last executing test programs:

31.836073052s ago: executing program 4 (id=2983):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x80)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x74, 0x0, 0x5ecd977ea6db2799})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r4=>0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x5c}}, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r6, &(0x7f00000085c0)=[{{&(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10, 0x0}}], 0x1, 0x0)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES32=r7, @ANYRES8=r4], 0x50}}, 0x4008090)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x6c}, 0x0, @in=@multicast2, 0xffffffff, 0x0, 0x1, 0x10}}, 0xe8)
syz_emit_ethernet(0x3e, &(0x7f0000000300)={@local, @random="00e300", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @time_exceeded={0x4, 0x1, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=0x64010102, @dev}}}}}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000f86000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x60, 0x0, 0x0)

31.613416499s ago: executing program 4 (id=2985):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
ioctl$KVM_CAP_X2APIC_API(r4, 0x4068aea3, &(0x7f0000000d40)={0xdb})
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
close(0xffffffffffffffff)
sendto$inet6(r6, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
shutdown(r6, 0x2)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4}, 0x1c)
r7 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r7, 0x107, 0xf, 0x0, &(0x7f0000002740))

29.448860254s ago: executing program 4 (id=2989):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4)
r6 = dup(r5)
bind$unix(r6, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280)={r0, r6}, 0xc)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unshare(0x8040480)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r8}, &(0x7f0000000040), &(0x7f0000000100)}, 0x20)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r9, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r9, 0x0, 0x0, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

28.64182075s ago: executing program 4 (id=2993):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r6, 0x80045505, &(0x7f0000000000)=0x1)

25.836801436s ago: executing program 4 (id=2999):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0xc9, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080045"], 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)

19.118136355s ago: executing program 4 (id=3011):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000080000"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000780)=ANY=[@ANYBLOB="120100005fb8e520cd0c8000834a0102030109021b0002000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="4021082e13228915c9270238f299c53a6095000000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

12.492027368s ago: executing program 1 (id=3029):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x4100, 0x0)
r3 = shmget(0x0, 0x4000, 0x100, &(0x7f0000000000/0x4000)=nil)
shmctl$SHM_UNLOCK(r3, 0xc)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0x40405514, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000580)="4a06935a8009abefaf723ded0ff7fb17d19d00542505cd181eca0c9e71a8530e046e57cf15972fd62cba1ed42d5ee49c404f896a33e1664d8c782103fe96126b0400000000000000839638dc372d88e468b933c55e3db5e4eb638df616dbd2b4b3f74dfe06d96eddef8b6e6e28aa742c35ad20d4df00c95aee7680a30dc3737f2bf2a186df383ee37d902eea3b239387b90a92af74a858e067b1bc3f3eb1a10ccc81818df7dc054c5f639eccf20e7f00084e13b762a2914c7e811c8b9125ec9420b78db800"/212, 0xd4, 0xc3e4828d8c2ddb45, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r5, 0x7ff)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0)
recvmsg$kcm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/150, 0xcf}, {&(0x7f00000000c0)=""/3}, {&(0x7f0000000340)=""/27}, {&(0x7f00000004c0)=""/150}], 0x12}, 0x20000002)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

10.148337432s ago: executing program 1 (id=3034):
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$alg(r0, &(0x7f0000000240)=""/4096, 0xfffffdef)

9.882693528s ago: executing program 2 (id=3035):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x4100, 0x0)
r3 = shmget(0x0, 0x4000, 0x100, &(0x7f0000000000/0x4000)=nil)
shmctl$SHM_UNLOCK(r3, 0xc)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0x40405514, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000580)="4a06935a8009abefaf723ded0ff7fb17d19d00542505cd181eca0c9e71a8530e046e57cf15972fd62cba1ed42d5ee49c404f896a33e1664d8c782103fe96126b0400000000000000839638dc372d88e468b933c55e3db5e4eb638df616dbd2b4b3f74dfe06d96eddef8b6e6e28aa742c35ad20d4df00c95aee7680a30dc3737f2bf2a186df383ee37d902eea3b239387b90a92af74a858e067b1bc3f3eb1a10ccc81818df7dc054c5f639eccf20e7f00084e13b762a2914c7e811c8b9125ec9420b78db800"/212, 0xd4, 0xc3e4828d8c2ddb45, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r5, 0x7ff)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0)
recvmsg$kcm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/150, 0xcf}, {&(0x7f00000000c0)=""/3}, {&(0x7f0000000340)=""/27}, {&(0x7f00000004c0)=""/150}], 0x12}, 0x20000002)
close(0xffffffffffffffff)
fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)

8.347541152s ago: executing program 3 (id=3036):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000011c0)=0x7)
r1 = getpid()
r2 = syz_usb_connect(0x0, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e01000008240501020205050764f7edb276"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0003020000000203d1d850d6d7e3fd589d7a851021b4b39ffca95301465a47eacf9652ddde75eb369e4f21a651ab9e9bd24b93fb8ce9aca7872de63cfc04a342d18824bcd0ec216b94354d463417249595e63d232e46fa03cd5e81aa7eed802b16c178ec0dd57510"], 0x0, 0x0}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000040)=""/2, 0x2, 0xc98f, 0x5, 0x0, 0x6, 0xc07}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
read(r3, &(0x7f0000001280)=""/192, 0xc0)
write$UHID_DESTROY(r3, &(0x7f0000001180), 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x20901, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001100)={{0x1, 0x1, 0x18, <r6=>r0, {0x10000}}, './bus\x00'})
ioctl$KVM_TRANSLATE(r6, 0xc018ae85, &(0x7f0000001140)={0x80a0000, 0xdddd1000, 0x4, 0xff, 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="15"], 0x1)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
epoll_create1(0x80000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)

8.145841434s ago: executing program 1 (id=3038):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000380)={0xa, 0x14e24, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
mkdirat$cgroup(r1, 0x0, 0x1ff)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={<r3=>0x0, @empty, @local}, &(0x7f00000000c0)=0xc)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b0000000800000000657800ffff000000000000", @ANYRES32=0x1, @ANYBLOB='\t\x00'/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="04000000010000000100"/28], 0x50)
ioctl$SIOCNRDECOBS(r2, 0x89e2)

8.050046847s ago: executing program 0 (id=3039):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
setfsuid(0xee01)
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000000000000000086dd60000000004c3afffe880000000000000000000000000001ff0200000000000000000000000000018900907800000000fe8000000000000000000000000000000000000000000000000000000000000102db56fa1ede4bc5398bd6606aaa671ffdd8e79d60cd"], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000080)={0x6000})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001"], 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x38, 0x1403, 0x1, 0xf, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x8810)

8.0264066s ago: executing program 2 (id=3040):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

7.096050675s ago: executing program 0 (id=3041):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000440)={0x2, &(0x7f0000000480)=[{0x3, 0x0, 0x6, 0x7f}, {0x4, 0x7f, 0x1f, 0x4}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a", 0x1b}], 0x2}], 0x1, 0x40800)
r4 = socket$inet6(0xa, 0x80000, 0xfffffffe)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), r3)
recvmsg(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000000540)=""/86, 0x56}, {&(0x7f0000000900)=""/49, 0x31}, {&(0x7f0000002700)=""/182, 0xb6}, {&(0x7f00000005c0)=""/104, 0x68}], 0x4}, 0x2000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000002800)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646ced00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
read$FUSE(r6, &(0x7f0000000640)={0x2020}, 0x2020)
ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f0000000340)={0x1, &(0x7f0000000200)=[{0x4, 0x7, 0x3, 0x3ff}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000027c0)='vm_unmapped_area\x00', r5}, 0x18)
getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0))
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r10, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r11 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r11, 0x89e0, &(0x7f0000000040)={r10, r9})
close(r11)

6.988614986s ago: executing program 2 (id=3042):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84)
mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r5, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

6.093846802s ago: executing program 0 (id=3043):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000040))
recvmsg$unix(r1, 0x0, 0x11000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x69)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000000)={0x0, 0x1, 0x1, 0x7, 0x402, 0x258})
ioctl$TIOCNOTTY(r4, 0x5422)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e041e0b20"], 0x7)
sched_getaffinity(r0, 0x8, &(0x7f0000000180))
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000b41354f600"/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map=r5, 0xffffffffffffffff, 0x4, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map=r5, 0xffffffffffffffff, 0x4, 0x0, 0x0, @void, @value}, 0x10)
mlock(&(0x7f00007d9000/0x2000)=nil, 0x2000)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x6, <r6=>0x0, 0x2})
ioctl$DRM_IOCTL_SG_ALLOC(0xffffffffffffffff, 0xc0106438, &(0x7f00000002c0)={0x0, r6})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xc}]}, &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

5.926782756s ago: executing program 2 (id=3044):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x2)

5.033145646s ago: executing program 0 (id=3045):
syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000049500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
setfsgid(0xee00)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x2, 0x0, 0x3fc, 0x7ff, 0x36}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60010700000c1100fe8000000000000000000006000000000000000000000000000000000000000100000e22000c907801000000"], 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r5, 0x5406, &(0x7f0000000080)={0x2, 0x2946, 0x3000, 0x8246, 0x14, "00000008f4553a00"})
ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f00000006c0)=0x16)
r6 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f0000000140)=0x11)
ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f0000000040)=0xd0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x80, 0x47)

5.000239864s ago: executing program 3 (id=3046):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
ioctl$KVM_CAP_X2APIC_API(r4, 0x4068aea3, &(0x7f0000000d40)={0xdb})
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r6, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
shutdown(r6, 0x2)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
r8 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r8, 0x107, 0xf, 0x0, &(0x7f0000002740))

4.946404509s ago: executing program 1 (id=3047):
syz_emit_vhci(0x0, 0xd)

3.638139394s ago: executing program 1 (id=3048):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3f8f26283bcd93e80cacc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1522ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7b544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff310601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7affffffff7177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a00000000000000159596ac570c4b889106f937d56b2346c818917b727bf5e2741068ec000000000000000000ec84"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r2, 0xe0, &(0x7f0000000480)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r3}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x5, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000c600010020000000950000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0xffffffffffffff37}}]}, 0x3c}}, 0x0)

3.337431111s ago: executing program 0 (id=3049):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3f8f26283bcd93e80cacc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1522ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7b544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff310601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7affffffff7177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a00000000000000159596ac570c4b889106f937d56b2346c818917b727bf5e2741068ec000000000000000000ec84"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r2, 0xe0, &(0x7f0000000480)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r3}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x5, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000c600010020000000950000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0xffffffffffffff37}}]}, 0x3c}}, 0x0)

2.968841306s ago: executing program 2 (id=3050):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
setfsuid(0xee01)
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000000000000000086dd60000000004c3afffe880000000000000000000000000001ff0200000000000000000000000000018900907800000000fe8000000000000000000000000000000000000000000000000000000000000102db56fa1ede4bc5398bd6606aaa671ffdd8e79d60cd"], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x6000})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001"], 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x38, 0x1403, 0x1, 0xf, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x8810)

2.668279654s ago: executing program 3 (id=3051):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x1501)
sched_setscheduler(0x0, 0x1, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

1.692249158s ago: executing program 3 (id=3052):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

632.815102ms ago: executing program 3 (id=3053):
syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000049500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
setfsgid(0xee00)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x2, 0x0, 0x3fc, 0x7ff, 0x36}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000080)={0x2, 0x2946, 0x3000, 0x8246, 0x14, "00000008f4553a00"})
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x16)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000140)=0x11)
ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000040)=0xd0)
open$dir(&(0x7f0000000180)='./file0\x00', 0x80, 0x47)

274.575374ms ago: executing program 3 (id=3054):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000011c0)=0x7)
r1 = getpid()
r2 = syz_usb_connect(0x0, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e01000008240501020205050764f7edb276"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0003020000000203d1d850d6d7e3fd589d7a851021b4b39ffca95301465a47eacf9652ddde75eb369e4f21a651ab9e9bd24b93fb8ce9aca7872de63cfc04a342d18824bcd0ec216b94354d463417249595e63d232e46fa03cd5e81aa7eed802b16c1"], 0x0, 0x0}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000040)=""/2, 0x2, 0xc98f, 0x5, 0x0, 0x6, 0xc07}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
read(r3, &(0x7f0000001280)=""/192, 0xc0)
write$UHID_DESTROY(r3, &(0x7f0000001180), 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x20901, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001100)={{0x1, 0x1, 0x18, <r6=>r0, {0x10000}}, './bus\x00'})
ioctl$KVM_TRANSLATE(r6, 0xc018ae85, &(0x7f0000001140)={0x80a0000, 0xdddd1000, 0x4, 0xff, 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="15"], 0x1)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000001200)={[{@userxattr}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@measure}]})
epoll_create1(0x80000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)

150.050566ms ago: executing program 0 (id=3055):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000011c0)=0x7)
r1 = getpid()
r2 = syz_usb_connect(0x0, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e01000008240501020205050764f7edb276"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0003020000000203d1d850d6d7e3fd589d7a851021b4b39ffca95301465a47eacf9652ddde75eb369e4f21a651ab9e9bd24b93fb8ce9aca7872de63cfc04a342d18824bcd0ec216b94354d463417249595e63d232e46fa03cd5e81aa7eed802b16c178ec0dd57510"], 0x0, 0x0}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000040)=""/2, 0x2, 0xc98f, 0x5, 0x0, 0x6, 0xc07}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
read(r3, &(0x7f0000001280)=""/192, 0xc0)
write$UHID_DESTROY(r3, &(0x7f0000001180), 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x20901, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001100)={{0x1, 0x1, 0x18, <r6=>r0, {0x10000}}, './bus\x00'})
ioctl$KVM_TRANSLATE(r6, 0xc018ae85, &(0x7f0000001140)={0x80a0000, 0xdddd1000, 0x4, 0xff, 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="15"], 0x1)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
epoll_create1(0x80000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)

