last executing test programs:

6m36.671173384s ago: executing program 2 (id=1478):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x2982, 0x0)
ioctl$TCFLSH(r0, 0x540b, 0x6)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x1, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)

6m34.98842309s ago: executing program 2 (id=1485):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
fsopen(0x0, 0x0)
link(0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x0, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000100)="240000005a001f001007f41108000400020100020800038005000000ffc8bbb86ec81f7d", 0x24)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, &(0x7f0000000300)="c3", 0x1, 0x40010002})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)

6m32.893849671s ago: executing program 2 (id=1494):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x40001018, r0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x32)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0000009078"], 0x0)
r5 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068109e73", 0xc, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400", @ANYBLOB="ebffffffffffffff280012800b00010065727370616e"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r6, r5}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r7 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
connect$pppl2tp(r4, &(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}, 0x4, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r4, 0x80487436, 0xfffffffffffffffe)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000000c0)=0x1)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo\x00')

6m32.754547635s ago: executing program 2 (id=1496):
r0 = socket(0x2c, 0x80000, 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
fchdir(r1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00')
prctl$PR_GET_DUMPABLE(0x3)
write(r0, &(0x7f0000000040)="00fe0000100aff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00)
socket(0x2c, 0x80000, 0x7) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) (async)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') (async)
fchdir(r1) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) (async)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00') (async)
prctl$PR_GET_DUMPABLE(0x3) (async)
write(r0, &(0x7f0000000040)="00fe0000100aff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00) (async)

6m32.398589342s ago: executing program 2 (id=1499):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) (async)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) (async)
r3 = inotify_init1(0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) (async)
inotify_add_watch(r3, &(0x7f00000001c0)='./file0\x00', 0xa4000120) (async)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0xe) (async)
ioctl$FIONREAD(r4, 0x80047456, &(0x7f0000002300)) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
close(r3) (async)
creat(&(0x7f0000000040)='./file0\x00', 0xc8)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) (async)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x103, 0x8, 0x36b}, 0x1f)
write$binfmt_script(r5, &(0x7f0000000300)={'#! ', '', [{0x20, '\x00'}, {0x20, '\x8f\x06\xd2\xe7\xc6|J\x00\x19\xc6\xea\x9e\x10\x86\xef\xa4\xd0\x86\xca\xe0\'\x1c\b/\xbf\xcc\xe7\x94\xcf\x82=N\x90;\x00\x00\x00\x00\x00\x00\x00\b\xb1\xado\xfd\xc6\x03\xeeL\xcbOD\x85A\xfd\xc7)g\x02zx\x96\x91\xc4\x92}\x11\xa2\x135\x11\x04\x8c\xbc\xedg\x85\xc4\xeb\xdf\xf3\xf2m\x04IJ\xe1\xfa\x94\"C\xddh\xab\xff\n\xea_\x19\x8a1\xe3\xd2\vI\xd1=\x9e=\xa85\x94 \xb0v\xd1\xb0\xechG\x11\"\x1eR\x94\xc5x\xb9tU\x98n\xe0\x1b\xdb:\xde)\xd8\xd6D\x7f\x1eg\xe8\x8c\x8a/\xd5\x106i\b.\xbf\xbd\xabK\xea\x19$\xc5I+\xd2\x82v\xfe\x1e\x10K\xb2\xc2\xc2Q\x01\xca\xa3\xf4\xb2\x8a\xd4\b\x9c\x82\xb4Fi\xcc\xc9\x12\xd8\xb7\xa7\xfd\x00\f\x8d\x1a\x982\xb6\xa1\x99\x1c\xcc\x02\rz\x1b\x99\x81\xc0$\xa3\x9bL\x18\x1bz\xc3dA\xca\bH\x0e}o\xd4z\x88\n\x01dEW\xe6?\xf3\xb9&\xe8\xaa%\xcf\xcb\x8e\xdb\x13\xef\x16\xc6'}, {0x20, '/dev/mixer\x00'}, {0x20, '/dev/net/tun\x00'}, {0x20, 'syzkaller0\x00'}], 0xa, "1bc87e7726a8bad0f76fe083e5f4fa76db9682289899a75b9955dcf73ba14708c276940d6588fcd8d3c3c6296ac41188efc8de7e2cbcc650"}, 0x163) (async)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_pktinfo(r6, 0x0, 0x19, 0x0, 0x0) (async)
shmctl$IPC_RMID(0x0, 0x0)

6m31.735178424s ago: executing program 2 (id=1503):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}, 0x4)

6m30.917577265s ago: executing program 32 (id=1503):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}, 0x4)

4m19.896114711s ago: executing program 5 (id=1939):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x38, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x38}}, 0x4800)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TCSETS(r1, 0x545c, &(0x7f00000000c0)={0x1, 0x1000003, 0x0, 0x0, 0x0, "43e6323cce19dc42a867c4e745c80552a700"})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc219, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x30, 0x2, 0x3, 0x0, 0x4, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x6, 0xa0, 0x82}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000140)={0x14, &(0x7f0000000e80)={0x40, 0x31, 0x21, {0x21, 0x1, "832cf0d0c96cbccd855e4191044fed5e4c697cd613d4b735d18274b4032679"}}, 0x0}, 0x0) (async)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000140)={0x14, &(0x7f0000000e80)={0x40, 0x31, 0x21, {0x21, 0x1, "832cf0d0c96cbccd855e4191044fed5e4c697cd613d4b735d18274b4032679"}}, 0x0}, 0x0)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) (async)
r4 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$apparmor_exec(r4, &(0x7f00000000c0)={'exec ', ':\x00\b\xc4\x99\x10\tI\xc22b\xe8\r\xfa\xc1\xd6-\xe5\xd3-\xce\xeapE\xb53&\v\xa0\xd3\v#E\xc4I\x97\xfd'}, 0x2a)
syz_open_dev$dri(0x0, 0x8000000000000200, 0x705801)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) (async)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
close(0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
socket$inet6(0xa, 0x80002, 0x0) (async)
r5 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000001bc0)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000001bc0)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f00000003c0)={@remote, 0x1d, r6})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00', <r9=>0x0})
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000300)={@remote, r9}, 0x14) (async)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000300)={@remote, r9}, 0x14)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]})
close_range(r10, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r11 = socket(0x40000000015, 0x5, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000340)={0x0, 0x53, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40808c5)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0) (async)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0)

4m17.824567567s ago: executing program 5 (id=1947):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000801}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001100), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0xfffffffffffffe8e}, './file0\x00'})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0xac, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x4, [0x8, 0x2, 0x6, 0x3, 0x6, 0x6, 0x1, 0xa, 0x0, 0xe, 0xf, 0xa, 0x2, 0x6, 0xd, 0x2], 0x1, [0x8, 0x800, 0xd09, 0x5, 0xff62, 0x2, 0x1, 0x2, 0x3, 0x6, 0x2, 0x3, 0x4, 0x4, 0xfff, 0xfff8], [0x1, 0x41e, 0x2, 0x7, 0x1, 0x9, 0x2, 0x0, 0x9921, 0x1, 0x1ff, 0x4, 0x7, 0xeb11, 0x4, 0x401]}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0xc89f, 0xffff5ef5, 0x0, 0x19, 0x3}}, {0x4}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x3}, 0x20004004)
getdents(0xffffffffffffffff, &(0x7f0000000340)=""/247, 0xf7)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x800, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r8=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, &(0x7f00000001c0)={r8}, &(0x7f0000000280)=0x8)
ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0)

4m17.508246968s ago: executing program 5 (id=1948):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x5, 0x35, &(0x7f0000000500)={{0x12, 0x1, 0x0, 0x4a, 0xaf, 0x36, 0x20, 0x572, 0x58a5, 0x270a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x9, 0x1, 0xa3, 0x7d, 0x7e, 0x3, [], [{{0x9, 0x5, 0x0, 0x0, 0x40, 0x2, 0x4, 0x1, [@generic={0x8, 0xb, "906db7cfad36"}]}}]}}]}}]}}, 0x0)

4m15.062115537s ago: executing program 5 (id=1956):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x400)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c, 0x0}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, 0x0, 0x78)

4m14.107175952s ago: executing program 5 (id=1958):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x108) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async, rerun: 64)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) (async, rerun: 64)
modify_ldt$write(0x1, 0x0, 0x0) (async, rerun: 32)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) (rerun: 32)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006340)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x1, 0xc18da8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) (async)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x0)
r5 = dup2(r4, r2)
openat$dsp(0xffffffffffffff9c, 0x0, 0x8041, 0x0) (async)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000100)={0xa, {0x13, 0x3, 0x35, 0x100000000, 0x7}}) (async, rerun: 64)
timer_settime(0x0, 0x1, &(0x7f0000000340), 0x0) (rerun: 64)
syz_kvm_setup_cpu$x86(r5, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f00000000c0)="67f20f1e73046564d8fb26660f383719c4e1796e390f09263bfb0f01c40fc7983d0000000f06440f20c03505000000440f22c0", 0x33}], 0x1, 0x10, 0x0, 0x0)

4m13.814387409s ago: executing program 5 (id=1960):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='pids.current\x00', 0x275a, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
epoll_create1(0x80000)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x5)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$kcm(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_io_uring_setup(0x2fba, &(0x7f0000000200)={0x0, 0x5eda, 0x10100, 0x2, 0x321}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_usbip_server_init(0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x9, 0x0, @fd_index, 0x0, 0x0, 0x0, {0x5203}, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x7330, 0x0, 0x0, 0x0, 0x0)

4m13.142713484s ago: executing program 33 (id=1960):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='pids.current\x00', 0x275a, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
epoll_create1(0x80000)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x5)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$kcm(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_io_uring_setup(0x2fba, &(0x7f0000000200)={0x0, 0x5eda, 0x10100, 0x2, 0x321}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_usbip_server_init(0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x9, 0x0, @fd_index, 0x0, 0x0, 0x0, {0x5203}, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x7330, 0x0, 0x0, 0x0, 0x0)

3m17.032891033s ago: executing program 6 (id=2152):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000200000000000000000000000000000000000000000000070000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)

3m16.725039264s ago: executing program 6 (id=2153):
socket$packet(0x11, 0x3, 0x300)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
fcntl$setsig(r5, 0xa, 0x33)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001})
epoll_wait(r2, &(0x7f0000000340)=[{}], 0x1, 0x1000)
epoll_pwait(r5, &(0x7f0000000280)=[{}], 0x1, 0x10001, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345})
r6 = syz_io_uring_setup(0x802, &(0x7f0000000480)={0x0, 0xbdbb, 0x10, 0x1, 0x34f, 0x0, r0}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x13, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x42, 0x4, 0x350, 0xffffffff, 0xf8, 0x1b0, 0xf8, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x2, 0x2, 0x0, 0xc}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @multicast2, 0xffffff00, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0xe0, 0x108, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x9, 0x2}}, @common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000200)}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r7, r8, 0x0)
io_uring_enter(r6, 0x47bc, 0x0, 0x21, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000014c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xa2f5}]}, 0x34}}, 0x0)

3m15.658729302s ago: executing program 6 (id=2158):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
r9 = accept(r6, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
sendmsg(r8, &(0x7f00000014c0)={&(0x7f0000001040)=@ll={0x11, 0x8, r10, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x80, &(0x7f0000001440)}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f00002a2000/0x3000)=nil, 0x3000, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f00004fd000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f000015a000/0x2000)=nil)
mlock(&(0x7f00001b5000/0x400000)=nil, 0x400000)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000200000000000000000000000000000000000000840000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f0000000680)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)

3m14.387621226s ago: executing program 6 (id=2161):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x129041, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x81) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x81)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) (async)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x0, 0x4}) (async)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x0, 0x4})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000020000040"])

3m13.440060671s ago: executing program 6 (id=2167):
socket$inet(0x2, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000010401010000000000000000000004000500010001"], 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}}, 0x2000004)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000080)={<r3=>0xffffffffffffffff, 0x2000, 0xffffffffffffffff, 0x8})
close_range(r3, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x4000000805, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r4 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x1, 0x0, 0x0, 0x5, 0xfffffffffffffffa}, {0x0, 0xfffffffffffffffc, 0x2}, 0xffffffff, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x32}, 0x2, @in=@local, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
epoll_create1(0x0)
r5 = getpid()
syz_pidfd_open(r5, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
syz_usb_connect(0x4, 0x5a, &(0x7f00000001c0)=ANY=[], 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(0xffffffffffffffff, &(0x7f0000000300)=[{0x4, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control={0x1}}], 0xc4)

3m13.22071294s ago: executing program 6 (id=2170):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"])
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"])
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"]) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"]) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328) (async)

3m12.787459852s ago: executing program 34 (id=2170):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"])
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"])
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"]) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"]) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328) (async)

24.200350281s ago: executing program 4 (id=2760):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d61637365630000040002800800", @ANYRES32=r2, @ANYBLOB='\b'], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x12, 0xd0, 0x0, 0x11, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_spirange={0x2, 0x10, 0x7, 0x4d2}, @sadb_address={0x5, 0x5, 0x6c, 0x20, 0x0, @in6={0xa, 0x4e22, 0x6, @private1, 0xc1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x4, 0x0, 0x6e6bb2, 0xc9a7, {0x6, 0x6c, 0x7, 0x5, 0x0, 0x4, 0x0, @in6=@rand_addr=' \x01\x00', @in6=@mcast1}}]}, 0x88}}, 0x8c0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYRESDEC=r4], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

24.144186951s ago: executing program 4 (id=2761):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
r9 = accept(r6, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r2, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
sendmsg(r8, &(0x7f00000014c0)={&(0x7f0000001040)=@ll={0x11, 0x8, r10, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x80, &(0x7f0000001440)}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f00002a2000/0x3000)=nil, 0x3000, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f00004fd000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f000015a000/0x2000)=nil)
mlock(&(0x7f00001b5000/0x400000)=nil, 0x400000)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000200000000000000000000000000000000000000000000000000fcfdffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f0000000680)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)

22.764053246s ago: executing program 4 (id=2764):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x40002)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, &(0x7f0000000200))
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000001200)={0x18, 0xef9, 0x1})
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r5, 0x1000f0000)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000b4000040"])
write$binfmt_register(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000140), 0x8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r7, 0x8982, &(0x7f0000000380)={0x0, 'bridge_slave_0\x00', {}, 0x1ff})
sendto$inet6(r6, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r8 = getpid()
r9 = syz_open_procfs(r8, &(0x7f00000000c0)='net/hci\x00')
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r9, 0x18, &(0x7f00000001c0)={0x1ff, r2, 0x10, {0x100}, 0x5}, 0x1)

21.096090365s ago: executing program 4 (id=2767):
r0 = socket(0x10, 0x3, 0x0) (async)
r1 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) (async)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000000)={r3, 0x8}, 0x8)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x3, 0x4) (async)
sendto(r0, &(0x7f0000000340)="12000000121ee7ef007b042313e0e0e79b07", 0x12, 0x4000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0xfffffffffffffffc, 0x0, &(0x7f0000000700)=""/23, 0x17}, 0x80009}], 0x16c, 0x10002, 0x0)

10.442119179s ago: executing program 1 (id=2795):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x1, 0x2, 0x6, 0x1, 0xa8, 0x40, 0x3, 0x8, 0x1, 0x1, 0x78, 0x8, 0x9f, 0x5}, 0xe)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xe0ffffff00000000}}, 0x1c)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000003bc0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x4, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc1105511, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000e1"])
sendmsg(r2, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x8010, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
r9 = syz_io_uring_setup(0x2a01, &(0x7f0000000100)={0x0, 0xa530, 0x4002, 0x2, 0x2c3}, &(0x7f0000000200), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_IOWQ_AFF(r9, 0x11, &(0x7f0000000380)="0e5aa766adc567d666e648cd014e76cd7125916bc1ee4f4a7648dbd8f320cf498775919af798d17617c4e2adc807283efdf7c35e549a3f3f172b60e4e7181e4abe5dacb787584521225b075715b6450a430d5548fef5f9cd93d79443f07f5a6189c3a91230eaff916d6b4e48c240f8a52532040c7dba65f749ddb96e0a3599817de5f6fc42c915a6a420f3942fe8b245765e1056ca08750a4a3c5f28ffee4c546132fc459d3ac2292314", 0xaa)
close(r7)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000080)={0x1000, 0x100000, 0x8})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x4, 0x0, 0xc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0xffffffffffffffda}, 0x10)

9.940024188s ago: executing program 0 (id=2796):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'veth0_to_bridge\x00', 0x10})
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
unshare(0x2c020400)
syz_io_uring_setup(0xf04, &(0x7f0000000180)={0x0, 0xdb0d, 0x3f, 0xfffffffe, 0x24000}, 0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x8, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FIONCLEX(r4, 0x5450)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x800, 0xfffffffe)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x68442, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r10, {0x5, 0x7}, {0x0, 0x8902}, {0xa, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r11, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)

8.349402412s ago: executing program 1 (id=2802):
socket$can_bcm(0x1d, 0x2, 0x2)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r1, {0x1}, {0x9}, {0xfff2, 0x6}}}, 0x24}}, 0x40044)
syz_usb_connect(0x0, 0x43, &(0x7f0000000140)=ANY=[@ANYBLOB="120100000fc2f708210435030e5f0004000109023100010000000009040000000202ff000505240000000d240f010100000000000000000424130004241300"], 0x0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c010000", @ANYRES16=r3, @ANYBLOB="200028bd7000fcdbdf250e00000014000380060004000900000008000300010000005000028008000800ff0700000800090004000000140001000000000000000000000000000000000006000b001c00000006000e004e220000080007000200000008000800fbffffff06000b000a000000400003800800030000000000060007004e220000060007004e2200000600040081000000064cd5b4022355bb0b060007004e20000014000600000000000000000000000000000000013000038006000400060000000600040000080000080001000000000014000600200100000000000000000000000000010c000180060002000008000600050000002c00028008000800010000000800080007000000060002004e22000006000b000a00000006000e004e23000014000180060004004e200000060004004e21000044fef3f4eba51bd2fef7f5bc9340f4da94e35f685e414a4adac2bd04369912c3cb05073c89656683f2d426335d6a084a509a259432dd2f37e4894ec2477cfbf50c9805bdac90e591d20a4d71a331f4179a849171357d98e46e86add4d4948874ff41338f5ab2feb8f1e1b567940a947d25c6ca1f185f6997c262732517593bb7679b4e6954bd853343a417ccaa39c0060d93a6e2f8dac0010374a0398f847da930eabc3045ddcd1c118e6d3d414cb4b1324b8566a8cd87586a77ec944ec02f79b66100544731fea9306a8a657921438aea6291891391ab46256590a165611d064f2ebd08ac22a251223891230e29519e09fac08399963209e1fe55f784ac518d695a0a7939e15f4cbbb51946747b58521b31979f88fee0e14378319f03209eaa8cd935c11baf5868eb9290d28a70aad45c7072072719cbf6b31bb94ae266a4dccc983c6fd4e944790a4c61f2add0afee62124e7c2ded2ad0df42aabcb04c5adb2caa14c166c103b9db34574b8cc290652c5de5b2efa658e193fe7fda389e19a68d19c6cb2c77368f47b52ac3df7dcc306b697ceb6f217d4d924d9eca2ba8dcc62e5577b39982e0a12fd5dc75d72783d693c1e6d0071b898fb53084eeb21578b817c1b742b2eccc81039f7a35c99c6524d5190aa0e510c5"], 0x13c}}, 0x4000000)

