last executing test programs:

5.665385461s ago: executing program 0 (id=8377):
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x121842, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='environ\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000aa877e10702750909711000000010902"], 0x0)
socket$rds(0x15, 0x5, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001e002503000000000000000007"], 0x28}}, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20)

5.295153618s ago: executing program 2 (id=8380):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x16c, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0xd0, 0x2, [@TCA_FLOWER_KEY_ARP_OP_MASK={0x5, 0x3e, 0x9}, @TCA_FLOWER_KEY_TCP_DST={0x6}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa0, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x24, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xb2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xf97a}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x34, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0xb}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x31}]}]}, @TCA_FLOWER_KEY_CVLAN_PRIO={0x5, 0x4e, 0x5}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "cda6a02c3728266fd864bc6b04f6c051"}]}}]}, 0x16c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159", 0xd4}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

5.231448766s ago: executing program 2 (id=8381):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
write(r2, &(0x7f00000000c0)="240000001e005f0214ffffffffff01000000000000000500090002000000000000000000", 0x24)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r4 = dup2(r1, r0)
readv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}, {0x0}], 0x2)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r3, r3, 0xf, 0x0, @void}, 0x10)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@getrule={0x14, 0x22, 0x400, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x404e018}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x8, 0xfb, 0x7b1, @vifc_lcl_ifindex, @empty}, 0x10)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r6, 0x1, 0x7, &(0x7f00000000c0), 0x4)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r9, @ANYBLOB="4068000a43c6037f7300"/26, @ANYRES32=0x0, @ANYBLOB="080023000100000008000d00fffbffff140003006d6163736563300000000000000000001400030076657468315f766972745f776966690024001280090001007866726d000000001400028008000200030000000800010004000000"], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)

5.109481935s ago: executing program 2 (id=8383):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.534760871s ago: executing program 2 (id=8386):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
ppoll(0x0, 0x0, &(0x7f0000002180)={0x0, 0x3938700}, &(0x7f00000021c0)={[0x100000001]}, 0x8)
setsockopt(r0, 0xaa, 0x84, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x8)
setsockopt(r0, 0x84, 0x81, &(0x7f00000003c0)="1a00000002000100", 0x8)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ff7afedf}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r6, @ANYBLOB="7c0b6e490a9a222a0800b700ae000000ed47cc67654b93173773b39db0721a4c3697de7bbcdeb89e9e337f8d773f25cef5c6dc3ac8403e6010c86a723f3a6b439601edc7b76c5cf5a5bba55941a8e813d55ff533e821daf3a834fa90db83d74cc8d132f8f5c0dba5f5ef8ed49c759c3240910539d168"], 0x2c}}, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x2, 0x4, 0x388, 0xffffffff, 0x1a8, 0x1a8, 0x0, 0xfeffffff, 0xffffffff, 0x278, 0x278, 0x278, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @loopback, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x0, 0x0, 0x3, 0x8}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@mcast1, @loopback, [], [], 'netdevsim0\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x118}, @common=@unspec=@CONNMARK={0x0, 'CONNMARK\x00', 0x1, {0x827, 0x61068000, 0x800, 0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x229)

4.212957423s ago: executing program 2 (id=8389):
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x501b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x80, 0x4, 0x9, 0x40, 0x9}, 0x15, &(0x7f00000000c0)={0x5, 0xf, 0x15, 0x1, [@ssp_cap={0x10, 0x10, 0xa, 0x5, 0x1, 0x7, 0x0, 0x1401, [0xff0000]}]}, 0x1, [{0x0, 0x0}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r1, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04003520"], 0x7)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f00000003c0)={0x0, 0x0, '\x00', @bt={0x5, 0x9, 0x6, 0x7, 0xd4, 0x2, 0x1, 0x8}})
syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x1a9242, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x220, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000500], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000000180c20000000000000000000180c20000000000000000000000b0000000670100009001000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000646e61740000000000000000ff0300000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006e666c6f67000000000000000000000000000000000000000000000000000000500000002b25121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aeea768e825383d2afb577ed2bb6dd99f024b3f54ba00000000415544495400000000000000000000000000000000000000000000000000000008000000000000200000000000000000000200000000"]}, 0x298)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet_sctp(0x2, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

2.813508314s ago: executing program 1 (id=8399):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.numa_stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xfb, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x20, 0x19, [{{0x9, 0x4, 0x0, 0x8, 0x3, 0x3, 0x1, 0x3906c222d2852b02, 0xff, {0x9, 0x21, 0x4, 0x7, 0x1, {0x22, 0x8fc}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x3b, 0x5}}}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x6, 0x4, 0xb, 0x8, 0xac}, 0x21, &(0x7f00000000c0)={0x5, 0xf, 0x21, 0x1, [@ssp_cap={0x1c, 0x10, 0xa, 0x7, 0x4, 0x4, 0xf000, 0x4258, [0x3f00, 0xff0000, 0xffc000, 0xc000]}]}, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x42b}}]})
syz_usb_control_io$hid(r1, &(0x7f0000001280)={0x14, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x41}, 0x11)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000400)='vlan1\x00', 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x9b, &(0x7f0000000640)=ANY=[@ANYBLOB="9b03f0d0586e0877a806fb6496121c70984672cda8e1ef7c5a93bd0e252a30cb94cf43e1b4ecbf2f7c4bf26342d1b46f45170c32164be0b4a75144b19171b46ea52804dead18f345a1d4daa4065315056b4b8302b5a62e00b6b3303d2e66abf0235e514bf3a57a2b04e40a8b82609a80a2abd8ff909f013c70bb771a6060e7f5b9702774e18b3dd10b5fafc6ddd80d601276a8d7e35322eb079f0c084a97530c8cb20d1063eaa0cc6749cfa229ff825e558318bee9fbc9759865f277f8db1a895ea4089a7a44f3608115143a762aa20d4b73d0f6914592f47a0d55d42a8d5b1b47ebf39989a31f00a84f6d11a1513e1aedd0b0a439a0cb3bdbe3d5f587984c1c553d467ac73bea3b078fa13103892b20c0421ef4e70a9f15bffe2ddaa90a5e022d8c3562688d78ff33721c692a6cf4bc3132df015cda3bb70e679243d37d04d6f9e428cdb503684ad8a6b6a7ace69e1956aef567b3bb4f1ea2051e483c096553ffedb054ed807a5481502ee07191c82948e17d83a1d6"]}]})
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f00000002c0)=ANY=[])

2.111738415s ago: executing program 0 (id=8404):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x16c, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0xd0, 0x2, [@TCA_FLOWER_KEY_ARP_OP_MASK={0x5, 0x3e, 0x9}, @TCA_FLOWER_KEY_TCP_DST={0x6}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa0, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x24, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xb2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xf97a}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x34, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0xb}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x31}]}]}, @TCA_FLOWER_KEY_CVLAN_PRIO={0x5, 0x4e, 0x5}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "cda6a02c3728266fd864bc6b04f6c051"}]}}]}, 0x16c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159", 0xd4}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

2.075474005s ago: executing program 3 (id=8405):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpgid(0x0)
dup(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x5)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000302000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d01, 0x0, 0xaf}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_io_uring_setup(0x1116, &(0x7f0000000300)={0x0, 0x2, 0x0, 0x1, 0x234}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
r3 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r3, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000007000000080001006e000000080003", @ANYRES32, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e31000000000000000000000014"], 0x60}}, 0x0)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0xfffffdef}], 0x300, 0x401eb94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x8001, 0x3, 0x0, 0xffffffff, 0x0, 0x0, {0x3}})
set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x5)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x1a, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000001801000020696c5a06fcdf00002020207b1af8ff00400000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006dadff8468f1c0010000000bf91"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$UHID_CREATE2(r4, &(0x7f00000002c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r5, 0xc0481273, &(0x7f0000000000)=0x7c)

2.050446789s ago: executing program 0 (id=8406):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x9, 0xfff3}, {}, {0xffe0, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x30, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x2c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x3875}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}]}]}}]}, 0x6c}}, 0x48010)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.953364385s ago: executing program 3 (id=8407):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
write(r2, &(0x7f00000000c0)="240000001e005f0214ffffffffff01000000000000000500090002000000000000000000", 0x24)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r4 = dup2(r1, r0)
readv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}, {0x0}], 0x2)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r3, r3, 0xf, 0x0, @void}, 0x10)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@getrule={0x14, 0x22, 0x400, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x404e018}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x8, 0xfb, 0x7b1, @vifc_lcl_ifindex, @empty}, 0x10)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r6, 0x1, 0x7, &(0x7f00000000c0), 0x4)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r9, @ANYBLOB="4068000a43c6037f7300"/26, @ANYRES32=0x0, @ANYBLOB="080023000100000008000d00fffbffff140003006d6163736563300000000000000000001400030076657468315f766972745f776966690024001280090001007866726d000000001400028008000200030000000800010004000000"], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)

1.952690389s ago: executing program 0 (id=8408):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.843280371s ago: executing program 3 (id=8409):
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000140)={{}, {0x77359400}}, 0x100)
r0 = syz_open_dev$I2C(&(0x7f0000000380), 0x0, 0x101000)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000240)={&(0x7f0000000140)=[{0xdab, 0x4800, 0x4, &(0x7f00000003c0)="4279f418"}, {0x85, 0x6e01, 0x1, &(0x7f00000006c0)="af"}], 0x2})
r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
recvfrom(0xffffffffffffffff, &(0x7f0000000080)=""/82, 0x52, 0x2, &(0x7f0000000280)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x80)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}]}, 0x1c}}, 0x881)
r2 = socket$netlink(0x10, 0x3, 0x0)
keyctl$revoke(0x3, r1)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010001fff00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000a00000008001b0000000000080029"], 0x58}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xac}}, 0x0)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000800)={<r5=>0x0, @in6={{0xa, 0x4e22, 0x99, @mcast1, 0x2}}, 0x5, 0x1, 0x1, 0x9, 0x41, 0x10, 0xff}, &(0x7f0000000680)=0x9c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000008c0)={r5, 0x0, 0x0}, &(0x7f0000000900)=0x10)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000340)='veth1_to_team\x00')
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
r7 = socket(0x10, 0x3, 0x0)
syz_io_uring_setup(0x537, &(0x7f00000004c0)={0x0, 0xf32e, 0x20, 0x2, 0x246}, &(0x7f0000000540), &(0x7f0000000580)=<r8=>0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r10 = syz_open_dev$loop(&(0x7f0000000600), 0x100000001, 0x501240)
ioctl$BLKFLSBUF(r10, 0x1261, &(0x7f0000000640)=0xb07b)
syz_io_uring_submit(0x0, r8, &(0x7f00000005c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x55, 0x2004, @fd_index=0x9, 0x1, 0x0, 0x0, 0x14, 0x1, {0x0, r9}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000780)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @loopback={0xfec0ffff00000000}, 0x80}})
close_range(r3, 0xffffffffffffffff, 0x0)

1.740210314s ago: executing program 3 (id=8410):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x188, 0x65, 0x400, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x959a4e274420dfae}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x4}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0xe8, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xd, 0xffe0}}, @TCA_ROUTE4_ACT={0x70, 0x6, [@m_connmark={0x6c, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x39, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x6c, 0x6, [@m_nat={0x68, 0x19, 0x0, 0x0, {{0x8}, {0x4}, {0x3d, 0x6, "f4ce2c85c0e3ef40c8d25f6ac3792d155379c8fd97c6a97e06d8e6b5ed1f0d182a65575bc83145238d831a30ef2966d7c8edfc797a1073daab"}, {0xc}, {0xc}}}]}]}}]}, 0x188}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159ca9680d0", 0xd8}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.673398365s ago: executing program 3 (id=8411):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x23c, 0x65, 0x400, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x959a4e274420dfae}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x190, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xd, 0xffe0}}, @TCA_ROUTE4_ACT={0x118, 0x6, [@m_connmark={0x114, 0x0, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x30000003}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x7, 0x5}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff}}}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x1, 0x1}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2, 0x100}}}]}, {0x39, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x6c, 0x6, [@m_nat={0x68, 0x19, 0x0, 0x0, {{0x8}, {0x4}, {0x40, 0x6, "f4ce2c85c0e3ef40c8d25f6ac3792d155379c8fd97c6a97e06d8e6b5ed1f0d182a65575bc83145238d831a30ef2966d7c8edfc797a1073daab8e5015"}, {0xc}, {0xc}}}]}]}}]}, 0x23c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51f", 0xd2}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.656911992s ago: executing program 0 (id=8412):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r0)
tkill(r0, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x16}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
readv(r2, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1)
ptrace$peeksig(0x4209, r0, &(0x7f0000000300)={0x0, 0x0, 0xfffffffffffffeac}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800402818000400000095f6a70000000000cca2586c847417bb856398afe9d59ac48ae748518e2eb54b0d063517e89cd0f63778435736029611"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.53304752s ago: executing program 3 (id=8413):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001840)=@filter={'filter\x00', 0x42, 0x4, 0x298, 0xffffffff, 0x98, 0x11e0, 0x0, 0xffffffff, 0xffffffff, 0x12b8, 0x12b8, 0x12b8, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@multicast2, @multicast2, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_1\x00'}, 0x287, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x3}}}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'dvmrp1\x00', 'dummy0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8)
setsockopt$inet6_int(r0, 0x29, 0xa, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000003c0)="05", 0x1)
r2 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffffb]}, 0x0, 0x8)
timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x14)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000140))
r5 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000600), 0xfec8)
recvmmsg(r5, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000640)=""/4095, 0xfff}, {&(0x7f0000000040)=""/73, 0x49}], 0x2}, 0x1}], 0x1, 0x40000100, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r6 = socket$l2tp(0x2, 0x2, 0x73)
r7 = socket$inet6(0xa, 0x80807, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000280)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x4, 0x2, 0x0, 0x1, 0x9}, 0x20)
getsockopt$SO_TIMESTAMPING(r6, 0x1, 0x63830a87937013b0, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000efaa6e109713bd0066c5000000010902120001000000000904"], 0x0)

943.401062ms ago: executing program 2 (id=8414):
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x121842, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='environ\x00')
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000aa877e10702750909711000000010902"], 0x0)
socket$rds(0x15, 0x5, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001e002503000000000000000007"], 0x28}}, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20)

767.244565ms ago: executing program 0 (id=8415):
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000002040)={0x10, 0x0, &(0x7f0000002540)=[@enter_looper], 0x5a, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(0xffffffffffffffff)
r4 = socket(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @dev, 0x34}]}, &(0x7f0000002100)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x76, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @local}}}, &(0x7f0000003c00)=0x90)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)
socket$key(0xf, 0x3, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04001220", @ANYRES16], 0x7)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0xc, 0x103ba, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%pB    \x00'}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r7, &(0x7f0000000180), 0x0}, 0x20)

511.049637ms ago: executing program 4 (id=8417):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x1000000, 0x4, r0, 0x4000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0xca442)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @local}]}}}]}, 0x48}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @local}]}}}]}, 0x48}}, 0x0)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x4a001, 0x0)
write$sequencer(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="8301ab095a1400009207b0"], 0x10)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000004c0)={'\x00', 0x5, 0x2, 0x6f87, 0x7, 0xd0e4}) (async)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000004c0)={'\x00', 0x5, 0x2, 0x6f87, 0x7, 0xd0e4})
syz_open_dev$sg(&(0x7f0000000080), 0x7, 0x80)

482.321974ms ago: executing program 1 (id=8418):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000ff0000000000000000d17d000000000000000000000000000000000000000000ffffffff0000000000000000000000000000001200000000000000000000000000080000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e72300000000000000000000000000079616d3000000001000000000000b40079616d30000000000000000000000000766574b7708ad56f5f7465616d0000000180c2000000000000000000aaaaaaaaaa000000000000000000b0000000b0000000e000000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000a0000000000000000000000415544495400000000000000000100000000000000000000000000000000000008"]}, 0x1d9)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x7fffffe], 0x0, 0x0, 0x0}, 0x1e8)

363.665766ms ago: executing program 4 (id=8419):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
write(r2, &(0x7f00000000c0)="240000001e005f0214ffffffffff01000000000000000500090002000000000000000000", 0x24)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r4 = dup2(r1, r0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r3, r3, 0xf, 0x0, @void}, 0x10)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@getrule={0x14, 0x22, 0x400, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x404e018}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x8, 0xfb, 0x7b1, @vifc_lcl_ifindex, @empty}, 0x10)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r6, 0x1, 0x7, &(0x7f00000000c0), 0x4)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r9, @ANYBLOB="4068000a43c6037f7300"/26, @ANYRES32=0x0, @ANYBLOB="080023000100000008000d00fffbffff140003006d6163736563300000000000000000001400030076657468315f766972745f776966690024001280090001007866726d000000001400028008000200030000000800010004000000"], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)