49.826714ms ago: executing program 2 (id=3056):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000380)={0xa, 0x14e24, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
mkdirat$cgroup(r1, 0x0, 0x1ff)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={<r3=>0x0, @empty, @local}, &(0x7f00000000c0)=0xc)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b0000000800000000657800ffff000000000000", @ANYRES32=0x1, @ANYBLOB='\t\x00'/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="04000000010000000100"/28], 0x50)
ioctl$SIOCNRDECOBS(r2, 0x89e2)

0s ago: executing program 1 (id=3057):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x2f126000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000012c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x7, [@var={0x5, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0x5}, @volatile={0x0, 0x0, 0x0, 0xb, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x0, 0x5, 0xfffffffd})
sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}}, 0xc0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x20, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000009000000000000000200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000800000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000e23c00008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x30, 0x4, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x10008011}, 0x4000)

kernel console output (not intermixed with test programs):

 invalid interface number: 109 but max is 0
[  769.758273][T14136] lo: entered promiscuous mode
[  769.764497][ T5826] usb 1-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config
[  769.776043][T14136] lo: entered allmulticast mode
[  769.789367][T14136] lo: left allmulticast mode
[  769.795137][T14136] lo: left promiscuous mode
[  769.800500][ T5826] usb 1-1: config 171 has no interface number 0
[  769.809934][ T5826] usb 1-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[  769.860664][ T5826] usb 1-1: config 171 interface 109 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  769.881029][ T5826] usb 1-1: config 171 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[  769.921403][ T5826] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e
[  769.947768][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.962493][ T5826] usb 1-1: Product: syz
[  769.966708][ T5826] usb 1-1: Manufacturer: syz
[  769.971992][ T5826] usb 1-1: SerialNumber: syz
[  769.980499][T14125] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  770.708751][ T5934] usb 4-1: new full-speed USB device number 88 using dummy_hcd
[  770.849049][ T5844] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  770.872359][ T5934] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  770.884876][ T5934] usb 4-1: config 0 has no interface number 0
[  770.893281][ T5934] usb 4-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[  770.911384][ T5934] usb 4-1: config 0 interface 160 has no altsetting 0
[  770.920849][ T5934] usb 4-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[  770.932918][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.941250][ T5934] usb 4-1: Product: syz
[  770.945473][ T5934] usb 4-1: Manufacturer: syz
[  770.954115][ T5934] usb 4-1: SerialNumber: syz
[  770.970171][ T5934] usb 4-1: config 0 descriptor??
[  770.977813][ T5934] usb-storage 4-1:0.160: USB Mass Storage device detected
[  771.032753][ T5844] usb 2-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  771.045291][ T5844] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.054130][ T5844] usb 2-1: Product: syz
[  771.058430][ T5844] usb 2-1: Manufacturer: syz
[  771.072213][ T5844] usb 2-1: SerialNumber: syz
[  771.106688][ T5844] usb 2-1: config 0 descriptor??
[  771.132080][ T5844] go7007 2-1:0.0: Sensoray 2250 found
[  771.138950][   T59] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  771.157239][ T5844] go7007 2-1:0.0: probe with driver go7007 failed with error -12
[  771.193266][ T5844] usb 4-1: USB disconnect, device number 88
[  771.331031][ T5934] usb 2-1: USB disconnect, device number 70
[  771.368800][ T5826] ath6kl: Failed to submit usb control message: -71
[  771.375548][ T5826] ath6kl: unable to send the bmi data to the device: -71
[  771.468705][ T5826] ath6kl: Unable to send get target info: -71
[  771.476020][ T5826] ath6kl: Failed to init ath6kl core: -71
[  771.485122][ T5826] ath6kl_usb 1-1:171.109: probe with driver ath6kl_usb failed with error -71
[  771.539037][ T5826] usb 1-1: USB disconnect, device number 62
[  771.628827][   T59] usb 5-1: Using ep0 maxpacket: 32
[  771.651479][   T59] usb 5-1: config 8 has an invalid interface number: 204 but max is 0
[  771.703496][   T59] usb 5-1: config 8 has no interface number 0
[  771.775232][   T59] usb 5-1: config 8 interface 204 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  771.811655][   T59] usb 5-1: config 8 interface 204 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  771.861972][   T59] usb 5-1: config 8 interface 204 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  771.941251][   T59] usb 5-1: config 8 interface 204 has no altsetting 0
[  772.060653][   T59] usb 5-1: New USB device found, idVendor=0f11, idProduct=1010, bcdDevice=2c.bb
[  772.098772][   T59] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.127169][   T59] usb 5-1: Product: syz
[  772.133004][   T59] usb 5-1: Manufacturer: syz
[  772.137602][   T59] usb 5-1: SerialNumber: syz
[  772.180354][T14161] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  772.209059][T14161] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  772.440569][   T59] ldusb 5-1:8.204: Interrupt in endpoint not found
[  772.461815][   T59] usb 5-1: USB disconnect, device number 90
[  772.469081][ T5934] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  772.657546][ T5934] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  772.834539][ T5934] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  772.919254][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.978274][ T5934] usb 2-1: Product: syz
[  773.003469][ T5934] usb 2-1: Manufacturer: syz
[  773.044493][ T5934] usb 2-1: SerialNumber: syz
[  773.052275][ T5934] usb 2-1: config 0 descriptor??
[  773.319966][T14175] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2587'.
[  773.364767][T14175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2587'.
[  774.137468][   T59] usb 2-1: USB disconnect, device number 71
[  774.840597][ T5826] usb 3-1: new full-speed USB device number 83 using dummy_hcd
[  775.194807][T14213] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.243745][T14216] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2599'.
[  775.270529][T14213] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.312031][ T5826] usb 3-1: config 0 has an invalid interface number: 160 but max is 0
[  775.321356][ T5826] usb 3-1: config 0 has no interface number 0
[  775.327514][ T5826] usb 3-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[  775.340914][ T5934] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  775.352150][T14213] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.375809][ T5826] usb 3-1: config 0 interface 160 has no altsetting 0
[  775.396892][ T5826] usb 3-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[  775.415861][T14213] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  775.433698][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.462344][ T5826] usb 3-1: Product: syz
[  775.466541][ T5826] usb 3-1: Manufacturer: syz
[  775.484478][ T5826] usb 3-1: SerialNumber: syz
[  775.497066][ T5826] usb 3-1: config 0 descriptor??
[  775.513086][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  775.532534][ T5826] usb-storage 3-1:0.160: USB Mass Storage device detected
[  775.543434][ T5934] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=a2.bf
[  775.556403][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.565583][ T5934] usb 4-1: Product: syz
[  775.570366][T14213] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  775.570448][ T5934] usb 4-1: Manufacturer: syz
[  775.583886][ T5934] usb 4-1: SerialNumber: syz
[  775.592052][ T5934] usb 4-1: config 0 descriptor??
[  775.614447][ T5934] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  775.636430][T14213] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  775.669872][ T5844] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  775.681976][T14213] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  775.704433][T14213] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  775.741536][    T9] usb 3-1: USB disconnect, device number 83
[  775.894138][ T5844] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  775.969716][ T5844] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 3
[  775.979285][ T5934] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  775.990747][ T5844] usb 1-1: config 220 interface 0 has no altsetting 0
[  776.004042][ T5844] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  776.052519][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.081039][ T5844] usb 1-1: Product: syz
[  776.089949][ T5844] usb 1-1: Manufacturer: syz
[  776.095433][ T5844] usb 1-1: SerialNumber: syz
[  776.388411][T14230] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  776.454240][T14221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  776.481059][T14221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  776.545105][ T5844] usb 1-1: Found UVC 0.00 device syz (8086:0b07)
[  776.568428][ T5844] usb 1-1: No valid video chain found.
[  776.602194][ T5844] usb 1-1: USB disconnect, device number 63
[  776.643210][T14236] netlink: 388 bytes leftover after parsing attributes in process `syz.2.2607'.
[  778.028964][ T5934] usb 4-1: USB disconnect, device number 89
[  780.185327][T14268] netlink: 'syz.3.2613': attribute type 10 has an invalid length.
[  780.339518][ T5934] usb 3-1: new full-speed USB device number 84 using dummy_hcd
[  780.645054][ T5844] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  780.671821][ T5934] usb 3-1: config 0 has an invalid interface number: 160 but max is 0
[  780.682450][ T5934] usb 3-1: config 0 has no interface number 0
[  780.688693][ T5934] usb 3-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[  780.785469][ T5934] usb 3-1: config 0 interface 160 has no altsetting 0
[  780.795846][ T5934] usb 3-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[  780.806185][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.814659][ T5934] usb 3-1: Product: syz
[  780.820537][ T5934] usb 3-1: Manufacturer: syz
[  780.825503][ T5934] usb 3-1: SerialNumber: syz
[  780.843808][ T5934] usb 3-1: config 0 descriptor??
[  780.852220][ T5934] usb-storage 3-1:0.160: USB Mass Storage device detected
[  780.885358][ T5844] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  780.898510][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.907483][ T5844] usb 5-1: Product: syz
[  780.927247][ T5844] usb 5-1: Manufacturer: syz
[  780.932872][ T5844] usb 5-1: SerialNumber: syz
[  780.943397][ T5844] usb 5-1: config 0 descriptor??
[  781.092823][T14283] program syz.3.2620 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  781.102142][T14285] syzkaller0: entered promiscuous mode
[  781.102167][T14285] syzkaller0: entered allmulticast mode
[  781.188651][ T5844] usb-storage 5-1:0.0: USB Mass Storage device detected
[  781.207335][ T5826] usb 3-1: USB disconnect, device number 84
[  781.285289][ T5844] usb 5-1: USB disconnect, device number 91
[  781.378896][    T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  781.531832][    T9] usb 4-1: Using ep0 maxpacket: 8
[  781.555500][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  781.565963][    T9] usb 4-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e
[  781.575677][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  781.587148][    T9] usb 4-1: config 0 descriptor??
[  781.608031][    T9] usb 4-1: bad CDC descriptors
[  781.615126][    T9] cdc_acm 4-1:0.0: Control and data interfaces are not separated!
[  781.623373][    T9] cdc_acm 4-1:0.0: This needs exactly 3 endpoints
[  781.629981][    T9] cdc_acm 4-1:0.0: probe with driver cdc_acm failed with error -22
[  781.807476][    T9] usb 4-1: USB disconnect, device number 90
[  782.399547][ T5934] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  782.588798][ T5934] usb 3-1: Using ep0 maxpacket: 16
[  782.755452][ T5934] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  782.907298][ T5934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  783.046045][ T5934] usb 3-1: config 0 has no interface number 0
[  783.073189][ T5934] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  783.106938][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.134112][ T5934] usb 3-1: Product: syz
[  783.138514][ T5934] usb 3-1: Manufacturer: syz
[  783.153831][ T5934] usb 3-1: SerialNumber: syz
[  783.167083][ T5934] usb 3-1: config 0 descriptor??
[  783.392236][    T9] hid-generic C98F:0005:0000.001A: unknown main item tag 0x0
[  783.412168][    T9] hid-generic C98F:0005:0000.001A: unknown main item tag 0x0
[  783.438630][    T9] hid-generic C98F:0005:0000.001A: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  783.462818][T14312] netlink: 388 bytes leftover after parsing attributes in process `syz.4.2630'.
[  784.400331][ T5934] usb 3-1: Found UVC 0.00 device syz (046d:08d3)
[  784.406758][ T5934] usb 3-1: No valid video chain found.
[  784.422216][ T5934] usb 3-1: USB disconnect, device number 85
[  784.567882][ T5826] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  784.720487][ T5826] usb 1-1: Using ep0 maxpacket: 16
[  784.731302][ T5826] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  784.739648][ T5826] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  784.750487][ T5826] usb 1-1: config 0 has no interface number 0
[  784.759655][ T5826] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  784.768827][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.776855][ T5826] usb 1-1: Product: syz
[  784.781253][ T5826] usb 1-1: Manufacturer: syz
[  784.785876][ T5826] usb 1-1: SerialNumber: syz
[  784.799781][ T5826] usb 1-1: config 0 descriptor??
[  784.925315][ T5934] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  785.244592][ T5826] usb 1-1: Found UVC 0.00 device syz (046d:08d3)
[  785.272509][ T5826] usb 1-1: No valid video chain found.
[  785.418924][ T5934] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  785.428001][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.487330][ T5934] usb 5-1: Product: syz
[  785.491769][ T5934] usb 5-1: Manufacturer: syz
[  785.496412][ T5934] usb 5-1: SerialNumber: syz
[  785.510147][    T9] hid-generic C98F:0005:0000.001B: unknown main item tag 0x0
[  785.549688][ T5934] usb 5-1: config 0 descriptor??
[  785.678797][    T9] hid-generic C98F:0005:0000.001B: unknown main item tag 0x0