8.072416419s ago: executing program 3 (id=2803):
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000420000003c00128008000100677470003000028008000200", @ANYRES32=r1], 0x5c}, 0x1, 0xba01}, 0x0)
close(r1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = add_key$keyring(&(0x7f0000000600), &(0x7f0000000640)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$update(0x2, r3, 0x0, 0x0)
r4 = dup2(r2, r2)
r5 = socket$kcm(0x29, 0x0, 0x0)
r6 = getpid()
syz_pidfd_open(r6, 0x0)
fcntl$setown(r5, 0x8, r6)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000880)={@mcast2, @private1, @mcast1, 0x0, 0x6, 0xc, 0x0, 0x2, 0x4800000})
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={0x0, @local}, &(0x7f0000000080)=0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8923, &(0x7f0000000040)={'bond0\x00', 0x1001})

7.519402993s ago: executing program 3 (id=2804):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000200000000000000000000000000000000000000000000000000fcffffff000000000000fffff90000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)

7.328163595s ago: executing program 3 (id=2805):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000240)=0x9, 0x4) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = epoll_create1(0x80000) (async)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0xa000000d}) (async)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000300)={0x10000000}) (async)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000600))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0x10020})

6.986674889s ago: executing program 3 (id=2806):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
request_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='(\x00', 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8582, 0x0)
syz_usb_connect$cdc_ecm(0x6, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f0000000280)=ANY=[]}]})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x6, 0x0, 0xff16)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x5})
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100000000e51f0304306000000000000109022400010000000009040000010300000009210000000122020009058103000000c603bbac000014d3e92c2ae056a9631c6a404d2468cd8259f75f3a22f17a87764c306513929f0cb7753cb687a3b74fa93697374383d109afe780dd05778f25bdc7069781e549117bbdda11f077ade688b8c1acd301cee7c5804aa220053c58ce2e57a68d4cc04e44ac82d63a64796f1d738995f26a79a56becb68eea6ab100d5fd7948c6d769ab5cf7e9a0ed53246b1a3eebb609000000e5d1ce8c4f1c792c63226a1bb854527fa3ee6cd0877be3689fc05b7fecdbeacd5f60ffc6"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, ')'}]}}, 0x0}, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

6.583887599s ago: executing program 1 (id=2807):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r4 = socket$inet(0x2, 0x3, 0x33)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x7ff, 0xb6, &(0x7f0000000680)=""/182, 0x41100, 0x52, '\x00', 0x0, @fallback=0x28, r3, 0x8, &(0x7f0000000740)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000780)={0x4, 0x7, 0x7, 0x7ff}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[r3, r3, r3, r3, r3, r3, r3, r3, r3], 0x0, 0x10, 0x93, @void, @value}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_ext={0x1c, 0x15, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000ff7f000000000000080000001832000005000000000000000000000018430000feffffff000000000000000018580000040000000000000000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000200000007b8aece9fdd80000af24ab675679c53707020000f8ffffffb703000008000000b7040000010000008500000082000000184300000600000000000000000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x4a, &(0x7f0000000540)=""/74, 0x40f00, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x6, 0x3, 0x8}, 0x10, 0x1d1ba, r5, 0x7, 0x0, &(0x7f00000008c0)=[{0x5, 0x2, 0x2, 0x3f30be3e9186fa20}, {0x4, 0x3, 0x9, 0x4caa60ccf5eb552a}, {0x0, 0x4, 0x2, 0x4}, {0x1, 0x1, 0xd, 0x2}, {0x2, 0x2, 0x7, 0x6}, {0x4, 0x1, 0xb, 0x7a39496a27d15432}, {0x2, 0x5, 0xc, 0x4}], 0x10, 0x2, @void, @value}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
getsockopt$inet_mreqsrc(r4, 0x0, 0x53, 0x0, &(0x7f0000000040))
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a07000000000000000000020000000900010073797a30000000003c000000030a01020000000000020000020000000900010073797a30000000001a00030091abc12404cf378042"], 0x98}}, 0x0)
mbind(&(0x7f0000fec000/0x13000)=nil, 0x13000, 0x1, 0x0, 0x7, 0x1)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xffffffff, @empty}, 0x1c)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="03c8005bf0bbac31aab069a99f4c130796c7557b99794d13edddb7dda60ce3e546678499f7c5d489daa208b01605d54d331c7e0f18da662c4274e8cba3c4bbaa113cfc5a3c36572daba0ca413eec65f85eee3e6571"], 0x5f)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b75000905832270f3a848b4a278483944cf6d3a"], 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty}}, 0x0, 0x1, 0x3bf8580d, 0x0, 0xb3550aa4ba878396, 0x2}, 0x9c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x9}, {0x3, 0xffff}, {0x3, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40500d5)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c0002800600020020"], 0x50}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)

6.548711961s ago: executing program 0 (id=2808):
r0 = socket(0x28, 0x5, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
accept$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000240)={0x2a, 0x6, 0x0, {0x5, 0x5, 0x1, 0x0, '!'}}, 0x2a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x40800, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
r4 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x36c4, 0x10100}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r8, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000280)=""/204, 0xcc}], 0x1}, 0x0, 0x80002101})
io_uring_enter(r4, 0xd81, 0x0, 0x0, 0x0, 0x0)
write(r7, &(0x7f0000000200)='~', 0xf5)
setsockopt$sock_attach_bpf(r3, 0x84, 0x72, &(0x7f0000000000), 0xc)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x4}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x90}}, 0x0)

6.152453026s ago: executing program 0 (id=2809):
r0 = syz_usb_connect$hid(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000404355220500000000000109022400010000000009040100010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000440)={0x24, &(0x7f0000000040)={0x0, 0x11, 0x5, {0x5, 0x0, "b53a25"}}, 0x0, 0x0, 0x0}, 0x0)

4.21733318s ago: executing program 7 (id=2811):
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = socket$unix(0x1, 0x1, 0x0) (async)
r1 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r1)
r2 = socket$xdp(0x2c, 0x3, 0x0) (async)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r4=>0x0}) (async)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) (async)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) (async, rerun: 64)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) (rerun: 64)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r7=>0x0}) (async, rerun: 64)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000180)=0x10, 0x4) (rerun: 64)
setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) (async)
bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) (async)
bind$xdp(r2, &(0x7f0000000240)={0x2c, 0x1, r4, 0x800000, r5}, 0x10)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
listen(r8, 0x0)
shutdown(r0, 0x0) (async)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async)
r11 = eventfd2(0x0, 0x80000)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x0, 0x8, r11}) (async, rerun: 64)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x0, 0x3000, 0x0, r11}) (rerun: 64)
ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000080)={0x5002, 0x3000, 0x8, r11})
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept(r8, 0x0, 0x0)

3.828290549s ago: executing program 3 (id=2812):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f00000000c0)=""/4078, &(0x7f00000010c0)=0xfee) (async)
getsockopt$inet_buf(r0, 0x0, 0x28, &(0x7f00000000c0)=""/4078, &(0x7f00000010c0)=0xfee)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001100)=ANY=[@ANYBLOB="440000001000010400000000fc4fc1ae0bdbdf25e54edcf2f177553871d3870188ffa391c0a3e9bb0d768abafc9934c871b1e873cfc2315a1368f58bbbb39152c88e6dfb8a324ca5159ac836f819e7c497f827f8d0cea3406f447ab71cae7614f0686bc6a203eb3348e44ae48480cd09ff808e64f44367ea76570ea3089ae779f5c2cefa98a650daf53c4d", @ANYRES32=0x0, @ANYBLOB="00000000202000002400128009000100626f6e640000000014000280050001000400000008000400220c0000"], 0x44}}, 0x0)

3.121244645s ago: executing program 0 (id=2813):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = syz_io_uring_setup(0xec5, &(0x7f0000000000), &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x4000, &(0x7f00000001c0), 0x1, 0x40}) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r5 = syz_io_uring_setup(0x6883, &(0x7f0000000740)={0x0, 0x101828, 0x10100, 0x3}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) (async)
io_uring_enter(r5, 0x2deb, 0x5f8b, 0x6, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0) (async)
io_uring_enter(r2, 0x2, 0x10a5, 0x3, 0x0, 0x0)

2.425437921s ago: executing program 0 (id=2814):
socket$packet(0x11, 0x3, 0x300)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x0)
fcntl$setsig(r5, 0xa, 0x33)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001})
epoll_wait(r2, &(0x7f0000000340)=[{}], 0x1, 0x1000)
epoll_pwait(r5, &(0x7f0000000280)=[{}], 0x1, 0x10001, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345})
r6 = syz_io_uring_setup(0x802, &(0x7f0000000480)={0x0, 0xbdbb, 0x10, 0x1, 0x34f, 0x0, r0}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x13, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x42, 0x4, 0x350, 0xffffffff, 0xf8, 0x1b0, 0xf8, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x2, 0x2, 0x0, 0xc}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @multicast2, 0xffffff00, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0xe0, 0x108, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x9, 0x2}}, @common=@socket0={{0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000200)}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r6, 0x47bc, 0x0, 0x21, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000014c0)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}}, 0x0)

2.069315068s ago: executing program 7 (id=2815):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth1_to_bridge\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000008c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x44080)

2.065835107s ago: executing program 1 (id=2816):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xd9, 0xd0, 0xc0, 0x10, 0x1a0a, 0x104, 0xddd4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe2, 0x3e, 0x60}}]}}]}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x400000d)
r2 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r2, 0x0, 0xcf, 0x0, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth1_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000008c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x44080)

2.00805638s ago: executing program 3 (id=2817):
fcntl$notify(0xffffffffffffffff, 0x402, 0x69)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
syz_open_dev$vbi(0x0, 0x0, 0x2)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000000140), 0x0, 0x22, 0x0) (async)
recvmmsg(r1, &(0x7f0000000140), 0x0, 0x22, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40500000040000061107500000000006605000000e3000095000000000000001e6443165316606826570673bd2015c43a9334a136ff04a6ed8d044bcadbd5681eeb13a486a6672414270acfad927fa112e1ed0ea257d0faff057ae67db946f94cc0f40f17c4454ca4dddacb0670b381446a93ffa6e7f1acc3c7b9a32f3735c11887122f4e4c090702a196afb7429e7bbe719d312a1280630c2b50d279a9c2a292027134f755125ee8423af5eb0d984344a35400a7dda797b6e2bfebd839ff07f3d916ef3ac97176d8687a67cb82a2fb494ba644a7c90a2cd6b75bcfb934d1033e0a5341b324c10e1cc16c507483300aa357d01cd65751366e99257ea3057840"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40500000040000061107500000000006605000000e3000095000000000000001e6443165316606826570673bd2015c43a9334a136ff04a6ed8d044bcadbd5681eeb13a486a6672414270acfad927fa112e1ed0ea257d0faff057ae67db946f94cc0f40f17c4454ca4dddacb0670b381446a93ffa6e7f1acc3c7b9a32f3735c11887122f4e4c090702a196afb7429e7bbe719d312a1280630c2b50d279a9c2a292027134f755125ee8423af5eb0d984344a35400a7dda797b6e2bfebd839ff07f3d916ef3ac97176d8687a67cb82a2fb494ba644a7c90a2cd6b75bcfb934d1033e0a5341b324c10e1cc16c507483300aa357d01cd65751366e99257ea3057840"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r4, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYBLOB="7d7a1a1a587621820da214a80d403e29c29a46063a8b786f976de5ab6eaeaae1e53eb5b00c2eb32581e41eddfc6644ae8cb7e22d5ac07b90da0ede494a"], 0x58}}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
write$nbd(0xffffffffffffffff, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000140))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0) (async)
getdents64(0xffffffffffffffff, 0x0, 0x0)
socket$isdn(0x22, 0x3, 0x10)
mknodat$null(0xffffffffffffff9c, 0x0, 0xc000, 0x103) (async)
mknodat$null(0xffffffffffffff9c, 0x0, 0xc000, 0x103)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)

1.915573205s ago: executing program 4 (id=2770):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000005c0), 0x8240, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000002000))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000020c0)={0x10})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
syz_open_pts(r2, 0x141601)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/igmp6\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = landlock_create_ruleset(&(0x7f00000000c0)={0x4, 0x0, 0x2}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000080)={0x2812, 0x1}, 0x18, 0x0)
landlock_restrict_self(r6, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r4, 0x0)
connect$unix(r3, &(0x7f0000000640)=@file={0x1}, 0x6e)
socket$tipc(0x1e, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x1)

1.789108334s ago: executing program 7 (id=2818):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001a000100000000000000001881000000004000000000000008000f"], 0x24}}, 0x0)

1.433419411s ago: executing program 7 (id=2820):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, 0x0, 0x0) (rerun: 64)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) (async, rerun: 64)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
listen(r1, 0x5) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000100), 0x2000000, 0xe2001) (rerun: 64)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41e43, 0x8) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000003, 0xfffffefa, 0x6}, 0x10) (async, rerun: 32)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r2], 0x1c}}, 0x804) (async, rerun: 32)
accept(r1, &(0x7f0000000080)=@can, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
socket$inet6(0xa, 0x3, 0x8000000003c)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (rerun: 32)
syz_open_procfs(0xffffffffffffffff, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x66}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
socket(0x2, 0x80805, 0x0) (async)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b', @ANYRES32=0x0, @ANYBLOB], 0x30}}, 0x0)

1.087162046s ago: executing program 7 (id=2821):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000006}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900030073797a32000000000c00024000000000000000010900010073797a30"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1})
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2)
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000000000)="a5ce", 0xfed0)
r5 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
splice(r3, 0x0, r5, 0x0, 0x7fff, 0x6)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200000000000006}, 0x18) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900030073797a32000000000c00024000000000000000010900010073797a30"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x10) (async)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2) (async)
pipe(&(0x7f00000000c0)) (async)
write$binfmt_misc(r4, &(0x7f0000000000)="a5ce", 0xfed0) (async)
openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
splice(r3, 0x0, r5, 0x0, 0x7fff, 0x6) (async)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) (async)

885.120622ms ago: executing program 4 (id=2822):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000100)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x3, 0x55, 0x7e}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x3, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x10000, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x120, &(0x7f0000000200)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10e, 0x2, 0x1, 0x3, 0x10, 0x5b, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "f91f"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x9, 0xfff8, 0x7, 0x7}, {0x6, 0x24, 0x1a, 0x1, 0x2}, [@mbim={0xc, 0x24, 0x1b, 0x6, 0x5, 0x1d, 0x8, 0x59, 0xb}, @mdlm_detail={0x94, 0x24, 0x13, 0xe4, "6be40059cf5b911e5d68c14e7e8435704e0e854cf40d241207bac9c0bb55e63443e55191ef496d49ac736d0735eac63b4e93ca912db7260d7cd6afb7284d7de9523487d0fe02bf016d1d65bdc2a68ef1e55b04ffe21bb86bd395fd5ad47379e45660f90433768b8e1e5929da53a5f91cd9ff1d1b1f33ef5c4a65165c04d88c7915f59ae4a4a21600ce3a15e5ba3dcd33"}, @mbim={0xc, 0x24, 0x1b, 0xfc5f, 0x9, 0xab, 0xc, 0x8, 0x9}, @acm={0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x7f, 0xf8, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0xf8, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x9, 0x3, 0x7}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x210, 0xe, 0x80, 0x8, 0xff, 0xff}, 0x5, &(0x7f0000000040)={0x5, 0xf, 0x5}})
ioctl$EVIOCGMASK(r2, 0x5b04, 0x0)

709.948505ms ago: executing program 0 (id=2823):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x1, 0x2, 0x6, 0x1, 0xa8, 0x40, 0x3, 0x8, 0x1, 0x1, 0x78, 0x8, 0x9f, 0x5}, 0xe)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000003bc0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x4, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc1105511, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000e1"])
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x8010, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
r9 = syz_io_uring_setup(0x2a01, &(0x7f0000000100)={0x0, 0xa530, 0x4002, 0x2, 0x2c3}, &(0x7f0000000200), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_IOWQ_AFF(r9, 0x11, &(0x7f0000000380)="0e5aa766adc567d666e648cd014e76cd7125916bc1ee4f4a7648dbd8f320cf498775919af798d17617c4e2adc807283efdf7c35e549a3f3f172b60e4e7181e4abe5dacb787584521225b075715b6450a430d5548fef5f9cd93d79443f07f5a6189c3a91230eaff916d6b4e48c240f8a52532040c7dba65f749ddb96e0a3599817de5f6fc42c915a6a420f3942fe8b245765e1056ca08750a4a3c5f28ffee4c546132fc459d3ac2292314", 0xaa)
close(r7)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000080)={0x1000, 0x100000, 0x8})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x4, 0x0, 0xc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0xffffffffffffffda}, 0x10)