342.279232ms ago: executing program 1 (id=8420):
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@cgroup, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0], &(0x7f0000000300), <r1=>0x0}, 0x40)
r2 = openat$cgroup(0xffffffffffffffff, &(0x7f00000003c0)='syz1\x00', 0x200002, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
preadv(r3, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4087, 0xff7}], 0x1, 0x800, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="0100000008000000", @ANYRES32=r0, @ANYRES32=r3, @ANYBLOB="18a2519f8fd0b33c3c0019f350f9f154f489321b0410c033235d13d991a161505b961c5cfcebac44474c5e7cec5b77de40f9324935f634", @ANYRES64=r1], 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000400)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x3a, &(0x7f0000000740)=[{}, {}], 0x10, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xba, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000540)={0x4}, 0x8)
r6 = fsopen(&(0x7f0000002200)='erofs\x00', 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='\x00', 0x0)
read$FUSE(r7, &(0x7f000000b080)={0x2020}, 0x2020)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}, @NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16e024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000067cf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b9242754b1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b466bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe60900bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c000000000000c1eaf0f34cb05ab03943510000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac36f8859c7d5444c12bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee7417ef02684d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d4768540c540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca03bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a000000000000009e0b1a8c8f55f30e7c25275ed49b71828b375be03ef903cc8244b1269376d01b674cff9cb82eef0fe55c8b751053004ca601008d9a52c3771e9c73d03fdf74f48306560fb6cd86658afa895efa47f3a43e686df5b727ba4ec99620270334fce56c9f86b8a2c8aaede5a48a29b75734fbe1f59e43dc5a39b083848b0ebb14d845df7606e4d58f1a03f2dd337c3a10f3b15d388e43059aa88b42d26d4ccda6d60f996ed444d7f40e0cdbf69e11252a6c0e2d882d93b4f22dc95a191b1e6ff59d7880b4ce587f7ef05c46088268805cf089c4b3cd60cd3fc0c6d81fb2f961abcb0133f3f7a594b8475d6853b2e4fafc52a6851e8cfe1aebe3a4539634a535f8ac496793001c1a4b26216d1cd382c1e6a15697ef0a9b26474e1dbfa422e952b0f742ef52388584673f6333299042099aa073c152e1b61851a4519fe67e47f1446bb7b80b804b1b4503df784c8604bf26578b1fa7dce5313ecdf297cc63bf2b472f8f56bebeec16dc5fa22ee9c3c304d6629db7215eebfbd480c4ac6be1093ee5789f44b13e22b7ec0bede71caa71702a8bd83f31dcea1579ea730fd55098cade134d39652c42279c451edbb4eaae1e094ec599eeb275760e36fdd52ea3eece13af08227ba090dc3333749f3d580157f8b06efb793db962c9ff"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r8, 0xe0, &(0x7f0000000480)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x48, 0x0, 0x0, 0x0, 0xffffffffffffff37, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d00)={r9}, 0x4)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)={r9}, 0x4)
r10 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000440)=@generic={&(0x7f0000000400)='./file0\x00'}, 0x18)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r12, 0x1, 0x0, 0x0, {{}, {}, {0x3, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@cgroup=<r13=>0xffffffffffffffff, 0x20, 0x0, 0x9, &(0x7f0000000480)=[0x0, 0x0], 0x2, 0x0, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0], <r14=>0x0}, 0x40)
r15 = socket$alg(0x26, 0x5, 0x0)
r16 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff, 0x9, 0x0, @void}, 0x10)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=r15, @ANYRES32, @ANYBLOB='5\x00\x00\x00\b \x00\x00', @ANYRES32=r10, @ANYRES32=r16, @ANYBLOB="551dc73b435297ba1f553d79d246383b41584314ef4c8a392cbad7668056a26a55e04d657a663bffb3cba2609504ab9086a8c96bee8562cf19f828c26c3b332fd067f0c474611e995118bb3a15e904a654f5456e77d46123b5ce391940f131e57258c8114fc9", @ANYRES64=r14], 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, r5, 0x25, 0x4, @void}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000700)={@cgroup=r13, 0xffffffffffffffff, 0x2e, 0x38, 0x0, @void, @void, @void, @value=r4, r14}, 0x20)

278.953485ms ago: executing program 1 (id=8421):
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000140)={{}, {0x77359400}}, 0x100)
r0 = syz_open_dev$I2C(&(0x7f0000000380), 0x0, 0x101000)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000240)={&(0x7f0000000140)=[{0xdab, 0x4800, 0x4, &(0x7f00000003c0)="4279f418"}, {0x85, 0x6e01, 0x1, &(0x7f00000006c0)="af"}], 0x2})
r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
recvfrom(0xffffffffffffffff, &(0x7f0000000080)=""/82, 0x52, 0x2, &(0x7f0000000280)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x80)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}]}, 0x1c}}, 0x881)
r2 = socket$netlink(0x10, 0x3, 0x0)
keyctl$revoke(0x3, r1)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010001fff00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000a00000008001b0000000000080029"], 0x58}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0xac}}, 0x0)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000800)={<r5=>0x0, @in6={{0xa, 0x4e22, 0x99, @mcast1, 0x2}}, 0x5, 0x1, 0x1, 0x9, 0x41, 0x10, 0xff}, &(0x7f0000000680)=0x9c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000008c0)={r5, 0x0, 0x0}, &(0x7f0000000900)=0x10)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000340)='veth1_to_team\x00')
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
r7 = socket(0x10, 0x3, 0x0)
syz_io_uring_setup(0x537, &(0x7f00000004c0)={0x0, 0xf32e, 0x20, 0x2, 0x246}, &(0x7f0000000540), &(0x7f0000000580)=<r8=>0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r10 = syz_open_dev$loop(&(0x7f0000000600), 0x100000001, 0x501240)
ioctl$BLKFLSBUF(r10, 0x1261, &(0x7f0000000640)=0xb07b)
syz_io_uring_submit(0x0, r8, &(0x7f00000005c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x55, 0x2004, @fd_index=0x9, 0x1, 0x0, 0x0, 0x14, 0x1, {0x0, r9}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000780)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @loopback={0xfec0ffff00000000}, 0x80}})
close_range(r3, 0xffffffffffffffff, 0x0)

275.251642ms ago: executing program 4 (id=8422):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x18c, 0x65, 0x400, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x959a4e274420dfae}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x4c, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0xe8, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xd, 0xffe0}}, @TCA_ROUTE4_ACT={0x70, 0x6, [@m_connmark={0x6c, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x39, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x6c, 0x6, [@m_nat={0x68, 0x19, 0x0, 0x0, {{0x8}, {0x4}, {0x3d, 0x6, "f4ce2c85c0e3ef40c8d25f6ac3792d155379c8fd97c6a97e06d8e6b5ed1f0d182a65575bc83145238d831a30ef2966d7c8edfc797a1073daab"}, {0xc}, {0xc}}}]}]}}]}, 0x18c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159ca9680d0", 0xd8}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

208.587808ms ago: executing program 1 (id=8423):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x23c, 0x65, 0x400, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x959a4e274420dfae}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x190, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xd, 0xffe0}}, @TCA_ROUTE4_ACT={0x118, 0x6, [@m_connmark={0x114, 0x0, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x30000003}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x7, 0x5}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff}}}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x1, 0x1}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2, 0x100}}}]}, {0x39, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x6c, 0x6, [@m_nat={0x68, 0x19, 0x0, 0x0, {{0x8}, {0x4}, {0x40, 0x6, "f4ce2c85c0e3ef40c8d25f6ac3792d155379c8fd97c6a97e06d8e6b5ed1f0d182a65575bc83145238d831a30ef2966d7c8edfc797a1073daab8e5015"}, {0xc}, {0xc}}}]}]}}]}, 0x23c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51f", 0xd2}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

178.134797ms ago: executing program 4 (id=8424):
socket$inet6(0xa, 0x6, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

91.525596ms ago: executing program 1 (id=8425):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x1ff)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x4e22, @local}, 0x10)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
openat$null(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0xe2141, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xe)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0})
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x81c81, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
socket$netlink(0x10, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, 0x0)
r5 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[], 0x4c}}, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$setflags(r8, 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x14, 0x0, 0x0)

23.815244ms ago: executing program 4 (id=8426):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x32c, 0x65, 0x400, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x959a4e274420dfae}, {0xffe0}, {0x4}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x54, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'veth0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0xffe0}}, @TCA_U32_POLICE={0x10, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0xf0, 0x2, [@TCA_FLOWER_KEY_ARP_OP_MASK={0x5, 0x3e, 0x9}, @TCA_FLOWER_KEY_TCP_DST={0x6}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xb8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x24, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xb2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xf3}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x80}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x14, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x9}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x44, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x1c}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0xf93e}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x31}]}]}, @TCA_FLOWER_KEY_CVLAN_PRIO={0x5, 0x4e, 0x5}, @TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "cda6a02c3728266fd864bc6b04f6c051"}, @TCA_FLOWER_KEY_TCP_DST={0x6}]}}, @filter_kind_options=@f_route={{0xa}, {0x194, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xd, 0xffe0}}, @TCA_ROUTE4_ACT={0x118, 0x6, [@m_connmark={0x114, 0x0, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x30000003}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x7, 0x5}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff}}}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x1, 0x1}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2, 0x100}}}]}, {0x39, 0x6, "91a991d04aa8cb411880b88050856c4a5b99aafe5cf70a535f4e162db7c30535ebf5e9ab54237bf6d2780785c80bcf9eae2d6d6d65"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}, @TCA_ROUTE4_ACT={0x70, 0x6, [@m_nat={0x6c, 0x19, 0x0, 0x0, {{0x8}, {0x4}, {0x41, 0x6, "f4ce2c85c0e3ef40c8d25f6ac3792d155379c8fd97c6a97e06d8e6b5ed1f0d182a65575bc83145238d831a30ef2966d7c8edfc797a1073daab8e501564"}, {0xc}, {0xc}}}]}]}}]}, 0x32c}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159ca9680d0", 0xd8}], 0x1}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000003700)={0x77359400})

0s ago: executing program 4 (id=8427):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
r3 = dup3(r2, r1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000280)='net/kcm\x00')
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$kcm(0x2, 0x1, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0xfdad, r8, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24004004}, 0x0)
sendmsg$netlink(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000ec0)={0xd4, 0x2b, 0x200, 0x70bd2a, 0x25dfdbfe, "", [@nested={0x18, 0x34, 0x0, 0x1, [@typed={0x8, 0x5f, 0x0, 0x0, @fd=r3}, @typed={0xc, 0x60, 0x0, 0x0, @u64=0x2}]}, @generic="79648733caedb93eae452c021450377303b227161ceef2d5b103c61856f43abb96e532bc79e36e66c794480b954840d670e61246572dca7158c36bd7fbe4523c66dc013290e7d6755fcc2d2b40ec21037d7f73a672e7b061bc983253394d403a", @nested={0xc, 0xf3, 0x0, 0x1, [@generic, @typed={0x8, 0x53, 0x0, 0x0, @pid}]}, @generic="ad426a9737a54ce97f7d569dc020926dccf612b45660b438308af2a39e687368fccf47eee95f1172e788e23d78ccf38739ce37d623", @typed={0x8, 0xed, 0x0, 0x0, @str='GPL\x00'}]}, 0xd4}, {&(0x7f0000000580)={0xfc, 0x29, 0x1, 0x70bd2d, 0x25dfdbff, "", [@generic="39c8d5bd235bf8cee16a024ab021a976d64186ac38de81df09a126a48f8efd5a512fc9c220aa5060acd37f0412fda469efde06708c7075574e53f6ae689060cbd85a2ffc808b24202c418984def4db9c2278a9d70a0e73037146dd70bef593b88cb5901de7dff98f1c7689978526b7685929bf735ec92d0cc7c22477fef043", @typed={0x14, 0x18, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @nested={0x58, 0xa3, 0x0, 0x1, [@typed={0x8, 0x68, 0x0, 0x0, @uid}, @typed={0x8, 0xc5, 0x0, 0x0, @u32=0x2}, @typed={0xc, 0x4c, 0x0, 0x0, @u64=0x6}, @typed={0x27, 0x28, 0x0, 0x0, @binary="c2ed67808ecb58b26c6d3a070b1b127aa7c246ee968beae6da56784170739c99746383"}, @typed={0x8, 0xc1, 0x0, 0x0, @uid}, @typed={0x8, 0x115, 0x0, 0x0, @pid}]}]}, 0xfc}, {&(0x7f0000004840)={0x10, 0x41, 0x10, 0x70bd27, 0x25dfdbfd}, 0x10}, {&(0x7f0000003a00)={0x29c, 0x26, 0x400, 0x70bd2d, 0x25dfdbfe, "", [@nested={0x1de, 0xef, 0x0, 0x1, [@generic, @generic="1b945e5939fe964aa0a1e1dc6a93bcd5762ceec0e884d8d40cbedde6dc05bc4b92dfdc4be750cb931e341695973990b96bd271d623ad92f171c02a7e6d49511f38e7aaa780de3959a80b145b037e1e16185b2efb64b30956458dc9b9356d0e72024207709142d8f1a85246a16e5893f229980e34a087943231ec14ce2441ee8c85a207be8e18ed3a0120ba76ba4ee22b606db60297d77f5366f38618b0db079dba43e0a8e546a8181a58e10debd6d5c91e9383cf4cafd2010aa0fa927b13cc658171ca60d8f04dd19786bb6ed920176fef3461ab8a8389fca0ee61c7f74d80646a650e50e13636d74993ce40fd29", @generic, @generic="0dc05d3d12b2cfbb485f9fbdec864d2f312b5b63e4bbc51d65a34e6a7f00bf25455ee391ac8bc34545b5917487ce29011cee4a6c16513061", @typed={0x54, 0xa2, 0x0, 0x0, @binary="d87c48dc8d6d330597ae7c51066a43dc3de5025bcc4dc0811d11b1273a9b6665b6c4516be24e66eea6911266cfb021df3169959a0c459ee5ecb588f2d7de4b1e561d7a29c9bad34233eb2931997415a2"}, @typed={0x5f, 0x21, 0x0, 0x0, @binary="59fe089bdc8533fa72785b722d2b2307b4d7d9bc8d75824476aeb5e692d7ce5da08f6e34655fd1d446d25e10efc8f8129295ca53659b824070256199d9921cab888fcd23b8749d6b824ebd144eac50b8f82112404aa43473a83294"}]}, @generic="534d27f74820dd2e4ba1a72d7dc82621da7da205521358108e3b5d9f20885358764bf75fd1cdb2d2ca57983215e7163b1e0e05e2d09f138c03406008b18a4dc5cc435e94f9b8950aed4877566297af825d351ff2ee31a217de15a0e0fed70c9c7106b157cd7faeb4e85f71f2eb571c82b965edd76ebb24b48e1a4d61137561dbec0db7e472764a1e3da8423b0a67", @typed={0x6, 0x11d, 0x0, 0x0, @str='^\x00'}, @generic="24afb201907d2e584e643e59c309b79bbd8decb0d97d"]}, 0x29c}, {&(0x7f0000000800)={0x214, 0x16, 0x302, 0x70bd25, 0x25dfdbfc, "", [@generic="1905542da23fd9cc1b14", @typed={0x14, 0xa7, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x27}}, @nested={0xf4, 0x69, 0x0, 0x1, [@generic, @typed={0x8, 0x46, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @generic="6f83224d31aa0d4931bb42d01bec54c6c9f9db64e06a0999b3809babff0a82eab43e169452a029777af3678cd97a17f20d934f7e42601e5076acc9f6b9dd28fd52a9337b7dc1957156049d4f62f2acd01cf8a26832b5f911f6c4621cbcbdd4f6be0cc050642854a1dc78041d8641157b2829f3ab3107bfdb306496e529395749fb4b8b0bf75cd97119e577f1e81f449c39a9bbccdcc9a5a947cba1dbecefe9e0a3b2612956dcd0a5d2c1f1b734670dce22886cb34a2261034ffb9442cd2ce61af4cdd5c8fb83ed326e3242a5f72efb3a0b3a4a91d4a1634dd5a4fbacc6d5ce43", @typed={0x8, 0x6b, 0x0, 0x0, @pid}]}, @typed={0x8, 0x31, 0x0, 0x0, @uid}, @generic="ad6f227e4a244026b276a36e03b2a19faf17b15b32500a6be5f9ef2446f16c560a86a4ae695eff5192eb2dbf451d1e18834afa93baaf112779acc32c64a7d099bffbe17639732f7ea9ba36e82a81905fea87bc46b948f15ef8d6cd9663ba84702592de2187d43bc5547b392aecdae765191055f9016d989ccfe841c839b736c33c47156c0036b728d8005f33283abc9d1efc9ead39a36265acd16cb560c0cccb5b3049b3aa48048d1814aeb63b4b21636bdf87b8bba20bfb7074099f7124558b05b8bb8c990af40099e5008c81138940d16368b544f1a64da884ac39351a324559b6f5e2e75737"]}, 0x214}, {&(0x7f0000000cc0)={0x50, 0x17, 0x300, 0x70bd2b, 0x25dfdbfc, "", [@nested={0x35, 0x11f, 0x0, 0x1, [@generic="210998f7eb15a20f68bf00a4e381e2ebb4bf79b7501ca022cc7da53f73b5d8ad7958fed4f7e12d581c9a0e48f815acdb2f"]}, @typed={0x8, 0x47, 0x0, 0x0, @uid}]}, 0x50}, {&(0x7f0000004340)={0x47c, 0x3a, 0x0, 0x70bd2b, 0x25dfdbfe, "", [@typed={0x8, 0x4e, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0x97, 0x0, 0x0, @str='#^)\x00'}, @typed={0x8, 0xf0, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x21}}, @typed={0xb, 0xab, 0x0, 0x0, @binary="fc0b8d658c021c"}, @nested={0x32c, 0xb2, 0x0, 0x1, [@generic="97294bd4e42a15ada2c8bc6cdeeb86a2dce2b95a3ae048e15b263f29824b62ad6eb207e25a1e2126881e342731bbeffb3be1fdb0cdd6df707d2b814502d32b4ebb3a843afc5d83ca4454e7b025f1cbefb3f1df152be43a1cd2dc10f86a8719d757458722a45c462dc816666d113de47917c5a6f50f8c41e20ef17acc609002ef914b0e3a3aa3638ec88f0d17f61cc2ae1b37c3db28afd56824b3698da2880348c6089b9ad856edc589bc23173f38e66b948367119b188f7f17", @generic="d7606293b8574d028dc11a6dd2d9f1bc90706ae9aa4c39643130013827c15d40b92e9754610f1c85629e68c9765d37ebf6b27302f6049c3f7c68567753a71ed70a0bcc75d19ccf4e20876c5d2deff1006732d4d0cf43047bbf0b329b22ade55662915522b34d3bba161c504b236b2598a4886960968cf18f5835f3ce26aa9fc73a28382063ac610f716b2f1955f8bd22f1fc24377a769b635416459c7589b926739b6806d8756bc47c9606ed2c7db4a1232fca4a4edab51f87842c1d7190504a9075150cf3586eeaf65e8399288e9fd2be845f628c662f5b680ce649dddce516a21c96fc", @generic="45ef4745b80e134b8ffb4258e560c991218f8f03efeb45bf37c309ca7c38f55793483f10b661808f2611de62cf076eef5f99759f197d57fb6e307f0dbcaaadb3c9004476738c67ba15100a73e333463ff3eb252811dd38c146fed919984b0b2fce4d60c4650f9c7178de3af82afd94b6c70c573032ee0f8387e8582affa2412b2411fb5a661e6517a6412bf47d0b72a6a1d766c4fc8b12214ae02e7f6dfbca313705533c44fd423874eaa7d7b7f1b23ac5e1aec9b6bb60c54b808e6ac3e76431f69812f93e44e891cfa5a4c47761136ca637ec85dd39", @generic="10a12cb9ebd62b9dc48c0a076e0b4aed368151443bf45458d2ecb077611d0f549b6d34588986ae772fff33cd737c07b1ecb546504aad8a297024f4d841ff48ad8eca61b441f197977c0755b5374d34b41ad797df5576e05d17416c8947be39950354ee66f7386cf0695632240c93a560a0d2e2166998b097d61ba6adc2581e67e97405a05465fcd78672587dc119dd3a49e8b9195a6226649f6cdd4093", @typed={0x8, 0xf9, 0x0, 0x0, @uid}, @typed={0x8, 0x97, 0x0, 0x0, @u32=0x10001}, @typed={0x8, 0x48, 0x0, 0x0, @fd=r7}]}, @generic="4bfd649bd8a064c25bbe6ea491ad5b9c7eee8765d246917560e171cd85008ca40cc512a56c91c82c69e8b3caf6e482ecc0d2ac76a1aba235442e76e17b5ef69dfceb9e1d7c100404baeb5ad9bf0715646414e2b35b753249c0de2806fc0ddef4bb631752cd84dcb00a354e4a009d325a4dc7d16143ffee3bfb8c6423015512f0dda6aa5497e580185cd00d699df288514f807b6479bace231a122243e69fc00b3a146fcde36181c1bb01e9f9c0a15c68ec3900890e30995f77ccfd13eb541fbdd507bc3233", @generic="5f899af21ab2450dc08ee3184499c3f722da45e27afc3ef6b3f2e4e643b6cf871ed53cfe9301a72770592a9f94e917f71a25b83e859a871040c5be40a18012f51f36a71a41aa502a7f02da599abe8372aac7b6b2"]}, 0x47c}], 0x7, &(0x7f0000000e40)=[@rights={{0x1c, 0x1, 0x1, [r2, r0, r5]}}], 0x20}, 0x1)
sendmsg$inet(r6, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r9 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r10 = syz_usb_connect(0x0, 0x2d, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000005bcca2023380100eb030102030109021b000100000000090400000198dc4a000905850010"], 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r9, 0x89e0, &(0x7f0000000040)={r6, r5})
read$FUSE(r4, &(0x7f00000019c0)={0x2020}, 0x2020)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000780)=[@transaction={0x40046304, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0)

kernel console output (not intermixed with test programs):