[  785.719677][T14331] fuse: Bad value for 'fd'
[  785.974699][    T9] hid-generic C98F:0005:0000.001B: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  786.184662][ T5934] usb-storage 5-1:0.0: USB Mass Storage device detected
[  786.244764][ T5826] usb 1-1: USB disconnect, device number 64
[  786.322332][ T5934] usb 5-1: USB disconnect, device number 92
[  786.518762][   T59] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  786.699152][   T59] usb 4-1: Using ep0 maxpacket: 16
[  786.710780][   T59] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  786.747630][   T59] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  786.814554][   T59] usb 4-1: config 0 has no interface number 0
[  786.890987][   T59] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  786.920289][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.931029][   T59] usb 4-1: Product: syz
[  786.940995][   T59] usb 4-1: Manufacturer: syz
[  786.957050][   T59] usb 4-1: SerialNumber: syz
[  786.972764][   T59] usb 4-1: config 0 descriptor??
[  787.118554][T14352] netlink: 388 bytes leftover after parsing attributes in process `syz.0.2641'.
[  787.199800][   T59] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  787.206928][   T59] usb 4-1: No valid video chain found.
[  787.258735][ T5934] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  787.404461][ T5844] hid-generic C98F:0005:0000.001C: unknown main item tag 0x0
[  787.416147][ T5844] hid-generic C98F:0005:0000.001C: unknown main item tag 0x0
[  787.423831][    T9] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  787.431643][ T5934] usb 2-1: Using ep0 maxpacket: 16
[  787.443335][ T5934] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  787.455391][ T5844] hid-generic C98F:0005:0000.001C: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  787.470010][ T5934] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  787.482123][ T5934] usb 2-1: config 0 has no interface number 0
[  787.492873][ T5934] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  787.503597][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.514311][ T5934] usb 2-1: Product: syz
[  787.523515][ T5934] usb 2-1: Manufacturer: syz
[  787.528212][ T5934] usb 2-1: SerialNumber: syz
[  787.724709][ T5934] usb 2-1: config 0 descriptor??
[  787.788910][    T9] usb 1-1: Using ep0 maxpacket: 8
[  787.800480][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  787.810867][    T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  787.825287][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.834269][    T9] usb 1-1: Product: syz
[  787.843465][    T9] usb 1-1: Manufacturer: syz
[  787.848300][    T9] usb 1-1: SerialNumber: syz
[  787.857476][    T9] usb 1-1: config 0 descriptor??
[  787.874214][    T9] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found
[  787.939286][ T5934] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  787.958732][ T5934] usb 2-1: No valid video chain found.
[  788.085427][    T9] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected
[  788.101364][    T9] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  788.165930][    T9] hid-generic C98F:0005:0000.001D: unknown main item tag 0x0
[  788.193847][    T9] hid-generic C98F:0005:0000.001D: unknown main item tag 0x0
[  788.208288][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888073610800: rx timeout, send abort
[  788.216984][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888073610800: 0x0fe00: (3) A timeout occurred and this is the connection abort to close the session.
[  788.249323][    T9] hid-generic C98F:0005:0000.001D: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  788.285501][    T9] usb 1-1: USB disconnect, device number 65
[  788.308558][   T59] usb 4-1: USB disconnect, device number 91
[  788.494133][T14363] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2644'.
[  789.995000][T14372] syzkaller0: entered promiscuous mode
[  790.001252][T14372] syzkaller0: entered allmulticast mode
[  790.044596][T14376] netlink: 110 bytes leftover after parsing attributes in process `syz.3.2648'.
[  790.086468][ T5826] usb 2-1: USB disconnect, device number 72
[  790.722438][T14383] Bluetooth: MGMT ver 1.23
[  791.108732][    T9] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  791.193375][T14388] fuse: Bad value for 'fd'
[  791.358830][    T9] usb 4-1: Using ep0 maxpacket: 16
[  791.578527][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  791.592731][    T9] usb 4-1: config 5 has an invalid interface number: 225 but max is 0
[  791.626389][    T9] usb 4-1: config 5 has no interface number 0
[  791.638173][    T9] usb 4-1: config 5 interface 225 has no altsetting 0
[  791.655284][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice=89.94
[  791.677668][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.700590][    T9] usb 4-1: Product: syz
[  791.704803][    T9] usb 4-1: Manufacturer: syz
[  791.725085][    T9] usb 4-1: SerialNumber: syz
[  793.814084][T14393] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2651'.
[  793.897137][    T9] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:5.225/input/input39
[  793.944183][ T5177] bcm5974 4-1:5.225: could not read from device
[  794.806347][    T9] usb 4-1: USB disconnect, device number 92
[  795.083863][  T140] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xff
[  795.488733][T14432] sp0: Synchronizing with TNC
[  795.665295][T14435] fuse: Bad value for 'fd'
[  797.068780][   T59] usb 4-1: new full-speed USB device number 93 using dummy_hcd
[  797.532020][   T59] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  797.572233][   T59] usb 4-1: config 0 has no interface number 0
[  797.578382][   T59] usb 4-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[  797.619110][   T59] usb 4-1: config 0 interface 160 has no altsetting 0
[  797.647881][   T59] usb 4-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[  797.661431][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.694428][   T59] usb 4-1: Product: syz
[  797.703034][   T59] usb 4-1: Manufacturer: syz
[  797.718744][   T59] usb 4-1: SerialNumber: syz
[  797.737074][T14462] netlink: 'syz.2.2671': attribute type 10 has an invalid length.
[  797.758439][   T59] usb 4-1: config 0 descriptor??
[  797.772419][T14458] syzkaller0: entered promiscuous mode
[  797.775018][   T59] usb-storage 4-1:0.160: USB Mass Storage device detected
[  797.792928][T14458] syzkaller0: entered allmulticast mode
[  798.340649][   T59] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  798.500409][   T59] usb 1-1: Using ep0 maxpacket: 16
[  798.518308][   T59] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  798.532004][   T59] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  798.547430][   T59] usb 1-1: config 0 has no interface number 0
[  798.561742][   T59] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  798.571112][   T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.584909][   T59] usb 1-1: Product: syz
[  798.594412][   T59] usb 1-1: Manufacturer: syz
[  798.599126][   T59] usb 1-1: SerialNumber: syz
[  798.612352][   T59] usb 1-1: config 0 descriptor??
[  798.836555][ T5826] hid-generic C98F:0005:0000.001E: unknown main item tag 0x0
[  798.844386][ T5826] hid-generic C98F:0005:0000.001E: unknown main item tag 0x0
[  798.854148][ T5826] hid-generic C98F:0005:0000.001E: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  799.431571][   T59] usb 1-1: Found UVC 0.00 device syz (046d:08d3)
[  799.438041][   T59] usb 1-1: No valid video chain found.
[  799.455436][   T59] usb 1-1: USB disconnect, device number 66
[  799.732597][T14466] syzkaller0: entered promiscuous mode
[  799.738207][T14466] syzkaller0: entered allmulticast mode
[  799.749950][ T5934] usb 4-1: USB disconnect, device number 93
[  801.033149][T14490] fuse: Bad value for 'fd'
[  801.938220][T14511] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.2687'.
[  803.419106][ T5826] usb 3-1: new full-speed USB device number 86 using dummy_hcd
[  803.630769][ T5826] usb 3-1: config 0 has an invalid interface number: 160 but max is 0
[  803.639099][ T5826] usb 3-1: config 0 has no interface number 0
[  803.645238][ T5826] usb 3-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[  803.662113][ T5826] usb 3-1: config 0 interface 160 has no altsetting 0
[  803.689272][ T5826] usb 3-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[  803.698352][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.709140][T14523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2690'.
[  803.719027][ T5826] usb 3-1: Product: syz
[  803.723223][ T5826] usb 3-1: Manufacturer: syz
[  803.727885][ T5826] usb 3-1: SerialNumber: syz
[  803.737782][ T5826] usb 3-1: config 0 descriptor??
[  803.750748][ T5826] usb-storage 3-1:0.160: USB Mass Storage device detected
[  805.606552][T14523] hsr_slave_1 (unregistering): left promiscuous mode
[  805.720964][    T9] usb 3-1: USB disconnect, device number 86
[  806.674169][ T5826] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  806.908792][ T5826] usb 2-1: Using ep0 maxpacket: 16
[  806.924456][ T5826] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  806.939640][ T5826] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  806.958530][T14558] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.2702'.
[  806.967992][ T5826] usb 2-1: config 0 has no interface number 0
[  806.977238][ T5826] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  807.000191][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  807.020778][ T5826] usb 2-1: Product: syz
[  807.033137][ T5826] usb 2-1: Manufacturer: syz
[  807.049138][ T5826] usb 2-1: SerialNumber: syz
[  807.077923][ T5826] usb 2-1: config 0 descriptor??
[  807.752839][   T59] hid-generic C98F:0005:0000.001F: unknown main item tag 0x0
[  807.845998][   T59] hid-generic C98F:0005:0000.001F: unknown main item tag 0x0
[  808.448826][   T59] hid-generic C98F:0005:0000.001F: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  808.450563][T14569] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2705'.
[  808.477655][T14569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2705'.
[  808.601844][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.607982][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.615337][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.642583][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  808.654096][T13863] Bluetooth: hci1: Unable to find connection for big 0x14
[  808.661232][T14574] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  808.694949][T14578] 9pnet_fd: Insufficient options for proto=fd
[  808.739055][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.755431][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.770604][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.789824][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.816203][T14574] wlan0 speed is unknown, defaulting to 1000
[  808.855703][T14585] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.2713'.
[  808.973530][T14590] FAULT_INJECTION: forcing a failure.
[  808.973530][T14590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  808.988338][T14590] CPU: 1 UID: 0 PID: 14590 Comm: syz.3.2714 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  808.988367][T14590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  808.988385][T14590] Call Trace:
[  808.988393][T14590]  <TASK>
[  808.988402][T14590]  dump_stack_lvl+0x189/0x250
[  808.988457][T14590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  808.988482][T14590]  ? __pfx__printk+0x10/0x10
[  808.988523][T14590]  should_fail_ex+0x414/0x560
[  808.988558][T14590]  _copy_to_user+0x31/0xb0
[  808.988584][T14590]  simple_read_from_buffer+0xe1/0x170
[  808.988617][T14590]  proc_fail_nth_read+0x1df/0x250
[  808.988639][T14590]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  808.988660][T14590]  ? rw_verify_area+0x258/0x650
[  808.988684][T14590]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  808.988703][T14590]  vfs_read+0x1fd/0x980
[  808.988732][T14590]  ? __pfx___mutex_lock+0x10/0x10
[  808.988752][T14590]  ? __pfx_vfs_read+0x10/0x10
[  808.988777][T14590]  ? __fget_files+0x2a/0x420
[  808.988809][T14590]  ? __fget_files+0x3a0/0x420
[  808.988834][T14590]  ? __fget_files+0x2a/0x420
[  808.988870][T14590]  ksys_read+0x145/0x250
[  808.988892][T14590]  ? __fget_files+0x2a/0x420
[  808.988920][T14590]  ? __pfx_ksys_read+0x10/0x10
[  808.988949][T14590]  ? do_syscall_64+0xba/0x210
[  808.988972][T14590]  do_syscall_64+0xf6/0x210
[  808.988992][T14590]  ? clear_bhb_loop+0x45/0xa0
[  808.989016][T14590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  808.989045][T14590] RIP: 0033:0x7f02b458d37c
[  808.989061][T14590] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  808.989078][T14590] RSP: 002b:00007f02b5476030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  808.989097][T14590] RAX: ffffffffffffffda RBX: 00007f02b47b5fa0 RCX: 00007f02b458d37c
[  808.989110][T14590] RDX: 000000000000000f RSI: 00007f02b54760a0 RDI: 0000000000000003
[  808.989122][T14590] RBP: 00007f02b5476090 R08: 0000000000000000 R09: 0000000000000000
[  808.989133][T14590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  808.989144][T14590] R13: 0000000000000000 R14: 00007f02b47b5fa0 R15: 00007fff32391778
[  808.989172][T14590]  </TASK>
[  809.518068][ T5826] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  809.525370][ T5826] usb 2-1: No valid video chain found.
[  809.600937][ T5826] usb 2-1: USB disconnect, device number 73
[  809.805538][T14597] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2716'.
[  810.112450][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  810.112469][   T30] audit: type=1326 audit(1745770877.587:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14598 comm="syz.0.2717" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff85398e969 code=0x0
[  810.175241][T14605] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2720'.
[  810.184434][T14605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2720'.
[  810.212639][T14607] lo: entered promiscuous mode
[  810.217807][T14607] lo: entered allmulticast mode
[  810.230641][T14607] lo: left allmulticast mode
[  810.235305][T14607] lo: left promiscuous mode
[  810.366108][T14615] lo: entered promiscuous mode
[  810.374899][T14617] netlink: 356 bytes leftover after parsing attributes in process `syz.2.2724'.
[  810.386246][T14615] lo: entered allmulticast mode
[  810.406238][T14615] lo: left allmulticast mode
[  810.411639][T14615] lo: left promiscuous mode
[  810.511894][T14622] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  810.535621][T14624] random: crng reseeded on system resumption
[  810.662693][T14624] 9pnet_fd: Insufficient options for proto=fd
[  812.045447][T14633] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2731'.
[  812.054658][T14633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2731'.