636.121013ms ago: executing program 7 (id=2824):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
eventfd(0x9ff)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
keyctl$restrict_keyring(0x1f, 0xfffffffffffffffc, &(0x7f00000001c0)='id_resolver\x00', 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
r1 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000480)=ANY=[@ANYBLOB="12010102000000506a05f60040000102030109022d000101047c8009040005020301010a09210000000003ff0303cfe8b8c1ff0c090502030004c20500fc72351ec5f2de1404eb77f1f425c1bea20bfa5f40e6ff0aeff037e0"], &(0x7f0000000680)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0xfe, 0xb, 0x2, 0x40, 0x7}, 0xd, &(0x7f0000000140)={0x5, 0xf, 0xd, 0x1, [@generic={0x8, 0x10, 0x1, "ae1606852c"}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x44b}}, {0x0, 0x0}, {0xf8, &(0x7f0000000200)=ANY=[@ANYBLOB="f8036ccba657a09adaeeb2d1a11e7f0c5e489c243e6a5fcd79d2a74e51f06200029fa9b28d0a6c2317ff3ef86e1cc287d5a65fdcbbc1b449c6a4c352aa81d4a90142bb1ca3f0c141363cf9572772d8249eddad46a7e5b6fb89e23a3409d8e88f511e05e6ad7f0d81c51d246a147f4cdad1e6326facc88be61c714a"]}]})
syz_usb_control_io(r1, &(0x7f0000000a40)={0x2c, 0x0, &(0x7f0000000840)={0x0, 0x3, 0x70, @string={0x70, 0x3, "d6a9107de2fa1400741b79acae8f2f4518a0e37de7dca784052a29fb82a6e9b5b3192fe6aa0821f16fd164148e0c2fa5481f9e06586791b916122948de70d81ec15cff3d30bdfef14d68ce4eaae9032ef60320fa350657f613ae0e78d82e580f7576e9d8f286e5e0eb1bf2e269ff"}}, &(0x7f0000000900)={0x0, 0xf, 0x9a, {0x5, 0xf, 0x9a, 0x3, [@generic={0x14, 0x10, 0x3, "ab9d12c48d81149c3c32f4f4eafc8969bd"}, @generic={0x75, 0x10, 0x1, "daca1783d614d16e33551c256297c49afc161edd1b59a50e860dc814bd7a77262be26511e41e493b1c72d6322243adba612105de52bd289c6fc9d128e97f7e56c647a6474f33dda26d5ac5583d081c3dc6271dbebd096ccc46830845a64d83d280abf46b26c47a3f9b11f1dc246c5efa946c"}, @ssp_cap={0xc, 0x10, 0xa, 0x0, 0x0, 0x9, 0xf0f, 0x859a}]}}, 0x0, &(0x7f0000000700)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x18, 0x5, 0x2, 0x7f, 0x3ff, 0x1}}}, &(0x7f0000000e80)={0x84, &(0x7f0000000a80)={0x0, 0x13, 0x4, "ee63518b"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000b00)={0x0, 0x8, 0x1, 0xf5}, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB], &(0x7f0000000bc0)={0x40, 0x7, 0x2, 0xa}, &(0x7f0000000340)={0x40, 0x9, 0x1, 0x8}, 0x0, &(0x7f0000000c80)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000cc0)={0x40, 0x13, 0x6, @multicast}, 0x0, &(0x7f0000000d40)={0x40, 0x19, 0x2, "9615"}, 0x0, &(0x7f0000000dc0)={0x40, 0x1c, 0x1, 0x5d}, &(0x7f0000000e00)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000e40)={0x40, 0x21, 0x1, 0x7}})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@map, 0xffffffffffffffff, 0x2e, 0x20, 0x0, @void, @void, @void, @value}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000006f80)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
recvmmsg(r5, &(0x7f0000004940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002e80)=""/19, 0x18}, 0x3}], 0x1, 0x2, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
writev(r6, &(0x7f0000001340)=[{&(0x7f0000001e80)="094343483c6b10e8d1f49bfb95c03fe2c916bab5305046447781ff5554c9be2ab892c11010686df720415521866db615de6ca80ce6a57c925cac36bc821434ef0927d2dc2c2fe5d9de50b3033ec1ad407b4c46fc8e5588fc446c063dda02549f62b500b5a45e30a77cee2aaf1d46141a1d68efe42d03925fbd4833b802cc6bf7cadf92e04d71be46ded1fef85a088b61e346e0d6b98c9dc1a880c9e4d9691fa5d19eb51b822d192a162dc8baf33f228d29090508526c29a18fc9744999d196ea2cd6097b2e927e007c891f2e80797f4f1bd32466b3cbb2ee62e9a65bfc418c63ec75c070d81449c09a078d983ba31d7780cd3c9ee75387a9510429b864cf007b48dbed8b72c6aad70806d98c8950440111db974816b79a88d673d051268323906d3463962508b1a9d9734b89b9980e4302f76b03beeb7e27bee9236c08dd2c4726d13afae0c7d6cd0ef28525a3be7b0ad98c0a01e5f8c3134cbc27b539b4be7d772737f0f54ffa8950a556a9388b7b4b4e81e944b63d84dd91a02106ca2653aea55dc55b25f2d7de7ec1e6f18b7d3d878e24260d83ce641a60ab9721b5d8c9ff828df59aa374eeda84a51a18ea1a93865b769b33d2b8ac06148c170a17ac846515cc7bfe5f61fde86776f72741b5d6d5df7be6c6205cd5f4c2139fde2a05b9dafff068ba3f957a90b46707e08277a098405faec5bbb90c7ebed2d79f8a5770780a86df6474cd37e7930f2c21838346559ce184fd64a8c4cc367b9d1f2cea52b81b5dc910b07cf564fddb338822a91895690668c5301157383851d525f73c258fe54b0d7768b0744e43a7b8e4d5ad5d88480095303633275de4d02ea664bdd8844e1dd4476cf6e19508e8b8bd767997889432dd68413b93720b50faaa72f6b633de0f91faac2435a51ee6c1a873803b321b4d6aab00a285338bb57e6806c06d46ae6101533c68a7436a14afd5e26219444cc98983ef2b7133478ae3f41b3fbaf63b5b2c3f92035f29f43e3b35502cc6a2ce05b0a801f2c0bb319a2ff9f4acaca1b5715b3437dea3b3c6c10bf9e7b6669c21dfc72146dc5622107d4ce049a21c7136f67a30f2d4e322ac878dcadface49a820f8e32d09d6ec7b10858c5f31a6e722ca55db28fe3a9415655a91d99ac396e8b40c47ddb636a584ea3372fcaae0d040a297640d979d2f13fc6ea10c814b3a55c21e9f5cbf05ac6536c5f1cb4d528a564358b07f7e00b2f63bd5db8f7a9bfe95fe566eaff077eb708d839de41990a04bdf8c90270f2e56ce656d9b4428039b82b4a1350e62b4bf48e4253ca86a0c8620355474b73d76f932611db212781ca46d2b962e64c007bf4ff92c9e98aa1df916c83b97fd2eab5c2d89d331b80968a0977259fe27c17e0f0c91645065ba4da6c009361d69bd9d13f7d178cbb7731333bc5db7fde029cf9045f5ee2c0d1b0b5e82916796a9635b7dac82b9637fbdd2877e7d22a4de89fdbf8aec491a5776412fa66fd0eee93ce86d53ea82f997bc9f04dee136c7d0f64d86c54f534d3225387395ff3fa031256f31ec05583b9a76a464e63b8ee32fae5f890c416657468388dbe2b3c865ec202d8eed57f8ee39ffa2ac587e932f0b0bbad41aa01dd8aa24a61db4729f51666f56c7b933c605b88592f730b25bdfa14c82a1dbebb7bd1f0680f1f0439c17c015a798f9b46272878e329106299867e7e9a35536454b740df00051863a701cfdc2d9583dcb74f4062212974c449ebfbbb665dc113d347a51236ca6919081f4c07b2bcffd78bbeb88797d7f5ba6a3f6178200d5df4fb80927be478e19cc62ebc47a9df63180e33c523eaf401b2b39a69960868fe65ac1fb176b5d364d31311bd5048c8cf37eaf9e2d13e07e00017a510e1548ab7706da22346276aa5bf4947a45cb2189f2d60ee1b8989efa819271541e06979049c0c35cd5cc3dc7d44dee9e106dd08a41752e145214dd20fceba6e57fb31c989f62e4582fd0d6d576be49cc2d459fd0496541e7736dcb8ed1b0ba6d17ad14dba1fca6c2b0a955e399d81669774e6b96ae3a9cc44e6a40e6c41ee2f8d6d5b20cdfbfa62dbfda1898e45eea07d5f89c99911c10daee99fea65feca9100d75be59e5c159691d96c25e76c8d4c5ceda0d24317ed878a264ceef6b32c59067853a64b412b5544584ff9db4b01b5b239e8b4336ecf1ca714462b4b9bffad7abcc39ddff6e2f7bd66037c61856c336d544cca419b98c79f4801be4a8a73f68ed4303991e67cf15487abaa077461ed40e9b39307cffd291954796230803e27494055b777fd0f21c0cb3f7219bf9392ab779744412f324331aa853bc34f6e2bd180e2d6b668a9f759a93448380cdca902258207073225c7c04bed5b5b6ad761ab27acc552faca2841cabe1518e1160fb9276def0e0fa283139650e3c2f28bb4607d6c767e81491d347d736239a9c74cf18f4549f64d8ade02d62866107778de51390ccb749aee4baff84a7a318ef3e0f8f543d778dabd711eea08e0310c2a88602417be91fe93be78f3356bf33075a95a61f2e242926953ce27815f5b74d180344c6e3c1888260ffca71a5f8ef29cce8aa851477a96462259de907740aa7167eed3b10ddd15e33ed9d6136ad753aabffd409130111ca43578eb5ea16471b3c36661f61088024f90a4fecd5bfff7aefa6ef21fb9cf8630d544abc04124cc5afc28b3e096a9ed4fe4bae67de90ed7602b7c1a49b20da1628cc997b0154850b2ec8a56b0397875d5490de8b6931aa4b17bbe5e3f4cf3b2e9e5b2cbb9672f3ff658ef22a0718c1b456fe0d772ce28a0db6dbb3e85118ed1628f3f824f8331f4171e482359cf3f24920cdb0f437fd1f5133bb2aa371162c8b966828bb138963d35c45bc943fdf64246e87bb348427db273c2fc47de82a23acad8a41c01a2ace15f0217b581bfde3cf444516fb10fa54a154fdfbe16074dda95d5f99b91805d58849ca5e68df0a3902dd7fcc60477e4cef7cd548fa6f525cb9d6e6425c5091e04adb03851e7dd723d72e98dc8e439ec662765fc4e152a7f581ff6a4eb2918f6fea429b73190ffafb17dee3b482721c69000c751757e213242b5ef2dbba5c87381cdef00ad54da988a92b6137442b889a93df2d63eeab709759eef9e874be71359ccfabc1315b74903d4a9b1f13dd326c2d1a2cf8766e2a0be5f761a6513361d96ccadee9d143b7a37c8bb3873ca888f0e9d1a44ca2a610265ec5358c96b9feaa957bf625f70890b2cf0fb3040a1c919ad4deeecc8b9510d99c6597fcc970a350966d33f68be5d03ec58ff55187f3b4b742e51925cff780c681bf71a7ad6c1871e286689ec898aa13c2544ce4316c30f51397c91e9bd06ca60014bc105a735840f5658f26c4d37f3b98915619a91b83993ae07112a33296fdb9041100f2740aebde75cb26a8b2eb2a6681c9dbf4ab80b92cc2fd109780a95f5d3d7cccbc067cc37f8ee9b03825c3715818ec540257d1c1d41cb3092dd66f73cbf0aa27115a72a3d6da353cd4e72ba580543ed6be24bdec2543beddccce53d7ad819557132619f80bffa56af1e10d0f0a3195d974f220d7ec248c8374f22dddcc39153e98812d941fa2871f404a2d7d7aefa3c0f5c85449b25151ea2ab633bf412a3c6eaa8d00910053c108d3a456c5209a731f29abfab10772111c47a4c2e657b9881a59bb02f62937674ec2c3f9d9f75f6065ef9a8b79b5adb11c0fdeb535aa2a8d0807cac0044169446d5e6b44911497dff0a4724e8f7d1529fd0eef072be912e31633c3e9a9896c5bc93e911666420e2b1c21fcd8ac30dc61ac872d908477b61b72f3fa8118f2e72155ff91c9bc3cdd09ed143a435c3044c7e41f8a827d484e6b48a494382c9ce791c176f50a36a254dd287ab020e51a369f269f7cdcada4eaa2f1684d94983eb0b6d7edb7c96bb6813617c92f9f2", 0xae0}, {0x0}, {&(0x7f0000001280)="47fe09c820be60e573994840bf8a099b43e5088c7d991ccd62c36bb91954d58a98f032d02f72d73fcc51265d4d9399e3b5039cd9f5bee9a149656ac75d1c96fa64864dbba9883489b3daa5b8c9f59162b8c8eaea3eb7bcdb565ee7d31f881f3e614f9566684254b81d82cca41984fa290712af030e0057c7e6d6", 0x7a}], 0x3)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001e40)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r7, 0x0)
fadvise64(r7, 0x2, 0x0, 0x5)

141.750994ms ago: executing program 1 (id=2825):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

0s ago: executing program 1 (id=2826):
unshare(0x40000000)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0xe)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x13)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
io_uring_setup(0x6bca, &(0x7f0000000080)={0x0, 0x6e16, 0x0, 0xffffffff, 0x33c})
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f05e, 0x0, '\x00', @p_u32=0x0}})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000001c0005ddffffffffffffff000a000000", @ANYRES32=r3, @ANYBLOB="a1009400180001"], 0x34}}, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r5, 0x40284504, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, "4620f63a4e6b5c9b4410b99e0e549fcfdeb92566761ad1c34ca4a1abe476fa96"})
bind$can_raw(r0, 0x0, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400), 0x1, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(r6, 0x4004510d, 0x0)
r7 = creat(&(0x7f0000000080)='./file0\x00', 0x2a)
write$binfmt_script(r7, &(0x7f0000000240)={'#! ', './file0', [{0x20, '@(\\'}, {}], 0xa, "b19d64ea7fe845d040ef56855d72fce1e2036ba7b6c5344fce111e3adaa10949834b43c8a1192222327113791e873583dbee74187b57255eef15aa1e5d901392fdea4ad3736c170ab5f275040fcef86ea8f3e3eb325deefabb77b31462c0cc7acce482b4bdcc2e8dc0b1f49e4b28ae2d41487d4c3770b11e1fccfe18cbf8ed908e02ae867c9e134c850c12786574da1c2aec0e0c189b2c6ac9c5538853461fd1f265b48497f0b18ad3b6ef587e253e18898e9374da81c366dab15006d5842db8315c5e343fcc5aac4ee701b76f3102d0398c813b0e8eb1ba7ed984a29c56234fa81f0bfa7a6a"}, 0xf6)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r7, @ANYRES32=r8], 0x0)

kernel console output (not intermixed with test programs):