019C: implement() called with too large value 1702521203 (n: 0)! (syz.2.8150)
[ 3018.047416][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 842216253 (n: 0)! (syz.2.8150)
[ 3018.058739][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 808726582 (n: 0)! (syz.2.8150)
[ 3018.070043][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1919822955 (n: 0)! (syz.2.8150)
[ 3018.081429][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1869506911 (n: 0)! (syz.2.8150)
[ 3018.092818][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1030972772 (n: 0)! (syz.2.8150)
[ 3018.104227][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 892416824 (n: 0)! (syz.2.8150)
[ 3018.115530][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1831612465 (n: 0)! (syz.2.8150)
[ 3018.126945][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1030055023 (n: 0)! (syz.2.8150)
[ 3018.138326][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 171259191 (n: 0)! (syz.2.8150)
[ 3018.149621][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 891304245 (n: 0)! (syz.2.8150)
[ 3018.161093][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 976232502 (n: 0)! (syz.2.8150)
[ 3018.172389][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 790640178 (n: 0)! (syz.2.8150)
[ 3018.183789][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1701064480 (n: 0)! (syz.2.8150)
[ 3018.195354][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1953509238 (n: 0)! (syz.2.8150)
[ 3018.206746][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 2003968115 (n: 0)! (syz.2.8150)
[ 3018.218559][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1818587692 (n: 0)! (syz.2.8150)
[ 3018.230039][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1835627617 (n: 0)! (syz.2.8150)
[ 3018.241421][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 539828325 (n: 0)! (syz.2.8150)
[ 3018.252730][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1886807396 (n: 0)! (syz.2.8150)
[ 3018.264253][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1679848308 (n: 0)! (syz.2.8150)
[ 3018.275639][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1953527397 (n: 0)! (syz.2.8150)
[ 3018.287280][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 2003968115 (n: 0)! (syz.2.8150)
[ 3018.298660][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1684629292 (n: 0)! (syz.2.8150)
[ 3018.310041][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1831613757 (n: 0)! (syz.2.8150)
[ 3018.321507][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1030055023 (n: 0)! (syz.2.8150)
[ 3018.332891][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 741356086 (n: 0)! (syz.2.8150)
[ 3018.344179][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 2020439152 (n: 0)! (syz.2.8150)
[ 3018.355560][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1701080941 (n: 0)! (syz.2.8150)
[ 3018.366948][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 909522493 (n: 0)! (syz.2.8150)
[ 3018.378247][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 540030474 (n: 0)! (syz.2.8150)
[ 3018.389548][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 807417397 (n: 0)! (syz.2.8150)
[ 3018.400838][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 540488250 (n: 0)! (syz.2.8150)
[ 3018.412224][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1680810031 (n: 0)! (syz.2.8150)
[ 3018.423691][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 340 (n: 0)! (syz.2.8150)
[ 3018.434462][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 118685712 (n: 0)! (syz.2.8150)
[ 3018.445758][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 16777343 (n: 0)! (syz.2.8150)
[ 3018.456963][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 10 (n: 0)! (syz.2.8150)
[ 3018.467649][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 60928 (n: 0)! (syz.2.8150)
[ 3018.478602][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value -1156311892 (n: 0)! (syz.2.8150)
[ 3018.490070][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 50 (n: 0)! (syz.2.8150)
[ 3018.500756][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1316012 (n: 0)! (syz.2.8150)
[ 3018.511882][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 4129042 (n: 0)! (syz.2.8150)
[ 3018.523001][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1073741824 (n: 0)! (syz.2.8150)
[ 3018.534381][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value -64385 (n: 0)! (syz.2.8150)
[ 3018.545518][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 34144512 (n: 0)! (syz.2.8150)
[ 3018.556740][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 65572 (n: 0)! (syz.2.8150)
[ 3018.567704][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 150994944 (n: 0)! (syz.2.8150)
[ 3018.579011][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 352321540 (n: 0)! (syz.2.8150)
[ 3018.590316][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 3 (n: 0)! (syz.2.8150)
[ 3018.600919][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 4202761 (n: 0)! (syz.2.8150)
[ 3018.612043][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 253886720 (n: 0)! (syz.2.8150)
[ 3018.623340][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value -16447232 (n: 0)! (syz.2.8150)
[ 3018.634659][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value -1 (n: 0)! (syz.2.8150)
[ 3018.645349][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 687865855 (n: 0)! (syz.2.8150)
[ 3018.656644][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1752197475 (n: 0)! (syz.2.8150)
[ 3018.668022][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1851748965 (n: 0)! (syz.2.8150)
[ 3018.679402][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 694971509 (n: 0)! (syz.2.8150)
[ 3018.690888][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 262172 (n: 0)! (syz.2.8150)
[ 3018.701930][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 7 (n: 0)! (syz.2.8150)
[ 3018.712626][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 35070 (n: 0)! (syz.2.8150)
[ 3018.723716][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 50331648 (n: 0)! (syz.2.8150)
[ 3018.735050][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 536870912 (n: 0)! (syz.2.8150)
[ 3018.746372][T14904] plantronics 0003:047F:FFFF.019C: implement() called with too large value 1 (n: 0)! (syz.2.8150)
[ 3018.765355][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3018.794307][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3018.814333][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3018.918155][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3018.948657][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.004177][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.036488][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.064812][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.092181][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.124926][T12205] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 3019.155363][T12205] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 3019.169118][T12205] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3019.214353][T12205] usb 4-1: USB disconnect, device number 12
[ 3019.264437][T12202] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 3019.325660][T14942] FAULT_INJECTION: forcing a failure.
[ 3019.325660][T14942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3019.344097][T14942] CPU: 0 UID: 0 PID: 14942 Comm: syz.0.8162 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3019.354907][T14942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3019.364997][T14942] Call Trace:
[ 3019.368397][T14942]  <TASK>
[ 3019.371364][T14942]  dump_stack_lvl+0x241/0x360
[ 3019.376109][T14942]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3019.381344][T14942]  ? __pfx__printk+0x10/0x10
[ 3019.385987][T14942]  ? __pfx_lock_release+0x10/0x10
[ 3019.391084][T14942]  should_fail_ex+0x3b0/0x4e0
[ 3019.395832][T14942]  _copy_from_user+0x2f/0xe0
[ 3019.400470][T14942]  copy_msghdr_from_user+0xae/0x680
[ 3019.405725][T14942]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 3019.411595][T14942]  __sys_sendmsg+0x22d/0x380
[ 3019.416232][T14942]  ? __pfx___sys_sendmsg+0x10/0x10
[ 3019.421492][T14942]  ? __pfx_vfs_write+0x10/0x10
[ 3019.426318][T14942]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3019.432710][T14942]  ? do_syscall_64+0x100/0x230
[ 3019.437517][T14942]  ? do_syscall_64+0xb6/0x230
[ 3019.442234][T14942]  do_syscall_64+0xf3/0x230
[ 3019.446785][T14942]  ? clear_bhb_loop+0x35/0x90
[ 3019.451501][T14942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3019.454151][T12202] usb 2-1: Using ep0 maxpacket: 16
[ 3019.457419][T14942] RIP: 0033:0x7f45f497dff9
[ 3019.457445][T14942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3019.486725][T14942] RSP: 002b:00007f45f571a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3019.495187][T14942] RAX: ffffffffffffffda RBX: 00007f45f4b35f80 RCX: 00007f45f497dff9
[ 3019.498518][T12202] usb 2-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=a9.3c
[ 3019.503176][T14942] RDX: 0000000020004010 RSI: 0000000020000180 RDI: 0000000000000003
[ 3019.503198][T14942] RBP: 00007f45f571a090 R08: 0000000000000000 R09: 0000000000000000
[ 3019.503214][T14942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3019.503229][T14942] R13: 0000000000000000 R14: 00007f45f4b35f80 R15: 00007f45f4c5fa28
[ 3019.503261][T14942]  </TASK>
[ 3019.537864][T12202] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3019.611154][T12202] usb 2-1: config 0 descriptor??
[ 3019.624910][T12202] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[ 3019.786462][T26828] usb 3-1: USB disconnect, device number 122
[ 3019.819288][T14936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3019.846156][T14936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3019.904899][T14936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3019.944405][T14936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3019.967064][T14936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3020.052091][T14936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3020.091438][T14936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3020.188735][T14936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3020.199032][T14936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3020.233146][T14936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3020.266172][T12202] usb 2-1: qt2_setup_urbs - submit read urb failed -8
[ 3020.275647][T12202] quatech2 2-1:0.0: probe with driver quatech2 failed with error -8
[ 3020.476401][T12202] usb 2-1: USB disconnect, device number 65
[ 3020.644240][ T8500] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 3020.675648][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[ 3020.681999][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[ 3020.796159][ T8500] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3020.822709][ T8500] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3020.840161][ T8500] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3020.858513][ T8500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3020.871863][ T8500] usb 4-1: SerialNumber: syz
[ 3021.085848][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8169'.
[ 3021.106215][T12202] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 3021.128883][ T8500] usb 4-1: 0:2 : does not exist
[ 3021.154231][ T8500] usb 4-1: USB disconnect, device number 13
[ 3021.169361][T14965] netlink: 'syz.1.8172': attribute type 1 has an invalid length.
[ 3021.188453][T11058] udevd[11058]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3021.237640][T14967] bridge0: port 3(team0) entered blocking state
[ 3021.244581][T14967] bridge0: port 3(team0) entered disabled state
[ 3021.251075][T14967] team0: entered allmulticast mode
[ 3021.264141][T12202] usb 5-1: Using ep0 maxpacket: 16
[ 3021.270423][T14967] team_slave_0: entered allmulticast mode
[ 3021.277341][T12202] usb 5-1: config 0 has no interfaces?
[ 3021.282850][T12202] usb 5-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3021.292007][T12202] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3021.300261][T14967] team_slave_1: entered allmulticast mode
[ 3021.308157][T12202] usb 5-1: config 0 descriptor??
[ 3021.317438][T14967] team0: entered promiscuous mode
[ 3021.323835][T14967] team_slave_0: entered promiscuous mode
[ 3021.332824][T14967] team_slave_1: entered promiscuous mode
[ 3021.349709][T14967] bridge0: port 3(team0) entered blocking state
[ 3021.356159][T14967] bridge0: port 3(team0) entered forwarding state
[ 3021.528235][T26828] usb 5-1: USB disconnect, device number 48
[ 3021.944405][ T8500] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 3022.137456][ T8500] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 3022.149846][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 3022.162966][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 3022.175610][ T8500] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 3022.189132][ T8500] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 3022.199524][ T8500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3022.212648][ T8500] usb 4-1: config 0 descriptor??
[ 3022.219033][T14973] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 3022.267711][T14979] kvm: pic: non byte write
[ 3022.273085][T14979] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[ 3022.647146][ T8500] plantronics 0003:047F:FFFF.019D: unknown main item tag 0xd
[ 3022.657054][ T8500] plantronics 0003:047F:FFFF.019D: No inputs registered, leaving
[ 3022.673144][ T8500] plantronics 0003:047F:FFFF.019D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 3022.860575][T14973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3022.929081][T14973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3023.005621][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1986356271 (n: 0)! (syz.3.8174)
[ 3023.017075][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1952804399 (n: 0)! (syz.3.8174)
[ 3023.028502][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1853191215 (n: 0)! (syz.3.8174)
[ 3023.039935][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1986356271 (n: 0)! (syz.3.8174)
[ 3023.051371][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1836477231 (n: 0)! (syz.3.8174)
[ 3023.062879][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 32512 (n: 0)! (syz.3.8174)
[ 3023.073868][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 16777216 (n: 0)! (syz.3.8174)
[ 3023.085227][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 50 (n: 0)! (syz.3.8174)
[ 3023.095918][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 767 (n: 0)! (syz.3.8174)
[ 3023.106708][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 908080438 (n: 0)! (syz.3.8174)
[ 3023.118008][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 976232500 (n: 0)! (syz.3.8174)
[ 3023.129294][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 539959350 (n: 0)! (syz.3.8174)
[ 3023.140602][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1986356271 (n: 0)! (syz.3.8174)
[ 3023.151989][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 746025504 (n: 0)! (syz.3.8174)
[ 3023.163280][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1634493810 (n: 0)! (syz.3.8174)
[ 3023.174675][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1701669236 (n: 0)! (syz.3.8174)
[ 3023.186059][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1679830304 (n: 0)! (syz.3.8174)
[ 3023.197440][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1836349029 (n: 0)! (syz.3.8174)
[ 3023.208825][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 544433776 (n: 0)! (syz.3.8174)
[ 3023.220124][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1953916260 (n: 0)! (syz.3.8174)
[ 3023.231518][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1936093293 (n: 0)! (syz.3.8174)
[ 3023.242897][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 746025504 (n: 0)! (syz.3.8174)
[ 3023.254191][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1702521203 (n: 0)! (syz.3.8174)
[ 3023.265581][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 842216253 (n: 0)! (syz.3.8174)
[ 3023.276876][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 808726582 (n: 0)! (syz.3.8174)
[ 3023.288178][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1919822955 (n: 0)! (syz.3.8174)
[ 3023.299557][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1869506911 (n: 0)! (syz.3.8174)
[ 3023.310935][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1030972772 (n: 0)! (syz.3.8174)
[ 3023.322321][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 892416824 (n: 0)! (syz.3.8174)
[ 3023.333614][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1831612465 (n: 0)! (syz.3.8174)
[ 3023.344988][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1030055023 (n: 0)! (syz.3.8174)
[ 3023.356369][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 171259191 (n: 0)! (syz.3.8174)
[ 3023.367833][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 908080950 (n: 0)! (syz.3.8174)
[ 3023.379118][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 976232501 (n: 0)! (syz.3.8174)
[ 3023.390402][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 790640178 (n: 0)! (syz.3.8174)
[ 3023.401699][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1701064480 (n: 0)! (syz.3.8174)
[ 3023.413078][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1953509238 (n: 0)! (syz.3.8174)
[ 3023.424457][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 2003968115 (n: 0)! (syz.3.8174)
[ 3023.435840][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1818587692 (n: 0)! (syz.3.8174)
[ 3023.447222][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1835627617 (n: 0)! (syz.3.8174)
[ 3023.458613][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 539828325 (n: 0)! (syz.3.8174)
[ 3023.469913][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1886807396 (n: 0)! (syz.3.8174)
[ 3023.481303][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1679848308 (n: 0)! (syz.3.8174)
[ 3023.492683][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1953527397 (n: 0)! (syz.3.8174)
[ 3023.504066][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 2003968115 (n: 0)! (syz.3.8174)
[ 3023.515443][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1684629292 (n: 0)! (syz.3.8174)
[ 3023.526822][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1831613757 (n: 0)! (syz.3.8174)
[ 3023.538201][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1030055023 (n: 0)! (syz.3.8174)
[ 3023.549578][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 741356086 (n: 0)! (syz.3.8174)
[ 3023.560870][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 2020439152 (n: 0)! (syz.3.8174)
[ 3023.572252][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1701080941 (n: 0)! (syz.3.8174)
[ 3023.583639][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 909522493 (n: 0)! (syz.3.8174)
[ 3023.594946][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 540554762 (n: 0)! (syz.3.8174)
[ 3023.606255][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 807417142 (n: 0)! (syz.3.8174)
[ 3023.617547][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 540488250 (n: 0)! (syz.3.8174)
[ 3023.628833][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1680810031 (n: 0)! (syz.3.8174)
[ 3023.640212][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 340 (n: 0)! (syz.3.8174)
[ 3023.650985][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 118685712 (n: 0)! (syz.3.8174)
[ 3023.662277][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 16777343 (n: 0)! (syz.3.8174)
[ 3023.673488][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 10 (n: 0)! (syz.3.8174)
[ 3023.684175][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 60928 (n: 0)! (syz.3.8174)
[ 3023.695125][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value -1156311892 (n: 0)! (syz.3.8174)
[ 3023.706609][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 50 (n: 0)! (syz.3.8174)
[ 3023.717294][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1316012 (n: 0)! (syz.3.8174)
[ 3023.728415][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 4129042 (n: 0)! (syz.3.8174)
[ 3023.739533][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1073741824 (n: 0)! (syz.3.8174)
[ 3023.750920][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value -64385 (n: 0)! (syz.3.8174)
[ 3023.761951][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 34144512 (n: 0)! (syz.3.8174)
[ 3023.773155][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 65572 (n: 0)! (syz.3.8174)
[ 3023.784099][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 150994944 (n: 0)! (syz.3.8174)
[ 3023.795391][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 352321540 (n: 0)! (syz.3.8174)
[ 3023.806685][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 3 (n: 0)! (syz.3.8174)
[ 3023.817281][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 4202761 (n: 0)! (syz.3.8174)
[ 3023.828483][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 253886720 (n: 0)! (syz.3.8174)
[ 3023.839773][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value -16447232 (n: 0)! (syz.3.8174)
[ 3023.851060][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value -1 (n: 0)! (syz.3.8174)
[ 3023.861823][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 687865855 (n: 0)! (syz.3.8174)