[  812.129930][T14640] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2733'.
[  812.269334][T14640] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2733'.
[  812.371324][   T59] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  812.404230][ T5826] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  812.409756][T14643] fuse: Bad value for 'fd'
[  812.589200][   T59] usb 1-1: Using ep0 maxpacket: 8
[  812.629055][ T5826] usb 3-1: Using ep0 maxpacket: 8
[  812.658897][ T5826] usb 3-1: config 0 interface 0 has no altsetting 0
[  812.677531][   T59] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  812.699009][   T59] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  812.709978][ T5826] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  812.727302][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.736899][   T59] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  812.761152][ T5826] usb 3-1: Product: syz
[  812.765357][ T5826] usb 3-1: Manufacturer: syz
[  812.771255][   T59] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  812.781619][ T5826] usb 3-1: SerialNumber: syz
[  812.787544][   T59] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  812.813071][ T5826] usb 3-1: config 0 descriptor??
[  812.829881][ T5826] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[  812.836876][   T59] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  812.846139][   T59] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  812.908956][    T9] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  813.083726][   T59] usb 1-1: usb_control_msg returned -32
[  813.093776][   T59] usbtmc 1-1:16.0: can't read capabilities
[  813.098928][    T9] usb 4-1: Using ep0 maxpacket: 16
[  813.292782][T14659] xt_CT: You must specify a L4 protocol and not use inversions on it
[  813.683416][    T9] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  813.697265][ T5826] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[  813.713624][ T5826] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  813.718781][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  813.823518][ T5826] usb 1-1: USB disconnect, device number 67
[  813.880726][    T9] usb 4-1: config 0 has no interface number 0
[  813.900315][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  813.925988][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.935092][   T59] usb 3-1: USB disconnect, device number 87
[  813.944822][    T9] usb 4-1: Product: syz
[  813.957425][    T9] usb 4-1: Manufacturer: syz
[  813.967973][    T9] usb 4-1: SerialNumber: syz
[  814.004015][    T9] usb 4-1: config 0 descriptor??
[  814.168848][ T5844] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  814.219097][ T5934] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  814.509594][ T5934] usb 5-1: device descriptor read/64, error -71
[  814.522677][ T5844] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  814.668535][ T5844] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.683442][ T5878] hid-generic C98F:0005:0000.0020: unknown main item tag 0x0
[  814.692719][ T5878] hid-generic C98F:0005:0000.0020: unknown main item tag 0x0
[  814.702005][ T5844] usb 2-1: config 0 descriptor??
[  814.735880][ T5878] hid-generic C98F:0005:0000.0020: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  815.003604][    T9] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  815.010633][    T9] usb 4-1: No valid video chain found.
[  815.023398][    T9] usb 4-1: USB disconnect, device number 94
[  815.038839][ T5934] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  815.047829][T14676] FAULT_INJECTION: forcing a failure.
[  815.047829][T14676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  815.063743][T14678] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2743'.
[  815.071453][T14676] CPU: 1 UID: 0 PID: 14676 Comm: syz.0.2742 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  815.071479][T14676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  815.071492][T14676] Call Trace:
[  815.071499][T14676]  <TASK>
[  815.071507][T14676]  dump_stack_lvl+0x189/0x250
[  815.071541][T14676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  815.071567][T14676]  ? __pfx__printk+0x10/0x10
[  815.071607][T14676]  should_fail_ex+0x414/0x560
[  815.071640][T14676]  _copy_to_user+0x31/0xb0
[  815.071666][T14676]  simple_read_from_buffer+0xe1/0x170
[  815.071697][T14676]  proc_fail_nth_read+0x1df/0x250
[  815.071719][T14676]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  815.071740][T14676]  ? rw_verify_area+0x258/0x650
[  815.071764][T14676]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  815.071783][T14676]  vfs_read+0x1fd/0x980
[  815.071812][T14676]  ? __pfx___mutex_lock+0x10/0x10
[  815.071832][T14676]  ? __pfx_vfs_read+0x10/0x10
[  815.071858][T14676]  ? __fget_files+0x2a/0x420
[  815.071888][T14676]  ? __fget_files+0x3a0/0x420
[  815.071914][T14676]  ? __fget_files+0x2a/0x420
[  815.071961][T14676]  ksys_read+0x145/0x250
[  815.071983][T14676]  ? rcu_is_watching+0x15/0xb0
[  815.072012][T14676]  ? __pfx_ksys_read+0x10/0x10
[  815.072039][T14676]  ? do_syscall_64+0xba/0x210
[  815.072062][T14676]  do_syscall_64+0xf6/0x210
[  815.072081][T14676]  ? clear_bhb_loop+0x45/0xa0
[  815.072103][T14676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.072121][T14676] RIP: 0033:0x7ff85398d37c
[  815.072137][T14676] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  815.072155][T14676] RSP: 002b:00007ff85486c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  815.072175][T14676] RAX: ffffffffffffffda RBX: 00007ff853bb5fa0 RCX: 00007ff85398d37c
[  815.072190][T14676] RDX: 000000000000000f RSI: 00007ff85486c0a0 RDI: 0000000000000005
[  815.072201][T14676] RBP: 00007ff85486c090 R08: 0000000000000000 R09: 0000000000000000
[  815.072213][T14676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  815.072225][T14676] R13: 0000000000000000 R14: 00007ff853bb5fa0 R15: 00007ffe4505b428
[  815.072254][T14676]  </TASK>
[  815.369079][ T5934] usb 5-1: device descriptor read/64, error -71
[  815.449217][ T5844] usb 2-1: Cannot set autoneg
[  815.493511][ T5844] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  815.541742][ T5934] usb usb5-port1: attempt power cycle
[  815.610635][T14686] fuse: Bad value for 'fd'
[  815.846758][ T5844] usb 2-1: USB disconnect, device number 74
[  816.326430][ T5934] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  816.349916][ T5934] usb 5-1: device descriptor read/8, error -71
[  817.469000][T14695] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  817.475134][T14695] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  817.487981][T14695] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  817.495680][T14695] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  817.507968][T14700] xt_CT: You must specify a L4 protocol and not use inversions on it
[  817.525979][ T5934] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  817.537495][T14695] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  817.939333][ T5934] usb 5-1: device not accepting address 96, error -71
[  817.939610][ T5934] usb usb5-port1: unable to enumerate USB device
[  818.114448][ T5844] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  818.211468][ T5878] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  818.287738][T14725] netlink: 'syz.4.2751': attribute type 4 has an invalid length.
[  818.337690][ T5844] usb 3-1: Using ep0 maxpacket: 32
[  818.386486][    T9] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  818.414091][ T5844] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  818.414194][ T5844] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  818.434907][ T5878] usb 4-1: Using ep0 maxpacket: 16
[  818.455246][T14713] netlink: 'syz.4.2751': attribute type 4 has an invalid length.
[  818.492070][ T5844] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  818.492091][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  818.492105][ T5844] usb 3-1: Product: syz
[  818.492115][ T5844] usb 3-1: Manufacturer: syz
[  818.492126][ T5844] usb 3-1: SerialNumber: syz
[  818.521690][ T5844] usb 3-1: config 0 descriptor??
[  818.577592][ T5878] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  818.577643][ T5878] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  818.577681][ T5878] usb 4-1: config 0 interface 0 has no altsetting 0
[  818.577829][ T5878] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  818.577884][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.588971][    T9] usb 1-1: Using ep0 maxpacket: 8
[  818.621515][    T9] usb 1-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  818.621555][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  818.621698][    T9] usb 1-1: Product: syz
[  818.621752][    T9] usb 1-1: Manufacturer: syz
[  818.621845][    T9] usb 1-1: SerialNumber: syz
[  818.697611][ T5878] usb 4-1: config 0 descriptor??
[  818.823820][    T9] usb 1-1: config 0 descriptor??
[  818.906334][ T5844] snd-usb-6fire 3-1:0.0: unable to receive device firmware state.
[  818.906497][ T5844] snd-usb-6fire 3-1:0.0: probe with driver snd-usb-6fire failed with error -121
[  818.950451][    T9] usbtest 1-1:0.0: FX2 device
[  818.950500][    T9] usbtest 1-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  819.033196][T14717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.215760][T14709] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2751'.
[  819.217191][ T8539] usb 3-1: USB disconnect, device number 88
[  819.252699][ T5878] hid (null): unknown global tag 0xd
[  819.268997][ T5878] hid (null): invalid report_count 60216
[  819.310693][T14717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.364940][   T52] usb 1-1: USB disconnect, device number 68
[  819.454378][   T59] usb 4-1: USB disconnect, device number 95
[  819.572845][T13863] Bluetooth: hci4: command 0x0406 tx timeout
[  819.579428][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[  819.585628][ T5828] Bluetooth: hci1: command 0x0406 tx timeout
[  819.591902][ T5828] Bluetooth: hci0: command 0x0406 tx timeout
[  819.599662][T13863] Bluetooth: hci2: command 0x0405 tx timeout
[  819.608210][T14730] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  819.853591][T14737] fuse: Bad value for 'fd'
[  820.710814][T14751] xt_CT: You must specify a L4 protocol and not use inversions on it
[  821.268269][T14752] FAULT_INJECTION: forcing a failure.
[  821.268269][T14752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  821.282062][T14752] CPU: 0 UID: 0 PID: 14752 Comm: syz.1.2760 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  821.282086][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  821.282098][T14752] Call Trace:
[  821.282105][T14752]  <TASK>
[  821.282113][T14752]  dump_stack_lvl+0x189/0x250
[  821.282142][T14752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  821.282166][T14752]  ? __pfx__printk+0x10/0x10
[  821.282194][T14752]  ? __might_fault+0xb0/0x130
[  821.282230][T14752]  should_fail_ex+0x414/0x560
[  821.282262][T14752]  _copy_from_user+0x2d/0xb0
[  821.282285][T14752]  drm_mode_atomic_ioctl+0x6ba/0xcb0
[  821.282320][T14752]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  821.282338][T14752]  ? preempt_schedule_irq+0xde/0x150
[  821.282386][T14752]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  821.282407][T14752]  ? drm_ioctl_kernel+0x2ac/0x390
[  821.282434][T14752]  drm_ioctl_kernel+0x2cc/0x390
[  821.282461][T14752]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  821.282479][T14752]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  821.282510][T14752]  drm_ioctl+0x67f/0xb10
[  821.282534][T14752]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  821.282558][T14752]  ? __pfx_drm_ioctl+0x10/0x10
[  821.282592][T14752]  ? __fget_files+0x3a0/0x420
[  821.282615][T14752]  ? __fget_files+0x2a/0x420
[  821.282642][T14752]  ? bpf_lsm_file_ioctl+0x9/0x20
[  821.282663][T14752]  ? __pfx_drm_ioctl+0x10/0x10
[  821.282683][T14752]  __se_sys_ioctl+0xf9/0x170
[  821.282706][T14752]  do_syscall_64+0xf6/0x210
[  821.282725][T14752]  ? asm_sysvec_call_function_single+0x1a/0x20
[  821.282743][T14752]  ? clear_bhb_loop+0x45/0xa0
[  821.282762][T14752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.282779][T14752] RIP: 0033:0x7f076758e969
[  821.282793][T14752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  821.282808][T14752] RSP: 002b:00007f07684b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  821.282827][T14752] RAX: ffffffffffffffda RBX: 00007f07677b6080 RCX: 00007f076758e969
[  821.282840][T14752] RDX: 0000200000000840 RSI: 00000000c03864bc RDI: 0000000000000005
[  821.282851][T14752] RBP: 00007f07684b7090 R08: 0000000000000000 R09: 0000000000000000
[  821.282863][T14752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  821.282873][T14752] R13: 0000000000000000 R14: 00007f07677b6080 R15: 00007ffee4bfdd98
[  821.282902][T14752]  </TASK>
[  821.517347][    C0] vkms_vblank_simulate: vblank timer overrun
[  822.353402][   T52] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  822.498744][ T5877] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  822.508755][   T52] usb 3-1: Using ep0 maxpacket: 8
[  822.522312][   T52] usb 3-1: config 0 interface 0 has no altsetting 0
[  822.550255][   T52] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  822.566364][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.578609][   T52] usb 3-1: Product: syz
[  822.644485][   T52] usb 3-1: Manufacturer: syz
[  822.672561][   T52] usb 3-1: SerialNumber: syz
[  822.686305][ T5877] usb 5-1: Using ep0 maxpacket: 32
[  822.710022][ T5877] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  822.750796][   T52] usb 3-1: config 0 descriptor??
[  822.779697][ T5877] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  822.836840][   T52] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found
[  822.956283][ T5877] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  822.971018][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.982931][ T5877] usb 5-1: Product: syz
[  822.987194][ T5877] usb 5-1: Manufacturer: syz
[  822.996894][ T5877] usb 5-1: SerialNumber: syz
[  823.204830][ T5877] usb 5-1: config 0 descriptor??
[  823.250695][   T52] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected
[  823.405890][   T52] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  823.435669][ T5877] snd-usb-6fire 5-1:0.0: unable to receive device firmware state.
[  823.443678][ T5877] snd-usb-6fire 5-1:0.0: probe with driver snd-usb-6fire failed with error -121
[  823.526806][T14788] xt_CT: You must specify a L4 protocol and not use inversions on it
[  824.041130][   T52] usb 3-1: USB disconnect, device number 89
[  824.165707][ T5877] usb 5-1: USB disconnect, device number 97
[  824.207394][T14791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2775'.