b 5-1: Manufacturer: syz
[  798.578424][ T5927] usb 4-1: SerialNumber: syz
[  798.588239][ T5892] usb 5-1: SerialNumber: syz
[  798.657402][ T5892] usb 5-1: config 0 descriptor??
[  798.671918][T15090] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  798.688659][ T5892] hub 5-1:0.0: bad descriptor, ignoring hub
[  798.703172][ T5927] usb 4-1: config 0 descriptor??
[  798.715985][ T5892] hub 5-1:0.0: probe with driver hub failed with error -5
[  798.780432][ T5892] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input72
[  799.061451][T15090] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2286'.
[  799.220037][ T5886] usb 2-1: USB disconnect, device number 12
[  799.281467][T15104] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2286'.
[  799.457732][ T5927] radio-si470x 4-1:0.35: si470x_get_report: usb_control_msg returned -71
[  799.487585][T15113] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2287'.
[  799.519421][ T5927] radio-si470x 4-1:0.35: probe with driver radio-si470x failed with error -5
[  799.689906][ T5927] radio-raremono 4-1:0.35: this is not Thanko's Raremono.
[  799.876046][ T5927] usb 4-1: USB disconnect, device number 45
[  799.879291][T14797] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  800.084418][T14797] usb 2-1: device descriptor read/64, error -71
[  800.299163][ T5927] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  800.340810][T14797] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  800.479226][T14797] usb 2-1: device descriptor read/64, error -71
[  800.504409][ T5927] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  800.530071][ T5927] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  800.574202][ T5927] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  800.613895][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.645994][T14797] usb usb2-port1: attempt power cycle
[  800.894019][T15124] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2289'.
[  801.017129][T15146] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2293'.
[  801.026428][T14797] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  801.034583][T15146] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  801.379924][T14797] usb 2-1: device descriptor read/8, error -71
[  801.500315][T15153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2295'.
[  801.534127][T15153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2295'.
[  801.629869][T14797] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  801.820279][T14797] usb 2-1: device descriptor read/8, error -71
[  801.935250][T14797] usb usb2-port1: unable to enumerate USB device
[  802.454188][T15165] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2297'.
[  802.473404][   T43] usb 5-1: USB disconnect, device number 22
[  802.703717][ T5927] usb 4-1: USB disconnect, device number 46
[  802.869309][   T43] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  802.932783][T15174] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0
[  802.973764][T15174] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0
[  803.009592][T15174] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0
[  803.029901][T15174] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0
[  803.053914][   T43] usb 5-1: Using ep0 maxpacket: 32
[  803.066508][   T43] usb 5-1: config 0 has no interfaces?
[  803.081198][   T43] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  803.109926][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.138472][   T43] usb 5-1: Product: syz
[  803.195694][   T43] usb 5-1: Manufacturer: syz
[  803.215871][   T43] usb 5-1: SerialNumber: syz
[  803.241118][   T43] usb 5-1: config 0 descriptor??
[  803.497939][ T5886] usb 5-1: USB disconnect, device number 23
[  803.682121][   T43] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  803.829257][   T43] usb 2-1: device descriptor read/64, error -71
[  804.083057][   T43] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  804.229356][   T43] usb 2-1: device descriptor read/64, error -71
[  804.363049][   T43] usb usb2-port1: attempt power cycle
[  804.780776][   T43] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  804.811381][   T43] usb 2-1: device descriptor read/8, error -71
[  805.094478][T15249] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2310'.
[  805.119619][   T43] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  805.146806][   T43] usb 2-1: device descriptor read/8, error -71
[  805.269934][   T43] usb usb2-port1: unable to enumerate USB device
[  806.223432][ T5883] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  806.699570][ T5883] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  806.837291][T15269] overlayfs: missing 'lowerdir'
[  806.843219][ T5883] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  806.843268][ T5883] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  806.932891][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  806.932904][   T30] audit: type=1326 audit(1748583099.987:6187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facb138e969 code=0x7ffc0000
[  806.961556][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.018834][   T30] audit: type=1326 audit(1748583099.987:6188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facb138e969 code=0x7ffc0000
[  807.041335][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.184729][   T30] audit: type=1326 audit(1748583099.987:6189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7facb138d2d0 code=0x7ffc0000
[  807.324583][T14797] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  807.367741][   T30] audit: type=1326 audit(1748583099.997:6190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  807.379168][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.559182][T14797] usb 2-1: Using ep0 maxpacket: 8
[  807.582251][T14797] usb 2-1: unable to get BOS descriptor or descriptor too short
[  807.608660][T14797] usb 2-1: config 0 has an invalid interface number: 88 but max is 0
[  807.657355][T14797] usb 2-1: config 0 has no interface number 0
[  807.686261][T14797] usb 2-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  807.721865][T15260] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2312'.
[  807.745220][T14797] usb 2-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  807.756855][   T30] audit: type=1326 audit(1748583099.997:6191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  807.774579][T14797] usb 2-1: config 0 interface 88 has no altsetting 0
[  807.779195][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.801981][T14797] usb 2-1: string descriptor 0 read error: -22
[  807.815449][T14797] usb 2-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  807.827358][T14797] usb 2-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  807.907076][T14797] usb 2-1: config 0 descriptor??
[  807.954888][   T30] audit: type=1326 audit(1748583099.997:6192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  807.977231][    C1] vkms_vblank_simulate: vblank timer overrun
[  808.010299][T14797] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.88/input/input73
[  808.073795][   T30] audit: type=1326 audit(1748583099.997:6193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  808.234587][   T30] audit: type=1326 audit(1748583100.167:6194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  808.256998][    C1] vkms_vblank_simulate: vblank timer overrun
[  808.258253][T14797] usb 2-1: USB disconnect, device number 21
[  808.384275][   T30] audit: type=1326 audit(1748583100.197:6195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  808.525846][T10830] udevd[10830]: Error opening device "/dev/input/event4": No such file or directory
[  808.590111][   T30] audit: type=1326 audit(1748583100.517:6196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15274 comm="syz.1.2317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7facb138e56b code=0x7ffc0000
[  808.595856][T10830] udevd[10830]: Unable to EVIOCGABS device "/dev/input/event4"
[  808.738467][T10830] udevd[10830]: Unable to EVIOCGABS device "/dev/input/event4"
[  808.784858][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  808.791550][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  808.814612][T14797] usb 5-1: USB disconnect, device number 24
[  809.519458][   T43] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  809.649099][T15293] netlink: 'syz.3.2324': attribute type 12 has an invalid length.
[  809.663524][   T43] usb 2-1: device descriptor read/64, error -71
[  809.681019][T15293] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2324'.
[  809.849289][T12775] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  809.882241][ T5892] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  809.919984][   T43] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  809.922945][ T5892] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  810.009359][T12775] usb 5-1: device descriptor read/64, error -71
[  810.057402][T15301] fido_id[15301]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  810.072578][   T43] usb 2-1: device descriptor read/64, error -71
[  810.196773][   T43] usb usb2-port1: attempt power cycle
[  810.269722][T12775] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  810.429890][T12775] usb 5-1: device descriptor read/64, error -71
[  810.539900][T12775] usb usb5-port1: attempt power cycle
[  810.549197][   T43] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  810.569888][   T43] usb 2-1: device descriptor read/8, error -71
[  810.809159][   T43] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  810.830135][   T43] usb 2-1: device descriptor read/8, error -71
[  810.879176][T12775] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  810.909867][T12775] usb 5-1: device descriptor read/8, error -71
[  810.942662][   T43] usb usb2-port1: unable to enumerate USB device
[  811.152509][T12775] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  811.179941][T12775] usb 5-1: device descriptor read/8, error -71
[  811.291269][T12775] usb usb5-port1: unable to enumerate USB device
[  811.709215][ T5892] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  811.861073][ T5892] usb 4-1: config 0 interface 0 altsetting 14 endpoint 0x81 has invalid wMaxPacketSize 0
[  811.871669][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  811.878343][ T5892] usb 4-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.00
[  811.887608][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.897580][ T5892] usb 4-1: config 0 descriptor??
[  812.313585][ T5892] a4tech 0003:09DA:001A.001E: global environment stack underflow
[  812.321776][ T5892] a4tech 0003:09DA:001A.001E: item 0 4 1 11 parsing failed
[  812.330703][ T5892] a4tech 0003:09DA:001A.001E: parse failed
[  812.360059][ T5892] a4tech 0003:09DA:001A.001E: probe with driver a4tech failed with error -22
[  812.889152][   T43] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  813.040481][T15340] netlink: 'syz.4.2339': attribute type 29 has an invalid length.
[  813.051226][   T43] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  813.072209][T15340] netlink: 'syz.4.2339': attribute type 29 has an invalid length.
[  813.089252][   T43] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  813.100872][   T43] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  813.115531][T15340] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2339'.
[  813.153475][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.170634][T15340] netlink: 'syz.4.2339': attribute type 1 has an invalid length.
[  813.416891][T15328] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2335'.
[  813.562564][T15352] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2341'.
[  813.872209][T15354] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2342'.
[  814.530571][   T43] usb 4-1: USB disconnect, device number 47
[  815.186371][T15368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2345'.
[  815.750226][T12775] usb 2-1: USB disconnect, device number 26
[  816.082912][ T5832] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  816.339122][   T43] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  816.484089][T15383] netlink: 'syz.1.2350': attribute type 12 has an invalid length.
[  816.492436][T15383] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2350'.
[  816.569297][   T43] usb 5-1: Using ep0 maxpacket: 16
[  816.578983][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  816.600731][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  816.615734][   T43] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  816.633520][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.684915][   T43] usb 5-1: Product: syz
[  816.707842][   T43] usb 5-1: Manufacturer: syz
[  816.759084][   T43] usb 5-1: SerialNumber: syz
[  816.790116][   T43] usb 5-1: config 0 descriptor??
[  816.826334][T15381] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  816.872940][   T43] hub 5-1:0.0: bad descriptor, ignoring hub
[  816.886756][   T43] hub 5-1:0.0: probe with driver hub failed with error -5
[  816.946408][   T43] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input74
[  817.146958][T15379] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2348'.
[  817.186015][T14797] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  817.284261][T15381] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2348'.
[  817.359360][T14797] usb 2-1: device descriptor read/64, error -71
[  817.729644][T14797] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  817.879333][T14797] usb 2-1: device descriptor read/64, error -71
[  818.000658][T14797] usb usb2-port1: attempt power cycle
[  818.339201][T14797] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  818.370574][T14797] usb 2-1: device descriptor read/8, error -71
[  818.509362][T15403] bridge0: entered promiscuous mode
[  818.525012][T15403] macvlan2: entered promiscuous mode
[  818.627300][T14797] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  818.660313][T14797] usb 2-1: device descriptor read/8, error -71
[  818.779850][T14797] usb usb2-port1: unable to enumerate USB device
[  818.853263][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  818.853276][   T30] audit: type=1326 audit(1748583111.967:6231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.7.2356" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b70f8e969 code=0x0
[  819.089398][ T5927] usb 5-1: USB disconnect, device number 29
[  819.216040][T15415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2358'.
[  819.796326][ T5927] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  820.035820][ T5927] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  820.054417][ T5927] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  820.074701][ T5927] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  820.085618][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.232954][T15425] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2361'.
[  820.327891][T15420] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2359'.
[  820.761816][T15436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2364'.
[  820.884738][T15436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2364'.
[  820.939223][T14797] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  820.986856][T15438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2364'.
[  821.110832][T14797] usb 2-1: Using ep0 maxpacket: 8
[  821.241715][T14797] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  821.401652][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  821.453500][T14797] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  821.524083][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  821.625338][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  821.845628][T15453] 8021q: VLANs not supported on gre0
[  821.852806][T14797] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  821.860719][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  821.876798][T14797] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  821.899015][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  822.012907][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  822.140901][T14797] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  822.148562][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  822.192617][T14797] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  822.192668][ T5927] usb 5-1: USB disconnect, device number 30
[  822.286529][   T30] audit: type=1326 audit(1748583115.397:6232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  822.308995][    C1] vkms_vblank_simulate: vblank timer overrun
[  822.390177][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  822.443996][T14797] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  822.500057][T14797] usb 2-1: string descriptor 0 read error: -22
[  822.509148][   T30] audit: type=1326 audit(1748583115.397:6233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  822.534804][T14797] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  822.563421][T14797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.594131][   T30] audit: type=1326 audit(1748583115.497:6234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  822.656218][   T30] audit: type=1326 audit(1748583115.497:6235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  822.736386][T14797] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  822.797603][T15460] xt_cgroup: invalid path, errno=-2
[  822.811071][T15460] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2370'.
[  822.850402][   T30] audit: type=1326 audit(1748583115.497:6236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  822.872922][    C1] vkms_vblank_simulate: vblank timer overrun
[  822.914769][T15462] loop2: detected capacity change from 0 to 7
[  823.132631][   T30] audit: type=1326 audit(1748583115.497:6237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  823.173587][   T30] audit: type=1326 audit(1748583115.497:6238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  823.288399][   T30] audit: type=1326 audit(1748583115.497:6239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  823.310790][    C1] vkms_vblank_simulate: vblank timer overrun
[  823.379379][   T30] audit: type=1326 audit(1748583115.497:6240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15455 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8dd2ab39 code=0x7ffc0000
[  823.559167][T12775] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  823.719365][T12775] usb 5-1: Using ep0 maxpacket: 32
[  823.727083][T12775] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  823.736060][T12775] usb 5-1: config 0 has no interface number 0
[  823.756747][T12775] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  823.766620][T12775] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.852173][T12775] usb 5-1: Product: syz
[  823.863611][T12775] usb 5-1: Manufacturer: syz
[  823.870801][T12775] usb 5-1: SerialNumber: syz
[  823.931554][T12775] usb 5-1: config 0 descriptor??
[  824.540758][T12775] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  824.763128][T12775] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  824.869902][T15479] [U] ��M٭��Q&�� K�4
[  824.875992][T15479] [U] [�)�U�}��ǔ��JϬ}N�SEF*�	�����NZ��F[F_H��'��W"�X�~����;VA�)^�`�1C':Z�������FOB�	*?۟C�Z�S��<8ZNѷ���ј��EY�	T�T<$C�R�Ɩ�/VG���{Y�~Y5\�
;ƃZ��DX���Y�A��"XI�F�{��`A$í�55?�
��S�A�M��O����ͻ*K��
[  824.928763][T12775] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  825.007632][T15479] [U] �O�4
[  825.035570][T15479] [U] ��U��B�+ '~GIރRQ^���,(-|��ڟ��-<�6&��H.Z9��/�RJΩ���ˈ�+)֭KΦ.�NH�A#LW#RF7�P٪��MAX��]���LN"K
�M+,G�SB�HJ���X�̧�C��Q�
[  825.284461][T15487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2377'.
[  826.374673][T15494] 8021q: VLANs not supported on gre0
[  826.804461][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  826.804978][T14797] usb 5-1: USB disconnect, device number 31
[  826.876506][T14797] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  826.952649][T14797] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  826.990893][T14797] quatech2 5-1:0.51: device disconnected
[  827.035131][T12775] usb 2-1: USB disconnect, device number 31
[  827.208564][ T5927] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  827.438021][ T5927] usb 4-1: config index 0 descriptor too short (expected 2084, got 36)
[  827.493853][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  827.705162][T15524] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  827.813767][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  827.849312][ T5927] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  827.880952][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.936464][ T5927] usb 4-1: config 0 descriptor??
[  828.411541][ T5927] usbhid 4-1:0.0: can't add hid device: -71
[  828.422560][ T5927] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  828.592550][ T5927] usb 4-1: USB disconnect, device number 48
[  828.787156][T15533] 8021q: VLANs not supported on gre0
[  828.857764][T15531] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2390'.
[  829.080536][T15537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.567218][ T5832] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  830.124392][T15572] batadv_slave_0: entered promiscuous mode
[  830.576485][T15571] batadv_slave_0: left promiscuous mode
[  832.009160][T14797] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  832.296598][T14797] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  832.318436][T14797] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  832.336689][T14797] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  832.355279][T14797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  832.644705][T15593] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2407'.
[  833.439863][T12775] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  833.609157][T12775] usb 4-1: Using ep0 maxpacket: 16
[  833.670896][T12775] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  833.680353][T12775] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.694931][T12775] usb 4-1: config 0 descriptor??
[  833.707376][T12775] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  833.907223][T12775] usb 4-1: Detected FT232B
[  833.931228][T15617] bridge1: the hash_elasticity option has been deprecated and is always 16
[  834.671017][ T5886] usb 5-1: USB disconnect, device number 32
[  835.439561][ T5886] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  835.609218][ T5886] usb 2-1: Using ep0 maxpacket: 16
[  835.633212][ T5886] usb 2-1: unable to get BOS descriptor or descriptor too short
[  835.672605][ T5886] usb 2-1: too many configurations: 71, using maximum allowed: 8
[  835.763300][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61
[  835.767424][T15636] 8021q: adding VLAN 0 to HW filter on device batadv1
[  835.809127][ T5886] usb 2-1: can't read configurations, error -61
[  835.930465][T15636] team0: Port device batadv1 added
[  835.959355][ T5886] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  836.089473][   T30] kauditd_printk_skb: 60 callbacks suppressed
[  836.089491][   T30] audit: type=1800 audit(1748583129.207:6301): pid=15608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2410" name="bus" dev="ramfs" ino=62568 res=0 errno=0
[  836.172624][T12775] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  836.199969][T12775] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  836.224697][ T5886] usb 2-1: Using ep0 maxpacket: 16
[  836.268233][ T5886] usb 2-1: unable to get BOS descriptor or descriptor too short
[  836.281273][T12775] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  836.329231][ T5886] usb 2-1: too many configurations: 71, using maximum allowed: 8
[  836.389176][T12775] usb 4-1: USB disconnect, device number 49
[  836.409741][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61
[  836.417371][ T5886] usb 2-1: can't read configurations, error -61