[ 3023.873108][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1752197475 (n: 0)! (syz.3.8174)
[ 3023.884481][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1851748965 (n: 0)! (syz.3.8174)
[ 3023.895944][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 694971509 (n: 0)! (syz.3.8174)
[ 3023.907248][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 262172 (n: 0)! (syz.3.8174)
[ 3023.918285][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 7 (n: 0)! (syz.3.8174)
[ 3023.928891][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 35070 (n: 0)! (syz.3.8174)
[ 3023.939836][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 67108864 (n: 0)! (syz.3.8174)
[ 3023.951045][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 536870912 (n: 0)! (syz.3.8174)
[ 3023.962338][T14973] plantronics 0003:047F:FFFF.019D: implement() called with too large value 1 (n: 0)! (syz.3.8174)
[ 3023.973515][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3024.374124][T12202] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[ 3024.424231][T26828] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 3024.594296][T26828] usb 5-1: Using ep0 maxpacket: 8
[ 3024.621862][T26828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3024.744137][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3024.800119][    T8] usb 4-1: USB disconnect, device number 14
[ 3024.801356][T26828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3024.817069][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3024.827750][T12202] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 3024.837282][T26828] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3024.850660][T12202] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3024.859189][T26828] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[ 3024.869531][T26828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3024.878921][T12202] usb 3-1: config 0 descriptor??
[ 3024.892860][T26828] usb 5-1: config 0 descriptor??
[ 3025.113630][T15003] fuse: Bad value for 'fd'
[ 3025.144157][    T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 3025.315286][T26828] hid-picolcd 0003:04D8:C002.019E: unknown global tag 0xe
[ 3025.315715][    T8] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[ 3025.342138][T26828] hid-picolcd 0003:04D8:C002.019E: item 0 4 1 14 parsing failed
[ 3025.353305][    T8] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3025.367714][T26828] hid-picolcd 0003:04D8:C002.019E: device report parse failed
[ 3025.374087][    T8] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 3025.376422][T12205] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 3025.392252][T26828] hid-picolcd 0003:04D8:C002.019E: probe with driver hid-picolcd failed with error -22
[ 3025.412266][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3025.540728][T12202] usbhid 3-1:0.0: can't add hid device: -32
[ 3025.555809][T12202] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[ 3025.564472][T12205] usb 2-1: config 0 has an invalid interface number: 18 but max is 0
[ 3025.572642][T12205] usb 2-1: config 0 has no interface number 0
[ 3025.582014][T26828] usb 5-1: USB disconnect, device number 49
[ 3025.591747][T12202] usb 3-1: USB disconnect, device number 123
[ 3025.598553][T12205] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3025.622663][T12205] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3025.634898][T12205] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[ 3025.656620][T12205] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 3025.666830][T12205] usb 2-1: Manufacturer: syz
[ 3025.681928][T15000] sctp: [Deprecated]: syz.3.8182 (pid 15000) Use of int in maxseg socket option.
[ 3025.681928][T15000] Use struct sctp_assoc_value instead
[ 3025.685093][T12205] usb 2-1: config 0 descriptor??
[ 3026.148918][T12205] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.18/0003:054C:03D5.019F/input/input559
[ 3026.263065][T12205] sony 0003:054C:03D5.019F: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.1-1/input18
[ 3026.339729][    T8] usb 4-1: string descriptor 0 read error: -71
[ 3026.360621][ T5283] usb 2-1: USB disconnect, device number 66
[ 3026.379034][    T8] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 3026.434716][    T8] usb 4-1: USB disconnect, device number 15
[ 3026.604264][ T8500] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[ 3026.728635][T15019] bridge_slave_1: left allmulticast mode
[ 3026.734703][T15019] bridge_slave_1: left promiscuous mode
[ 3026.740504][T15019] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3026.750297][T15019] bridge_slave_0: left allmulticast mode
[ 3026.756317][T15019] bridge_slave_0: left promiscuous mode
[ 3026.762128][T15019] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3026.795065][ T8500] usb 3-1: Using ep0 maxpacket: 16
[ 3026.806106][ T8500] usb 3-1: config 0 has no interfaces?
[ 3026.811628][ T8500] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3026.821538][ T8500] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3026.832835][ T8500] usb 3-1: config 0 descriptor??
[ 3027.007955][T15023] team0: left allmulticast mode
[ 3027.013032][T15023] team_slave_0: left allmulticast mode
[ 3027.019122][T15023] team_slave_1: left allmulticast mode
[ 3027.025102][T15023] team0: left promiscuous mode
[ 3027.030127][T15023] team_slave_0: left promiscuous mode
[ 3027.036424][T15023] team_slave_1: left promiscuous mode
[ 3027.042133][T15023] bridge0: port 3(team0) entered disabled state
[ 3027.051492][T15023] bridge_slave_1: left allmulticast mode
[ 3027.057421][T15023] bridge_slave_1: left promiscuous mode
[ 3027.063321][T15023] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3027.064430][    T8] usb 3-1: USB disconnect, device number 124
[ 3027.106040][T15023] bridge_slave_0: left allmulticast mode
[ 3027.111938][T15023] bridge_slave_0: left promiscuous mode
[ 3027.119049][T15023] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3027.214105][ T8500] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 3027.267469][T15028] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8191'.
[ 3027.385424][ T8500] usb 5-1: Using ep0 maxpacket: 16
[ 3027.392236][ T8500] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3027.413196][ T8500] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3027.424409][ T8500] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3027.434316][ T8500] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3027.444488][ T8500] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3027.465443][ T8500] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3027.475113][ T8500] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3027.485746][ T8500] usb 5-1: Manufacturer: syz
[ 3027.492208][ T8500] usb 5-1: config 0 descriptor??
[ 3027.594282][    T8] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 3027.702620][T15021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3027.712925][T15021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3027.713510][T15037] netlink: 6 bytes leftover after parsing attributes in process `syz.2.8195'.
[ 3027.737932][T15037] bridge_slave_0: default FDB implementation only supports local addresses
[ 3027.749731][T12205] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 3027.775596][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 3027.787538][ T8500] rc_core: IR keymap rc-hauppauge not found
[ 3027.804149][ T8500] Registered IR keymap rc-empty
[ 3027.812186][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 3027.826278][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3027.834386][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 3027.846792][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3027.856323][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 3027.869655][    T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 3027.880993][ T8500] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 3027.904488][T12205] usb 4-1: Using ep0 maxpacket: 16
[ 3027.909523][ T8500] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input561
[ 3027.911772][T12205] usb 4-1: config 0 has no interfaces?
[ 3027.924049][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3027.945798][T12205] usb 4-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3027.961743][T12205] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3027.962766][    T8] usb 2-1: config 0 descriptor??
[ 3027.973274][T12205] usb 4-1: config 0 descriptor??
[ 3027.985288][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3027.994196][T15030] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 3028.009455][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.036396][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.065253][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.084242][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.104175][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.131395][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.154298][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.185526][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.194382][T12202] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[ 3028.204366][ T8500] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3028.237454][ T5283] usb 4-1: USB disconnect, device number 16
[ 3028.246216][ T8500] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[ 3028.258126][ T8500] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3028.271743][ T8500] usb 5-1: USB disconnect, device number 50
[ 3028.364693][T12202] usb 3-1: Using ep0 maxpacket: 16
[ 3028.375201][T12202] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3028.389641][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3028.400764][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3028.411280][T12202] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3028.421087][T12202] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3028.435218][    T8] plantronics 0003:047F:FFFF.01A0: unknown main item tag 0xd
[ 3028.437583][T12202] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3028.453079][    T8] plantronics 0003:047F:FFFF.01A0: No inputs registered, leaving
[ 3028.455678][T12202] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3028.469344][T12202] usb 3-1: Manufacturer: syz
[ 3028.477654][    T8] plantronics 0003:047F:FFFF.01A0: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 3028.488616][T12202] usb 3-1: config 0 descriptor??
[ 3028.631344][T15030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3028.640814][T15030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3028.707222][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1986356271 (n: 0)! (syz.1.8192)
[ 3028.718680][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1952804399 (n: 0)! (syz.1.8192)
[ 3028.730087][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1853191215 (n: 0)! (syz.1.8192)
[ 3028.741557][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1986356271 (n: 0)! (syz.1.8192)
[ 3028.752957][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1836477231 (n: 0)! (syz.1.8192)
[ 3028.764448][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 32512 (n: 0)! (syz.1.8192)
[ 3028.775395][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 16777216 (n: 0)! (syz.1.8192)
[ 3028.786591][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 50 (n: 0)! (syz.1.8192)
[ 3028.797263][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 767 (n: 0)! (syz.1.8192)
[ 3028.808026][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 540554545 (n: 0)! (syz.1.8192)
[ 3028.819309][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 540489009 (n: 0)! (syz.1.8192)
[ 3028.830590][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 540424752 (n: 0)! (syz.1.8192)
[ 3028.841887][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1680810031 (n: 0)! (syz.1.8192)
[ 3028.853249][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1914730085 (n: 0)! (syz.1.8192)
[ 3028.864630][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1701981303 (n: 0)! (syz.1.8192)
[ 3028.875998][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1769234796 (n: 0)! (syz.1.8192)
[ 3028.887362][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 757097837 (n: 0)! (syz.1.8192)
[ 3028.898713][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1986356256 (n: 0)! (syz.1.8192)
[ 3028.910111][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1718644084 (n: 0)! (syz.1.8192)
[ 3028.921492][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1701060723 (n: 0)! (syz.1.8192)
[ 3028.932966][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1886221430 (n: 0)! (syz.1.8192)
[ 3028.944360][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1914729318 (n: 0)! (syz.1.8192)
[ 3028.955731][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1769155703 (n: 0)! (syz.1.8192)
[ 3028.967116][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 859661690 (n: 0)! (syz.1.8192)
[ 3028.978396][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 808858163 (n: 0)! (syz.1.8192)
[ 3028.989690][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 745222196 (n: 0)! (syz.1.8192)
[ 3029.000965][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1767862894 (n: 0)! (syz.1.8192)
[ 3029.012331][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1701080942 (n: 0)! (syz.1.8192)
[ 3029.023696][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 859323763 (n: 0)! (syz.1.8192)
[ 3029.035004][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 808531249 (n: 0)! (syz.1.8192)
[ 3029.046374][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1685024044 (n: 0)! (syz.1.8192)
[ 3029.057761][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 892812645 (n: 0)! (syz.1.8192)
[ 3029.069678][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 892406325 (n: 0)! (syz.1.8192)
[ 3029.080986][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 892411961 (n: 0)! (syz.1.8192)
[ 3029.092274][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 976232504 (n: 0)! (syz.1.8192)
[ 3029.103560][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 790640178 (n: 0)! (syz.1.8192)
[ 3029.114841][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1701064480 (n: 0)! (syz.1.8192)
[ 3029.126214][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1953509238 (n: 0)! (syz.1.8192)
[ 3029.137580][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 2003968115 (n: 0)! (syz.1.8192)
[ 3029.148939][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1818587692 (n: 0)! (syz.1.8192)
[ 3029.160319][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1835627617 (n: 0)! (syz.1.8192)
[ 3029.171680][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 539828325 (n: 0)! (syz.1.8192)
[ 3029.182948][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1886807396 (n: 0)! (syz.1.8192)
[ 3029.194305][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1679848308 (n: 0)! (syz.1.8192)
[ 3029.205666][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1953527397 (n: 0)! (syz.1.8192)
[ 3029.217035][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 2003968115 (n: 0)! (syz.1.8192)
[ 3029.228406][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1684629292 (n: 0)! (syz.1.8192)
[ 3029.239791][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1831613757 (n: 0)! (syz.1.8192)
[ 3029.251270][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1030055023 (n: 0)! (syz.1.8192)
[ 3029.262656][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 741356086 (n: 0)! (syz.1.8192)
[ 3029.273937][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 2020439152 (n: 0)! (syz.1.8192)
[ 3029.285737][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1701080941 (n: 0)! (syz.1.8192)
[ 3029.297103][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 909522493 (n: 0)! (syz.1.8192)
[ 3029.308389][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 808857866 (n: 0)! (syz.1.8192)
[ 3029.319672][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 943010080 (n: 0)! (syz.1.8192)
[ 3029.330946][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 842674208 (n: 0)! (syz.1.8192)
[ 3029.342224][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 340 (n: 0)! (syz.1.8192)
[ 3029.352976][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 118685712 (n: 0)! (syz.1.8192)
[ 3029.364249][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 16777343 (n: 0)! (syz.1.8192)
[ 3029.375868][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 10 (n: 0)! (syz.1.8192)
[ 3029.386533][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 60928 (n: 0)! (syz.1.8192)
[ 3029.397457][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value -1156311892 (n: 0)! (syz.1.8192)
[ 3029.408916][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 50 (n: 0)! (syz.1.8192)
[ 3029.419582][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1316012 (n: 0)! (syz.1.8192)
[ 3029.430686][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 4129042 (n: 0)! (syz.1.8192)
[ 3029.441809][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1073741824 (n: 0)! (syz.1.8192)
[ 3029.453171][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value -64385 (n: 0)! (syz.1.8192)
[ 3029.464183][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 34144512 (n: 0)! (syz.1.8192)
[ 3029.475718][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 65572 (n: 0)! (syz.1.8192)
[ 3029.486648][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 150994944 (n: 0)! (syz.1.8192)
[ 3029.497937][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 352321540 (n: 0)! (syz.1.8192)
[ 3029.509236][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 3 (n: 0)! (syz.1.8192)
[ 3029.519814][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 4202761 (n: 0)! (syz.1.8192)
[ 3029.530915][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 253886720 (n: 0)! (syz.1.8192)
[ 3029.542196][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value -16447232 (n: 0)! (syz.1.8192)
[ 3029.553488][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value -1 (n: 0)! (syz.1.8192)
[ 3029.564169][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 687865855 (n: 0)! (syz.1.8192)
[ 3029.575788][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1752197475 (n: 0)! (syz.1.8192)
[ 3029.587149][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1851748965 (n: 0)! (syz.1.8192)
[ 3029.598523][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 694971509 (n: 0)! (syz.1.8192)
[ 3029.609799][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 262172 (n: 0)! (syz.1.8192)
[ 3029.620811][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 7 (n: 0)! (syz.1.8192)
[ 3029.631413][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 35070 (n: 0)! (syz.1.8192)
[ 3029.642340][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 33554432 (n: 0)! (syz.1.8192)
[ 3029.653585][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 536870912 (n: 0)! (syz.1.8192)
[ 3029.664887][T15030] plantronics 0003:047F:FFFF.01A0: implement() called with too large value 1 (n: 0)! (syz.1.8192)
[ 3029.676057][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3029.775121][T15042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3029.811131][T15042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3029.880888][T15049] bridge_slave_1: left allmulticast mode
[ 3029.889773][T15049] bridge_slave_1: left promiscuous mode
[ 3029.896567][T15049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3029.910811][T15049] bridge_slave_0: left allmulticast mode
[ 3029.916843][T15049] bridge_slave_0: left promiscuous mode
[ 3029.922740][T15049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3029.932941][T12202] rc_core: IR keymap rc-hauppauge not found
[ 3029.948190][T12202] Registered IR keymap rc-empty
[ 3029.953733][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3029.975352][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3029.995301][T12202] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 3030.007925][T12202] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input563
[ 3030.023801][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.047285][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.061527][T15042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3030.084255][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.093089][T15042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3030.101094][ T8500] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 3030.105870][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.134961][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.157990][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.178371][T15056] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8202'.
[ 3030.184298][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.217775][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.245313][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.272240][ T8500] usb 5-1: config index 0 descriptor too short (expected 106, got 36)
[ 3030.281221][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3030.292045][ T8500] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3030.300923][T12202] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[ 3030.305197][ T8500] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[ 3030.322438][ T8500] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3030.333810][T12202] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3030.370027][ T8500] usb 5-1: config 0 descriptor??