[  824.231412][T14791] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.356519][T14791] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.260364][T14791] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.754932][T14791] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.437119][T14791] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  826.822145][T14791] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  826.947224][T14818] netlink: 356 bytes leftover after parsing attributes in process `syz.4.2783'.
[  827.023417][T14791] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  827.452951][T14791] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  827.890170][T14838] xt_CT: You must specify a L4 protocol and not use inversions on it
[  828.931280][T14845] nbd: must specify a device to reconfigure
[  829.389492][T14850] nbd: must specify a device to reconfigure
[  830.387525][T14857] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2792'.
[  831.453865][T14871] netlink: 356 bytes leftover after parsing attributes in process `syz.3.2797'.
[  831.548257][T14873] FAULT_INJECTION: forcing a failure.
[  831.548257][T14873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  831.567051][T14875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  831.569276][T14873] CPU: 1 UID: 0 PID: 14873 Comm: syz.2.2796 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  831.569312][T14873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  831.569325][T14873] Call Trace:
[  831.569334][T14873]  <TASK>
[  831.569342][T14873]  dump_stack_lvl+0x189/0x250
[  831.569378][T14873]  ? __pfx_dump_stack_lvl+0x10/0x10
[  831.569406][T14873]  ? __pfx__printk+0x10/0x10
[  831.569459][T14873]  should_fail_ex+0x414/0x560
[  831.569493][T14873]  _copy_to_user+0x31/0xb0
[  831.569520][T14873]  simple_read_from_buffer+0xe1/0x170
[  831.569550][T14873]  proc_fail_nth_read+0x1df/0x250
[  831.569572][T14873]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  831.569594][T14873]  ? rw_verify_area+0x258/0x650
[  831.569618][T14873]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  831.569638][T14873]  vfs_read+0x1fd/0x980
[  831.569666][T14873]  ? __pfx___mutex_lock+0x10/0x10
[  831.569687][T14873]  ? __pfx_vfs_read+0x10/0x10
[  831.569712][T14873]  ? __fget_files+0x2a/0x420
[  831.569744][T14873]  ? __fget_files+0x3a0/0x420
[  831.569770][T14873]  ? __fget_files+0x2a/0x420
[  831.569805][T14873]  ksys_read+0x145/0x250
[  831.569831][T14873]  ? __pfx_ksys_read+0x10/0x10
[  831.569859][T14873]  ? do_syscall_64+0xba/0x210
[  831.569881][T14873]  do_syscall_64+0xf6/0x210
[  831.569901][T14873]  ? clear_bhb_loop+0x45/0xa0
[  831.569924][T14873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  831.569943][T14873] RIP: 0033:0x7f0f37f8d37c
[  831.569960][T14873] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  831.569976][T14873] RSP: 002b:00007f0f38e57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  831.569997][T14873] RAX: ffffffffffffffda RBX: 00007f0f381b5fa0 RCX: 00007f0f37f8d37c
[  831.570011][T14873] RDX: 000000000000000f RSI: 00007f0f38e570a0 RDI: 0000000000000005
[  831.570023][T14873] RBP: 00007f0f38e57090 R08: 0000000000000000 R09: 0000000000000000
[  831.570035][T14873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  831.570046][T14873] R13: 0000000000000000 R14: 00007f0f381b5fa0 R15: 00007fff29e1c058
[  831.570075][T14873]  </TASK>
[  831.835256][T14875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  831.960904][   T59] usb 2-1: new full-speed USB device number 75 using dummy_hcd
[  832.086226][T14884] xt_CT: You must specify a L4 protocol and not use inversions on it
[  832.109104][   T59] usb 2-1: device descriptor read/64, error -71
[  832.738716][T14883] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  832.958797][   T59] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[  833.150341][   T59] usb 2-1: device descriptor read/64, error -71
[  833.654033][   T59] usb usb2-port1: attempt power cycle
[  833.766671][T14904] syzkaller0: entered promiscuous mode
[  833.772520][T14904] syzkaller0: entered allmulticast mode
[  834.018915][   T59] usb 2-1: new full-speed USB device number 77 using dummy_hcd
[  834.049268][   T59] usb 2-1: device descriptor read/8, error -71
[  834.294223][   T59] usb 2-1: new full-speed USB device number 78 using dummy_hcd
[  834.339056][   T59] usb 2-1: device descriptor read/8, error -71
[  834.454513][   T59] usb usb2-port1: unable to enumerate USB device
[  834.684697][T14919] FAULT_INJECTION: forcing a failure.
[  834.684697][T14919] name failslab, interval 1, probability 0, space 0, times 0
[  834.701271][T14919] CPU: 0 UID: 0 PID: 14919 Comm: syz.1.2806 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  834.701307][T14919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  834.701319][T14919] Call Trace:
[  834.701328][T14919]  <TASK>
[  834.701336][T14919]  dump_stack_lvl+0x189/0x250
[  834.701368][T14919]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.701392][T14919]  ? __pfx__printk+0x10/0x10
[  834.701424][T14919]  ? __pfx___might_resched+0x10/0x10
[  834.701449][T14919]  ? fs_reclaim_acquire+0x7d/0x100
[  834.701472][T14919]  should_fail_ex+0x414/0x560
[  834.701503][T14919]  should_failslab+0xa8/0x100
[  834.701531][T14919]  kmem_cache_alloc_noprof+0x73/0x3c0
[  834.701555][T14919]  ? mm_alloc+0x23/0xd0
[  834.701583][T14919]  mm_alloc+0x23/0xd0
[  834.701607][T14919]  alloc_bprm+0x392/0xbc0
[  834.701640][T14919]  do_execveat_common+0x1b3/0x6a0
[  834.701674][T14919]  __x64_sys_execveat+0xc4/0xe0
[  834.701700][T14919]  do_syscall_64+0xf6/0x210
[  834.701719][T14919]  ? clear_bhb_loop+0x45/0xa0
[  834.701741][T14919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.701758][T14919] RIP: 0033:0x7f076758e969
[  834.701775][T14919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  834.701790][T14919] RSP: 002b:00007f07684d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  834.701810][T14919] RAX: ffffffffffffffda RBX: 00007f07677b5fa0 RCX: 00007f076758e969
[  834.701823][T14919] RDX: 0000200000000880 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  834.701835][T14919] RBP: 00007f07684d8090 R08: 0000000000000000 R09: 0000000000000000
[  834.701846][T14919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  834.701857][T14919] R13: 0000000000000000 R14: 00007f07677b5fa0 R15: 00007ffee4bfdd98
[  834.701885][T14919]  </TASK>
[  835.084744][T14925] netlink: 356 bytes leftover after parsing attributes in process `syz.0.2809'.
[  836.069997][T14908] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  836.082171][T14908] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  836.089078][T14928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2810'.
[  836.098588][T14908] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  836.109260][T14908] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  836.124907][T14928] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2810'.
[  836.136916][T14908] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  836.175601][T14928] vlan3: entered allmulticast mode
[  838.482147][T14734] Bluetooth: hci0: command 0x0406 tx timeout
[  838.517597][T14734] Bluetooth: hci2: command 0x0405 tx timeout
[  838.523933][T14734] Bluetooth: hci4: command 0x0406 tx timeout
[  838.530131][T14734] Bluetooth: hci3: command 0x0406 tx timeout
[  838.536140][T14734] Bluetooth: hci1: command 0x0406 tx timeout
[  838.706186][T14950] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2816'.
[  838.784903][T14950] netlink: 'syz.3.2816': attribute type 25 has an invalid length.
[  838.803926][T14950] netlink: 'syz.3.2816': attribute type 7 has an invalid length.
[  838.997702][T14960] netlink: 356 bytes leftover after parsing attributes in process `syz.4.2821'.
[  839.114550][T14967] FAULT_INJECTION: forcing a failure.
[  839.114550][T14967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.168889][T14963] syzkaller0: entered promiscuous mode
[  839.174545][T14963] syzkaller0: entered allmulticast mode
[  839.181121][T14968] lo: entered promiscuous mode
[  839.223711][T14967] CPU: 1 UID: 0 PID: 14967 Comm: syz.4.2824 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  839.223738][T14967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  839.223750][T14967] Call Trace:
[  839.223758][T14967]  <TASK>
[  839.223765][T14967]  dump_stack_lvl+0x189/0x250
[  839.223798][T14967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  839.223823][T14967]  ? __pfx__printk+0x10/0x10
[  839.223863][T14967]  should_fail_ex+0x414/0x560
[  839.223897][T14967]  _copy_to_user+0x31/0xb0
[  839.223929][T14967]  simple_read_from_buffer+0xe1/0x170
[  839.223960][T14967]  proc_fail_nth_read+0x1df/0x250
[  839.223980][T14967]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.224002][T14967]  ? rw_verify_area+0x258/0x650
[  839.224024][T14967]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.224044][T14967]  vfs_read+0x1fd/0x980
[  839.224072][T14967]  ? __pfx___mutex_lock+0x10/0x10
[  839.224092][T14967]  ? __pfx_vfs_read+0x10/0x10
[  839.224117][T14967]  ? __fget_files+0x2a/0x420
[  839.224148][T14967]  ? __fget_files+0x3a0/0x420
[  839.224173][T14967]  ? __fget_files+0x2a/0x420
[  839.224209][T14967]  ksys_read+0x145/0x250
[  839.224236][T14967]  ? __pfx_ksys_read+0x10/0x10
[  839.224262][T14967]  ? do_syscall_64+0xba/0x210
[  839.224285][T14967]  do_syscall_64+0xf6/0x210
[  839.224305][T14967]  ? clear_bhb_loop+0x45/0xa0
[  839.224328][T14967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.224347][T14967] RIP: 0033:0x7f8826d8d37c
[  839.224364][T14967] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  839.224381][T14967] RSP: 002b:00007f8827b1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  839.224401][T14967] RAX: ffffffffffffffda RBX: 00007f8826fb5fa0 RCX: 00007f8826d8d37c
[  839.224415][T14967] RDX: 000000000000000f RSI: 00007f8827b1c0a0 RDI: 0000000000000006
[  839.224427][T14967] RBP: 00007f8827b1c090 R08: 0000000000000000 R09: 0000000000000000
[  839.224439][T14967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  839.224450][T14967] R13: 0000000000000000 R14: 00007f8826fb5fa0 R15: 00007ffcfb7e3ba8
[  839.224481][T14967]  </TASK>
[  840.534517][T14983] usb usb3: usbfs: interface 0 claimed by hub while 'syz.0.2827' sets config #1
[  840.819333][T14986] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2829'.
[  842.082231][T14971] lo: entered allmulticast mode
[  842.087366][T14971] lo: left allmulticast mode
[  842.094600][T14971] lo: left promiscuous mode
[  842.235107][T14995] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2833'.
[  842.290975][T14997] netlink: 356 bytes leftover after parsing attributes in process `syz.3.2834'.
[  842.296819][T14995] netlink: 'syz.0.2833': attribute type 25 has an invalid length.
[  842.336102][T14995] netlink: 'syz.0.2833': attribute type 7 has an invalid length.
[  842.518517][ T5878] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  842.830566][ T5878] usb 2-1: Using ep0 maxpacket: 32
[  842.837644][ T5878] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  842.850930][ T5878] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  842.879325][T14734] Bluetooth: hci2: command 0x0405 tx timeout
[  842.894194][ T5878] usb 2-1: config 0 has no interface number 0
[  842.908700][ T5878] usb 2-1: config 0 interface 8 altsetting 248 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  843.099573][ T5878] usb 2-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  843.114411][ T5878] usb 2-1: config 0 interface 8 has no altsetting 0
[  843.409552][T14734] Bluetooth: hci3: unexpected event for opcode 0x200b
[  844.133628][ T5878] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  844.158953][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.167240][ T5878] usb 2-1: Product: syz
[  844.319268][ T5878] usb 2-1: Manufacturer: syz
[  844.329161][ T5878] usb 2-1: SerialNumber: syz
[  844.346433][ T5878] usb 2-1: config 0 descriptor??
[  844.941491][T15022] FAULT_INJECTION: forcing a failure.
[  844.941491][T15022] name failslab, interval 1, probability 0, space 0, times 0
[  844.954327][T15022] CPU: 0 UID: 0 PID: 15022 Comm: syz.2.2840 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  844.954351][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  844.954363][T15022] Call Trace:
[  844.954369][T15022]  <TASK>
[  844.954375][T15022]  dump_stack_lvl+0x189/0x250
[  844.954398][T15022]  ? __pfx_dump_stack_lvl+0x10/0x10
[  844.954415][T15022]  ? __pfx__printk+0x10/0x10
[  844.954439][T15022]  ? __pfx___might_resched+0x10/0x10
[  844.954460][T15022]  should_fail_ex+0x414/0x560
[  844.954483][T15022]  should_failslab+0xa8/0x100
[  844.954503][T15022]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  844.954522][T15022]  ? __alloc_skb+0x112/0x2d0
[  844.954537][T15022]  __alloc_skb+0x112/0x2d0
[  844.954552][T15022]  netlink_sendmsg+0x5c6/0xb30
[  844.954571][T15022]  ? irqentry_exit+0x74/0x90
[  844.954588][T15022]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.954612][T15022]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  844.954625][T15022]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.954644][T15022]  __sock_sendmsg+0x219/0x270
[  844.954664][T15022]  ____sys_sendmsg+0x505/0x830
[  844.954681][T15022]  ? __pfx_____sys_sendmsg+0x10/0x10
[  844.954698][T15022]  ? ___sys_sendmsg+0x1fb/0x2a0
[  844.954716][T15022]  ___sys_sendmsg+0x21f/0x2a0
[  844.954731][T15022]  ? __pfx____sys_sendmsg+0x10/0x10
[  844.954743][T15022]  ? kvm_sched_clock_read+0x11/0x20
[  844.954783][T15022]  ? __fget_files+0x2a/0x420
[  844.954801][T15022]  ? __fget_files+0x3a0/0x420
[  844.954825][T15022]  __x64_sys_sendmsg+0x19b/0x260
[  844.954841][T15022]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  844.954865][T15022]  ? do_syscall_64+0xba/0x210
[  844.954880][T15022]  do_syscall_64+0xf6/0x210
[  844.954892][T15022]  ? asm_sysvec_call_function_single+0x1a/0x20
[  844.954905][T15022]  ? clear_bhb_loop+0x45/0xa0
[  844.954920][T15022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.954932][T15022] RIP: 0033:0x7f0f37f8e969
[  844.954944][T15022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.954955][T15022] RSP: 002b:00007f0f38e15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  844.954968][T15022] RAX: ffffffffffffffda RBX: 00007f0f381b6160 RCX: 00007f0f37f8e969
[  844.954977][T15022] RDX: 000000002400c000 RSI: 0000200000000040 RDI: 0000000000000003
[  844.954986][T15022] RBP: 00007f0f38e15090 R08: 0000000000000000 R09: 0000000000000000
[  844.954993][T15022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.955001][T15022] R13: 0000000000000000 R14: 00007f0f381b6160 R15: 00007fff29e1c058
[  844.955020][T15022]  </TASK>
[  845.210720][    C0] vkms_vblank_simulate: vblank timer overrun
[  845.238273][ T5878] ath6kl: Failed to submit usb control message: -71