[  836.429690][T12775] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  836.463933][ T5886] usb usb2-port1: attempt power cycle
[  836.479664][T12775] ftdi_sio 4-1:0.0: device disconnected
[  836.659520][T15641] 8021q: adding VLAN 0 to HW filter on device batadv2
[  836.704380][T15641] team0: Port device batadv2 added
[  836.852591][ T5886] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  836.893082][ T5886] usb 2-1: Using ep0 maxpacket: 16
[  836.900839][ T5886] usb 2-1: unable to get BOS descriptor or descriptor too short
[  836.908808][ T5886] usb 2-1: too many configurations: 71, using maximum allowed: 8
[  836.952714][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61
[  836.964365][ T5886] usb 2-1: can't read configurations, error -61
[  837.129182][ T5886] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  837.160001][ T5886] usb 2-1: Using ep0 maxpacket: 16
[  837.168671][ T5886] usb 2-1: unable to get BOS descriptor or descriptor too short
[  837.176704][ T5886] usb 2-1: too many configurations: 71, using maximum allowed: 8
[  837.198292][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61
[  837.223047][ T5886] usb 2-1: can't read configurations, error -61
[  837.267547][ T5886] usb usb2-port1: unable to enumerate USB device
[  838.847565][T15674] kvm: pic: non byte write
[  838.889311][  T977] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  839.114626][  T977] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  839.125864][  T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.162194][  T977] usb 5-1: Product: syz
[  839.171240][  T977] usb 5-1: Manufacturer: syz
[  839.182483][  T977] usb 5-1: SerialNumber: syz
[  839.260465][   T13] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  839.289406][   T13] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  839.301199][ T5886] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  839.787688][T15672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  839.849721][T15672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.929594][T12775] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  840.141469][T12775] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  840.565948][  T977] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  840.573307][  T977] cdc_ncm 5-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048
[  840.617046][  T977] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  840.802171][  T977] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  840.850412][T15691] vivid-000: =================  START STATUS  =================
[  840.869626][  T977] usb 5-1: USB disconnect, device number 33
[  840.876327][  T977] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  840.894645][T15691] vivid-000: Generate PTS: true
[  840.929847][T15691] vivid-000: Generate SCR: true
[  840.943953][T15691] tpg source WxH: 320x240 (R'G'B)
[  840.959555][T15691] tpg field: 1
[  840.962986][T15691] tpg crop: (0,0)/320x240
[  840.967308][T15691] tpg compose: (0,0)/320x240
[  841.009351][T15691] tpg colorspace: 8
[  841.055926][T15691] tpg transfer function: 0/2
[  841.099394][T15691] tpg quantization: 0/1
[  841.105427][T15691] tpg RGB range: 0/2
[  841.119275][T15691] vivid-000: ==================  END STATUS  ==================
[  841.569114][T12775] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  841.629242][T15710] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2438'.
[  841.774556][T12775] usb 4-1: Using ep0 maxpacket: 32
[  841.782836][T12775] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  841.795794][T12775] usb 4-1: config 0 has no interface number 0
[  841.811428][T12775] usb 4-1: config 0 interface 12 has no altsetting 0
[  841.826088][T12775] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  841.841069][T12775] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.868232][T12775] usb 4-1: Product: syz
[  841.876776][T12775] usb 4-1: Manufacturer: syz
[  841.884729][T12775] usb 4-1: SerialNumber: syz
[  841.897871][T12775] usb 4-1: config 0 descriptor??
[  842.325862][T12775] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  842.335866][T12775] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  842.354919][T12775] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  842.391575][T12775] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  842.431201][T12775] usb 4-1: USB disconnect, device number 50
[  842.598660][T15719] netem: incorrect gi model size
[  842.649434][T15719] netem: change failed
[  842.810284][T15726] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2442'.
[  842.903586][T15726] overlayfs: missing 'lowerdir'
[  842.974567][T15725] gtp0: entered promiscuous mode
[  842.993706][ T5832] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  843.003319][T15725] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2445'.
[  843.251187][T14797] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  843.419529][T14797] usb 2-1: Using ep0 maxpacket: 16
[  843.447795][T14797] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  843.572471][T14797] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  843.651654][T14797] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  843.660928][T14797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.668988][T14797] usb 2-1: Product: syz
[  843.673250][T14797] usb 2-1: Manufacturer: syz
[  843.677854][T14797] usb 2-1: SerialNumber: syz
[  843.708719][T14797] usb 2-1: config 0 descriptor??
[  843.728478][T15728] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  843.749685][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  843.823256][T14797] hub 2-1:0.0: bad descriptor, ignoring hub
[  843.862359][T14797] hub 2-1:0.0: probe with driver hub failed with error -5
[  843.989187][T14797] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input75
[  844.172565][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  844.323807][T15741] block device autoloading is deprecated and will be removed.
[  844.368901][T15741] syz.4.2448: attempt to access beyond end of device
[  844.368901][T15741] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  844.454805][T15728] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2444'.
[  844.629543][T15744] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2444'.
[  845.473448][ T5832] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  845.720409][ T5892] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  845.962972][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  845.970848][   T30] audit: type=1326 audit(1748583139.087:6302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15758 comm="syz.0.2452" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f68ddd8e969 code=0x0
[  845.992654][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.032853][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  846.044351][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  846.059827][ T5892] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  846.068890][ T5832] Bluetooth: hci2: Malformed HCI Event
[  846.076481][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.084568][ T5892] usb 4-1: Product: syz
[  846.088751][ T5892] usb 4-1: Manufacturer: syz
[  846.093624][ T5892] usb 4-1: SerialNumber: syz
[  846.116723][ T5892] usb 4-1: config 0 descriptor??
[  846.159407][T15757] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  846.181596][ T5892] hub 4-1:0.0: bad descriptor, ignoring hub
[  846.188059][ T5892] hub 4-1:0.0: probe with driver hub failed with error -5
[  846.198503][ T5892] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input76
[  846.527342][T15765] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2451'.
[  846.604929][T15767] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2451'.
[  846.707543][T15769] IPv6: Can't replace route, no match found
[  846.902260][T14797] usb 2-1: USB disconnect, device number 36
[  847.239463][T12775] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  847.390929][T12775] usb 5-1: config 0 has no interfaces?
[  847.401540][T12775] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  847.401560][T12775] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.401571][T12775] usb 5-1: Product: syz
[  847.401579][T12775] usb 5-1: Manufacturer: syz
[  847.401587][T12775] usb 5-1: SerialNumber: syz
[  847.403481][T12775] usb 5-1: config 0 descriptor??
[  847.526203][T15778] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2456'.
[  847.704580][T15783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2455'.
[  848.042564][ T5886] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  848.190890][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  848.190913][ T5886] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  848.190936][ T5886] usb 2-1: New USB device found, idVendor=0b05, idProduct=18c6, bcdDevice= 0.00
[  848.190948][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.192809][ T5886] usb 2-1: config 0 descriptor??
[  848.193807][T15785] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  848.599723][ T5886] hid (null): unknown global tag 0xe
[  848.607615][ T5886] asus 0003:0B05:18C6.001F: reserved main item tag 0xe
[  848.630497][ T5886] asus 0003:0B05:18C6.001F: unknown main item tag 0x4
[  848.661907][ T5886] asus 0003:0B05:18C6.001F: unknown main item tag 0x1
[  848.713163][ T5886] asus 0003:0B05:18C6.001F: unknown global tag 0xe
[  848.743067][ T5886] asus 0003:0B05:18C6.001F: item 0 0 1 14 parsing failed
[  848.779007][ T5886] asus 0003:0B05:18C6.001F: Asus hid parse failed: -22
[  848.789697][ T5892] usb 4-1: USB disconnect, device number 51
[  848.828103][ T5886] asus 0003:0B05:18C6.001F: probe with driver asus failed with error -22
[  848.886026][ T5886] usb 2-1: USB disconnect, device number 37
[  849.385067][ T5886] usb 5-1: USB disconnect, device number 34
[  849.849434][ T5886] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  849.989377][ T5886] usb 2-1: device descriptor read/64, error -71
[  850.118408][T15824] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  850.127620][T15824] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  850.163179][T15824] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  850.176349][T15824] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  850.193771][T15824] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  850.206812][T15824] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  850.233664][T15824] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  850.244571][T15824] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  850.253642][ T5886] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  850.274540][T15824] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  850.293964][T15824] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  850.312536][T15824] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  850.419169][ T5886] usb 2-1: device descriptor read/64, error -71
[  850.529923][ T5886] usb usb2-port1: attempt power cycle
[  850.899137][ T5886] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  850.940034][ T5886] usb 2-1: device descriptor read/8, error -71
[  851.179185][ T5886] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  851.201330][ T5886] usb 2-1: device descriptor read/8, error -71
[  851.320616][ T5886] usb usb2-port1: unable to enumerate USB device
[  852.141778][ T5832] Bluetooth: hci0: command 0x0406 tx timeout
[  852.207842][T15833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2472'.
[  852.219401][ T5832] Bluetooth: hci2: command 0x0406 tx timeout
[  852.227516][T11391] Bluetooth: hci1: command 0x0406 tx timeout
[  852.301729][T11391] Bluetooth: hci4: command 0x0405 tx timeout
[  852.301738][ T5832] Bluetooth: hci3: command 0x0405 tx timeout
[  852.939455][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  853.235646][T15851] wg1: entered promiscuous mode
[  853.289112][T15851] wg1: entered allmulticast mode
[  853.469769][ T5892] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  853.480947][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  853.492317][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  853.641157][ T5892] usb 2-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  853.663309][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.691068][ T5892] usb 2-1: config 0 descriptor??
[  853.699333][   T43] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  853.719472][ T5886] usb 4-1: new full-speed USB device number 52 using dummy_hcd
[  853.882680][   T43] usb 5-1: config 0 has an invalid interface number: 118 but max is 0
[  853.898685][   T43] usb 5-1: config 0 has no interface number 0
[  853.908114][ T5886] usb 4-1: unable to get BOS descriptor or descriptor too short
[  853.908354][ T5892] usbhid 2-1:0.0: can't add hid device: -71
[  853.930532][ T5892] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  853.931528][   T43] usb 5-1: New USB device found, idVendor=0413, idProduct=6f01, bcdDevice=72.c5
[  853.941896][ T5892] usb 2-1: USB disconnect, device number 42
[  853.948684][ T5886] usb 4-1: unable to read config index 0 descriptor/start: -71
[  853.972878][ T5886] usb 4-1: can't read configurations, error -71
[  853.980100][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.988734][   T43] usb 5-1: Product: syz
[  853.998157][   T43] usb 5-1: Manufacturer: syz
[  854.003141][   T43] usb 5-1: SerialNumber: syz
[  854.017562][   T43] usb 5-1: config 0 descriptor??
[  854.220157][ T5832] Bluetooth: hci0: command 0x0406 tx timeout
[  854.228027][   T43] dvb-usb: found a 'Leadtek Winfast DTV Dongle (STK7700P based)' in cold state, will try to load a firmware
[  854.277677][   T43] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  854.286384][   T43] dib0700: firmware download failed at 7 with -22
[  854.299835][T11391] Bluetooth: hci1: command 0x0406 tx timeout
[  854.305947][ T5832] Bluetooth: hci2: command 0x0406 tx timeout
[  854.312957][   T43] usb 5-1: USB disconnect, device number 35
[  854.379221][ T5832] Bluetooth: hci4: command 0x0405 tx timeout
[  854.379606][T11391] Bluetooth: hci3: command 0x0405 tx timeout
[  854.839212][T14797] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  854.991273][T14797] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  855.019287][T14797] usb 2-1: config 0 interface 0 has no altsetting 0
[  855.026062][T14797] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  855.038815][T14797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.083246][T14797] usb 2-1: config 0 descriptor??
[  855.127702][T15889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2491'.
[  855.518960][T14797] kye 0003:0458:5013.0020: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  855.539611][T14797] kye 0003:0458:5013.0020: hidraw0: USB HID v8.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0
[  855.551486][T14797] kye 0003:0458:5013.0020: tablet-enabling feature report not found
[  855.559642][T14797] kye 0003:0458:5013.0020: tablet enabling failed
[  855.721596][T15871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  855.736446][T15871] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  856.448372][T14797] usb 2-1: USB disconnect, device number 43
[  856.459212][T11391] Bluetooth: hci3: command 0x0405 tx timeout
[  856.485595][T15902] netlink: 'syz.4.2496': attribute type 16 has an invalid length.
[  856.522314][T15902] netlink: 'syz.4.2496': attribute type 17 has an invalid length.
[  856.559687][T15902] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  856.782636][T15913] xt_l2tp: missing protocol rule (udp|l2tpip)
[  857.521946][T11391] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  857.773591][ T5886] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  857.858755][T11391] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  858.019314][ T5886] usb 4-1: Using ep0 maxpacket: 16
[  858.099177][   T43] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  858.198055][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  858.214422][ T5886] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  858.245388][ T5886] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  858.260311][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.276929][ T5886] usb 4-1: Product: syz
[  858.290368][T15951] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2505'.
[  858.559462][ T5886] usb 4-1: Manufacturer: syz
[  858.564273][ T5886] usb 4-1: SerialNumber: syz
[  858.573081][ T5886] usb 4-1: config 0 descriptor??
[  858.579132][   T43] usb 5-1: Using ep0 maxpacket: 16
[  858.604422][T15937] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  858.614743][ T5886] hub 4-1:0.0: bad descriptor, ignoring hub
[  858.621411][ T5886] hub 4-1:0.0: probe with driver hub failed with error -5
[  858.634231][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  858.665642][ T5886] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input77
[  858.675051][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  858.753313][   T43] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  858.762670][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.844323][   T43] usb 5-1: Product: syz
[  858.848564][   T43] usb 5-1: Manufacturer: syz
[  858.860155][   T43] usb 5-1: SerialNumber: syz
[  858.896392][   T43] usb 5-1: config 0 descriptor??
[  858.921357][T15954] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2501'.
[  858.955487][T15954] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2501'.
[  858.975575][T15945] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  858.991503][   T43] hub 5-1:0.0: bad descriptor, ignoring hub
[  859.017709][   T43] hub 5-1:0.0: probe with driver hub failed with error -5
[  859.077002][   T43] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input78
[  859.327110][T15957] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2504'.
[  859.421194][T15959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2504'.
[  860.520275][T14797] usb 4-1: USB disconnect, device number 54
[  860.876769][T15975] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  860.925019][T15979] netlink: 'syz.1.2511': attribute type 10 has an invalid length.
[  860.940501][ T5886] usb 5-1: USB disconnect, device number 36
[  860.955326][T15979] hsr0: left allmulticast mode
[  860.979861][T15979] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  861.063358][T15983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2513'.
[  861.073540][T15983] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2513'.
[  861.109908][   T43] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  861.169176][ T5927] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  861.259729][   T43] usb 4-1: Using ep0 maxpacket: 16
[  861.282455][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  861.300689][   T43] usb 4-1: config 1 interface 0 has no altsetting 0
[  861.324326][   T43] usb 4-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  861.333857][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.343999][ T5927] usb 2-1: Using ep0 maxpacket: 16
[  861.370391][   T43] usb 4-1: Product: syz
[  861.376597][ T5927] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  861.389243][   T43] usb 4-1: Manufacturer: syz
[  861.393946][ T5927] usb 2-1: config 0 has no interface number 0
[  861.418833][   T43] usb 4-1: SerialNumber: syz
[  861.419701][ T5883] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  861.430834][ T5927] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  861.477862][ T5927] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  861.488049][ T5927] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  861.527719][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.539558][ T5927] usb 2-1: config 0 descriptor??
[  861.579426][ T5883] usb 5-1: device descriptor read/64, error -71
[  861.832660][ T5883] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  861.856534][T15993] bond3: (slave dummy0): Releasing active interface
[  861.938615][T15993] bond0: (slave bond_slave_1): Releasing backup interface
[  861.989794][ T5883] usb 5-1: device descriptor read/64, error -71
[  862.031505][T15993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  862.047656][T15993] batman_adv: batadv0: Removing interface: batadv_slave_0
[  862.077360][T15993] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  862.091976][T15993] batman_adv: batadv0: Removing interface: batadv_slave_1
[  862.109802][ T5883] usb usb5-port1: attempt power cycle
[  862.169441][ T5927] uclogic 0003:28BD:0071.0021: pen parameters not found
[  862.170757][T15979] xt_bpf: check failed: parse error
[  862.198424][T15993] team0: Port device batadv1 removed
[  862.208781][ T5927] uclogic 0003:28BD:0071.0021: interface is invalid, ignoring
[  862.221491][T15994] vlan0: entered promiscuous mode
[  862.258512][ T5927] usb 2-1: USB disconnect, device number 44
[  862.267186][T15994] team0: Port device vlan0 added
[  862.449303][ T5883] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  862.491158][ T5883] usb 5-1: device descriptor read/8, error -71
[  862.537266][T16004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2518'.
[  862.759244][ T5883] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[  862.797437][ T5883] usb 5-1: device descriptor read/8, error -71
[  862.915492][ T5883] usb usb5-port1: unable to enumerate USB device
[  863.716472][   T43] usbhid 4-1:1.0: can't add hid device: -71
[  863.736403][   T43] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  863.768195][   T43] usb 4-1: USB disconnect, device number 55
[  864.057417][T16014] fuse: Bad value for 'fd'
[  864.440495][   T43] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[  864.601106][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  864.636223][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  864.649916][ T5927] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  864.668239][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  864.688049][   T43] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  864.711320][   T43] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  864.729730][   T43] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  864.743862][   T43] usb 2-1: Manufacturer: syz
[  864.769682][   T43] usb 2-1: config 0 descriptor??
[  864.782287][T11391] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  864.789677][ T5927] usb 5-1: device descriptor read/64, error -71
[  864.983941][T16019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  864.993424][T16019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  865.019292][ T5883] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  865.059423][ T5927] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  865.120957][   T43] rc_core: IR keymap rc-hauppauge not found
[  865.126887][   T43] Registered IR keymap rc-empty
[  865.147984][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.179491][ T5883] usb 4-1: Using ep0 maxpacket: 16
[  865.180129][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.186557][ T5883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  865.208666][ T5883] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  865.219722][ T5927] usb 5-1: device descriptor read/64, error -71
[  865.227340][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  865.253001][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input79
[  865.255129][ T5883] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  865.289540][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.294583][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.308688][ T5883] usb 4-1: Product: syz
[  865.319803][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.323373][ T5883] usb 4-1: Manufacturer: syz
[  865.336952][ T5883] usb 4-1: SerialNumber: syz
[  865.341911][ T5927] usb usb5-port1: attempt power cycle
[  865.349414][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.368523][ T5883] usb 4-1: config 0 descriptor??