[ 3030.396225][T12202] usb 3-1: USB disconnect, device number 125
[ 3030.442095][ T8500] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 3030.517036][    T8] usb 2-1: USB disconnect, device number 67
[ 3030.726829][T15062] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8203'.
[ 3030.898304][T15066] netlink: 'syz.1.8205': attribute type 1 has an invalid length.
[ 3031.104473][T15070] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8206'.
[ 3031.107541][ T8500] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 3031.265586][ T8500] usb 4-1: Using ep0 maxpacket: 8
[ 3031.308485][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 3031.394136][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 26056, setting to 1024
[ 3031.405733][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 3031.415551][ T8500] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 3031.425423][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 3031.435277][ T8500] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 3031.445688][ T8500] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[ 3031.454908][ T8500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3031.482760][ T8500] usb 4-1: config 0 descriptor??
[ 3031.499302][T15064] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 3031.585357][T14533] Bluetooth: hci5: urb ffff888030ee9400 submission failed (90)
[ 3031.740040][T15064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3031.752153][T15064] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3031.781422][T12202] usb 4-1: USB disconnect, device number 17
[ 3031.931471][T12205] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[ 3032.124392][T12205] usb 3-1: Using ep0 maxpacket: 8
[ 3032.151653][T12205] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=1b.21
[ 3032.166609][T12205] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3032.185041][T12205] usb 3-1: Product: syz
[ 3032.189283][T12205] usb 3-1: Manufacturer: syz
[ 3032.204905][T12205] usb 3-1: SerialNumber: syz
[ 3032.221966][T12205] usb 3-1: config 0 descriptor??
[ 3032.240712][T12205] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32
[ 3032.445573][T15083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3032.455727][T15083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3032.473023][T15083] dummy0: entered promiscuous mode
[ 3032.490738][T15083] macvlan2: entered allmulticast mode
[ 3032.512379][T15083] dummy0: entered allmulticast mode
[ 3032.526464][T15083] dummy0: left allmulticast mode
[ 3032.531771][T15083] dummy0: left promiscuous mode
[ 3032.595071][ T8500] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 3032.671253][    T8] usb 3-1: USB disconnect, device number 126
[ 3032.774271][ T8500] usb 4-1: Using ep0 maxpacket: 8
[ 3032.791430][ T8500] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 3032.832455][ T8500] usb 4-1: config 179 has no interface number 0
[ 3032.904969][T12205] usb 5-1: USB disconnect, device number 51
[ 3032.935822][ T8500] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 3033.004724][ T8500] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 3033.020622][ T8500] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3033.037978][ T8500] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 3033.049759][ T8500] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 3033.064307][ T8500] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 3033.073383][ T8500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3033.084637][T15096] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 3033.418939][T12205] usb 4-1: USB disconnect, device number 18
[ 3033.419058][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 3033.754407][    T8] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 3033.948167][    T8] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 3033.967859][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3033.979549][    T8] usb 2-1: Product: syz
[ 3033.986844][T15121] netlink: 80 bytes leftover after parsing attributes in process `syz.4.8220'.
[ 3033.995136][    T8] usb 2-1: Manufacturer: syz
[ 3034.001705][T15121] netlink: 80 bytes leftover after parsing attributes in process `syz.4.8220'.
[ 3034.004116][    T8] usb 2-1: SerialNumber: syz
[ 3034.022163][T15121] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 3034.050628][    T8] usb 2-1: config 0 descriptor??
[ 3034.207055][T15126] fuse: Unknown parameter ''
[ 3034.270076][    T8] hso 2-1:0.0: Failed to find BULK IN ep
[ 3034.285748][    T8] usb-storage 2-1:0.0: USB Mass Storage device detected
[ 3034.478226][ T5230] usb 2-1: USB disconnect, device number 68
[ 3034.494929][ T8500] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 3034.503455][   T29] kauditd_printk_skb: 37 callbacks suppressed
[ 3034.503473][   T29] audit: type=1326 audit(1728483004.253:32574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.537277][   T29] audit: type=1326 audit(1728483004.273:32575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.560975][   T29] audit: type=1326 audit(1728483004.273:32576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.583860][   T29] audit: type=1326 audit(1728483004.273:32577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.606399][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3034.612610][T12205] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 3034.620560][T12202] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[ 3034.628426][   T29] audit: type=1326 audit(1728483004.273:32578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.658078][   T29] audit: type=1326 audit(1728483004.273:32579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.681604][   T29] audit: type=1326 audit(1728483004.273:32580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.693235][ T8500] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 3034.704179][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3034.711266][   T29] audit: type=1326 audit(1728483004.273:32581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.715854][ T8500] usb 5-1: can't read configurations, error -61
[ 3034.731368][   T29] audit: type=1326 audit(1728483004.273:32582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.769584][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3034.782466][   T29] audit: type=1326 audit(1728483004.273:32583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15105 comm="syz.1.8216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f35f7dff9 code=0x7fc00000
[ 3034.805047][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3034.833510][T12202] usb 3-1: Using ep0 maxpacket: 16
[ 3034.842700][T12202] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3034.855694][T12205] usb 4-1: config index 0 descriptor too short (expected 106, got 36)
[ 3034.864555][T12205] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3034.881409][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3034.895046][ T8500] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 3034.902640][T12205] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[ 3034.902673][T12205] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3034.905200][T12205] usb 4-1: config 0 descriptor??
[ 3034.932502][T12202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3034.942673][T12202] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3034.969248][T12205] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 3034.976891][T12202] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3035.004256][T12202] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3035.029106][T12202] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3035.054163][T12202] usb 3-1: Manufacturer: syz
[ 3035.065090][T12202] usb 3-1: config 0 descriptor??
[ 3035.136276][ T8500] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 3035.151854][ T8500] usb 5-1: can't read configurations, error -61
[ 3035.165317][ T8500] usb usb5-port1: attempt power cycle
[ 3035.222403][T15142] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8228'.
[ 3035.283203][T15134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3035.296395][T15134] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3035.474564][T12202] rc_core: IR keymap rc-hauppauge not found
[ 3035.480743][T12202] Registered IR keymap rc-empty
[ 3035.491247][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.524160][ T8500] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 3035.531991][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.566604][T12202] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 3035.567486][ T8500] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 3035.592534][ T8500] usb 5-1: can't read configurations, error -61
[ 3035.642285][T12202] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input564
[ 3035.674790][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.744322][ T8500] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 3035.754376][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.769064][ T8500] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 3035.777624][ T8500] usb 5-1: can't read configurations, error -61
[ 3035.786866][ T8500] usb usb5-port1: unable to enumerate USB device
[ 3035.801349][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.854330][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.884139][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.924289][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.954292][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3035.988870][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3036.014250][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3036.044113][T12202] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 3036.075423][T12202] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[ 3036.084211][T12202] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3036.116957][T12202] usb 3-1: USB disconnect, device number 127
[ 3036.734370][    T8] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 3036.935093][    T8] usb 2-1: Using ep0 maxpacket: 32
[ 3036.948137][    T8] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 3036.957768][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3036.965924][    T8] usb 2-1: Product: syz
[ 3036.970599][    T8] usb 2-1: Manufacturer: syz
[ 3036.975430][    T8] usb 2-1: SerialNumber: syz
[ 3036.982818][    T8] usb 2-1: config 0 descriptor??
[ 3037.200933][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8233'.
[ 3037.216512][    T8] airspy 2-1:0.0: usb_control_msg() failed -71 request 09
[ 3037.223815][    T8] airspy 2-1:0.0: Could not detect board
[ 3037.231050][    T8] airspy 2-1:0.0: probe with driver airspy failed with error -71
[ 3037.254370][    T8] usb 2-1: USB disconnect, device number 69
[ 3037.388054][ T5230] usb 4-1: USB disconnect, device number 19
[ 3037.653368][T14533] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 3037.662128][T14533] Bluetooth: hci3: Injecting HCI hardware error event
[ 3037.671995][T14533] Bluetooth: hci3: hardware error 0x00
[ 3037.704207][ T8501] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 3037.802336][T15189] Cannot find map_set index 0 as target
[ 3037.864368][ T8501] usb 3-1: Using ep0 maxpacket: 16
[ 3037.872319][ T8501] usb 3-1: config 0 has no interfaces?
[ 3037.884172][ T8501] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3037.903747][ T8501] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3037.935185][ T8501] usb 3-1: config 0 descriptor??
[ 3038.058914][    T8] usb 5-1: new low-speed USB device number 56 using dummy_hcd
[ 3038.181611][ T8501] usb 3-1: USB disconnect, device number 2
[ 3038.226553][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3038.248059][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3038.263818][    T8] usb 5-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 3038.276992][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3038.291248][    T8] usb 5-1: config 0 descriptor??
[ 3038.690223][ T5377] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3038.724439][T15187] netlink: 'syz.4.8241': attribute type 10 has an invalid length.
[ 3038.839270][ T5377] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3038.839825][    T8] aquacomputer_d5next 0003:0C70:F0BD.01A1: unknown main item tag 0xe
[ 3038.870728][    T8] aquacomputer_d5next 0003:0C70:F0BD.01A1: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.4-1/input0
[ 3039.004320][ T5377] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3039.086196][ T5283] usb 5-1: USB disconnect, device number 56
[ 3039.238073][ T5377] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3039.276612][ T8883] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 3039.296732][ T8883] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 3039.317139][ T8883] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 3039.334784][ T8883] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 3039.343645][ T8883] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 3039.352418][ T8883] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 3039.714334][T14533] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 3040.665840][ T5377] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3040.683532][ T5377] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3040.697011][ T5377] bond0 (unregistering): Released all slaves
[ 3041.395374][T14533] Bluetooth: hci1: command tx timeout
[ 3041.397434][T12205] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 3041.407154][T14533] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 3041.419176][T14533] Bluetooth: hci2: Injecting HCI hardware error event
[ 3041.429324][T20177] Bluetooth: hci2: hardware error 0x00
[ 3041.451100][ T5377] hsr_slave_0: left promiscuous mode
[ 3041.484268][ T5283] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 3041.502388][ T5377] hsr_slave_1: left promiscuous mode
[ 3041.508665][ T5377] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3041.534122][ T5377] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3041.549424][ T5377] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3041.558060][ T5377] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3041.587948][ T5377] veth1_macvtap: left promiscuous mode
[ 3041.593551][ T5377] veth0_macvtap: left promiscuous mode
[ 3041.601072][ T5377] veth1_vlan: left promiscuous mode
[ 3041.606586][ T5377] veth0_vlan: left promiscuous mode
[ 3041.634537][T12205] usb 3-1: Using ep0 maxpacket: 16
[ 3041.641683][T12205] usb 3-1: config 0 has no interfaces?
[ 3041.653163][T12205] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3041.655890][ T5283] usb 5-1: Using ep0 maxpacket: 8
[ 3041.676770][T12205] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3041.690328][ T5283] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 3041.707739][T12205] usb 3-1: config 0 descriptor??
[ 3041.709513][ T5283] usb 5-1: config 16 has 0 interfaces, different from the descriptor's value: 1
[ 3041.730931][ T5283] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 3041.746476][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3041.940502][T12205] usb 3-1: USB disconnect, device number 3
[ 3042.312896][ T5377] team0 (unregistering): Port device team_slave_1 removed
[ 3042.410962][ T5377] team0 (unregistering): Port device team_slave_0 removed
[ 3043.228195][T15217] chnl_net:caif_netlink_parms(): no params data found
[ 3043.228386][    T8] usb 5-1: USB disconnect, device number 57
[ 3043.474308][T14533] Bluetooth: hci1: command tx timeout
[ 3043.525108][T15217] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3043.532270][T15217] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3043.554247][T20177] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 3043.602702][T15217] bridge_slave_0: entered allmulticast mode
[ 3043.616262][T15217] bridge_slave_0: entered promiscuous mode
[ 3043.645444][T15217] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3043.663675][T15217] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3043.684974][T15217] bridge_slave_1: entered allmulticast mode
[ 3043.717096][T15217] bridge_slave_1: entered promiscuous mode
[ 3043.888686][T15217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3043.900697][T15217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3044.014295][T15217] team0: Port device team_slave_0 added
[ 3044.025446][T15217] team0: Port device team_slave_1 added
[ 3044.117540][T15217] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3044.133553][T15217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3044.159533][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3044.176192][T15217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3044.189274][T15217] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3044.196378][T15217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3044.222293][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3044.224368][    T8] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[ 3044.305096][T12205] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 3044.323292][T15217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3044.421266][    T8] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 3044.426224][T15334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3044.449367][T15334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3044.457657][T12205] usb 2-1: Using ep0 maxpacket: 16
[ 3044.463337][    T8] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 3044.466418][T12205] usb 2-1: config 0 has no interfaces?
[ 3044.478086][T12205] usb 2-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3044.491628][    T8] usb 3-1: can't read configurations, error -61
[ 3044.506851][T15217] hsr_slave_0: entered promiscuous mode
[ 3044.515970][T12205] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3044.541958][T15217] hsr_slave_1: entered promiscuous mode
[ 3044.570674][T15217] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3044.570943][T12205] usb 2-1: config 0 descriptor??
[ 3044.578494][T15217] Cannot create hsr debugfs directory
[ 3044.656141][T12202] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 3044.674175][    T8] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[ 3044.828093][    T8] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 3044.828645][T12205] usb 2-1: USB disconnect, device number 70
[ 3044.846080][    T8] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 3044.855431][    T8] usb 3-1: can't read configurations, error -61
[ 3044.872189][    T8] usb usb3-port1: attempt power cycle
[ 3044.975206][T15347] binder: 15346:15347 ioctl c0306201 20000600 returned -22
[ 3045.234232][    T8] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[ 3045.285468][    T8] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 3045.318375][    T8] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 3045.334422][    T8] usb 3-1: can't read configurations, error -61
[ 3045.490296][    T8] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[ 3045.535485][    T8] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 3045.564917][T20177] Bluetooth: hci1: command tx timeout
[ 3045.575216][    T8] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 3045.583069][    T8] usb 3-1: can't read configurations, error -61
[ 3045.590853][    T8] usb usb3-port1: unable to enumerate USB device
[ 3045.901760][T15217] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 3045.954561][T15217] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 3045.983526][T15217] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 3046.016494][T15217] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 3046.269656][T15217] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3046.331648][T15217] 8021q: adding VLAN 0 to HW filter on device team0
[ 3046.358781][T13623] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3046.365995][T13623] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3046.405905][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3046.413134][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3046.579693][T15217] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3046.720795][T15217] veth0_vlan: entered promiscuous mode
[ 3046.764892][T15217] veth1_vlan: entered promiscuous mode
[ 3046.836237][T15390] bridge_slave_1: left allmulticast mode
[ 3046.849393][T15390] bridge_slave_1: left promiscuous mode
[ 3046.870189][T15390] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3046.903178][T15390] bridge_slave_0: left allmulticast mode
[ 3046.909251][T15390] bridge_slave_0: left promiscuous mode
[ 3046.923121][T15390] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3047.041436][T15217] veth0_macvtap: entered promiscuous mode
[ 3047.076146][T15217] veth1_macvtap: entered promiscuous mode
[ 3047.136003][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3047.187180][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.224109][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3047.259064][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.286908][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3047.302488][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.327811][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3047.344054][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.382286][T15217] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 3047.426220][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3047.474114][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.506033][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3047.537906][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.586095][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3047.615215][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.642672][T20177] Bluetooth: hci1: command tx timeout