[  845.250362][ T5878] ath6kl: unable to send the bmi data to the device: -71
[  845.257692][ T5878] ath6kl: Unable to send get target info: -71
[  845.272645][ T5878] ath6kl: Failed to init ath6kl core: -71
[  845.280516][ T5878] ath6kl_usb 2-1:0.8: probe with driver ath6kl_usb failed with error -71
[  845.515897][ T5878] usb 2-1: USB disconnect, device number 79
[  845.601244][T15024] netlink: 'syz.4.2839': attribute type 10 has an invalid length.
[  845.645628][T14734] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  846.653139][   T52] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  846.875845][   T52] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  846.906216][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.948827][   T52] usb 5-1: Product: syz
[  846.958826][   T52] usb 5-1: Manufacturer: syz
[  846.963466][   T52] usb 5-1: SerialNumber: syz
[  846.964823][T15048] lo speed is unknown, defaulting to 1000
[  847.003876][   T52] usb 5-1: config 0 descriptor??
[  847.064564][T15055] fuse: Bad value for 'fd'
[  847.238799][ T5878] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  847.442654][ T5878] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  847.482590][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.507129][ T5878] usb 4-1: Product: syz
[  847.512655][ T5878] usb 4-1: Manufacturer: syz
[  847.517441][ T5878] usb 4-1: SerialNumber: syz
[  847.567147][ T5878] usb 4-1: config 0 descriptor??
[  848.081959][T15048] wlan0 speed is unknown, defaulting to 1000
[  848.089990][T15062] lo speed is unknown, defaulting to 1000
[  848.786532][   T52] usb-storage 5-1:0.0: USB Mass Storage device detected
[  849.129857][   T52] usb 5-1: USB disconnect, device number 98
[  849.141598][T14837] udevd[14837]: setting owner of /dev/bus/usb/005/098 to uid=0, gid=0 failed: No such file or directory
[  849.674029][T15062] wlan0 speed is unknown, defaulting to 1000
[  849.889840][T15088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2857'.
[  850.059667][ T5878] usb-storage 4-1:0.0: USB Mass Storage device detected
[  850.102560][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  850.111640][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  850.125809][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  850.134692][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  850.145764][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  850.203480][ T5878] usb 4-1: USB disconnect, device number 96
[  850.446404][   T53] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.500928][T15091] lo speed is unknown, defaulting to 1000
[  850.561262][   T53] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.694903][   T53] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.784604][   T53] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.810328][T15109] fuse: Bad value for 'fd'
[  852.048923][T14734] Bluetooth: hci0: unexpected event for opcode 0x200b
[  852.248887][T14734] Bluetooth: hci2: command tx timeout
[  852.423901][T15091] wlan0 speed is unknown, defaulting to 1000
[  852.930300][T15126] loop6: detected capacity change from 0 to 63
[  852.973407][T15126] 9pnet_fd: Insufficient options for proto=fd
[  852.993218][   T53] bridge_slave_1: left allmulticast mode
[  853.115831][   T53] bridge_slave_1: left promiscuous mode
[  853.321093][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  853.477597][   T53] bridge_slave_0: left allmulticast mode
[  853.520776][   T53] bridge_slave_0: left promiscuous mode
[  853.536803][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  854.337849][ T5836] Bluetooth: hci2: command tx timeout
[  854.717074][T15138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2870'.
[  854.888423][ T5878] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  855.207266][ T5878] usb 4-1: Using ep0 maxpacket: 16
[  855.334644][ T5878] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  855.366888][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  855.433054][ T5878] usb 4-1: config 0 has no interface number 0
[  855.663212][ T5878] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  855.692664][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.724753][ T5878] usb 4-1: Product: syz
[  855.739634][ T5878] usb 4-1: Manufacturer: syz
[  855.753691][ T5878] usb 4-1: SerialNumber: syz
[  855.815702][ T5878] usb 4-1: config 0 descriptor??
[  855.943379][   T53] dvmrp1 (unregistering): left allmulticast mode
[  856.046795][ T5878] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  856.053272][ T5878] usb 4-1: No valid video chain found.
[  856.098234][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  856.110414][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  856.122167][   T53] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  856.131433][   T53] bond0 (unregistering): Released all slaves
[  856.218804][   T53] tipc: Disabling bearer <eth:batadv0>
[  856.230352][   T53] tipc: Left network mode
[  856.297190][ T5878] hid-generic C98F:0005:0000.0022: unknown main item tag 0x0
[  856.308015][ T5878] hid-generic C98F:0005:0000.0022: unknown main item tag 0x0
[  856.324564][ T5878] hid-generic C98F:0005:0000.0022: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  856.399758][ T5836] Bluetooth: hci2: command tx timeout
[  856.644414][T15091] chnl_net:caif_netlink_parms(): no params data found
[  856.982799][T15177] fuse: Bad value for 'fd'
[  857.181067][T15184] netlink: 'syz.4.2876': attribute type 10 has an invalid length.
[  857.244639][T15091] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.260762][T15091] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.268077][T15091] bridge_slave_0: entered allmulticast mode
[  857.280347][T15091] bridge_slave_0: entered promiscuous mode
[  857.314954][   T53] hsr_slave_0: left promiscuous mode
[  857.338047][   T53] hsr_slave_1: left promiscuous mode
[  857.367744][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  857.400666][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  857.422199][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  857.468746][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  858.186811][   T59] usb 4-1: USB disconnect, device number 97
[  858.305391][   T53] veth0_macvtap: left promiscuous mode
[  858.317936][   T53] veth1_vlan: left promiscuous mode
[  858.325136][   T53] veth0_vlan: left promiscuous mode
[  858.479487][ T5836] Bluetooth: hci2: command tx timeout
[  859.093834][ T5878] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  859.202736][T15209] FAULT_INJECTION: forcing a failure.
[  859.202736][T15209] name failslab, interval 1, probability 0, space 0, times 0
[  859.215910][T15209] CPU: 1 UID: 0 PID: 15209 Comm: syz.1.2883 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  859.215934][T15209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  859.215946][T15209] Call Trace:
[  859.215953][T15209]  <TASK>
[  859.215960][T15209]  dump_stack_lvl+0x189/0x250
[  859.215990][T15209]  ? __pfx_dump_stack_lvl+0x10/0x10
[  859.216014][T15209]  ? __pfx__printk+0x10/0x10
[  859.216043][T15209]  ? __pfx___might_resched+0x10/0x10
[  859.216069][T15209]  ? fs_reclaim_acquire+0x7d/0x100
[  859.216091][T15209]  should_fail_ex+0x414/0x560
[  859.216123][T15209]  should_failslab+0xa8/0x100
[  859.216150][T15209]  kmem_cache_alloc_noprof+0x73/0x3c0
[  859.216174][T15209]  ? security_file_alloc+0x34/0x330
[  859.216196][T15209]  security_file_alloc+0x34/0x330
[  859.216216][T15209]  init_file+0x93/0x2f0
[  859.216236][T15209]  alloc_empty_file+0x6e/0x1d0
[  859.216265][T15209]  path_openat+0x107/0x3830
[  859.216285][T15209]  ? arch_stack_walk+0xfc/0x150
[  859.216317][T15209]  ? stack_trace_save+0x9c/0xe0
[  859.216336][T15209]  ? stack_depot_save_flags+0x40/0x910
[  859.216370][T15209]  ? kasan_save_track+0x4f/0x80
[  859.216392][T15209]  ? __kasan_slab_alloc+0x6c/0x80
[  859.216414][T15209]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  859.216436][T15209]  ? getname_flags+0xb8/0x540
[  859.216452][T15209]  ? __pfx_path_openat+0x10/0x10
[  859.216470][T15209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.216507][T15209]  do_filp_open+0x1fa/0x410
[  859.216530][T15209]  ? __pfx_do_filp_open+0x10/0x10
[  859.216570][T15209]  ? _raw_spin_unlock+0x28/0x50
[  859.216593][T15209]  ? alloc_fd+0x64c/0x6c0
[  859.216627][T15209]  do_sys_openat2+0x121/0x1c0
[  859.216648][T15209]  ? __pfx_do_sys_openat2+0x10/0x10
[  859.216671][T15209]  ? ksys_write+0x1f0/0x250
[  859.216692][T15209]  ? rcu_is_watching+0x15/0xb0
[  859.216722][T15209]  __x64_sys_openat+0x138/0x170
[  859.216746][T15209]  do_syscall_64+0xf6/0x210
[  859.216765][T15209]  ? clear_bhb_loop+0x45/0xa0
[  859.216787][T15209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.216804][T15209] RIP: 0033:0x7f076758e969
[  859.216819][T15209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  859.216835][T15209] RSP: 002b:00007f07684d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  859.216854][T15209] RAX: ffffffffffffffda RBX: 00007f07677b5fa0 RCX: 00007f076758e969
[  859.216867][T15209] RDX: 000000000000275a RSI: 0000200000000000 RDI: ffffffffffffff9c
[  859.216879][T15209] RBP: 00007f07684d8090 R08: 0000000000000000 R09: 0000000000000000
[  859.216890][T15209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  859.216901][T15209] R13: 0000000000000000 R14: 00007f07677b5fa0 R15: 00007ffee4bfdd98
[  859.216928][T15209]  </TASK>
[  859.248883][ T5878] usb 5-1: Using ep0 maxpacket: 16
[  859.511409][ T5878] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  859.519782][ T5878] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  859.532071][ T5878] usb 5-1: config 0 has no interface number 0
[  859.547772][ T5878] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  859.568050][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  859.582371][ T5878] usb 5-1: Product: syz
[  859.588939][ T5878] usb 5-1: Manufacturer: syz
[  859.593579][ T5878] usb 5-1: SerialNumber: syz
[  859.619945][ T5878] usb 5-1: config 0 descriptor??
[  859.766417][   T53] team0 (unregistering): Port device team_slave_1 removed
[  859.808491][   T53] team0 (unregistering): Port device team_slave_0 removed
[  859.826612][   T69] smc: removing ib device syz!
[  859.831860][ T5878] usb 5-1: Found UVC 0.00 device syz (046d:08d3)
[  859.831893][ T5878] usb 5-1: No valid video chain found.
[  860.087776][ T5878] hid-generic C98F:0005:0000.0023: unknown main item tag 0x0
[  860.098788][ T5878] hid-generic C98F:0005:0000.0023: unknown main item tag 0x0
[  860.115225][ T5878] hid-generic C98F:0005:0000.0023: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  860.299898][T15091] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.317781][T15091] bridge0: port 2(bridge_slave_1) entered disabled state
[  860.335601][T15091] bridge_slave_1: entered allmulticast mode
[  860.351601][T15091] bridge_slave_1: entered promiscuous mode
[  860.521633][T15202] netlink: 'syz.3.2880': attribute type 25 has an invalid length.
[  860.530719][T15202] netlink: 'syz.3.2880': attribute type 7 has an invalid length.
[  860.920014][T15091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  861.002199][T15091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  861.327012][T15091] team0: Port device team_slave_0 added
[  861.350750][T15091] team0: Port device team_slave_1 added
[  861.625858][T15091] batman_adv: batadv0: Adding interface: batadv_slave_0
[  861.634656][   T52] usb 5-1: USB disconnect, device number 99
[  861.659007][T15091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  861.739630][T15091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  862.197835][T15091] batman_adv: batadv0: Adding interface: batadv_slave_1
[  862.210479][T15091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  862.319661][T15091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  864.140340][T15091] hsr_slave_0: entered promiscuous mode
[  864.162087][T15091] hsr_slave_1: entered promiscuous mode
[  864.533456][ T5844] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  864.702671][   T53] IPVS: stop unused estimator thread 0...
[  864.786093][T15304] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2899'.
[  864.863392][ T5844] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  864.904733][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  864.930025][ T5844] usb 4-1: Product: syz
[  864.942037][ T5844] usb 4-1: Manufacturer: syz
[  864.951059][ T5844] usb 4-1: SerialNumber: syz
[  864.988322][ T5844] usb 4-1: config 0 descriptor??
[  865.353884][T15316] nbd: must specify a device to reconfigure
[  867.328881][ T8539] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  867.487291][ T5844] usb-storage 4-1:0.0: USB Mass Storage device detected
[  867.528727][ T8539] usb 2-1: Using ep0 maxpacket: 16
[  867.547803][ T8539] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  867.584470][T15328] nbd: must specify a device to reconfigure
[  867.934430][T15335] syzkaller0: entered promiscuous mode
[  867.946278][T15335] syzkaller0: entered allmulticast mode
[  868.441344][ T8539] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  868.456363][ T5844] usb 4-1: USB disconnect, device number 98
[  868.464578][ T8539] usb 2-1: config 0 has no interface number 0
[  868.473170][ T8539] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  868.483622][ T8539] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.492011][ T8539] usb 2-1: Product: syz
[  868.498172][ T8539] usb 2-1: Manufacturer: syz
[  868.502888][ T8539] usb 2-1: SerialNumber: syz
[  868.514911][ T8539] usb 2-1: config 0 descriptor??
[  868.742678][ T8539] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  868.749307][ T8539] usb 2-1: No valid video chain found.
[  868.953550][ T8539] hid-generic C98F:0005:0000.0024: unknown main item tag 0x0
[  868.961128][ T8539] hid-generic C98F:0005:0000.0024: unknown main item tag 0x0
[  868.984162][ T8539] hid-generic C98F:0005:0000.0024: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  870.091683][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  870.408227][T15358] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2910'.
[  870.902654][T15091] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  871.419836][T15359] fuse: Bad value for 'group_id'
[  871.424829][T15359] fuse: Bad value for 'group_id'
[  871.600983][T15366] nbd: must specify a device to reconfigure
[  871.911126][T15091] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  872.002406][T15091] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  872.019946][   T52] usb 2-1: USB disconnect, device number 80
[  872.057171][T15091] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  872.209088][   T59] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  872.289356][T15091] 8021q: adding VLAN 0 to HW filter on device bond0
[  872.332323][T15091] 8021q: adding VLAN 0 to HW filter on device team0