[  865.378635][T16028] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  865.386071][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.397347][ T5883] hub 4-1:0.0: bad descriptor, ignoring hub
[  865.403610][ T5883] hub 4-1:0.0: probe with driver hub failed with error -5
[  865.415132][ T5883] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input80
[  865.420617][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.432147][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  865.475419][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.520014][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.539541][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.559303][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.593476][   T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  865.630845][   T43] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  865.666546][   T43] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  865.685587][ T5927] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  865.707434][   T43] usb 2-1: USB disconnect, device number 45
[  865.714577][T16039] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2525'.
[  865.741782][ T5927] usb 5-1: device descriptor read/8, error -71
[  865.766993][T16039] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2525'.
[  866.019388][ T5927] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  866.040262][ T5927] usb 5-1: device descriptor read/8, error -71
[  866.061744][T16045] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2529'.
[  866.149933][ T5927] usb usb5-port1: unable to enumerate USB device
[  866.349223][ T5892] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  866.519562][ T5892] usb 2-1: Using ep0 maxpacket: 32
[  866.527909][ T5892] usb 2-1: config 1 has an invalid interface number: 50 but max is 0
[  866.536293][ T5892] usb 2-1: config 1 has no interface number 0
[  866.542874][ T5892] usb 2-1: config 1 interface 50 has no altsetting 0
[  866.552954][ T5892] usb 2-1: New USB device found, idVendor=04f1, idProduct=3012, bcdDevice=b5.94
[  866.562916][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.571236][ T5892] usb 2-1: Product: syz
[  866.575551][ T5892] usb 2-1: Manufacturer: syz
[  866.581441][ T5892] usb 2-1: SerialNumber: syz
[  866.596138][ T5892] ipaq 2-1:1.50: PocketPC PDA converter detected
[  866.808870][ T5892] usb 2-1: PocketPC PDA converter now attached to ttyUSB0
[  867.011424][T16047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  867.024037][T16047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  867.034424][   T43] usb 2-1: USB disconnect, device number 46
[  867.065269][   T43] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
[  867.077485][   T43] ipaq 2-1:1.50: device disconnected
[  867.643692][T16056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2532'.
[  868.093752][ T5892] usb 4-1: USB disconnect, device number 56
[  869.549932][T16100] xt_l2tp: missing protocol rule (udp|l2tpip)
[  869.650627][T16102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2543'.
[  870.166064][ T5892] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  870.222149][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  870.228559][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  870.299525][ T5892] usb 2-1: device descriptor read/64, error -71
[  870.553127][ T5892] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  870.617999][T16111] 8021q: adding VLAN 0 to HW filter on device batadv3
[  870.628823][T16111] team0: Port device batadv3 added
[  870.729197][ T5892] usb 2-1: device descriptor read/64, error -71
[  870.853601][T11391] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  871.009457][ T5892] usb usb2-port1: attempt power cycle
[  871.079225][   T43] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  871.271625][   T43] usb 4-1: Using ep0 maxpacket: 16
[  871.490274][ T5892] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  871.499239][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  871.553305][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  871.585115][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  871.629741][   T43] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  871.638943][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.647798][   T43] usb 4-1: Product: syz
[  871.652261][   T43] usb 4-1: Manufacturer: syz
[  871.658030][   T43] usb 4-1: SerialNumber: syz
[  871.662450][ T5892] usb 2-1: device descriptor read/8, error -71
[  871.670828][   T43] usb 4-1: config 0 descriptor??
[  871.687368][T16116] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  871.696368][   T43] hub 4-1:0.0: bad descriptor, ignoring hub
[  871.799228][   T43] hub 4-1:0.0: probe with driver hub failed with error -5
[  871.841903][   T43] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input81
[  871.883130][T16133] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2551'.
[  872.019929][ T5892] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  872.650195][ T5892] usb 2-1: device descriptor read/8, error -71
[  872.799474][ T5892] usb usb2-port1: unable to enumerate USB device
[  872.939119][T16138] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2547'.
[  872.970632][T16139] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2547'.
[  873.989616][T12775] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  874.152074][T12775] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=66.21
[  874.162627][T12775] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.194029][T12775] usb 2-1: config 0 descriptor??
[  874.419401][T12775] usb 2-1: string descriptor 0 read error: -71
[  874.428949][T12775] pegasus_notetaker 2-1:0.0: Invalid number of endpoints
[  874.450899][T12775] pegasus_notetaker 2-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  874.535006][T12775] usb 2-1: USB disconnect, device number 51
[  874.570210][T14797] usb 4-1: USB disconnect, device number 57
[  874.629768][ T5892] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  874.673504][T11391] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  874.791736][ T5892] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  874.810224][ T5892] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  874.820086][ T5892] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  874.829545][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.909879][T14797] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  875.057182][T16158] FAULT_INJECTION: forcing a failure.
[  875.057182][T16158] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  875.085471][T16158] CPU: 0 UID: 0 PID: 16158 Comm: syz.4.2558 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
[  875.085497][T16158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  875.085510][T16158] Call Trace:
[  875.085518][T16158]  <TASK>
[  875.085527][T16158]  dump_stack_lvl+0x189/0x250
[  875.085561][T16158]  ? __pfx____ratelimit+0x10/0x10
[  875.085581][T16158]  ? __pfx_dump_stack_lvl+0x10/0x10
[  875.085608][T16158]  ? __pfx__printk+0x10/0x10
[  875.085628][T16158]  ? __might_fault+0xb0/0x130
[  875.085662][T16158]  should_fail_ex+0x414/0x560
[  875.085687][T16158]  _copy_from_user+0x2d/0xb0
[  875.085713][T16158]  ___sys_sendmsg+0x158/0x2a0
[  875.085742][T16158]  ? __pfx____sys_sendmsg+0x10/0x10
[  875.085771][T16158]  ? rcu_read_lock_any_held+0xb3/0x120
[  875.085804][T16158]  ? sb_end_write+0xe9/0x1c0
[  875.085836][T16158]  ? __pfx_vfs_write+0x10/0x10
[  875.085859][T16158]  __x64_sys_sendmsg+0x19b/0x260
[  875.085882][T16158]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  875.085909][T16158]  ? __pfx_ksys_write+0x10/0x10
[  875.085923][T16158]  ? rcu_is_watching+0x15/0xb0
[  875.085944][T16158]  ? do_syscall_64+0xbe/0x3b0
[  875.085963][T16158]  do_syscall_64+0xfa/0x3b0
[  875.085979][T16158]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.085993][T16158]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  875.086014][T16158]  ? clear_bhb_loop+0x60/0xb0
[  875.086031][T16158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.086046][T16158] RIP: 0033:0x7f8ff8b8e969
[  875.086062][T16158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  875.086075][T16158] RSP: 002b:00007f8ff69d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  875.086092][T16158] RAX: ffffffffffffffda RBX: 00007f8ff8db6160 RCX: 00007f8ff8b8e969
[  875.086104][T16158] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000008
[  875.086113][T16158] RBP: 00007f8ff69d5090 R08: 0000000000000000 R09: 0000000000000000
[  875.086123][T16158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  875.086132][T16158] R13: 0000000000000000 R14: 00007f8ff8db6160 R15: 00007f8ff8edfa28
[  875.086154][T16158]  </TASK>
[  875.325022][T14797] usb 4-1: Using ep0 maxpacket: 16
[  875.347409][T14797] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  875.361860][T14797] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  875.397327][T14797] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  875.406892][T14797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.415076][T14797] usb 4-1: Product: syz
[  875.420188][T14797] usb 4-1: Manufacturer: syz
[  875.424848][T14797] usb 4-1: SerialNumber: syz
[  875.432215][T14797] usb 4-1: config 0 descriptor??
[  875.437752][T16162] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  875.478056][T14797] hub 4-1:0.0: bad descriptor, ignoring hub
[  875.484578][T14797] hub 4-1:0.0: probe with driver hub failed with error -5
[  875.498034][T14797] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input82
[  875.639297][T12775] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  875.763768][T16176] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2559'.
[  875.789784][T16176] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2559'.
[  875.799379][T12775] usb 2-1: Using ep0 maxpacket: 32
[  875.807375][T12775] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  875.823190][T12775] usb 2-1: config 0 has no interfaces?
[  875.843324][T12775] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  875.917251][T12775] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  875.964149][T12775] usb 2-1: config 0 descriptor??
[  877.231193][T14797] usb 5-1: USB disconnect, device number 45
[  877.432302][T16185] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2566'.
[  877.530732][T16187] syzkaller1: entered promiscuous mode
[  877.536289][T16187] syzkaller1: entered allmulticast mode
[  877.558657][T16187] 8021q: adding VLAN 0 to HW filter on device batadv3
[  877.567536][T16187] team0: Port device batadv3 added
[  877.725684][T12775] usb 4-1: USB disconnect, device number 58
[  877.989721][T16194] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2568'.
[  878.403434][T14797] usb 2-1: USB disconnect, device number 52
[  879.469263][  T977] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  879.569182][ T5886] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[  879.599146][  T977] usb 4-1: device descriptor read/64, error -71
[  879.723339][T16219] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 16219 comm: syz.7.2576)
[  879.773510][   T30] audit: type=1800 audit(1748583172.857:6303): pid=16219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2576" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=65512 res=0 errno=0
[  879.815460][ T5886] usb 2-1: config 0 has an invalid interface number: 205 but max is 0
[  879.833870][ T5886] usb 2-1: config 0 has no interface number 0
[  879.869244][  T977] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  879.869660][ T5886] usb 2-1: config 0 interface 205 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  880.042144][ T5886] usb 2-1: config 0 interface 205 has no altsetting 0
[  880.104906][  T977] usb 4-1: device descriptor read/64, error -71
[  880.114663][ T5886] usb 2-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a
[  880.124136][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  880.151659][ T5886] usb 2-1: Product: syz
[  880.169254][ T5886] usb 2-1: Manufacturer: syz
[  880.169600][T14797] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  880.174004][ T5886] usb 2-1: SerialNumber: syz
[  880.226216][  T977] usb usb4-port1: attempt power cycle
[  880.244690][ T5886] usb 2-1: config 0 descriptor??
[  880.301364][ T5886] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  880.318986][ T5886] dvb-usb: bulk message failed: -22 (3/0)
[  880.394207][T14797] usb 5-1: Using ep0 maxpacket: 16
[  880.407147][T14797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  880.416466][ T5886] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  880.418482][T14797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  880.500389][ T5886] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  880.513737][ T5886] usb 2-1: media controller created
[  880.551047][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  880.559121][T14797] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  880.599175][  T977] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  880.611533][T14797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.611659][ T5886] dvb-usb: bulk message failed: -22 (6/0)
[  880.646541][  T977] usb 4-1: device descriptor read/8, error -71
[  880.667667][ T5886] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  880.676880][T14797] usb 5-1: config 0 descriptor??
[  880.722076][ T5886] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input83
[  880.765680][ T5886] dvb-usb: schedule remote query interval to 150 msecs.
[  880.877918][T11391] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  880.942675][ T5886] dvb-usb: bulk message failed: -22 (3/0)
[  880.959144][  T977] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  880.994185][  T977] usb 4-1: device descriptor read/8, error -71
[  881.105166][T14797] kye 0003:0458:5016.0022: control desc unexpectedly large
[  881.113036][  T977] usb usb4-port1: unable to enumerate USB device
[  881.143551][   T43] dvb-usb: bulk message failed: -22 (1/0)
[  881.149322][T14797] kye 0003:0458:5016.0022: control desc unexpectedly large
[  881.154318][T14797] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0022/input/input84
[  881.187174][ T5886] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  881.209609][   T43] dvb-usb: error while querying for an remote control event.
[  881.258911][ T5886] usb 2-1: USB disconnect, device number 53
[  881.455957][T14797] kye 0003:0458:5016.0022: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0
[  881.474943][ T5886] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  881.606349][T14797] usb 5-1: USB disconnect, device number 46
[  881.910360][T16241] fido_id[16241]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  882.166852][T16209] ALSA: mixer_oss: invalid index 40000
[  882.731527][T16264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2584'.
[  884.446249][T16285] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  884.599269][ T5886] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  884.618589][T16294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2594'.
[  884.766389][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  884.783633][ T5886] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  884.808548][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.833602][ T5886] usb 2-1: config 0 descriptor??
[  884.851744][ T5886] gspca_main: nw80x-2.14.0 probing 055f:d001
[  885.290440][ T5886] gspca_nw80x: reg_w err -71
[  885.305386][ T5886] nw80x 2-1:0.0: probe with driver nw80x failed with error -71
[  885.409592][T14797] usb 4-1: new low-speed USB device number 63 using dummy_hcd
[  885.432485][T16323] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2599'.
[  885.543014][ T5886] usb 2-1: USB disconnect, device number 54
[  885.602417][T14797] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  885.612740][T14797] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  885.713199][T14797] usb 4-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  885.758079][T14797] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.792665][T11391] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  885.810220][T14797] usb 4-1: config 0 descriptor??
[  886.081601][T16307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2596'.
[  886.107171][T16307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2596'.
[  886.257322][T16307] netlink: 'syz.3.2596': attribute type 4 has an invalid length.
[  886.277684][T16307] netlink: 'syz.3.2596': attribute type 4 has an invalid length.
[  886.739174][  T977] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  886.899489][  T977] usb 2-1: Using ep0 maxpacket: 16
[  886.907020][  T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  886.918679][  T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  887.171609][  T977] usb 2-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  887.438100][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.950955][  T977] usb 2-1: config 0 descriptor??
[  887.998306][T14797] usb 4-1: string descriptor 0 read error: -71
[  888.048425][T16345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2606'.
[  888.130691][T14797] usb 4-1: USB disconnect, device number 63
[  888.312480][T16336] Failed to get privilege flags for destination (handle=0x2:0x8)
[  888.397062][  T977] usbhid 2-1:0.0: can't add hid device: -71
[  888.441696][  T977] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  888.542199][  T977] usb 2-1: USB disconnect, device number 55
[  889.380291][    C0] hrtimer: interrupt took 27074 ns
[  890.499135][T14797] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  890.678101][T14797] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  890.688818][T14797] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  890.706561][T14797] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  890.718698][T14797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.739982][ T5927] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  890.769488][   T43] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  890.879482][ T5927] usb 4-1: device descriptor read/64, error -71
[  890.922150][   T43] usb 5-1: Using ep0 maxpacket: 16
[  890.933823][   T43] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  890.947503][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  890.978072][   T43] usb 5-1: Product: syz
[  890.983853][   T43] usb 5-1: Manufacturer: syz
[  890.988742][   T43] usb 5-1: SerialNumber: syz
[  891.096414][   T43] r8152-cfgselector 5-1: Unknown version 0x0000
[  891.108605][   T43] r8152-cfgselector 5-1: config 0 descriptor??
[  891.159361][ T5927] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  891.299757][ T5927] usb 4-1: device descriptor read/64, error -71
[  891.416623][ T5927] usb usb4-port1: attempt power cycle
[  891.819805][ T5927] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  891.845161][T11391] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  891.865856][ T5927] usb 4-1: device descriptor read/8, error -71
[  892.139875][ T5927] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  892.170177][ T5927] usb 4-1: device descriptor read/8, error -71
[  892.279494][ T5927] usb usb4-port1: unable to enumerate USB device
[  893.286812][   T43] r8152-cfgselector 5-1: Unknown version 0x0000
[  893.334489][   T43] r8152-cfgselector 5-1: bad CDC descriptors
[  893.415195][   T43] r8152-cfgselector 5-1: USB disconnect, device number 47
[  893.607280][T16396] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2620'.
[  894.091456][  T977] usb 2-1: USB disconnect, device number 56
[  894.253718][T16401] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2621'.
[  894.784388][T11391] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  895.189335][ T5927] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  895.449417][ T5927] usb 5-1: Using ep0 maxpacket: 16
[  895.456975][ T5927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  895.484451][ T5927] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  895.531416][ T5927] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  895.546594][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.571468][ T5927] usb 5-1: Product: syz
[  895.598563][ T5927] usb 5-1: Manufacturer: syz
[  895.621005][ T5927] usb 5-1: SerialNumber: syz
[  895.648563][ T5927] usb 5-1: config 0 descriptor??
[  895.670016][T16412] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  895.681779][ T5927] hub 5-1:0.0: bad descriptor, ignoring hub
[  895.737191][ T5927] hub 5-1:0.0: probe with driver hub failed with error -5
[  895.785041][ T5927] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input86
[  896.010853][T16420] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2624'.
[  896.123973][T16420] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2624'.
[  897.082382][   T30] audit: type=1326 audit(1748583190.197:6304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  897.174647][   T30] audit: type=1326 audit(1748583190.197:6305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  897.193722][T16431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2631'.
[  897.417227][T16436] batadv_slave_0: entered promiscuous mode
[  897.487112][   T30] audit: type=1326 audit(1748583190.197:6306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  897.538153][T16436] batadv_slave_0: left promiscuous mode
[  897.634854][   T30] audit: type=1326 audit(1748583190.197:6307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.088189][T16449] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  898.094723][T16449] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  898.110884][T16449] vhci_hcd vhci_hcd.0: Device attached
[  898.130713][T16452] vhci_hcd vhci_hcd.0: port 0 already used
[  898.240163][   T30] audit: type=1326 audit(1748583191.347:6308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.359558][   T30] audit: type=1326 audit(1748583191.347:6309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.379952][ T5927] usb 34-1: SetAddress Request (2) to port 0
[  898.382456][  T977] usb 5-1: USB disconnect, device number 48
[  898.388838][ T5927] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd
[  898.564277][   T30] audit: type=1326 audit(1748583191.667:6310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.669176][   T30] audit: type=1326 audit(1748583191.677:6311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.759173][   T30] audit: type=1326 audit(1748583191.677:6312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16426 comm="syz.3.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8dd8e969 code=0x7ffc0000
[  898.789511][T12775] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  898.919269][T12775] usb 4-1: device descriptor read/64, error -71
[  898.949133][T16465] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2637'.
[  899.169520][T12775] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  899.441715][T12775] usb 4-1: device descriptor read/64, error -71
[  899.561932][T12775] usb usb4-port1: attempt power cycle
[  900.089586][T12775] usb usb4-port1: Cannot enable. Maybe the USB cable is bad?
[  900.249169][T12775] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  900.316846][T12775] usb 4-1: Using ep0 maxpacket: 16
[  900.406922][T12775] usb 4-1: config 1 has an invalid interface number: 135 but max is 0
[  900.440588][T12775] usb 4-1: config 1 has an invalid interface descriptor of length 4, skipping
[  900.630651][T12775] usb 4-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[  900.641325][T12775] usb 4-1: config 1 has no interface number 0
[  900.650008][T12775] usb 4-1: config 1 interface 135 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  900.663433][T12775] usb 4-1: config 1 interface 135 has no altsetting 0
[  900.675195][T12775] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.40
[  900.686970][T12775] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  900.697324][T12775] usb 4-1: Product: К