[ 3047.664062][T15217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3047.686645][T15217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3047.705527][T15217] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 3047.810384][T15217] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3047.819255][T15217] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3047.828088][T15217] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3047.849529][T15217] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3048.027490][T18052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3048.035784][T18052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3048.085594][    T8] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 3048.130988][T18052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3048.165431][T18052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3048.274180][    T8] usb 5-1: Using ep0 maxpacket: 8
[ 3048.293323][    T8] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 3048.324752][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3048.332960][    T8] usb 5-1: Product: syz
[ 3048.339348][    T8] usb 5-1: Manufacturer: syz
[ 3048.344297][    T8] usb 5-1: SerialNumber: syz
[ 3048.360109][    T8] usb 5-1: config 0 descriptor??
[ 3048.386730][    T8] cdc_phonet 5-1:0.0: skipping garbage
[ 3048.392222][    T8] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22
[ 3048.411719][T15422] binder: 15421:15422 ioctl 4018620d 0 returned -22
[ 3048.439325][T15422] binder: 15421:15422 ioctl c0306201 0 returned -14
[ 3048.627349][    T8] usb 5-1: USB disconnect, device number 59
[ 3048.775643][ T5283] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 3048.865522][T15441] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8299'.
[ 3048.964214][ T5283] usb 4-1: Using ep0 maxpacket: 32
[ 3048.976031][ T5283] usb 4-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[ 3048.985326][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3048.993701][ T5283] usb 4-1: Product: syz
[ 3048.998512][ T5283] usb 4-1: Manufacturer: syz
[ 3049.003149][ T5283] usb 4-1: SerialNumber: syz
[ 3049.017124][ T5283] usb 4-1: config 0 descriptor??
[ 3049.074307][ T5286] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 3049.227065][ T5283] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input565
[ 3049.254372][ T5286] usb 3-1: Using ep0 maxpacket: 16
[ 3049.273246][ T5286] usb 3-1: config 0 has no interfaces?
[ 3049.296838][ T5286] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3049.347360][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3049.415172][ T5286] usb 3-1: config 0 descriptor??
[ 3049.438678][T15422] binder: 15421:15422 unknown command 0
[ 3049.478122][T15422] binder: 15421:15422 ioctl c0306201 20000200 returned -22
[ 3049.551781][    T8] usb 4-1: USB disconnect, device number 20
[ 3049.794666][ T5230] usb 3-1: USB disconnect, device number 8
[ 3049.974903][ T5292] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 3050.154212][ T5292] usb 2-1: Using ep0 maxpacket: 8
[ 3050.175588][ T5292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3050.205668][ T5292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3050.224399][ T5292] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3050.278260][ T5292] usb 2-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[ 3050.314389][ T5292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3050.366028][ T5292] usb 2-1: config 0 descriptor??
[ 3050.778962][ T5292] hid-picolcd 0003:04D8:C002.01A2: unknown global tag 0xe
[ 3050.794986][ T5292] hid-picolcd 0003:04D8:C002.01A2: item 0 4 1 14 parsing failed
[ 3050.803220][ T5292] hid-picolcd 0003:04D8:C002.01A2: device report parse failed
[ 3050.818922][ T5292] hid-picolcd 0003:04D8:C002.01A2: probe with driver hid-picolcd failed with error -22
[ 3050.874276][T12202] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 3050.993564][ T5292] usb 2-1: USB disconnect, device number 71
[ 3051.047249][T12202] usb 5-1: config 0 has an invalid interface number: 156 but max is 1
[ 3051.068914][T12202] usb 5-1: config 0 has no interface number 1
[ 3051.091783][T12202] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[ 3051.123071][T12202] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 3051.149451][T12202] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 3051.179937][T12202] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 3051.214173][T12202] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[ 3051.241055][T12202] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3051.266098][T12202] usb 5-1: config 0 descriptor??
[ 3051.291684][T12202] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 3051.314391][T12202] usb 5-1: MIDIStreaming interface descriptor not found
[ 3051.392212][T12202] gspca_main: spca561-2.14.0 probing abcd:cdee
[ 3051.491371][T12202] spca561 5-1:0.0: probe with driver spca561 failed with error -22
[ 3051.522287][T12202] usb 5-1: USB disconnect, device number 60
[ 3051.657603][ T5286] hid-generic 0083:0000:0000.01A3: unknown main item tag 0x0
[ 3051.712012][ T5286] hid-generic 0083:0000:0000.01A3: unknown main item tag 0x0
[ 3051.776115][ T5286] hid-generic 0083:0000:0000.01A3: hidraw0: <UNKNOWN> HID vffffff.ff Device [syz0] on syz1
[ 3051.808408][T15535] FAULT_INJECTION: forcing a failure.
[ 3051.808408][T15535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3051.898967][T15535] CPU: 1 UID: 0 PID: 15535 Comm: syz.2.8311 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3051.909812][T15535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3051.919906][T15535] Call Trace:
[ 3051.923225][T15535]  <TASK>
[ 3051.926191][T15535]  dump_stack_lvl+0x241/0x360
[ 3051.930917][T15535]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3051.936325][T15535]  ? __pfx__printk+0x10/0x10
[ 3051.940965][T15535]  ? kfree+0x1a0/0x440
[ 3051.945080][T15535]  ? __pfx_lock_release+0x10/0x10
[ 3051.950165][T15535]  should_fail_ex+0x3b0/0x4e0
[ 3051.954898][T15535]  _copy_to_user+0x2f/0xb0
[ 3051.959356][T15535]  sock_do_ioctl+0x382/0x460
[ 3051.964004][T15535]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 3051.969188][T15535]  sock_ioctl+0x626/0x8e0
[ 3051.973577][T15535]  ? __pfx_sock_ioctl+0x10/0x10
[ 3051.978504][T15535]  ? __fget_files+0x29/0x470
[ 3051.983123][T15535]  ? __fget_files+0x3f3/0x470
[ 3051.987823][T15535]  ? __pfx_sock_ioctl+0x10/0x10
[ 3051.992696][T15535]  __se_sys_ioctl+0xf9/0x170
[ 3051.997317][T15535]  do_syscall_64+0xf3/0x230
[ 3052.001844][T15535]  ? clear_bhb_loop+0x35/0x90
[ 3052.006536][T15535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3052.012448][T15535] RIP: 0033:0x7f708337dff9
[ 3052.016872][T15535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3052.036485][T15535] RSP: 002b:00007f708418c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3052.044923][T15535] RAX: ffffffffffffffda RBX: 00007f7083535f80 RCX: 00007f708337dff9
[ 3052.052911][T15535] RDX: 00000000200007c0 RSI: 0000000000008927 RDI: 0000000000000005
[ 3052.060907][T15535] RBP: 00007f708418c090 R08: 0000000000000000 R09: 0000000000000000
[ 3052.068894][T15535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3052.076963][T15535] R13: 0000000000000000 R14: 00007f7083535f80 R15: 00007f708365fa28
[ 3052.084951][T15535]  </TASK>
[ 3052.088005][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3052.317645][T15545] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8314'.
[ 3052.370812][T15549] netlink: 48 bytes leftover after parsing attributes in process `syz.4.8316'.
[ 3052.383779][    T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 3052.392783][T15545] Κό: entered promiscuous mode
[ 3052.411531][T15547] netlink: 56 bytes leftover after parsing attributes in process `syz.2.8315'.
[ 3052.604772][    T8] usb 4-1: Using ep0 maxpacket: 8
[ 3052.654870][    T8] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 3052.722302][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3052.772808][    T8] usb 4-1: Product: syz
[ 3052.786928][    T8] usb 4-1: Manufacturer: syz
[ 3052.791590][    T8] usb 4-1: SerialNumber: syz
[ 3052.832588][    T8] usb 4-1: config 0 descriptor??
[ 3052.863919][    T8] cdc_phonet 4-1:0.0: skipping garbage
[ 3052.894541][    T8] cdc_phonet 4-1:0.0: probe with driver cdc_phonet failed with error -22
[ 3053.064676][    T8] usb 4-1: USB disconnect, device number 21
[ 3053.211383][T15564] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8320'.
[ 3053.677755][T15576] fuse: Bad value for 'fd'
[ 3054.088128][T15577] fuse: Bad value for 'fd'
[ 3054.321630][T15584] binder: 15583:15584 ioctl 4018620d 0 returned -22
[ 3054.331807][T15584] binder: 15583:15584 ioctl c0306201 0 returned -14
[ 3054.388280][T15586] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8327'.
[ 3054.605773][ T5283] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 3054.744669][    T8] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 3054.794230][ T5283] usb 2-1: Using ep0 maxpacket: 32
[ 3054.809963][ T5283] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[ 3054.829513][ T5283] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3054.839415][ T5283] usb 2-1: Product: syz
[ 3054.843630][ T5283] usb 2-1: Manufacturer: syz
[ 3054.848604][ T5283] usb 2-1: SerialNumber: syz
[ 3054.855909][ T5283] usb 2-1: config 0 descriptor??
[ 3054.934277][    T8] usb 5-1: Using ep0 maxpacket: 16
[ 3054.945413][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3054.964454][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3054.983475][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3054.994324][    T8] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3055.015002][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3055.030870][    T8] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3055.040334][    T8] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3055.048463][    T8] usb 5-1: Manufacturer: syz
[ 3055.048670][ T5286] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 3055.071688][    T8] usb 5-1: config 0 descriptor??
[ 3055.077237][ T5283] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input566
[ 3055.236569][ T5286] usb 4-1: Using ep0 maxpacket: 8
[ 3055.255830][ T5286] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 3055.264426][ T5286] usb 4-1: config 179 has no interface number 0
[ 3055.270765][ T5286] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 3055.270850][T15584] binder: 15583:15584 unknown command 0
[ 3055.293931][T15584] binder: 15583:15584 ioctl c0306201 20000200 returned -22
[ 3055.295611][ T5286] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 3055.304837][T15588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3055.334142][ T5286] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3055.349648][T15588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3055.356255][ T5286] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 3055.375628][T12202] usb 2-1: USB disconnect, device number 72
[ 3055.412755][ T5286] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 3055.444102][ T5286] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 3055.446395][    T8] rc_core: IR keymap rc-hauppauge not found
[ 3055.453201][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3055.475585][T15595] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 3055.479246][    T8] Registered IR keymap rc-empty
[ 3055.489645][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.514360][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.551956][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 3055.566847][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input567
[ 3055.598867][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.627833][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.664179][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.695263][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.724443][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.745616][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 3055.745623][ T5292] usb 4-1: USB disconnect, device number 22
[ 3055.745817][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 3055.754786][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.804405][T14533] Bluetooth: hci1: command 0x0405 tx timeout
[ 3055.812991][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.854828][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.875414][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.904359][    T8] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3055.926240][    T8] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[ 3055.934914][    T8] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3055.964250][    T8] usb 5-1: USB disconnect, device number 61
[ 3056.143152][T15604] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8334'.
[ 3056.393591][T15616] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8338'.
[ 3056.655379][T15618] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 3056.729631][T15620] netlink: 'syz.3.8340': attribute type 10 has an invalid length.
[ 3056.750117][T15620] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8340'.
[ 3056.776128][T15620] bridge0: port 3(batadv0) entered blocking state
[ 3056.789861][T15620] bridge0: port 3(batadv0) entered disabled state
[ 3056.808573][T15620] batadv0: entered allmulticast mode
[ 3056.859411][T15620] batadv0: entered promiscuous mode
[ 3056.919101][T15620] bridge0: port 3(batadv0) entered blocking state
[ 3056.925662][T15620] bridge0: port 3(batadv0) entered forwarding state
[ 3057.334444][T18052] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 3057.343749][T18052] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 3057.684237][ T8500] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 3057.844108][T12202] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 3057.844297][ T8500] usb 4-1: Using ep0 maxpacket: 8
[ 3057.877501][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3057.908365][ T8500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3057.924115][T12205] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 3057.937914][ T8500] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3057.988032][ T8500] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[ 3057.999958][T12202] usb 3-1: Using ep0 maxpacket: 8
[ 3058.007976][T12202] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 3058.017430][T12202] usb 3-1: config 179 has no interface number 0
[ 3058.019820][ T8500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3058.023831][T12202] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 3058.044888][T12202] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 3058.056239][ T8500] usb 4-1: config 0 descriptor??
[ 3058.062228][T12202] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3058.073852][T12202] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 3058.085500][T12205] usb 5-1: Using ep0 maxpacket: 16
[ 3058.092051][T12202] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 3058.109325][T12202] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 3058.109466][T12205] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3058.136494][T12202] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3058.149654][T12205] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3058.166502][T15648] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 3058.181921][T12205] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3058.193579][T12205] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3058.223809][T12205] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3058.249056][T12205] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3058.269938][T12205] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3058.289652][T12205] usb 5-1: Manufacturer: syz
[ 3058.302686][T12205] usb 5-1: config 0 descriptor??
[ 3058.433421][T15653] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8351'.
[ 3058.462119][ T8500] hid-picolcd 0003:04D8:C002.01A4: unknown global tag 0xe
[ 3058.476033][ T8500] hid-picolcd 0003:04D8:C002.01A4: item 0 4 1 14 parsing failed
[ 3058.495085][ T8500] hid-picolcd 0003:04D8:C002.01A4: device report parse failed
[ 3058.502673][ T8500] hid-picolcd 0003:04D8:C002.01A4: probe with driver hid-picolcd failed with error -22
[ 3058.515229][    T8] usb 3-1: USB disconnect, device number 9
[ 3058.515231][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 3058.515277][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 3058.539614][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3058.562994][T15651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3058.597771][T15651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3058.664816][T12205] rc_core: IR keymap rc-hauppauge not found
[ 3058.676277][ T5230] usb 4-1: USB disconnect, device number 23
[ 3058.687494][T12205] Registered IR keymap rc-empty
[ 3058.694567][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.714896][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.753315][T12205] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 3058.773142][T12205] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input568
[ 3058.783509][T15658] kvm: pic: non byte write
[ 3058.793888][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.795624][T15658] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[ 3058.834259][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.854889][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.875703][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.896205][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.914476][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.935227][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.954127][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.974165][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3058.995280][T12205] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 3059.015450][T12205] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[ 3059.024454][T12205] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3059.085094][ T8500] usb 5-1: USB disconnect, device number 62
[ 3059.243264][T15665] input: syz0 as /devices/virtual/input/input569
[ 3059.332707][T15667] netlink: 'syz.0.8356': attribute type 10 has an invalid length.
[ 3059.342169][T15667] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8356'.
[ 3059.353190][T15667] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 3059.414181][ T5230] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[ 3059.494464][    T8] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[ 3059.569662][ T5230] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBB, changing to 0x8B
[ 3059.590352][ T5230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 3059.611288][ T5230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 3059.630991][ T5230] usb 3-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc
[ 3059.642885][ T5230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3059.657955][ T5230] usb 3-1: Product: syz
[ 3059.662169][ T5230] usb 3-1: Manufacturer: syz
[ 3059.669346][ T5230] usb 3-1: SerialNumber: syz
[ 3059.681207][ T5230] usb 3-1: config 0 descriptor??
[ 3059.682732][    T8] usb 4-1: config 0 has an invalid interface number: 172 but max is 0
[ 3059.715212][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3059.749168][    T8] usb 4-1: config 0 has no interface number 0
[ 3059.759536][    T8] usb 4-1: config 0 interface 172 altsetting 0 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[ 3059.770802][    T8] usb 4-1: config 0 interface 172 altsetting 0 endpoint 0xD has invalid maxpacket 1023, setting to 64
[ 3059.813680][    T8] usb 4-1: config 0 interface 172 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3059.842883][    T8] usb 4-1: config 0 interface 172 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[ 3059.860537][    T8] usb 4-1: config 0 interface 172 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 3059.878737][    T8] usb 4-1: config 0 interface 172 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[ 3059.890343][    T8] usb 4-1: config 0 interface 172 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3059.906617][    T8] usb 4-1: config 0 interface 172 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[ 3059.923952][ T5230] usb 3-1: USB disconnect, device number 10
[ 3059.929818][    T8] usb 4-1: config 0 interface 172 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 3059.965919][T15682] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8362'.
[ 3059.974918][    T8] usb 4-1: config 0 interface 172 altsetting 0 has 14 endpoint descriptors, different from the interface descriptor's value: 15
[ 3059.980226][    T8] usb 4-1: New USB device found, idVendor=07c4, idProduct=a002, bcdDevice=c3.c0
[ 3060.007192][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3060.019253][T15681] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8361'.
[ 3060.032719][    T8] usb 4-1: Product: syz
[ 3060.039590][    T8] usb 4-1: Manufacturer: syz
[ 3060.048493][    T8] usb 4-1: SerialNumber: syz
[ 3060.083362][    T8] usb 4-1: config 0 descriptor??