[  872.370423][T14245] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.377629][T14245] bridge0: port 1(bridge_slave_0) entered forwarding state
[  872.378957][   T59] usb 4-1: Using ep0 maxpacket: 8
[  872.409292][   T59] usb 4-1: unable to get BOS descriptor or descriptor too short
[  872.431409][   T59] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  872.446234][ T6390] bridge0: port 2(bridge_slave_1) entered blocking state
[  872.453394][ T6390] bridge0: port 2(bridge_slave_1) entered forwarding state
[  872.459250][   T59] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  872.514342][T15385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2917'.
[  872.526722][   T59] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  872.645067][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.738572][   T59] usb 4-1: Product: syz
[  872.795301][   T59] usb 4-1: Manufacturer: syz
[  872.835186][   T59] usb 4-1: SerialNumber: syz
[  872.950579][T15091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  873.026887][T15091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  873.055885][   T59] usb 4-1: config 0 descriptor??
[  873.222189][   T59] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  874.369990][   T59] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  874.495008][   T59] usb 4-1: USB disconnect, device number 99
[  874.514725][T15068] udevd[15068]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  874.626869][T15410] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2921'.
[  874.654201][T15091] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.838728][   T59] usb 4-1: new full-speed USB device number 100 using dummy_hcd
[  875.271391][T15091] veth0_vlan: entered promiscuous mode
[  875.283772][T15091] veth1_vlan: entered promiscuous mode
[  875.291339][   T59] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  875.300743][   T59] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  875.316486][   T59] usb 4-1: config 0 descriptor??
[  875.326957][   T59] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  875.412414][T15091] veth0_macvtap: entered promiscuous mode
[  875.440481][T15091] veth1_macvtap: entered promiscuous mode
[  875.564953][   T59] usb 4-1: Detected FT232B
[  875.623029][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  875.670400][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  875.711186][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  875.722075][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  875.732179][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  875.743884][T15403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  875.752593][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  875.753012][T15403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  875.762636][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  875.798707][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  875.812663][   T59] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  875.820115][   T59] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  875.828440][T15091] batman_adv: batadv0: Interface activated: batadv_slave_0
[  875.850427][   T59] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  875.863198][   T59] usb 4-1: USB disconnect, device number 100
[  875.900578][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.070481][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.076904][   T59] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  876.101987][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.105295][   T59] ftdi_sio 4-1:0.0: device disconnected
[  876.128428][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.167364][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.192081][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.217136][T15091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.231106][T15091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.260166][T15091] batman_adv: batadv0: Interface activated: batadv_slave_1
[  876.290789][T15091] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  876.373508][T15091] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  876.382374][T15091] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  876.399345][T15091] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  876.640856][T14734] Bluetooth: hci4: command 0x0406 tx timeout
[  876.804126][T15448] nbd: must specify a device to reconfigure
[  877.134042][T15446] syzkaller0: entered promiscuous mode
[  877.139686][T15446] syzkaller0: entered allmulticast mode
[  879.221619][T15484] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2935'.
[  880.434839][T15494] FAULT_INJECTION: forcing a failure.
[  880.434839][T15494] name failslab, interval 1, probability 0, space 0, times 0
[  880.448258][T15494] CPU: 0 UID: 0 PID: 15494 Comm: syz.1.2939 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  880.448290][T15494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  880.448302][T15494] Call Trace:
[  880.448310][T15494]  <TASK>
[  880.448319][T15494]  dump_stack_lvl+0x189/0x250
[  880.448352][T15494]  ? __pfx_dump_stack_lvl+0x10/0x10
[  880.448376][T15494]  ? __pfx__printk+0x10/0x10
[  880.448407][T15494]  ? preempt_schedule_irq+0xde/0x150
[  880.448436][T15494]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  880.448461][T15494]  ? ref_tracker_alloc+0x318/0x460
[  880.448494][T15494]  should_fail_ex+0x414/0x560
[  880.448526][T15494]  should_failslab+0xa8/0x100
[  880.448553][T15494]  kmem_cache_alloc_noprof+0x73/0x3c0
[  880.448577][T15494]  ? skb_clone+0x212/0x3a0
[  880.448602][T15494]  skb_clone+0x212/0x3a0
[  880.448628][T15494]  __netlink_deliver_tap+0x404/0x850
[  880.448666][T15494]  ? netlink_deliver_tap+0x2e/0x1b0
[  880.448694][T15494]  netlink_deliver_tap+0x19c/0x1b0
[  880.448721][T15494]  netlink_unicast+0x72f/0x8d0
[  880.448756][T15494]  netlink_sendmsg+0x805/0xb30
[  880.448790][T15494]  ? __pfx_netlink_sendmsg+0x10/0x10
[  880.448824][T15494]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  880.448842][T15494]  ? __pfx_netlink_sendmsg+0x10/0x10
[  880.448868][T15494]  __sock_sendmsg+0x219/0x270
[  880.448895][T15494]  __sys_sendto+0x3bd/0x520
[  880.448915][T15494]  ? __pfx___sys_sendto+0x10/0x10
[  880.448929][T15494]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  880.448959][T15494]  ? __fget_files+0x3a0/0x420
[  880.448995][T15494]  ? ksys_write+0x1f0/0x250
[  880.449026][T15494]  __x64_sys_sendto+0xde/0x100
[  880.449047][T15494]  do_syscall_64+0xf6/0x210
[  880.449065][T15494]  ? asm_sysvec_call_function_single+0x1a/0x20
[  880.449083][T15494]  ? clear_bhb_loop+0x45/0xa0
[  880.449104][T15494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  880.449121][T15494] RIP: 0033:0x7f076758e969
[  880.449137][T15494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  880.449152][T15494] RSP: 002b:00007f07684b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  880.449170][T15494] RAX: ffffffffffffffda RBX: 00007f07677b6080 RCX: 00007f076758e969
[  880.449184][T15494] RDX: 0000000000010a73 RSI: 0000200000000000 RDI: 0000000000000005
[  880.449195][T15494] RBP: 00007f07684b7090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[  880.449207][T15494] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  880.449218][T15494] R13: 0000000000000000 R14: 00007f07677b6080 R15: 00007ffee4bfdd98
[  880.449246][T15494]  </TASK>
[  880.705968][T15494] netlink: 79 bytes leftover after parsing attributes in process `syz.1.2939'.
[  880.899572][   T52] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  881.071133][   T52] usb 5-1: Using ep0 maxpacket: 16
[  881.083539][   T52] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  881.092326][   T52] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  881.102939][   T52] usb 5-1: config 0 has no interface number 0
[  881.116244][   T52] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  881.125476][ T5836] Bluetooth: hci4: command 0x0406 tx timeout
[  881.131890][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.140191][   T52] usb 5-1: Product: syz
[  881.144367][   T52] usb 5-1: Manufacturer: syz
[  881.149401][   T52] usb 5-1: SerialNumber: syz
[  881.165976][   T52] usb 5-1: config 0 descriptor??
[  881.381751][   T52] usb 5-1: Found UVC 0.00 device syz (046d:08d3)
[  881.389950][   T52] usb 5-1: No valid video chain found.
[  881.482728][ T6151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  881.484831][T15485] netlink: 'syz.0.2935': attribute type 25 has an invalid length.
[  881.493413][ T6151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  881.503262][T15485] netlink: 'syz.0.2935': attribute type 7 has an invalid length.
[  881.574359][ T6151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  881.601148][ T5844] hid-generic C98F:0005:0000.0025: unknown main item tag 0x0
[  881.612015][ T6151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  881.622537][ T5844] hid-generic C98F:0005:0000.0025: unknown main item tag 0x0
[  881.657052][ T5844] hid-generic C98F:0005:0000.0025: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  882.161232][ T5836] Bluetooth: hci0: unexpected event for opcode 0x200b
[  882.606526][T15505] siw: device registration error -23
[  888.235025][ T5844] usb 5-1: USB disconnect, device number 100
[  888.281644][   T30] audit: type=1326 audit(1745770955.767:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15539 comm="syz.1.2951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f076758e969 code=0x0
[  888.541808][T14734] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  888.552001][T14734] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  888.561433][T14734] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  888.571493][T14734] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  888.580273][T14734] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  888.658879][ T8539] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  888.728028][T15545] lo speed is unknown, defaulting to 1000
[  888.775662][T15545] wlan0 speed is unknown, defaulting to 1000
[  889.088792][ T8539] usb 4-1: Using ep0 maxpacket: 32
[  889.197558][ T8539] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  889.218587][ T8539] usb 4-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77
[  889.228606][ T8539] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.240987][ T8539] usb 4-1: Product: syz
[  889.245176][ T8539] usb 4-1: Manufacturer: syz
[  889.250353][ T8539] usb 4-1: SerialNumber: syz
[  889.259808][ T8539] usb 4-1: config 0 descriptor??
[  889.270805][ T8539] hdpvr 4-1:0.0: Could not find bulk-in endpoint
[  889.278163][ T8539] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12
[  889.579911][T15545] chnl_net:caif_netlink_parms(): no params data found
[  890.642924][ T5836] Bluetooth: hci3: command tx timeout
[  890.820771][T15545] bridge0: port 1(bridge_slave_0) entered blocking state
[  890.934318][T15578] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2956' sets config #1
[  891.368767][T15545] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.376134][T15545] bridge_slave_0: entered allmulticast mode
[  891.383939][T15545] bridge_slave_0: entered promiscuous mode
[  891.397451][T15545] bridge0: port 2(bridge_slave_1) entered blocking state
[  891.414215][ T8539] usb 4-1: USB disconnect, device number 101
[  891.578866][T15545] bridge0: port 2(bridge_slave_1) entered disabled state
[  891.592544][T15545] bridge_slave_1: entered allmulticast mode
[  891.715288][T15545] bridge_slave_1: entered promiscuous mode
[  892.729028][T14734] Bluetooth: hci3: command tx timeout
[  892.983795][T15545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  893.015159][T15545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  893.187569][T15545] team0: Port device team_slave_0 added
[  893.212791][T15545] team0: Port device team_slave_1 added
[  893.292146][T15545] batman_adv: batadv0: Adding interface: batadv_slave_0
[  893.302485][T15545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.333756][T15545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  893.348002][T15545] batman_adv: batadv0: Adding interface: batadv_slave_1
[  893.360964][T15545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.389894][T15545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  893.448736][ T5878] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  893.460532][T15545] hsr_slave_0: entered promiscuous mode
[  893.467135][T15545] hsr_slave_1: entered promiscuous mode
[  893.478290][T15545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  893.487628][T15545] Cannot create hsr debugfs directory
[  893.493272][   T52] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  893.519224][    T9] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  893.600980][ T5878] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  893.613971][ T5878] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  893.623517][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.643792][ T5878] usb 3-1: Product: syz
[  893.647976][ T5878] usb 3-1: Manufacturer: syz
[  893.658789][ T5878] usb 3-1: SerialNumber: syz
[  893.658908][   T52] usb 4-1: Using ep0 maxpacket: 16
[  893.684832][ T5878] usb 3-1: config 0 descriptor??
[  893.689281][   T52] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  893.701259][    T9] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  893.710601][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.718325][   T52] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  893.726843][    T9] usb 5-1: Product: syz
[  893.733427][    T9] usb 5-1: Manufacturer: syz
[  893.743543][T15545] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  893.753656][    T9] usb 5-1: SerialNumber: syz
[  893.755920][   T52] usb 4-1: config 0 has no interface number 0
[  893.762264][T15545] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.776519][    T9] usb 5-1: config 0 descriptor??
[  893.787346][   T52] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  893.803739][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.812539][   T52] usb 4-1: Product: syz
[  893.817028][   T52] usb 4-1: Manufacturer: syz
[  893.826526][   T52] usb 4-1: SerialNumber: syz
[  893.846726][   T52] usb 4-1: config 0 descriptor??
[  893.861309][T15545] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  893.872043][T15545] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.968453][T15545] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  893.991201][T15606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2962'.
[  894.042456][T15545] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.087225][   T52] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  894.496359][T14734] Bluetooth: hci0: command 0x0406 tx timeout
[  894.581630][ T5878] hid-generic C98F:0005:0000.0026: unknown main item tag 0x0