[  900.726107][T12775] usb 4-1: Manufacturer: ꄪ믌逑黜ᐹ肷땔᪰宒໭㤋쉺㞱ꇺ噊낓쑊፷梴ḗ苆쒶踪蛿欃޿
[  900.810764][T12775] usb 4-1: SerialNumber: ੲ쯸歞
[  901.132629][T16476] macsec1: entered allmulticast mode
[  901.167846][T16476] ip6gretap0: entered allmulticast mode
[  901.270307][T16487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2643'.
[  901.403587][T12775] usb 4-1: USB disconnect, device number 71
[  901.859174][T12775] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  902.026436][ T5884] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  902.039655][T12775] usb 2-1: Using ep0 maxpacket: 32
[  902.047881][T12775] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  902.062824][T16450] vhci_hcd: connection reset by peer
[  902.068768][T12775] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.077281][T15931] vhci_hcd: stop threads
[  902.077313][T15931] vhci_hcd: release socket
[  902.077364][T15931] vhci_hcd: disconnect device
[  902.102979][T12775] usb 2-1: config 0 descriptor??
[  902.159412][ T5884] usb 5-1: device descriptor read/64, error -71
[  902.169117][T12775] gspca_main: sunplus-2.14.0 probing 041e:400b
[  902.409167][ T5884] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  902.419789][T16503] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2649'.
[  902.465141][T16503] openvswitch: netlink: Flow key attr not present in new flow.
[  902.518748][T16489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  902.540004][ T5884] usb 5-1: device descriptor read/64, error -71
[  902.670355][ T5884] usb usb5-port1: attempt power cycle
[  902.828104][T12775] gspca_sunplus: reg_w_riv err -110
[  902.838241][T12775] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[  903.009178][ T5884] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  903.030883][ T5884] usb 5-1: device descriptor read/8, error -71
[  903.210388][T12775] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  903.269631][ T5884] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  903.293281][ T5884] usb 5-1: device descriptor read/8, error -71
[  903.359303][T12775] usb 4-1: Using ep0 maxpacket: 8
[  903.385773][T12775] usb 4-1: unable to get BOS descriptor or descriptor too short
[  903.399305][T12775] usb 4-1: no configurations
[  903.403966][T12775] usb 4-1: can't read configurations, error -22
[  903.411202][ T5884] usb usb5-port1: unable to enumerate USB device
[  903.499567][ T5927] usb 34-1: device descriptor read/8, error -110
[  903.917762][ T5927] usb usb34-port1: attempt power cycle
[  904.269317][T12775] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[  904.451330][T12775] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  904.461013][T12775] usb 4-1: config 0 has no interface number 0
[  904.467672][T12775] usb 4-1: config 0 interface 29 has no altsetting 0
[  904.482129][T12775] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  904.491781][T12775] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.500280][T12775] usb 4-1: Product: syz
[  904.504604][T12775] usb 4-1: Manufacturer: syz
[  904.509767][T12775] usb 4-1: SerialNumber: syz
[  904.517328][T12775] usb 4-1: config 0 descriptor??
[  904.525305][ T5927] usb usb34-port1: unable to enumerate USB device
[  904.663164][ T5927] usb 2-1: USB disconnect, device number 57
[  904.738945][T12775] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v65 fw v224.204.25 (2 channels)
[  904.949224][T12775] peak_usb 4-1:0.29 can0: unable to request usb[type=2 value=5] err=-71
[  905.015073][T16522] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2653'.
[  905.076650][T12775] peak_usb 4-1:0.29: unable to tell PCAN-USB X6 driver is loaded (err -71)
[  905.166981][T16520] netlink: 'syz.1.2655': attribute type 12 has an invalid length.
[  905.176738][T12775] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -71
[  905.177100][T16520] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2655'.
[  905.192115][T12775] usb 4-1: USB disconnect, device number 73
[  905.402275][T16524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2656'.
[  905.723701][T16527] netlink: 'syz.1.2658': attribute type 1 has an invalid length.
[  905.851125][T16527] 8021q: adding VLAN 0 to HW filter on device bond2
[  905.870119][T16531] vlan2: entered allmulticast mode
[  906.110449][T16539] netlink: 'syz.3.2660': attribute type 5 has an invalid length.
[  906.502157][ T5883] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[  906.708692][ T5883] usb 2-1: device descriptor read/64, error -71
[  906.984353][ T5883] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  907.189226][ T5883] usb 2-1: device descriptor read/64, error -71
[  907.312295][ T5883] usb usb2-port1: attempt power cycle
[  907.332664][T16556] netlink: 'syz.4.2666': attribute type 10 has an invalid length.
[  907.366635][T16556] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2666'.
[  907.699141][ T5883] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  907.730184][ T5883] usb 2-1: device descriptor read/8, error -71
[  907.973578][ T5883] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[  907.979315][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  907.999921][ T5883] usb 2-1: device descriptor read/8, error -71
[  908.120069][ T5883] usb usb2-port1: unable to enumerate USB device
[  908.719299][T12775] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  908.879357][T12775] usb 4-1: Using ep0 maxpacket: 32
[  908.898199][T12775] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  908.925889][T12775] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  908.937597][T12775] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  908.947283][T12775] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.969664][T12775] usb 4-1: config 0 descriptor??
[  908.987573][T12775] hub 4-1:0.0: USB hub found
[  909.120747][T16586] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2675'.
[  909.290572][T12775] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  909.512540][T12775] hid-generic 0003:046D:C31C.0023: item fetching failed at offset 0/1
[  909.528635][T12775] hid-generic 0003:046D:C31C.0023: probe with driver hid-generic failed with error -22
[  909.679482][T14797] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  909.829691][T14797] usb 2-1: Using ep0 maxpacket: 8
[  909.847296][T12775] usb 4-1: USB disconnect, device number 74
[  909.854933][T14797] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[  909.869409][T14797] usb 2-1: config 2 has no interface number 0
[  910.023724][T14797] usb 2-1: config 2 interface 31 has no altsetting 0
[  910.054151][T14797] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  910.083081][T14797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.141270][T14797] usb 2-1: Product: syz
[  910.146215][T14797] usb 2-1: Manufacturer: syz
[  910.159819][T14797] usb 2-1: SerialNumber: syz
[  910.689988][T14797] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22
[  910.760869][T14797] usb 2-1: USB disconnect, device number 62
[  911.447426][T16620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  911.630053][T16620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  911.689160][T12775] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  912.245930][T16628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2687'.
[  912.277659][T16628] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2687'.
[  912.318474][T16628] netlink: 'syz.4.2687': attribute type 14 has an invalid length.
[  912.867102][T16642] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2690'.
[  913.380547][T16649] netlink: 48 bytes leftover after parsing attributes in process `syz.7.2693'.
[  915.053497][T16672] delete_channel: no stack
[  916.713202][T16704] pimreg3: entered allmulticast mode
[  916.751910][T16706] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2708'.
[  917.850539][ T5884] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  918.162721][ T5884] usb 2-1: config 0 has no interfaces?
[  918.301127][T16732] binder: BINDER_SET_CONTEXT_MGR already set
[  918.341099][ T5884] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  918.350677][T16732] binder: 16731:16732 ioctl 4018620d 200000000040 returned -16
[  918.369114][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  918.418151][ T5884] usb 2-1: Product: syz
[  918.472882][ T5884] usb 2-1: Manufacturer: syz
[  918.487861][ T5884] usb 2-1: SerialNumber: syz
[  918.547807][ T5884] usb 2-1: config 0 descriptor??
[  919.114137][T16748] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2722'.
[  919.129764][  T977] usb 5-1: new full-speed USB device number 54 using dummy_hcd
[  919.291895][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  919.302350][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  919.343234][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  919.358494][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  919.412871][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  919.437946][  T977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  919.470521][  T977] usb 5-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[  919.480520][  T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.497265][  T977] usb 5-1: Product: syz
[  919.508028][  T977] usb 5-1: Manufacturer: syz
[  919.518879][  T977] usb 5-1: SerialNumber: syz
[  919.542637][  T977] usb 5-1: config 0 descriptor??
[  919.564241][  T977] ti_usb_3410_5052 5-1:0.0: TI USB 5052 2 port adapter converter detected
[  919.583447][  T977] ti_usb_3410_5052 5-1:0.0: missing endpoints
[  919.644520][T16753] openvswitch: netlink: Tunnel attr 0 has unexpected len 16 expected 8
[  919.733351][T16757] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2725'.
[  919.804598][T16760] sctp: [Deprecated]: syz.3.2725 (pid 16760) Use of struct sctp_assoc_value in delayed_ack socket option.
[  919.804598][T16760] Use struct sctp_sack_info instead
[  919.938989][ T5884] usb 5-1: USB disconnect, device number 54
[  920.101680][  T977] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  920.261015][  T977] usb 4-1: config 1 descriptor has 1 excess byte, ignoring
[  920.268377][  T977] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 56, changing to 9
[  920.279673][  T977] usb 4-1: config 1 interface 1 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  920.290701][  T977] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  920.306311][  T977] usb 4-1: New USB device found, idVendor=7d25, idProduct=3f11, bcdDevice= 0.6e
[  920.315928][  T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  920.324096][  T977] usb 4-1: Product: syz
[  920.328501][  T977] usb 4-1: Manufacturer: syz
[  920.333273][  T977] usb 4-1: SerialNumber: syz
[  920.350926][  T977] cdc_ncm 4-1:1.0: skipping garbage
[  920.356220][  T977] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[  920.363980][  T977] cdc_ncm 4-1:1.0: bind() failure
[  920.374369][  T977] cdc_ncm 4-1:1.1: skipping garbage
[  920.379784][  T977] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  920.386587][  T977] cdc_ncm 4-1:1.1: bind() failure
[  920.564173][  T977] usb 4-1: USB disconnect, device number 75
[  920.701021][ T5884] usb 2-1: USB disconnect, device number 63
[  922.309351][T16796] xt_l2tp: missing protocol rule (udp|l2tpip)
[  922.389667][   T43] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  922.611687][   T43] usb 5-1: Using ep0 maxpacket: 16
[  922.761638][   T43] usb 5-1: config 1 interface 0 altsetting 100 bulk endpoint 0x1 has invalid maxpacket 1023
[  922.936280][   T43] usb 5-1: config 1 interface 0 has no altsetting 0
[  922.972772][   T43] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  922.982449][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  923.002611][   T43] usb 5-1: SerialNumber: syz
[  923.035785][T16791] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  924.720400][T16816] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2743'.
[  924.940979][T16829] FAULT_INJECTION: forcing a failure.
[  924.940979][T16829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  924.968902][T16829] CPU: 1 UID: 0 PID: 16829 Comm: syz.3.2746 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
[  924.968929][T16829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  924.968943][T16829] Call Trace:
[  924.968951][T16829]  <TASK>
[  924.968960][T16829]  dump_stack_lvl+0x189/0x250
[  924.968992][T16829]  ? __pfx____ratelimit+0x10/0x10
[  924.969011][T16829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  924.969035][T16829]  ? __pfx__printk+0x10/0x10
[  924.969052][T16829]  ? __might_fault+0xb0/0x130
[  924.969081][T16829]  should_fail_ex+0x414/0x560
[  924.969105][T16829]  _copy_from_iter+0x1db/0x16f0
[  924.969131][T16829]  ? rcu_is_watching+0x15/0xb0
[  924.969152][T16829]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  924.969175][T16829]  ? __pfx__copy_from_iter+0x10/0x10
[  924.969199][T16829]  ? __build_skb_around+0x257/0x3e0
[  924.969226][T16829]  ? netlink_sendmsg+0x642/0xb30
[  924.969249][T16829]  ? skb_put+0x11b/0x210
[  924.969275][T16829]  netlink_sendmsg+0x6b2/0xb30
[  924.969307][T16829]  ? __pfx_netlink_sendmsg+0x10/0x10
[  924.969340][T16829]  ? __pfx_netlink_sendmsg+0x10/0x10
[  924.969364][T16829]  __sock_sendmsg+0x21c/0x270
[  924.969387][T16829]  ____sys_sendmsg+0x505/0x830
[  924.969418][T16829]  ? __pfx_____sys_sendmsg+0x10/0x10
[  924.969451][T16829]  ? import_iovec+0x74/0xa0
[  924.969479][T16829]  ___sys_sendmsg+0x21f/0x2a0
[  924.969505][T16829]  ? __pfx____sys_sendmsg+0x10/0x10
[  924.969565][T16829]  ? __fget_files+0x2a/0x420
[  924.969587][T16829]  ? __fget_files+0x3a0/0x420
[  924.969619][T16829]  __x64_sys_sendmsg+0x19b/0x260
[  924.969646][T16829]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  924.969679][T16829]  ? __pfx_ksys_write+0x10/0x10
[  924.969697][T16829]  ? rcu_is_watching+0x15/0xb0
[  924.969723][T16829]  ? do_syscall_64+0xbe/0x3b0
[  924.969753][T16829]  do_syscall_64+0xfa/0x3b0
[  924.969771][T16829]  ? lockdep_hardirqs_on+0x9c/0x150
[  924.969790][T16829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.969809][T16829]  ? clear_bhb_loop+0x60/0xb0
[  924.969831][T16829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.969848][T16829] RIP: 0033:0x7f2e8dd8e969
[  924.969866][T16829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  924.969882][T16829] RSP: 002b:00007f2e8ec04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  924.969903][T16829] RAX: ffffffffffffffda RBX: 00007f2e8dfb5fa0 RCX: 00007f2e8dd8e969
[  924.969918][T16829] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006
[  924.969930][T16829] RBP: 00007f2e8ec04090 R08: 0000000000000000 R09: 0000000000000000
[  924.969942][T16829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  924.969953][T16829] R13: 0000000000000000 R14: 00007f2e8dfb5fa0 R15: 00007f2e8e0dfa28
[  924.969982][T16829]  </TASK>
[  925.241505][    C1] vkms_vblank_simulate: vblank timer overrun
[  925.674786][   T43] usb 5-1: USB disconnect, device number 55
[  926.130220][T16837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2748'.
[  926.326567][T16843] netlink: 676 bytes leftover after parsing attributes in process `syz.1.2748'.
[  926.339222][T16843] netlink: 676 bytes leftover after parsing attributes in process `syz.1.2748'.
[  926.871826][T16852] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  928.057374][T16848] syz.1.2753: vmalloc error: size 25165824, failed to allocated page array size 49152, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  928.102653][T16848] CPU: 0 UID: 0 PID: 16848 Comm: syz.1.2753 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
[  928.102679][T16848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  928.102690][T16848] Call Trace:
[  928.102698][T16848]  <TASK>
[  928.102707][T16848]  dump_stack_lvl+0x189/0x250
[  928.102743][T16848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  928.102770][T16848]  ? __pfx__printk+0x10/0x10
[  928.102791][T16848]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  928.102817][T16848]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  928.102845][T16848]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  928.102873][T16848]  warn_alloc+0x214/0x310
[  928.102905][T16848]  ? __pfx_warn_alloc+0x10/0x10
[  928.102940][T16848]  ? __get_vm_area_node+0x28f/0x300
[  928.102965][T16848]  ? vb2_vmalloc_alloc+0xef/0x340
[  928.102993][T16848]  __vmalloc_node_range_noprof+0x67e/0x1340
[  928.103045][T16848]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  928.103074][T16848]  ? __kasan_kmalloc+0x93/0xb0
[  928.103100][T16848]  vmalloc_user_noprof+0xad/0xf0
[  928.103125][T16848]  ? vb2_vmalloc_alloc+0xef/0x340
[  928.103150][T16848]  vb2_vmalloc_alloc+0xef/0x340
[  928.103173][T16848]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  928.103197][T16848]  __vb2_queue_alloc+0x9c2/0x15a0
[  928.103244][T16848]  vb2_core_reqbufs+0xc31/0x1420
[  928.103265][T16848]  ? __pfx___mutex_trylock_common+0x10/0x10
[  928.103308][T16848]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  928.103342][T16848]  ? vb2_verify_memory_type+0x1fc/0x570
[  928.103367][T16848]  vb2_ioctl_reqbufs+0x4c0/0x830
[  928.103404][T16848]  __video_do_ioctl+0xc9b/0xdb0
[  928.103440][T16848]  ? __pfx___video_do_ioctl+0x10/0x10
[  928.103485][T16848]  video_usercopy+0x86e/0x14f0
[  928.103520][T16848]  ? __pfx___video_do_ioctl+0x10/0x10
[  928.103544][T16848]  ? __pfx_video_usercopy+0x10/0x10
[  928.103579][T16848]  ? __fget_files+0x2a/0x420
[  928.103606][T16848]  ? __fget_files+0x2a/0x420
[  928.103626][T16848]  ? __fget_files+0x3a0/0x420
[  928.103653][T16848]  v4l2_ioctl+0x18a/0x1e0
[  928.103681][T16848]  ? __pfx_v4l2_ioctl+0x10/0x10
[  928.103705][T16848]  __se_sys_ioctl+0xf9/0x170
[  928.103727][T16848]  do_syscall_64+0xfa/0x3b0
[  928.103748][T16848]  ? lockdep_hardirqs_on+0x9c/0x150
[  928.103767][T16848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.103786][T16848]  ? clear_bhb_loop+0x60/0xb0
[  928.103809][T16848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.103826][T16848] RIP: 0033:0x7facb138e969
[  928.103843][T16848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  928.103859][T16848] RSP: 002b:00007facb2195038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  928.103880][T16848] RAX: ffffffffffffffda RBX: 00007facb15b5fa0 RCX: 00007facb138e969
[  928.103893][T16848] RDX: 0000200000000040 RSI: 00000000c0145608 RDI: 0000000000000009
[  928.103906][T16848] RBP: 00007facb1410ab1 R08: 0000000000000000 R09: 0000000000000000
[  928.103917][T16848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  928.103928][T16848] R13: 0000000000000000 R14: 00007facb15b5fa0 R15: 00007facb16dfa28
[  928.103958][T16848]  </TASK>
[  928.104047][T16848] Mem-Info:
[  928.449142][T16848] active_anon:18494 inactive_anon:1 isolated_anon:0
[  928.449142][T16848]  active_file:19628 inactive_file:40267 isolated_file:0
[  928.449142][T16848]  unevictable:768 dirty:156 writeback:0
[  928.449142][T16848]  slab_reclaimable:10117 slab_unreclaimable:128690
[  928.449142][T16848]  mapped:33886 shmem:11638 pagetables:1482
[  928.449142][T16848]  sec_pagetables:7 bounce:0
[  928.449142][T16848]  kernel_misc_reclaimable:0
[  928.449142][T16848]  free:1256759 free_pcp:1309 free_cma:0
[  928.494631][    C1] vkms_vblank_simulate: vblank timer overrun
[  928.760392][T16848] Node 0 active_anon:73976kB inactive_anon:4kB active_file:78392kB inactive_file:160868kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135480kB dirty:624kB writeback:0kB shmem:45016kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:12596kB pagetables:5928kB sec_pagetables:28kB all_unreclaimable? no Balloon:0kB
[  928.918009][T16848] Node 1 active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  928.971529][T16863] x_tables: duplicate underflow at hook 1
[  929.021181][T16848] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  929.064148][T16848] lowmem_reserve[]: 0 2501 2503 2503 2503
[  929.079009][T16848] Node 0 DMA32 free:1112356kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:57788kB inactive_anon:4kB active_file:78392kB inactive_file:159036kB unevictable:1536kB writepending:740kB present:3129332kB managed:2561236kB mlocked:0kB bounce:0kB free_pcp:2744kB local_pcp:2728kB free_cma:0kB
[  929.158819][T16848] lowmem_reserve[]: 0 0 1 1 1
[  929.198713][T16848] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1832kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  929.298381][T16848] lowmem_reserve[]: 0 0 0 0 0
[  929.322090][T16848] Node 1 Normal free:3917364kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  929.398070][T16848] lowmem_reserve[]: 0 0 0 0 0
[  929.431012][T16848] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  929.488190][T16848] Node 0 DMA32: 254*4kB (UME) 580*8kB (UME) 512*16kB (ME) 449*32kB (UME) 259*64kB (UME) 67*128kB (UME) 22*256kB (UME) 6*512kB (UME) 2*1024kB (ME) 3*2048kB (UM) 256*4096kB (UM) = 1118840kB
[  930.143439][T16848] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  930.176762][T16848] Node 1 Normal: 201*4kB (UME) 56*8kB (UME) 47*16kB (UME) 217*32kB (UME) 103*64kB (UE) 33*128kB (UME) 19*256kB (UME) 5*512kB (UM) 3*1024kB (UME) 4*2048kB (UME) 947*4096kB (M) = 3917364kB
[  930.196053][T16848] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  930.218946][T16848] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  930.236486][T16848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  930.253094][T16848] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  930.289203][T16848] 64466 total pagecache pages
[  930.293941][T16848] 1 pages in swap cache
[  930.312846][T16848] Free swap  = 124992kB
[  930.338807][T16848] Total swap = 124996kB
[  930.346031][T16882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2760'.
[  930.357896][T16848] 2097051 pages RAM
[  930.375000][T16848] 0 pages HighMem/MovableOnly
[  930.389242][T16848] 424636 pages reserved
[  930.393664][T16848] 0 pages cma reserved
[  931.077442][T16889] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  931.664506][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  931.671040][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  932.969859][T12775] usb 4-1: new low-speed USB device number 76 using dummy_hcd
[  933.200664][T12775] usb 4-1: device descriptor read/64, error -71
[  933.490562][T12775] usb 4-1: new low-speed USB device number 77 using dummy_hcd
[  933.670743][T12775] usb 4-1: device descriptor read/64, error -71
[  933.785193][T16939] fuse: Unknown parameter '��0xffffffffffffffff'
[  933.830198][T12775] usb usb4-port1: attempt power cycle
[  934.189486][T12775] usb 4-1: new low-speed USB device number 78 using dummy_hcd
[  934.220597][T12775] usb 4-1: device descriptor read/8, error -71
[  934.459851][T12775] usb 4-1: new low-speed USB device number 79 using dummy_hcd
[  934.509993][T12775] usb 4-1: device descriptor read/8, error -71
[  934.630829][T12775] usb usb4-port1: unable to enumerate USB device
[  935.041549][T16960] netlink: 'syz.7.2771': attribute type 13 has an invalid length.
[  935.100468][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  935.125713][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  935.137112][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  935.151628][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  935.166667][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  936.444579][T16964] chnl_net:caif_netlink_parms(): no params data found
[  937.275710][T17026] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  937.284780][ T5832] Bluetooth: hci0: command tx timeout
[  937.363223][   T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  937.470027][   T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  938.054614][T16964] bridge0: port 1(bridge_slave_0) entered blocking state
[  938.102503][T16964] bridge0: port 1(bridge_slave_0) entered disabled state
[  938.130841][T16964] bridge_slave_0: entered allmulticast mode
[  938.173718][T16964] bridge_slave_0: entered promiscuous mode