[ 3060.084119][T12205] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 3060.099396][    T8] ums-datafab 4-1:0.172: USB Mass Storage device detected
[ 3060.143271][    T8] ums-datafab 4-1:0.172: Quirks match for vid 07c4 pid a002: 1
[ 3060.168233][T15684] netdevsim netdevsim4 netdevsim3: entered promiscuous mode
[ 3060.219969][T15684] netdevsim netdevsim4 netdevsim3: left promiscuous mode
[ 3060.254369][T12205] usb 2-1: device descriptor read/64, error -71
[ 3060.308547][    T8] usb 4-1: USB disconnect, device number 24
[ 3060.521867][T12205] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 3060.684104][T12205] usb 2-1: device descriptor read/64, error -71
[ 3060.794406][T12205] usb usb2-port1: attempt power cycle
[ 3060.844941][ T5292] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 3060.852894][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[ 3060.888018][T15698] netlink: 'syz.0.8367': attribute type 10 has an invalid length.
[ 3060.902389][T15698] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8367'.
[ 3060.916970][T15698] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 3060.941223][T15701] batadv0: left allmulticast mode
[ 3060.947914][T15701] batadv0: left promiscuous mode
[ 3060.953232][T15701] bridge0: port 3(batadv0) entered disabled state
[ 3060.962252][T15701] bridge_slave_1: left allmulticast mode
[ 3060.968226][T15701] bridge_slave_1: left promiscuous mode
[ 3060.976155][T15701] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3060.990885][T15701] bridge_slave_0: left allmulticast mode
[ 3061.000992][T15701] bridge_slave_0: left promiscuous mode
[ 3061.008353][T15701] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3061.064214][    T8] usb 3-1: Using ep0 maxpacket: 8
[ 3061.069415][ T5292] usb 5-1: Using ep0 maxpacket: 16
[ 3061.079974][ T5292] usb 5-1: config 0 descriptor has 1 excess byte, ignoring
[ 3061.088849][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3061.104213][ T5292] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024
[ 3061.124281][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3061.134642][ T5292] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[ 3061.145214][T12205] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 3061.145642][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3061.166102][ T5292] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3061.185049][ T5292] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[ 3061.199485][    T8] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[ 3061.204210][T12205] usb 2-1: device descriptor read/8, error -71
[ 3061.210068][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3061.230074][ T5292] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 3061.247441][ T5292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3061.263749][    T8] usb 3-1: config 0 descriptor??
[ 3061.274047][ T5292] usb 5-1: Product: syz
[ 3061.284768][ T5292] usb 5-1: Manufacturer: syz
[ 3061.289537][ T5292] usb 5-1: SerialNumber: syz
[ 3061.302707][ T5292] usb 5-1: config 0 descriptor??
[ 3061.309896][T15696] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 3061.345210][ T5292] mcba_usb 5-1:0.0 can0: couldn't setup read URBs
[ 3061.351732][ T5292] mcba_usb 5-1:0.0 can0: couldn't start device: -90
[ 3061.406071][ T5292] mcba_usb 5-1:0.0: probe with driver mcba_usb failed with error -90
[ 3061.464222][T12205] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 3061.491012][T15712] kvm: pic: non byte write
[ 3061.523370][T15712] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[ 3061.547251][T12205] usb 2-1: device descriptor read/8, error -71
[ 3061.560576][T15696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3061.572976][T15696] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3061.654742][T12205] usb usb2-port1: unable to enumerate USB device
[ 3061.673165][T15714] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8373'.
[ 3061.690266][    T8] hid-picolcd 0003:04D8:C002.01A5: unknown global tag 0xe
[ 3061.706650][    T8] hid-picolcd 0003:04D8:C002.01A5: item 0 4 1 14 parsing failed
[ 3061.722616][    T8] hid-picolcd 0003:04D8:C002.01A5: device report parse failed
[ 3061.730832][    T8] hid-picolcd 0003:04D8:C002.01A5: probe with driver hid-picolcd failed with error -22
[ 3061.859788][T15719] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117
[ 3061.867099][T15719] PKCS7: Only support pkcs7_signedData type
[ 3061.907647][T12205] usb 3-1: USB disconnect, device number 11
[ 3062.174212][ T5230] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 3062.360743][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3062.397204][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3062.440633][ T5230] usb 4-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[ 3062.492975][ T5230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3062.552331][ T5230] usb 4-1: config 0 descriptor??
[ 3062.792566][ T5230] usbhid 4-1:0.0: can't add hid device: -71
[ 3062.804518][ T5230] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 3062.819780][ T5230] usb 4-1: USB disconnect, device number 25
[ 3062.910835][T15734] FAULT_INJECTION: forcing a failure.
[ 3062.910835][T15734] name failslab, interval 1, probability 0, space 0, times 0
[ 3062.930344][T15734] CPU: 0 UID: 0 PID: 15734 Comm: syz.1.8382 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3062.941306][T15734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3062.951390][T15734] Call Trace:
[ 3062.954680][T15734]  <TASK>
[ 3062.957614][T15734]  dump_stack_lvl+0x241/0x360
[ 3062.962302][T15734]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3062.967512][T15734]  ? __pfx__printk+0x10/0x10
[ 3062.972124][T15734]  ? __pfx_validate_chain+0x10/0x10
[ 3062.977339][T15734]  should_fail_ex+0x3b0/0x4e0
[ 3062.982053][T15734]  should_failslab+0xac/0x100
[ 3062.986740][T15734]  ? __alloc_skb+0x1c3/0x440
[ 3062.991349][T15734]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 3062.997202][T15734]  __alloc_skb+0x1c3/0x440
[ 3063.001637][T15734]  ? __pfx___alloc_skb+0x10/0x10
[ 3063.006591][T15734]  __ipv6_ifa_notify+0x2e9/0x1230
[ 3063.011640][T15734]  ? __pfx___ipv6_ifa_notify+0x10/0x10
[ 3063.017134][T15734]  ? mark_lock+0x9a/0x360
[ 3063.021496][T15734]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3063.027493][T15734]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3063.033881][T15734]  ? __local_bh_enable_ip+0x168/0x200
[ 3063.039306][T15734]  ? lockdep_hardirqs_on+0x99/0x150
[ 3063.044537][T15734]  ? __local_bh_enable_ip+0x168/0x200
[ 3063.049977][T15734]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 3063.055770][T15734]  ? mark_lock+0x9a/0x360
[ 3063.060128][T15734]  ? inet6_addr_modify+0x646/0x1ca0
[ 3063.065357][T15734]  inet6_addr_modify+0x938/0x1ca0
[ 3063.070409][T15734]  ? __pfx_inet6_addr_modify+0x10/0x10
[ 3063.075895][T15734]  ? __pfx_lock_acquire+0x10/0x10
[ 3063.080943][T15734]  ? ipv6_get_ifaddr+0x107/0x770
[ 3063.085906][T15734]  ? trace_contention_end+0x3c/0x120
[ 3063.091222][T15734]  ? __pfx_lock_release+0x10/0x10
[ 3063.096272][T15734]  ? __mutex_lock+0x2ef/0xd70
[ 3063.100995][T15734]  ? ipv6_get_ifaddr+0x708/0x770
[ 3063.105958][T15734]  ? ipv6_get_ifaddr+0x107/0x770
[ 3063.110913][T15734]  ? __pfx_ipv6_get_ifaddr+0x10/0x10
[ 3063.116208][T15734]  ? ipv6_mc_up+0x3c9/0x570
[ 3063.120749][T15734]  inet6_rtm_newaddr+0x858/0xc90
[ 3063.125733][T15734]  ? __pfx_inet6_rtm_newaddr+0x10/0x10
[ 3063.131212][T15734]  ? __pfx___mutex_lock+0x10/0x10
[ 3063.136294][T15734]  ? __pfx_inet6_rtm_newaddr+0x10/0x10
[ 3063.141800][T15734]  rtnetlink_rcv_msg+0x73f/0xcf0
[ 3063.146760][T15734]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[ 3063.152000][T15734]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3063.157480][T15734]  ? ref_tracker_free+0x643/0x7e0
[ 3063.162531][T15734]  netlink_rcv_skb+0x1e3/0x430
[ 3063.167339][T15734]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 3063.172832][T15734]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 3063.178172][T15734]  ? netlink_deliver_tap+0x2e/0x1b0
[ 3063.183391][T15734]  netlink_unicast+0x7f6/0x990
[ 3063.188203][T15734]  ? __pfx_netlink_unicast+0x10/0x10
[ 3063.193530][T15734]  ? __virt_addr_valid+0x183/0x530
[ 3063.198684][T15734]  ? __check_object_size+0x48e/0x900
[ 3063.204066][T15734]  netlink_sendmsg+0x8e4/0xcb0
[ 3063.208866][T15734]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3063.214176][T15734]  ? aa_sock_msg_perm+0x91/0x160
[ 3063.219152][T15734]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 3063.224459][T15734]  __sock_sendmsg+0x221/0x270
[ 3063.229160][T15734]  ____sys_sendmsg+0x52a/0x7e0
[ 3063.233947][T15734]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3063.239284][T15734]  __sys_sendmsg+0x292/0x380
[ 3063.243890][T15734]  ? __pfx___sys_sendmsg+0x10/0x10
[ 3063.249021][T15734]  ? __pfx_vfs_write+0x10/0x10
[ 3063.253815][T15734]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3063.260183][T15734]  ? do_syscall_64+0x100/0x230
[ 3063.264964][T15734]  ? do_syscall_64+0xb6/0x230
[ 3063.269652][T15734]  do_syscall_64+0xf3/0x230
[ 3063.274185][T15734]  ? clear_bhb_loop+0x35/0x90
[ 3063.278913][T15734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3063.284832][T15734] RIP: 0033:0x7f0f35f7dff9
[ 3063.289288][T15734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3063.308932][T15734] RSP: 002b:00007f0f36dc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3063.317398][T15734] RAX: ffffffffffffffda RBX: 00007f0f36135f80 RCX: 00007f0f35f7dff9
[ 3063.325397][T15734] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[ 3063.333381][T15734] RBP: 00007f0f36dc0090 R08: 0000000000000000 R09: 0000000000000000
[ 3063.341395][T15734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3063.349408][T15734] R13: 0000000000000000 R14: 00007f0f36135f80 R15: 00007f0f3625fa28
[ 3063.357440][T15734]  </TASK>
[ 3063.454511][T15740] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8384'.
[ 3063.574876][ T5292] usb 5-1: USB disconnect, device number 63
[ 3063.612847][T15746] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8387'.
[ 3063.646347][T15744] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8386'.
[ 3064.224156][ T5292] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 3064.406791][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3064.421325][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3064.447059][ T5292] usb 3-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[ 3064.458059][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3064.471173][ T5292] usb 3-1: config 0 descriptor??
[ 3064.752491][T15770] FAULT_INJECTION: forcing a failure.
[ 3064.752491][T15770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3064.767120][T15770] CPU: 1 UID: 0 PID: 15770 Comm: syz.1.8393 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3064.777943][T15770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3064.788045][T15770] Call Trace:
[ 3064.791360][T15770]  <TASK>
[ 3064.794324][T15770]  dump_stack_lvl+0x241/0x360
[ 3064.799047][T15770]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3064.804300][T15770]  ? __pfx__printk+0x10/0x10
[ 3064.808929][T15770]  ? snprintf+0xda/0x120
[ 3064.813291][T15770]  should_fail_ex+0x3b0/0x4e0
[ 3064.818042][T15770]  _copy_to_user+0x2f/0xb0
[ 3064.822520][T15770]  simple_read_from_buffer+0xca/0x150
[ 3064.827965][T15770]  proc_fail_nth_read+0x1e9/0x250
[ 3064.833053][T15770]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3064.838658][T15770]  ? rw_verify_area+0x55e/0x6f0
[ 3064.843568][T15770]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3064.849246][T15770]  vfs_read+0x201/0xbc0
[ 3064.853469][T15770]  ? __pfx_lock_release+0x10/0x10
[ 3064.858550][T15770]  ? __pfx_vfs_read+0x10/0x10
[ 3064.863280][T15770]  ? __fget_files+0x3f3/0x470
[ 3064.868052][T15770]  ? fdget_pos+0x24e/0x320
[ 3064.872506][T15770]  ksys_read+0x183/0x2b0
[ 3064.876788][T15770]  ? __pfx_ksys_read+0x10/0x10
[ 3064.881593][T15770]  ? do_syscall_64+0x100/0x230
[ 3064.886402][T15770]  ? do_syscall_64+0xb6/0x230
[ 3064.891127][T15770]  do_syscall_64+0xf3/0x230
[ 3064.891862][ T5292] kye 0003:0458:501B.01A6: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 3064.895647][T15770]  ? clear_bhb_loop+0x35/0x90
[ 3064.895678][T15770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3064.895714][T15770] RIP: 0033:0x7f0f35f7ca3c
[ 3064.895736][T15770] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 3064.920690][ T5292] kye 0003:0458:501B.01A6: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.2-1/input0
[ 3064.921158][T15770] RSP: 002b:00007f0f36d9f030 EFLAGS: 00000246
[ 3064.947785][ T5292] kye 0003:0458:501B.01A6: tablet-enabling feature report not found
[ 3064.951616][T15770]  ORIG_RAX: 0000000000000000
[ 3064.951635][T15770] RAX: ffffffffffffffda RBX: 00007f0f36136058 RCX: 00007f0f35f7ca3c
[ 3064.951657][T15770] RDX: 000000000000000f RSI: 00007f0f36d9f0a0 RDI: 0000000000000006
[ 3064.951674][T15770] RBP: 00007f0f36d9f090 R08: 0000000000000000 R09: 0000000000000000
[ 3064.951690][T15770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3064.951706][T15770] R13: 0000000000000001 R14: 00007f0f36136058 R15: 00007f0f3625fa28
[ 3064.951741][T15770]  </TASK>
[ 3064.958198][ T5292] kye 0003:0458:501B.01A6: tablet enabling failed
[ 3064.965921][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3065.137215][T15776] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8397'.
[ 3065.438624][T15787] FAULT_INJECTION: forcing a failure.
[ 3065.438624][T15787] name failslab, interval 1, probability 0, space 0, times 0
[ 3065.471033][T15787] CPU: 1 UID: 0 PID: 15787 Comm: syz.3.8402 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3065.481984][T15787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3065.492161][T15787] Call Trace:
[ 3065.495461][T15787]  <TASK>
[ 3065.498408][T15787]  dump_stack_lvl+0x241/0x360
[ 3065.503103][T15787]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3065.508312][T15787]  ? __pfx__printk+0x10/0x10
[ 3065.512926][T15787]  should_fail_ex+0x3b0/0x4e0
[ 3065.517653][T15787]  ? dst_alloc+0x12b/0x190
[ 3065.522105][T15787]  should_failslab+0xac/0x100
[ 3065.526831][T15787]  ? dst_alloc+0x12b/0x190
[ 3065.531270][T15787]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 3065.536672][T15787]  dst_alloc+0x12b/0x190
[ 3065.540927][T15787]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[ 3065.547031][T15787]  ip_route_output_key_hash+0x193/0x2b0
[ 3065.552595][T15787]  ? ip_route_output_key_hash+0xdf/0x2b0
[ 3065.558241][T15787]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 3065.564332][T15787]  ? __pfx_lock_release+0x10/0x10
[ 3065.569384][T15787]  ip_route_output_flow+0x29/0x140
[ 3065.574519][T15787]  raw_sendmsg+0x15e6/0x2490
[ 3065.579166][T15787]  ? __pfx_raw_sendmsg+0x10/0x10
[ 3065.584149][T15787]  ? aa_sk_perm+0x96d/0xab0
[ 3065.588685][T15787]  ? __pfx_aa_sk_perm+0x10/0x10
[ 3065.593556][T15787]  ? inet_sendmsg+0x330/0x390
[ 3065.598256][T15787]  __sock_sendmsg+0x1a6/0x270
[ 3065.602977][T15787]  ____sys_sendmsg+0x52a/0x7e0
[ 3065.607764][T15787]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3065.613069][T15787]  ? rcu_is_watching+0x15/0xb0
[ 3065.617968][T15787]  ? __might_fault+0xaa/0x120
[ 3065.622662][T15787]  __sys_sendmmsg+0x3ab/0x730
[ 3065.627363][T15787]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 3065.632586][T15787]  ? __pfx_lock_release+0x10/0x10
[ 3065.637630][T15787]  ? kstrtouint_from_user+0x128/0x190
[ 3065.643034][T15787]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 3065.648947][T15787]  ? ksys_write+0x229/0x2b0
[ 3065.653460][T15787]  ? __pfx_lock_release+0x10/0x10
[ 3065.658532][T15787]  ? vfs_write+0x7bf/0xc90
[ 3065.662982][T15787]  ? kmem_cache_free+0x1a2/0x420
[ 3065.667957][T15787]  ? __mutex_unlock_slowpath+0x21d/0x750
[ 3065.673632][T15787]  ? __fget_files+0x3f3/0x470
[ 3065.678340][T15787]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3065.684358][T15787]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3065.690749][T15787]  ? do_syscall_64+0x100/0x230
[ 3065.695555][T15787]  __x64_sys_sendmmsg+0xa0/0xb0
[ 3065.700463][T15787]  do_syscall_64+0xf3/0x230
[ 3065.704986][T15787]  ? clear_bhb_loop+0x35/0x90
[ 3065.709681][T15787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3065.715600][T15787] RIP: 0033:0x7fdda097dff9
[ 3065.720052][T15787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3065.739675][T15787] RSP: 002b:00007fdda16db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3065.748117][T15787] RAX: ffffffffffffffda RBX: 00007fdda0b35f80 RCX: 00007fdda097dff9
[ 3065.756103][T15787] RDX: 0000000000000300 RSI: 0000000020005240 RDI: 0000000000000006
[ 3065.764087][T15787] RBP: 00007fdda16db090 R08: 0000000000000000 R09: 0000000000000000
[ 3065.772075][T15787] R10: 000000000401eb94 R11: 0000000000000246 R12: 0000000000000001
[ 3065.780084][T15787] R13: 0000000000000000 R14: 00007fdda0b35f80 R15: 00007fdda0c5fa28
[ 3065.788084][T15787]  </TASK>
[ 3065.791318][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3065.825909][T12202] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 3065.849338][T15793] binder: 15789:15793 ioctl 4018620d 0 returned -22
[ 3065.878953][T15793] binder: 15789:15793 ioctl c0306201 0 returned -14
[ 3066.027797][T12202] usb 2-1: Using ep0 maxpacket: 16
[ 3066.035104][T12202] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3066.051378][T12202] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3066.074078][T12202] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3066.083811][T12202] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 3066.117372][T12202] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3066.157145][ T5230] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 3066.168789][T12202] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 3066.180075][T12202] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 3066.194590][T12202] usb 2-1: Manufacturer: syz
[ 3066.216028][T15807] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8409'.
[ 3066.230843][T12202] usb 2-1: config 0 descriptor??
[ 3066.354306][ T5230] usb 5-1: Using ep0 maxpacket: 32
[ 3066.374734][ T5230] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[ 3066.384291][ T5230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3066.393919][ T5230] usb 5-1: Product: syz
[ 3066.403045][ T5230] usb 5-1: Manufacturer: syz
[ 3066.407895][ T5230] usb 5-1: SerialNumber: syz
[ 3066.421155][ T5230] usb 5-1: config 0 descriptor??
[ 3066.448320][   T29] kauditd_printk_skb: 654 callbacks suppressed
[ 3066.448379][   T29] audit: type=1326 audit(1728483036.203:33238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15811 comm="syz.0.8412" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45f497dff9 code=0x0
[ 3066.488027][T15781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3066.513737][T15781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3066.574135][T12202] rc_core: IR keymap rc-hauppauge not found
[ 3066.580212][T12202] Registered IR keymap rc-empty
[ 3066.585645][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.604211][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.633859][ T5230] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input570
[ 3066.650211][T12202] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 3066.675433][T12202] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input571
[ 3066.705027][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.743594][T15819] "syz.3.8413" (15819) uses obsolete ecb(arc4) skcipher
[ 3066.755829][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.794153][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.817262][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.843067][T15793] binder: 15789:15793 unknown command 0
[ 3066.853097][T15793] binder: 15789:15793 ioctl c0306201 20000200 returned -22
[ 3066.860627][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.885589][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.899464][T12205] usb 5-1: USB disconnect, device number 64
[ 3066.924978][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.954284][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.976434][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3066.991139][ T5286] usb 3-1: USB disconnect, device number 12
[ 3067.004142][T12202] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 3067.025144][ T5230] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 3067.035940][T12202] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 3067.052686][T12202] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 3067.072713][T12202] usb 2-1: USB disconnect, device number 77
[ 3067.194389][ T5230] usb 4-1: Using ep0 maxpacket: 16
[ 3067.205507][ T5230] usb 4-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[ 3067.221984][ T5230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3067.233457][ T5230] usb 4-1: config 0 descriptor??
[ 3067.250022][ T5230] usb 4-1: invalid MIDI EP
[ 3067.261527][ T5230] usb 4-1: snd-bcd2000: error during probing
[ 3067.270754][ T5230] snd-bcd2000 4-1:0.0: probe with driver snd-bcd2000 failed with error -22
[ 3067.404169][ T5286] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 3067.451426][T15835] gretap0: entered promiscuous mode
[ 3067.460630][T15835] erspan0: entered promiscuous mode
[ 3067.548332][T15837] blktrace: Concurrent blktraces are not allowed on sg0
[ 3067.574794][ T5286] usb 3-1: Using ep0 maxpacket: 16
[ 3067.581805][ T5286] usb 3-1: config 0 has no interfaces?
