1288.880946][ T5801] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1291.910740][ T5801] Bluetooth: hci5: command tx timeout
[ 1294.494116][ T5801] Bluetooth: hci5: command tx timeout
[ 1294.531067][ T5801] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1295.553883][ T5801] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1295.573617][ T5801] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1296.611601][ T5801] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1296.611692][ T5801] Bluetooth: hci5: command tx timeout
[ 1296.612608][ T5801] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1299.154184][T11644] Bluetooth: hci5: command tx timeout
[ 1299.572195][T18395] Bluetooth: hci6: command tx timeout
[ 1300.274062][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.296192][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.754118][ T5801] Bluetooth: hci6: command tx timeout
[ 1302.281937][T11644] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1303.277386][T11644] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1303.982632][T11644] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1304.304502][T11644] Bluetooth: hci6: command tx timeout
[ 1305.379186][T11644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1306.412800][ T5801] Bluetooth: hci6: command tx timeout
[ 1307.424417][T18395] Bluetooth: hci3: Opcode 0x0c14 failed: -110
[ 1307.515740][T18395] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1307.516205][T18395] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1307.516602][T18395] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1307.524729][T11644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1307.525783][T11644] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1312.614244][T18395] Bluetooth: hci3: command tx timeout
[ 1314.638454][T11644] Bluetooth: hci3: command tx timeout
[ 1317.669323][T18395] Bluetooth: hci3: command tx timeout
[ 1321.053770][T18395] Bluetooth: hci3: command tx timeout
[ 1333.376551][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1335.428232][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1336.665525][ T5801] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1336.667695][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1336.668501][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1341.904917][ T5801] Bluetooth: hci4: command tx timeout
[ 1345.874718][ T5801] Bluetooth: hci4: command tx timeout
[ 1347.933945][ T5801] Bluetooth: hci4: command tx timeout
[ 1350.020552][ T5801] Bluetooth: hci4: command tx timeout
[ 1360.477826][   T38] INFO: task syz.3.3713:18389 blocked for more than 145 seconds.
[ 1360.477852][   T38]       Not tainted syzkaller #0
[ 1360.477867][   T38]       Blocked by coredump.
[ 1360.477873][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1360.477882][   T38] task:syz.3.3713      state:D stack:25896 pid:18389 tgid:18387 ppid:16332  task_flags:0x400548 flags:0x00080002
[ 1360.477928][   T38] Call Trace:
[ 1360.477935][   T38]  <TASK>
[ 1360.477948][   T38]  __schedule+0x16f3/0x4c20
[ 1360.477999][   T38]  ? __pfx___schedule+0x10/0x10
[ 1360.478037][   T38]  ? schedule+0x91/0x360
[ 1360.478059][   T38]  schedule+0x165/0x360
[ 1360.478080][   T38]  schedule_timeout+0x9a/0x270
[ 1360.478099][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[ 1360.478131][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1360.478151][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1360.478170][   T38]  ? wait_for_completion+0x267/0x5d0
[ 1360.478191][   T38]  wait_for_completion+0x2bf/0x5d0
[ 1360.478222][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[ 1360.478261][   T38]  ? io_wq_put_and_exit+0x160/0x650
[ 1360.478312][   T38]  ? io_wq_put_and_exit+0x160/0x650
[ 1360.484121][   T38]  io_wq_put_and_exit+0x316/0x650
[ 1360.484157][   T38]  io_uring_clean_tctx+0x11f/0x1a0
[ 1360.494026][   T38]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[ 1360.504127][   T38]  ? io_uring_drop_tctx_refs+0x131/0x1c0
[ 1360.504154][   T38]  io_uring_cancel_generic+0x6ca/0x7d0
[ 1360.574051][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1360.584038][   T38]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[ 1360.609641][   T38]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1360.609673][   T38]  ? rt_spin_unlock+0x150/0x200
[ 1360.609696][   T38]  ? io_uring_unreg_ringfd+0x52f/0x540
[ 1360.609722][   T38]  do_exit+0x345/0x2300
[ 1360.609747][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1360.609771][   T38]  ? __lock_acquire+0xab9/0xd20
[ 1360.609800][   T38]  ? __pfx_do_exit+0x10/0x10
[ 1360.609820][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1360.609838][   T38]  ? rt_spin_lock+0x1c1/0x3e0
[ 1360.609877][   T38]  do_group_exit+0x21c/0x2d0
[ 1360.609895][   T38]  ? rt_spin_unlock+0x161/0x200
[ 1360.609915][   T38]  get_signal+0x125d/0x1310
[ 1360.609959][   T38]  arch_do_signal_or_restart+0xa0/0x790
[ 1360.609983][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1360.610020][   T38]  ? schedule+0x16f/0x360
[ 1360.610042][   T38]  exit_to_user_mode_loop+0x72/0x130
[ 1360.610066][   T38]  do_syscall_64+0x2bd/0xfa0
[ 1360.610087][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1360.610107][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1360.610124][   T38]  ? clear_bhb_loop+0x60/0xb0
[ 1360.610146][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1360.610164][   T38] RIP: 0033:0x7fa1c331efc9
[ 1360.610181][   T38] RSP: 002b:00007fa1c157e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1360.610202][   T38] RAX: fffffffffffffe00 RBX: 00007fa1c3575fa8 RCX: 00007fa1c331efc9
[ 1360.610217][   T38] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa1c3575fa8
[ 1360.610229][   T38] RBP: 00007fa1c3575fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1360.610241][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000