[  938.330064][   T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.368647][   T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  938.423234][T16964] bridge0: port 2(bridge_slave_1) entered blocking state
[  938.446304][T16964] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.459220][T14797] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  938.496250][T16964] bridge_slave_1: entered allmulticast mode
[  938.535804][T16964] bridge_slave_1: entered promiscuous mode
[  938.656972][   T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.680247][   T30] audit: type=1326 audit(1748583231.797:6313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.682320][   T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  938.729149][   T30] audit: type=1326 audit(1748583231.797:6314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.775988][   T30] audit: type=1326 audit(1748583231.797:6315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.816402][T16964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  938.833910][   T30] audit: type=1326 audit(1748583231.797:6316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.870382][   T30] audit: type=1326 audit(1748583231.797:6317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.915115][   T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  938.933301][   T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  938.952035][   T30] audit: type=1326 audit(1748583231.827:6318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  938.990553][T16964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  939.006498][   T30] audit: type=1326 audit(1748583231.827:6319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  939.042613][   T30] audit: type=1326 audit(1748583231.827:6320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  939.066760][   T30] audit: type=1326 audit(1748583231.827:6321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  939.135614][T14797] usb 4-1: unable to get BOS descriptor or descriptor too short
[  939.144244][T14797] usb 4-1: no configurations
[  939.149695][T14797] usb 4-1: can't read configurations, error -22
[  939.172703][T16964] team0: Port device team_slave_0 added
[  939.204536][T16964] team0: Port device team_slave_1 added
[  939.263229][T16964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  939.271391][T16964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  939.299378][T16964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  939.323905][T16964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  939.331343][T16964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  939.358735][T16964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  939.359485][ T5832] Bluetooth: hci0: command tx timeout
[  939.469594][   T30] audit: type=1326 audit(1748583232.567:6322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17046 comm="syz.0.2783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68ddd8e969 code=0x7ffc0000
[  939.524599][   T49] bridge_slave_1: left allmulticast mode
[  939.552870][   T49] bridge_slave_1: left promiscuous mode
[  939.563916][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  939.592366][   T49] bridge_slave_0: left allmulticast mode
[  939.598063][   T49] bridge_slave_0: left promiscuous mode
[  939.624220][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  940.030320][   T43] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  940.201882][   T43] usb 2-1: config 0 has no interfaces?
[  940.212153][   T43] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  940.257454][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  940.272667][   T43] usb 2-1: Product: syz
[  940.285687][   T43] usb 2-1: Manufacturer: syz
[  940.302064][   T43] usb 2-1: SerialNumber: syz
[  940.311561][   T43] usb 2-1: config 0 descriptor??
[  941.193509][   T49] team0: Port device geneve0 removed
[  941.420064][ T5832] Bluetooth: hci0: command tx timeout
[  941.490737][T17098] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  941.974381][   T49] batman_adv: batadv0: Removing interface: macvlan2
[  942.009963][   T49] bond0 (unregistering): (slave 
5
@�): Releasing backup interface
[  942.044459][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  942.080492][   T49] bond0 (unregistering): Released all slaves
[  942.454120][   T49] bond1 (unregistering): (slave veth3): Releasing backup interface
[  942.467036][   T49] veth3: left promiscuous mode
[  942.475767][   T49] bond1 (unregistering): Released all slaves
[  942.584061][T16964] hsr_slave_0: entered promiscuous mode
[  942.601813][T16964] hsr_slave_1: entered promiscuous mode
[  942.625252][T16964] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  942.646851][ T5892] usb 2-1: USB disconnect, device number 64
[  942.652959][T16964] Cannot create hsr debugfs directory
[  943.499349][ T5832] Bluetooth: hci0: command tx timeout
[  944.055558][T16964] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  944.125206][T16964] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  944.171881][   T49] tipc: Disabling bearer <udp:syz2>
[  944.177430][   T49] tipc: Left network mode
[  944.182953][T16964] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  944.256320][T16964] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  945.337763][T16964] 8021q: adding VLAN 0 to HW filter on device bond0
[  945.468704][T17154] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2799'.
[  945.590176][T16964] 8021q: adding VLAN 0 to HW filter on device team0
[  945.623737][T14670] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.630893][T14670] bridge0: port 1(bridge_slave_0) entered forwarding state
[  945.804288][T14670] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.811524][T14670] bridge0: port 2(bridge_slave_1) entered forwarding state
[  945.843307][T17157] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2800'.
[  945.902189][T17157] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2800'.
[  946.221949][T17167] netlink: 'syz.7.2801': attribute type 10 has an invalid length.
[  946.275013][T17171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2802'.
[  946.310632][T17167] team0: Port device dummy0 added
[  946.601955][  T977] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  946.771096][  T977] usb 2-1: Using ep0 maxpacket: 8
[  946.791623][  T977] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  946.806382][  T977] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping
[  946.828146][  T977] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  946.859933][T17177] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2803'.
[  946.895815][  T977] usb 2-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e
[  946.926098][  T977] usb 2-1: New USB device strings: Mfr=0, Product=4, SerialNumber=0
[  946.952828][T17177] 
: renamed from bond0
[  946.954395][  T977] usb 2-1: Product: syz
[  947.043894][  T977] usb 2-1: config 0 descriptor??
[  947.113575][T16964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  947.121566][  T977] usb 2-1: bad CDC descriptors
[  947.126671][  T977] cdc_acm 2-1:0.0: Zero length descriptor references
[  947.215482][  T977] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  947.330790][T14797] usb 2-1: USB disconnect, device number 65
[  947.543303][T16964] veth0_vlan: entered promiscuous mode
[  947.564200][T16964] veth1_vlan: entered promiscuous mode
[  947.633894][T16964] veth0_macvtap: entered promiscuous mode
[  947.662300][T16964] veth1_macvtap: entered promiscuous mode
[  947.804871][T16964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  947.857929][T16964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  947.875217][T16964] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  947.884509][T16964] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  947.895633][T16964] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  947.907142][T16964] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  948.050214][   T43] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  948.194669][ T5832] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  948.202507][   T43] usb 4-1: device descriptor read/64, error -71
[  948.402325][T15932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  948.455128][T15932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.506925][   T49] hsr_slave_0: left promiscuous mode
[  948.510157][   T43] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  948.520775][ T5884] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  948.520958][   T49] hsr_slave_1: left promiscuous mode
[  948.566571][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  948.604692][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  948.620195][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  948.637316][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  948.645887][   T49] batman_adv: batadv0: Removing interface: virt_wifi0
[  948.711732][   T49] veth1_macvtap: left promiscuous mode
[  948.719340][   T43] usb 4-1: device descriptor read/64, error -71
[  948.725873][ T5884] usb 2-1: Using ep0 maxpacket: 16
[  948.761946][   T49] veth0_macvtap: left promiscuous mode
[  948.779721][   T49] veth1_vlan: left promiscuous mode
[  948.790317][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024
[  948.810327][ T5884] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  948.857330][   T43] usb usb4-port1: attempt power cycle
[  948.890042][ T5884] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  948.900430][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.908446][ T5884] usb 2-1: Product: syz
[  948.913683][ T5884] usb 2-1: Manufacturer: syz
[  948.918334][ T5884] usb 2-1: SerialNumber: syz
[  948.956431][ T5884] usb 2-1: config 0 descriptor??
[  948.990428][T17200] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  949.000024][ T5884] hub 2-1:0.0: bad descriptor, ignoring hub
[  949.005986][ T5884] hub 2-1:0.0: probe with driver hub failed with error -5
[  949.018535][ T5884] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input87
[  949.088734][   T49] team0 (unregistering): Port device batadv3 removed
[  949.309159][   T43] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  949.341352][   T43] usb 4-1: device descriptor read/8, error -71
[  949.343105][   T49] team0 (unregistering): Port device batadv2 removed
[  949.356234][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  949.479862][T17200] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2807'.
[  949.579350][   T43] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  949.620162][   T49] team0 (unregistering): Port device batadv1 removed
[  949.627276][   T43] usb 4-1: device descriptor read/8, error -71
[  949.726523][T17205] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2807'.
[  949.753352][   T43] usb usb4-port1: unable to enumerate USB device
[  949.761395][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  951.059903][T17216] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2812'.
[  951.070492][   T49] team0 (unregistering): Port device team_slave_1 removed
[  951.138447][   T49] team0 (unregistering): Port device team_slave_0 removed
[  952.306677][T14670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  952.345572][T14670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  952.468308][T17229] xt_l2tp: missing protocol rule (udp|l2tpip)
[  952.509965][ T5895] usb 2-1: USB disconnect, device number 66
[  952.986041][ T5895] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  953.041278][   T49] IPVS: stop unused estimator thread 0...
[  953.159313][ T5895] usb 2-1: Using ep0 maxpacket: 16
[  953.222490][ T5895] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=dd.d4
[  953.277030][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.335490][ T5895] usb 2-1: Product: syz
[  953.361792][ T5895] usb 2-1: Manufacturer: syz
[  953.366544][ T5895] usb 2-1: SerialNumber: syz
[  953.405918][ T5895] usb 2-1: config 0 descriptor??
[  953.441003][ T5895] usb_ehset_test 2-1:0.0: probe with driver usb_ehset_test failed with error -32
[  953.560061][T17252] netlink: 'syz.7.2821': attribute type 10 has an invalid length.
[  953.578551][T17252] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2821'.
[  953.683724][T17252] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  953.753441][T17252] team0: Failed to send options change via netlink (err -105)
[  953.775941][T17252] team0: Port device geneve0 added
[  953.801275][   T43] usb 2-1: USB disconnect, device number 67
[  953.874978][ T9087] syz_tun (unregistering): left allmulticast mode
[  953.949727][T17261] netlink: 9472 bytes leftover after parsing attributes in process `syz.7.2824'.
[  954.051869][T11391] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  954.084232][T11391] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  954.095272][T11391] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  954.102347][ T5895] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  954.129377][T11391] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  954.150815][T11391] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  954.259261][ T5895] usb 5-1: Using ep0 maxpacket: 8
[  954.266363][ T5895] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  954.282424][ T5895] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  954.320984][ T5895] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  954.336916][ T5895] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  954.388436][ T5895] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  954.450983][ T5895] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  954.496770][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  954.539456][    C1] ------------[ cut here ]------------
[  954.545864][    C1] refcount_t: addition on 0; use-after-free.
[  954.552223][    C1] WARNING: CPU: 1 PID: 0 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0
[  954.561292][    C1] Modules linked in:
[  954.565694][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
[  954.576984][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  954.587064][    C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  954.593170][    C1] Code: 00 00 e8 19 6f 00 fd 5b 41 5e e9 81 eb a6 06 cc e8 0b 6f 00 fd c6 05 e7 f2 ca 0a 01 90 48 c7 c7 00 19 e2 8b e8 57 5b c4 fc 90 <0f> 0b 90 90 eb d7 e8 eb 6e 00 fd c6 05 c8 f2 ca 0a 01 90 48 c7 c7
[  954.613261][    C1] RSP: 0018:ffffc90000a08668 EFLAGS: 00010246
[  954.619357][    C1] RAX: eff33d7ef7a8b500 RBX: 0000000000000002 RCX: ffff88801d695a00
[  954.627342][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  954.635338][    C1] RBP: ffffc90000a087e8 R08: 0000000000000003 R09: 0000000000000004
[  954.643326][    C1] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88805e5e2080
[  954.651320][    C1] R13: dffffc0000000000 R14: ffff88805e5e21ec R15: ffff8880240aac00
[  954.659298][    C1] FS:  0000000000000000(0000) GS:ffff888125d64000(0000) knlGS:0000000000000000
[  954.668236][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  954.674832][    C1] CR2: 00002000000b2030 CR3: 0000000066042000 CR4: 00000000003526f0
[  954.682822][    C1] Call Trace:
[  954.686089][    C1]  <IRQ>
[  954.688917][    C1]  tipc_crypto_xmit+0x1820/0x22c0
[  954.693962][    C1]  ? __pfx_tipc_crypto_xmit+0x10/0x10
[  954.699378][    C1]  ? skb_clone+0x246/0x3a0
[  954.703800][    C1]  ? tipc_crypto_clone_msg+0x32/0x170
[  954.709191][    C1]  tipc_crypto_clone_msg+0x90/0x170
[  954.714404][    C1]  tipc_crypto_xmit+0x1998/0x22c0
[  954.719439][    C1]  ? tipc_net+0x45/0x270
[  954.723672][    C1]  ? __pfx_tipc_crypto_xmit+0x10/0x10
[  954.729061][    C1]  ? tipc_net+0x45/0x270
[  954.733332][    C1]  tipc_bearer_xmit_skb+0x245/0x400
[  954.738518][    C1]  ? tipc_bearer_xmit_skb+0xa9/0x400
[  954.743805][    C1]  ? __pfx_tipc_bearer_xmit_skb+0x10/0x10
[  954.749545][    C1]  tipc_disc_timeout+0x580/0x6d0
[  954.754482][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  954.759952][    C1]  call_timer_fn+0x17e/0x5f0
[  954.764551][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  954.770010][    C1]  ? call_timer_fn+0xbe/0x5f0
[  954.774674][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  954.779793][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  954.785004][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.790205][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  954.795661][    C1]  __run_timer_base+0x61a/0x860
[  954.800553][    C1]  ? ktime_get+0x3e/0x1f0
[  954.804892][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  954.810283][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  954.816547][    C1]  run_timer_softirq+0xb7/0x180
[  954.821422][    C1]  handle_softirqs+0x286/0x870
[  954.826180][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  954.830963][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  954.836253][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  954.841463][    C1]  __irq_exit_rcu+0xca/0x1f0
[  954.846131][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  954.851799][    C1]  irq_exit_rcu+0x9/0x30
[  954.856034][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  954.861697][    C1]  </IRQ>
[  954.864711][    C1]  <TASK>
[  954.867639][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  954.873637][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  954.879362][    C1] Code: 43 d5 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 52 24 00 f3 0f 1e fa fb f4 <e9> 18 d5 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  954.898960][    C1] vkms_vblank_simulate: vblank timer overrun
[  954.905442][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  954.911583][    C1] RAX: eff33d7ef7a8b500 RBX: ffffffff819740c8 RCX: eff33d7ef7a8b500
[  954.919597][    C1] RDX: 0000000000000001 RSI: ffffffff8d96d3f0 RDI: ffffffff8be26380
[  954.927578][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  954.935586][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b5f0
[  954.943567][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003ad2b40
[  954.951571][    C1]  ? do_idle+0x1e8/0x510
[  954.955847][    C1]  default_idle+0x13/0x20
[  954.960201][    C1]  default_idle_call+0x74/0xb0
[  954.964970][    C1]  do_idle+0x1e8/0x510
[  954.969067][    C1]  ? __pfx_do_idle+0x10/0x10
[  954.973670][    C1]  cpu_startup_entry+0x44/0x60
[  954.978440][    C1]  start_secondary+0x101/0x110
[  954.983257][    C1]  common_startup_64+0x13e/0x147
[  954.988222][    C1]  </TASK>
[  954.991269][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  954.998539][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
[  955.009816][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  955.019867][    C1] Call Trace:
[  955.023135][    C1]  <IRQ>
[  955.025965][    C1]  dump_stack_lvl+0x99/0x250
[  955.030553][    C1]  ? __asan_memcpy+0x40/0x70
[  955.035127][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  955.040317][    C1]  ? __pfx__printk+0x10/0x10
[  955.044899][    C1]  panic+0x2db/0x790
[  955.048784][    C1]  ? __pfx_panic+0x10/0x10
[  955.053193][    C1]  ? show_trace_log_lvl+0x4fb/0x550
[  955.058389][    C1]  ? common_startup_64+0x13e/0x147
[  955.063498][    C1]  __warn+0x31b/0x4b0
[  955.067468][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  955.072922][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  955.078717][    C1]  report_bug+0x2be/0x4f0
[  955.083036][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  955.088482][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  955.093946][    C1]  ? refcount_warn_saturate+0xfc/0x1d0
[  955.099411][    C1]  handle_bug+0x84/0x160
[  955.103652][    C1]  exc_invalid_op+0x1a/0x50
[  955.108158][    C1]  asm_exc_invalid_op+0x1a/0x20
[  955.113000][    C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  955.119073][    C1] Code: 00 00 e8 19 6f 00 fd 5b 41 5e e9 81 eb a6 06 cc e8 0b 6f 00 fd c6 05 e7 f2 ca 0a 01 90 48 c7 c7 00 19 e2 8b e8 57 5b c4 fc 90 <0f> 0b 90 90 eb d7 e8 eb 6e 00 fd c6 05 c8 f2 ca 0a 01 90 48 c7 c7
[  955.138690][    C1] RSP: 0018:ffffc90000a08668 EFLAGS: 00010246
[  955.144746][    C1] RAX: eff33d7ef7a8b500 RBX: 0000000000000002 RCX: ffff88801d695a00
[  955.152739][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  955.160713][    C1] RBP: ffffc90000a087e8 R08: 0000000000000003 R09: 0000000000000004
[  955.168682][    C1] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88805e5e2080
[  955.176654][    C1] R13: dffffc0000000000 R14: ffff88805e5e21ec R15: ffff8880240aac00
[  955.184632][    C1]  ? refcount_warn_saturate+0xf9/0x1d0
[  955.190175][    C1]  tipc_crypto_xmit+0x1820/0x22c0
[  955.195278][    C1]  ? __pfx_tipc_crypto_xmit+0x10/0x10
[  955.200655][    C1]  ? skb_clone+0x246/0x3a0
[  955.205058][    C1]  ? tipc_crypto_clone_msg+0x32/0x170
[  955.210426][    C1]  tipc_crypto_clone_msg+0x90/0x170
[  955.215619][    C1]  tipc_crypto_xmit+0x1998/0x22c0
[  955.220643][    C1]  ? tipc_net+0x45/0x270
[  955.224895][    C1]  ? __pfx_tipc_crypto_xmit+0x10/0x10
[  955.230344][    C1]  ? tipc_net+0x45/0x270
[  955.234576][    C1]  tipc_bearer_xmit_skb+0x245/0x400
[  955.239763][    C1]  ? tipc_bearer_xmit_skb+0xa9/0x400
[  955.245034][    C1]  ? __pfx_tipc_bearer_xmit_skb+0x10/0x10
[  955.250747][    C1]  tipc_disc_timeout+0x580/0x6d0
[  955.255680][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  955.261137][    C1]  call_timer_fn+0x17e/0x5f0
[  955.265722][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  955.271171][    C1]  ? call_timer_fn+0xbe/0x5f0
[  955.275847][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  955.280970][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  955.286161][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.291433][    C1]  ? __pfx_tipc_disc_timeout+0x10/0x10
[  955.296879][    C1]  __run_timer_base+0x61a/0x860
[  955.301734][    C1]  ? ktime_get+0x3e/0x1f0
[  955.306059][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  955.311424][    C1]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  955.317664][    C1]  run_timer_softirq+0xb7/0x180
[  955.322501][    C1]  handle_softirqs+0x286/0x870
[  955.327340][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  955.332098][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  955.337378][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  955.342565][    C1]  __irq_exit_rcu+0xca/0x1f0
[  955.347143][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  955.352348][    C1]  irq_exit_rcu+0x9/0x30
[  955.356595][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  955.362229][    C1]  </IRQ>
[  955.365206][    C1]  <TASK>
[  955.368123][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  955.374096][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  955.379819][    C1] Code: 43 d5 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 52 24 00 f3 0f 1e fa fb f4 <e9> 18 d5 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  955.399423][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  955.405507][    C1] RAX: eff33d7ef7a8b500 RBX: ffffffff819740c8 RCX: eff33d7ef7a8b500
[  955.413475][    C1] RDX: 0000000000000001 RSI: ffffffff8d96d3f0 RDI: ffffffff8be26380
[  955.421443][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  955.429405][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b5f0
[  955.437452][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003ad2b40
[  955.445506][    C1]  ? do_idle+0x1e8/0x510
[  955.449751][    C1]  default_idle+0x13/0x20
[  955.454069][    C1]  default_idle_call+0x74/0xb0
[  955.458821][    C1]  do_idle+0x1e8/0x510
[  955.462885][    C1]  ? __pfx_do_idle+0x10/0x10
[  955.467485][    C1]  cpu_startup_entry+0x44/0x60
[  955.472276][    C1]  start_secondary+0x101/0x110
[  955.477031][    C1]  common_startup_64+0x13e/0x147
[  955.481972][    C1]  </TASK>
[  955.485311][    C1] Kernel Offset: disabled
[  955.489633][    C1] Rebooting in 86400 seconds..