[ 3067.592127][ T5286] usb 3-1: New USB device found, idVendor=2770, idProduct=9050, bcdDevice=11.97
[ 3067.609244][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3067.628873][ T5286] usb 3-1: config 0 descriptor??
[ 3067.753356][T15847] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8421'.
[ 3067.855336][ T5286] usb 3-1: USB disconnect, device number 13
[ 3068.051505][T15860] binder: 15859:15860 ioctl 4018620d 0 returned -22
[ 3068.061322][T15860] binder: 15859:15860 ioctl c0306201 0 returned -14
[ 3068.077066][    C1] ------------[ cut here ]------------
[ 3068.083199][    C1] WARNING: CPU: 1 PID: 15855 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3068.094250][    C1] Modules linked in:
[ 3068.098180][    C1] CPU: 1 UID: 0 PID: 15855 Comm: syz.1.8425 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3068.109068][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3068.119244][    C1] RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3068.126406][    C1] Code: 0f b6 dc 31 ff 89 de e8 a5 b8 e7 f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 88 b5 e7 f5 90 <0f> 0b 90 e9 47 ff ff ff e8 7a b5 e7 f5 90 0f 0b 90 e9 99 e0 ff ff
[ 3068.146174][    C1] RSP: 0018:ffffc90000a17db8 EFLAGS: 00010246
[ 3068.152331][    C1] RAX: ffffffff8bad3148 RBX: 000000000000c0c0 RCX: ffff88802a171e00
[ 3068.160395][    C1] RDX: 0000000000000100 RSI: 000000000000e051 RDI: 000000000000c0c0
[ 3068.168475][    C1] RBP: 1ffff11005103c1e R08: ffffffff8bad2142 R09: 1ffff11005f7cb0c
[ 3068.176573][    C1] R10: dffffc0000000000 R11: ffffed1005f7cb0d R12: 0000000000000000
[ 3068.184657][    C1] R13: dffffc0000000000 R14: 0000000079a30687 R15: 000000000000e051
[ 3068.192663][    C1] FS:  00007f0f36dc06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 3068.201725][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3068.208578][    C1] CR2: 000000110c2f99b9 CR3: 000000006b35e000 CR4: 00000000003526f0
[ 3068.216665][    C1] DR0: 0000000000000005 DR1: 0000000000000000 DR2: 0000000000000002
[ 3068.224725][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 3068.232730][    C1] Call Trace:
[ 3068.236157][    C1]  <IRQ>
[ 3068.239042][    C1]  ? __warn+0x168/0x4e0
[ 3068.243251][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3068.249799][    C1]  ? report_bug+0x2b3/0x500
[ 3068.254398][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3068.260888][    C1]  ? handle_bug+0x60/0x90
[ 3068.265327][    C1]  ? exc_invalid_op+0x1a/0x50
[ 3068.270083][    C1]  ? asm_exc_invalid_op+0x1a/0x20
[ 3068.275194][    C1]  ? __mptcp_move_skbs_from_subflow+0x10a2/0x21f0
[ 3068.281655][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0
[ 3068.288185][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3068.294714][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0
[ 3068.301275][    C1]  mptcp_data_ready+0x29c/0xa90
[ 3068.306242][    C1]  ? __pfx_mptcp_data_ready+0x10/0x10
[ 3068.311715][    C1]  subflow_data_ready+0x34a/0x920
[ 3068.316861][    C1]  ? __pfx_subflow_data_ready+0x10/0x10
[ 3068.322550][    C1]  ? tcp_grow_window+0x3f1/0xb00
[ 3068.327583][    C1]  ? tcp_data_ready+0x15b/0x4e0
[ 3068.332501][    C1]  tcp_data_queue+0x20fd/0x76c0
[ 3068.337513][    C1]  ? tcp_urg+0x100/0x450
[ 3068.341813][    C1]  ? __pfx_tcp_data_queue+0x10/0x10
[ 3068.347129][    C1]  ? __pfx_tcp_urg+0x10/0x10
[ 3068.351863][    C1]  ? ktime_get+0x9b/0xb0
[ 3068.356212][    C1]  tcp_rcv_established+0xfba/0x2020
[ 3068.361474][    C1]  ? __pfx_tcp_rcv_established+0x10/0x10
[ 3068.367234][    C1]  ? do_raw_spin_lock+0x14f/0x370
[ 3068.372325][    C1]  tcp_v4_do_rcv+0x96d/0xc70
[ 3068.377008][    C1]  tcp_v4_rcv+0x2dc0/0x37f0
[ 3068.381586][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3068.386594][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3068.391498][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3068.394230][ T5292] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 3068.396431][    C1]  ip_protocol_deliver_rcu+0x22e/0x440
[ 3068.409534][    C1]  ? ip_local_deliver_finish+0x230/0x5f0
[ 3068.415237][    C1]  ip_local_deliver_finish+0x341/0x5f0
[ 3068.420768][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 3068.426828][    C1]  NF_HOOK+0x3a4/0x450
[ 3068.430944][    C1]  ? NF_HOOK+0x9a/0x450
[ 3068.435208][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 3068.439845][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 3068.445985][    C1]  ? ip_rcv_finish+0x406/0x560
[ 3068.450794][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 3068.455980][    C1]  NF_HOOK+0x3a4/0x450
[ 3068.460088][    C1]  ? __lock_acquire+0x1384/0x2050
[ 3068.465214][    C1]  ? NF_HOOK+0x9a/0x450
[ 3068.469451][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 3068.474141][    C1]  ? ip_rcv_core+0x801/0xd10
[ 3068.478794][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 3068.484054][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 3068.488605][    C1]  __netif_receive_skb+0x2bf/0x650
[ 3068.493777][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 3068.498938][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[ 3068.504686][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3068.510725][    C1]  ? __pfx_lock_release+0x10/0x10
[ 3068.515871][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[ 3068.521106][    C1]  process_backlog+0x662/0x15b0
[ 3068.526066][    C1]  ? process_backlog+0x33b/0x15b0
[ 3068.531161][    C1]  ? __pfx_process_backlog+0x10/0x10
[ 3068.536587][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3068.542623][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3068.549054][    C1]  ? __asan_memset+0x23/0x50
[ 3068.553728][    C1]  __napi_poll+0xcb/0x490
[ 3068.558138][    C1]  net_rx_action+0x89b/0x1240
[ 3068.562869][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 3068.568095][    C1]  ? sched_clock+0x4a/0x70
[ 3068.572581][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3068.574198][ T5292] usb 5-1: Using ep0 maxpacket: 32
[ 3068.579027][    C1]  handle_softirqs+0x2c5/0x980
[ 3068.579088][    C1]  ? do_softirq+0x11b/0x1e0
[ 3068.593568][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 3068.595707][ T5292] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[ 3068.598978][    C1]  do_softirq+0x11b/0x1e0
[ 3068.612387][    C1]  </IRQ>
[ 3068.615005][ T5292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3068.615384][    C1]  <TASK>
[ 3068.624207][ T5292] usb 5-1: Product: syz
[ 3068.626347][    C1]  ? __pfx_do_softirq+0x10/0x10
[ 3068.630711][ T5292] usb 5-1: Manufacturer: syz
[ 3068.635430][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[ 3068.635479][    C1]  ? rcu_is_watching+0x15/0xb0
[ 3068.635510][    C1]  __local_bh_enable_ip+0x1bb/0x200
[ 3068.635544][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3068.635574][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 3068.635606][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 3068.635642][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3068.649283][ T5292] usb 5-1: SerialNumber: syz
[ 3068.650712][    C1]  __dev_queue_xmit+0x171d/0x3ed0
[ 3068.650768][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3068.663952][ T5292] usb 5-1: config 0 descriptor??
[ 3068.666862][    C1]  ? __lock_acquire+0x1384/0x2050
[ 3068.666918][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 3068.708249][    C1]  ? mark_lock+0x9a/0x360
[ 3068.712623][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3068.718755][    C1]  ? ip_finish_output2+0xa14/0x1390
[ 3068.724050][    C1]  ? ip_finish_output2+0x45f/0x1390
[ 3068.729302][    C1]  ip_finish_output2+0xd41/0x1390
[ 3068.734460][    C1]  ? ip_finish_output2+0x45f/0x1390
[ 3068.739730][    C1]  ? __pfx_ip_finish_output2+0x10/0x10
[ 3068.745380][    C1]  ? ip_skb_dst_mtu+0x6ba/0x9b0
[ 3068.750353][    C1]  ? __ip_finish_output+0x349/0x400
[ 3068.755687][    C1]  __ip_queue_xmit+0x118c/0x1b80
[ 3068.760698][    C1]  ? __pfx_mptcp_write_options+0x10/0x10
[ 3068.766452][    C1]  ? __ip_queue_xmit+0x5f/0x1b80
[ 3068.771440][    C1]  ? __pfx_ip_queue_xmit+0x10/0x10
[ 3068.776657][    C1]  __tcp_transmit_skb+0x2544/0x3b30
[ 3068.781967][    C1]  ? __pfx___tcp_transmit_skb+0x10/0x10
[ 3068.787647][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3068.793695][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3068.800364][    C1]  ? tcp_init_tso_segs+0xde/0x1a0
[ 3068.805494][    C1]  tcp_write_xmit+0x641d/0x6bf0
[ 3068.810453][    C1]  ? tcp_stream_memory_free+0x103/0x1b0
[ 3068.816129][    C1]  ? __subflow_push_pending+0xabd/0xbc0
[ 3068.821777][    C1]  __tcp_push_pending_frames+0x9b/0x360
[ 3068.827456][    C1]  __mptcp_push_pending+0x6ad/0x9f0
[ 3068.832719][    C1]  ? __mptcp_push_pending+0x3b1/0x9f0
[ 3068.838205][    C1]  ? __pfx___mptcp_push_pending+0x10/0x10
[ 3068.843960][    C1]  ? __local_bh_enable_ip+0x168/0x200
[ 3068.849452][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 3068.855298][    C1]  ? mptcp_release_cb+0x709/0xb30
[ 3068.860482][    C1]  mptcp_release_cb+0x6b7/0xb30
[ 3068.865501][    C1]  ? __pfx_mptcp_release_cb+0x10/0x10
[ 3068.871054][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3068.877169][    C1]  ? release_sock+0x30/0x1f0
[ 3068.881827][    C1]  ? __pfx_mptcp_release_cb+0x10/0x10
[ 3068.884469][ T5292] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input572
[ 3068.887388][    C1]  release_sock+0x1aa/0x1f0
[ 3068.901217][    C1]  sk_stream_wait_memory+0x762/0xfa0
[ 3068.906687][    C1]  ? __pfx_sk_stream_wait_memory+0x10/0x10
[ 3068.912556][    C1]  ? __pfx_woken_wake_function+0x10/0x10
[ 3068.918409][    C1]  ? __virt_addr_valid+0x183/0x530
[ 3068.923597][    C1]  ? __virt_addr_valid+0x183/0x530
[ 3068.928800][    C1]  ? __virt_addr_valid+0x45f/0x530
[ 3068.934031][    C1]  ? __check_object_size+0x48e/0x900
[ 3068.939372][    C1]  mptcp_sendmsg+0x10cb/0x1b10
[ 3068.944280][    C1]  ? __pfx_mptcp_sendmsg+0x10/0x10
[ 3068.949566][    C1]  ? inet_send_prepare+0x5a/0x260
[ 3068.954823][    C1]  __sock_sendmsg+0xef/0x270
[ 3068.959477][    C1]  ____sys_sendmsg+0x52a/0x7e0
[ 3068.964367][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3068.969789][    C1]  __sys_sendmsg+0x292/0x380
[ 3068.974482][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 3068.979703][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3068.986175][    C1]  ? do_syscall_64+0x100/0x230
[ 3068.991001][    C1]  ? do_syscall_64+0xb6/0x230
[ 3068.995783][    C1]  do_syscall_64+0xf3/0x230
[ 3069.000378][    C1]  ? clear_bhb_loop+0x35/0x90
[ 3069.005161][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3069.011111][    C1] RIP: 0033:0x7f0f35f7dff9
[ 3069.015624][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3069.035260][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3069.041386][    C1] RSP: 002b:00007f0f36dc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3069.049939][    C1] RAX: ffffffffffffffda RBX: 00007f0f36135f80 RCX: 00007f0f35f7dff9
[ 3069.058089][    C1] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000008
[ 3069.066160][    C1] RBP: 00007f0f35ff0296 R08: 0000000000000000 R09: 0000000000000000
[ 3069.074238][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3069.082280][    C1] R13: 0000000000000000 R14: 00007f0f36135f80 R15: 00007f0f3625fa28
[ 3069.090360][    C1]  </TASK>
[ 3069.093429][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 3069.100738][    C1] CPU: 1 UID: 0 PID: 15855 Comm: syz.1.8425 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[ 3069.111541][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 3069.121654][    C1] Call Trace:
[ 3069.124967][    C1]  <IRQ>
[ 3069.127850][    C1]  dump_stack_lvl+0x241/0x360
[ 3069.132587][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3069.137864][    C1]  ? __pfx__printk+0x10/0x10
[ 3069.142468][    C1]  ? _printk+0xd5/0x120
[ 3069.146663][    C1]  ? __init_begin+0x41000/0x41000
[ 3069.151736][    C1]  ? vscnprintf+0x5d/0x90
[ 3069.156099][    C1]  panic+0x349/0x880
[ 3069.160030][    C1]  ? __warn+0x177/0x4e0
[ 3069.164201][    C1]  ? __pfx_panic+0x10/0x10
[ 3069.168634][    C1]  ? show_trace_log_lvl+0x3b2/0x410
[ 3069.173877][    C1]  __warn+0x34b/0x4e0
[ 3069.177910][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3069.184349][    C1]  report_bug+0x2b3/0x500
[ 3069.188707][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3069.195178][    C1]  handle_bug+0x60/0x90
[ 3069.199375][    C1]  exc_invalid_op+0x1a/0x50
[ 3069.203923][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 3069.208813][    C1] RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0
[ 3069.215855][    C1] Code: 0f b6 dc 31 ff 89 de e8 a5 b8 e7 f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 88 b5 e7 f5 90 <0f> 0b 90 e9 47 ff ff ff e8 7a b5 e7 f5 90 0f 0b 90 e9 99 e0 ff ff
[ 3069.235474][    C1] RSP: 0018:ffffc90000a17db8 EFLAGS: 00010246
[ 3069.242640][    C1] RAX: ffffffff8bad3148 RBX: 000000000000c0c0 RCX: ffff88802a171e00
[ 3069.250642][    C1] RDX: 0000000000000100 RSI: 000000000000e051 RDI: 000000000000c0c0
[ 3069.258644][    C1] RBP: 1ffff11005103c1e R08: ffffffff8bad2142 R09: 1ffff11005f7cb0c
[ 3069.266628][    C1] R10: dffffc0000000000 R11: ffffed1005f7cb0d R12: 0000000000000000
[ 3069.274616][    C1] R13: dffffc0000000000 R14: 0000000079a30687 R15: 000000000000e051
[ 3069.282611][    C1]  ? __mptcp_move_skbs_from_subflow+0x10a2/0x21f0
[ 3069.289068][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0
[ 3069.295527][    C1]  ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0
[ 3069.302031][    C1]  mptcp_data_ready+0x29c/0xa90
[ 3069.306922][    C1]  ? __pfx_mptcp_data_ready+0x10/0x10
[ 3069.312331][    C1]  subflow_data_ready+0x34a/0x920
[ 3069.317381][    C1]  ? __pfx_subflow_data_ready+0x10/0x10
[ 3069.322943][    C1]  ? tcp_grow_window+0x3f1/0xb00
[ 3069.327898][    C1]  ? tcp_data_ready+0x15b/0x4e0
[ 3069.332784][    C1]  tcp_data_queue+0x20fd/0x76c0
[ 3069.337668][    C1]  ? tcp_urg+0x100/0x450
[ 3069.341936][    C1]  ? __pfx_tcp_data_queue+0x10/0x10
[ 3069.347194][    C1]  ? __pfx_tcp_urg+0x10/0x10
[ 3069.351817][    C1]  ? ktime_get+0x9b/0xb0
[ 3069.356083][    C1]  tcp_rcv_established+0xfba/0x2020
[ 3069.361326][    C1]  ? __pfx_tcp_rcv_established+0x10/0x10
[ 3069.366978][    C1]  ? do_raw_spin_lock+0x14f/0x370
[ 3069.372043][    C1]  tcp_v4_do_rcv+0x96d/0xc70
[ 3069.376716][    C1]  tcp_v4_rcv+0x2dc0/0x37f0
[ 3069.381308][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3069.386172][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3069.391030][    C1]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 3069.395904][    C1]  ip_protocol_deliver_rcu+0x22e/0x440
[ 3069.401392][    C1]  ? ip_local_deliver_finish+0x230/0x5f0
[ 3069.407039][    C1]  ip_local_deliver_finish+0x341/0x5f0
[ 3069.412517][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 3069.418561][    C1]  NF_HOOK+0x3a4/0x450
[ 3069.422678][    C1]  ? NF_HOOK+0x9a/0x450
[ 3069.426839][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 3069.431437][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 3069.437432][    C1]  ? ip_rcv_finish+0x406/0x560
[ 3069.442221][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 3069.447356][    C1]  NF_HOOK+0x3a4/0x450
[ 3069.451456][    C1]  ? __lock_acquire+0x1384/0x2050
[ 3069.456507][    C1]  ? NF_HOOK+0x9a/0x450
[ 3069.460682][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 3069.465283][    C1]  ? ip_rcv_core+0x801/0xd10
[ 3069.469889][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 3069.475035][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 3069.479567][    C1]  __netif_receive_skb+0x2bf/0x650
[ 3069.484706][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 3069.489768][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[ 3069.495423][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3069.501460][    C1]  ? __pfx_lock_release+0x10/0x10
[ 3069.506514][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[ 3069.511704][    C1]  process_backlog+0x662/0x15b0
[ 3069.516624][    C1]  ? process_backlog+0x33b/0x15b0
[ 3069.521716][    C1]  ? __pfx_process_backlog+0x10/0x10
[ 3069.527025][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3069.533043][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3069.539418][    C1]  ? __asan_memset+0x23/0x50
[ 3069.544044][    C1]  __napi_poll+0xcb/0x490
[ 3069.548505][    C1]  net_rx_action+0x89b/0x1240
[ 3069.553240][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 3069.558365][    C1]  ? sched_clock+0x4a/0x70
[ 3069.562818][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3069.569173][    C1]  handle_softirqs+0x2c5/0x980
[ 3069.573957][    C1]  ? do_softirq+0x11b/0x1e0
[ 3069.578496][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 3069.583810][    C1]  do_softirq+0x11b/0x1e0
[ 3069.588166][    C1]  </IRQ>
[ 3069.591116][    C1]  <TASK>
[ 3069.594234][    C1]  ? __pfx_do_softirq+0x10/0x10
[ 3069.599124][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[ 3069.604798][    C1]  ? rcu_is_watching+0x15/0xb0
[ 3069.609571][    C1]  __local_bh_enable_ip+0x1bb/0x200
[ 3069.614805][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3069.619928][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 3069.625721][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 3069.630964][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3069.636096][    C1]  __dev_queue_xmit+0x171d/0x3ed0
[ 3069.641165][    C1]  ? __dev_queue_xmit+0x2da/0x3ed0
[ 3069.646324][    C1]  ? __lock_acquire+0x1384/0x2050
[ 3069.651416][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 3069.656846][    C1]  ? mark_lock+0x9a/0x360
[ 3069.661230][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3069.667289][    C1]  ? ip_finish_output2+0xa14/0x1390
[ 3069.672554][    C1]  ? ip_finish_output2+0x45f/0x1390
[ 3069.677808][    C1]  ip_finish_output2+0xd41/0x1390
[ 3069.682896][    C1]  ? ip_finish_output2+0x45f/0x1390
[ 3069.688175][    C1]  ? __pfx_ip_finish_output2+0x10/0x10
[ 3069.693681][    C1]  ? ip_skb_dst_mtu+0x6ba/0x9b0
[ 3069.698569][    C1]  ? __ip_finish_output+0x349/0x400
[ 3069.703826][    C1]  __ip_queue_xmit+0x118c/0x1b80
[ 3069.708806][    C1]  ? __pfx_mptcp_write_options+0x10/0x10
[ 3069.714460][    C1]  ? __ip_queue_xmit+0x5f/0x1b80
[ 3069.719421][    C1]  ? __pfx_ip_queue_xmit+0x10/0x10
[ 3069.724575][    C1]  __tcp_transmit_skb+0x2544/0x3b30
[ 3069.729810][    C1]  ? __pfx___tcp_transmit_skb+0x10/0x10
[ 3069.735398][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3069.741403][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3069.747815][    C1]  ? tcp_init_tso_segs+0xde/0x1a0
[ 3069.752924][    C1]  tcp_write_xmit+0x641d/0x6bf0
[ 3069.757824][    C1]  ? tcp_stream_memory_free+0x103/0x1b0
[ 3069.763420][    C1]  ? __subflow_push_pending+0xabd/0xbc0
[ 3069.769031][    C1]  __tcp_push_pending_frames+0x9b/0x360
[ 3069.774623][    C1]  __mptcp_push_pending+0x6ad/0x9f0
[ 3069.779843][    C1]  ? __mptcp_push_pending+0x3b1/0x9f0
[ 3069.785233][    C1]  ? __pfx___mptcp_push_pending+0x10/0x10
[ 3069.790963][    C1]  ? __local_bh_enable_ip+0x168/0x200
[ 3069.796367][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 3069.802123][    C1]  ? mptcp_release_cb+0x709/0xb30
[ 3069.807170][    C1]  mptcp_release_cb+0x6b7/0xb30
[ 3069.812055][    C1]  ? __pfx_mptcp_release_cb+0x10/0x10
[ 3069.817460][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3069.823383][    C1]  ? release_sock+0x30/0x1f0
[ 3069.827996][    C1]  ? __pfx_mptcp_release_cb+0x10/0x10
[ 3069.833405][    C1]  release_sock+0x1aa/0x1f0
[ 3069.837955][    C1]  sk_stream_wait_memory+0x762/0xfa0
[ 3069.843274][    C1]  ? __pfx_sk_stream_wait_memory+0x10/0x10
[ 3069.849114][    C1]  ? __pfx_woken_wake_function+0x10/0x10
[ 3069.854782][    C1]  ? __virt_addr_valid+0x183/0x530
[ 3069.859904][    C1]  ? __virt_addr_valid+0x183/0x530
[ 3069.865024][    C1]  ? __virt_addr_valid+0x45f/0x530
[ 3069.870148][    C1]  ? __check_object_size+0x48e/0x900
[ 3069.875451][    C1]  mptcp_sendmsg+0x10cb/0x1b10
[ 3069.880282][    C1]  ? __pfx_mptcp_sendmsg+0x10/0x10
[ 3069.885527][    C1]  ? inet_send_prepare+0x5a/0x260
[ 3069.890580][    C1]  __sock_sendmsg+0xef/0x270
[ 3069.895219][    C1]  ____sys_sendmsg+0x52a/0x7e0
[ 3069.900033][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3069.905363][    C1]  __sys_sendmsg+0x292/0x380
[ 3069.909973][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 3069.915191][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3069.921598][    C1]  ? do_syscall_64+0x100/0x230
[ 3069.926417][    C1]  ? do_syscall_64+0xb6/0x230
[ 3069.931130][    C1]  do_syscall_64+0xf3/0x230
[ 3069.935677][    C1]  ? clear_bhb_loop+0x35/0x90
[ 3069.940381][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3069.946305][    C1] RIP: 0033:0x7f0f35f7dff9
[ 3069.950747][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3069.970372][    C1] RSP: 002b:00007f0f36dc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3069.978826][    C1] RAX: ffffffffffffffda RBX: 00007f0f36135f80 RCX: 00007f0f35f7dff9
[ 3069.986812][    C1] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000008
[ 3069.994808][    C1] RBP: 00007f0f35ff0296 R08: 0000000000000000 R09: 0000000000000000
[ 3070.002814][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3070.010831][    C1] R13: 0000000000000000 R14: 00007f0f36135f80 R15: 00007f0f3625fa28
[ 3070.018886][    C1]  </TASK>
[ 3070.022265][    C1] Kernel Offset: disabled
[ 3070.026760][    C1] Rebooting in 86400 seconds..