[  894.606016][ T5878] hid-generic C98F:0005:0000.0026: unknown main item tag 0x0
[  894.818799][ T5878] hid-generic C98F:0005:0000.0026: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  894.894693][T15607] nbd: must specify a device to reconfigure
[  895.009018][ T5836] Bluetooth: hci3: command tx timeout
[  895.214189][T15545] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  895.290200][T15545] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  895.315335][   T52] usb 4-1: No valid video chain found.
[  896.026551][    T9] usb-storage 5-1:0.0: USB Mass Storage device detected
[  896.086786][ T8539] usb 4-1: USB disconnect, device number 102
[  896.136817][    T9] usb 5-1: USB disconnect, device number 101
[  896.154312][T15545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  896.165098][ T5878] usb 3-1: USB disconnect, device number 90
[  896.181473][T15545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  896.217261][T15545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  896.246664][T15545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  897.049205][ T5836] Bluetooth: hci3: command tx timeout
[  897.062369][T15621] syzkaller0: entered promiscuous mode
[  897.067877][T15621] syzkaller0: entered allmulticast mode
[  898.108732][ T5878] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  898.278875][ T5878] usb 4-1: Using ep0 maxpacket: 8
[  898.306888][ T5878] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  898.320174][ T5878] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  898.329557][ T5878] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  898.342772][ T5878] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  898.352163][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.370268][ T5878] hub 4-1:1.0: bad descriptor, ignoring hub
[  898.376216][ T5878] hub 4-1:1.0: probe with driver hub failed with error -5
[  898.394380][ T5878] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  898.602712][T15634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  898.614518][T15634] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  898.749948][   T52] usb 4-1: USB disconnect, device number 103
[  899.246410][T15638] netlink: 356 bytes leftover after parsing attributes in process `syz.3.2973'.
[  899.409539][T15640] netlink: 'syz.1.2974': attribute type 10 has an invalid length.
[  899.481425][T15640] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  899.607861][T15545] 8021q: adding VLAN 0 to HW filter on device bond0
[  899.631094][T15650] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2978' sets config #1
[  899.679967][T15545] 8021q: adding VLAN 0 to HW filter on device team0
[  899.906624][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.914536][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  899.939920][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.947142][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  900.049323][T15657] usb usb3: usbfs: interface 0 claimed by hub while 'syz.4.2979' sets config #1
[  900.147710][   T52] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  900.830668][   T52] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  900.858680][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  900.866708][   T52] usb 4-1: Product: syz
[  900.892605][   T52] usb 4-1: Manufacturer: syz
[  901.021354][T15671] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2981' sets config #1
[  901.082786][   T52] usb 4-1: SerialNumber: syz
[  901.199469][T14734] Bluetooth: hci0: command 0x0406 tx timeout
[  901.469516][T14245] bridge0: port 3(batadv0) entered disabled state
[  901.496975][T14245] bridge_slave_1: left allmulticast mode
[  901.515574][T14245] bridge_slave_1: left promiscuous mode
[  901.546322][T14245] bridge0: port 2(bridge_slave_1) entered disabled state
[  901.563188][T14245] bridge_slave_0: left allmulticast mode
[  901.570666][T14245] bridge_slave_0: left promiscuous mode
[  901.576375][T14245] bridge0: port 1(bridge_slave_0) entered disabled state
[  901.733451][   T52] usb 4-1: config 0 descriptor??
[  902.404199][T15683] netlink: 356 bytes leftover after parsing attributes in process `syz.1.2987'.
[  902.568277][T14245] dvmrp1 (unregistering): left allmulticast mode
[  902.638816][T14734] Bluetooth: hci2: command tx timeout
[  902.796258][T14245] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  902.807992][T14245] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  902.822754][T14245] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  902.832379][T14245] bond0 (unregistering): Released all slaves
[  902.866691][T15677] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  902.981447][T14245] tipc: Left network mode
[  903.554159][T15695] netlink: 'syz.4.2989': attribute type 10 has an invalid length.
[  903.644813][   T52] usb-storage 4-1:0.0: USB Mass Storage device detected
[  903.760432][T15545] 8021q: adding VLAN 0 to HW filter on device batadv0
[  903.761220][   T52] usb 4-1: USB disconnect, device number 104
[  904.542708][T15710] netlink: 356 bytes leftover after parsing attributes in process `syz.2.2994'.
[  904.670581][T15545] veth0_vlan: entered promiscuous mode
[  905.088843][T15716] netlink: 356 bytes leftover after parsing attributes in process `syz.2.2997'.
[  905.269461][T14245] hsr_slave_0: left promiscuous mode
[  905.889620][T14245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  905.914045][T14245] batman_adv: batadv0: Removing interface: batadv_slave_0
[  905.933307][T14245] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  905.952501][T14245] batman_adv: batadv0: Removing interface: batadv_slave_1
[  905.985494][T14245] veth0_macvtap: left promiscuous mode
[  905.991710][T14245] veth1_vlan: left promiscuous mode
[  905.997032][T14245] veth0_vlan: left promiscuous mode
[  906.392341][T15705] usb usb3: usbfs: interface 0 claimed by hub while 'syz.4.2993' sets config #1
[  906.573761][T14734] Bluetooth: hci4: command 0x0406 tx timeout
[  906.624610][T14245] team0 (unregistering): Port device team_slave_1 removed
[  906.673884][T14245] team0 (unregistering): Port device team_slave_0 removed
[  907.146957][T15730] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  907.462624][T15731] syzkaller0: entered promiscuous mode
[  907.468402][T15731] syzkaller0: entered allmulticast mode
[  907.478824][   T52] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  908.152074][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  908.295284][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  908.305328][   T52] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  908.318543][   T52] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  908.327639][   T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.350242][   T52] usb 4-1: config 0 descriptor??
[  908.760550][ T5878] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  908.842342][   T52] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving
[  908.868839][   T52] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  908.919167][ T5878] usb 3-1: Using ep0 maxpacket: 16
[  908.927908][ T5878] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  908.942681][ T5878] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  908.965455][ T5878] usb 3-1: config 0 has no interface number 0
[  908.981325][ T5878] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  908.991180][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.999522][ T5878] usb 3-1: Product: syz
[  909.003834][ T5878] usb 3-1: Manufacturer: syz
[  909.008498][ T5878] usb 3-1: SerialNumber: syz
[  909.024667][ T5878] usb 3-1: config 0 descriptor??
[  909.096501][   T52] usb 4-1: USB disconnect, device number 105
[  909.234951][ T5878] usb 3-1: Found UVC 0.00 device syz (046d:08d3)
[  909.241518][ T5878] usb 3-1: No valid video chain found.
[  909.450604][    T9] hid-generic C98F:0005:0000.0028: unknown main item tag 0x0
[  909.492528][    T9] hid-generic C98F:0005:0000.0028: unknown main item tag 0x0
[  909.515192][    T9] hid-generic C98F:0005:0000.0028: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  909.719439][   T52] usb 3-1: USB disconnect, device number 91
[  912.099655][T14734] Bluetooth: hci0: command 0x0406 tx timeout
[  912.966068][T15766] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.3008' sets config #1
[  913.096438][T15545] veth1_vlan: entered promiscuous mode
[  913.178293][T15545] veth0_macvtap: entered promiscuous mode
[  913.261027][T15545] veth1_macvtap: entered promiscuous mode
[  913.352097][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3010'.
[  913.362209][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  913.423520][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  913.448677][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  913.468735][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  913.486588][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  913.507829][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  913.539783][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  913.568695][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  913.596118][T15545] batman_adv: batadv0: Interface activated: batadv_slave_0
[  913.646650][T15775] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  913.660526][ T5826] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  913.942482][ T5826] usb 5-1: Using ep0 maxpacket: 32
[  913.998983][   T59] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  914.010394][ T5826] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  914.079592][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  914.100688][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  914.114049][ T5826] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  914.130532][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  914.131057][ T5826] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  914.143189][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  914.181991][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  914.198830][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  914.203076][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  914.216955][T15545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  914.217351][ T5826] usb 5-1: Product: syz
[  914.228934][T15545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  914.242565][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  914.249987][T15545] batman_adv: batadv0: Interface activated: batadv_slave_1
[  914.271950][T15545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  914.281981][T15545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  914.290893][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  914.292670][T15545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  914.310232][ T5826] usb 5-1: Manufacturer: syz
[  914.314855][ T5826] usb 5-1: SerialNumber: syz
[  914.315963][T15545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  914.328402][   T59] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  914.328451][   T59] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  914.358070][T15775] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  914.358792][ T5826] usb 5-1: config 0 descriptor??
[  914.388196][   T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.414365][   T59] usb 3-1: config 0 descriptor??
[  914.437263][T15775] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  914.485457][T14245] IPVS: stop unused estimator thread 0...
[  914.508140][T15775] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  914.519087][   T52] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  914.534190][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.549281][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.598008][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.599806][ T5826] snd-usb-6fire 5-1:0.0: unable to receive device firmware state.
[  914.608265][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.632698][ T5826] snd-usb-6fire 5-1:0.0: probe with driver snd-usb-6fire failed with error -121
[  914.640156][T15775] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  914.684154][T15775] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  914.689306][   T52] usb 2-1: Using ep0 maxpacket: 32
[  914.708473][T15775] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  914.711964][   T52] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  914.731135][   T52] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  914.738018][T15775] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  914.755036][   T52] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  914.766554][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  914.779584][   T52] usb 2-1: Product: syz
[  914.783797][   T52] usb 2-1: Manufacturer: syz
[  914.788431][   T52] usb 2-1: SerialNumber: syz
[  914.808304][   T52] usb 2-1: config 0 descriptor??
[  914.836614][   T59] plantronics 0003:047F:FFFF.0029: No inputs registered, leaving
[  914.866878][   T59] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  914.939337][ T5844] usb 5-1: USB disconnect, device number 102
[  915.001963][T15796] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  915.034311][   T52] snd-usb-6fire 2-1:0.0: unable to receive device firmware state.
[  915.042467][   T52] snd-usb-6fire 2-1:0.0: probe with driver snd-usb-6fire failed with error -121
[  915.070015][    T9] usb 3-1: USB disconnect, device number 92
[  915.140822][ T5878] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  915.239278][ T5844] usb 2-1: USB disconnect, device number 81
[  915.298964][ T5878] usb 4-1: Using ep0 maxpacket: 16
[  915.305609][ T5878] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  915.315650][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  915.326941][ T5878] usb 4-1: config 0 has no interface number 0
[  915.336044][ T5878] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  915.345394][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.356572][ T5878] usb 4-1: Product: syz
[  915.364247][ T5878] usb 4-1: Manufacturer: syz
[  915.369047][ T5878] usb 4-1: SerialNumber: syz
[  915.375539][ T5878] usb 4-1: config 0 descriptor??
[  916.008793][ T5878] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  916.016726][ T5878] usb 4-1: No valid video chain found.
[  916.025058][    T9] hid-generic C98F:0005:0000.002A: unknown main item tag 0x0
[  916.035941][    T9] hid-generic C98F:0005:0000.002A: unknown main item tag 0x0
[  916.059310][    T9] hid-generic C98F:0005:0000.002A: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  917.175301][   T59] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  917.400079][ T6151] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.647211][   T59] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  917.683567][   T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.694209][ T6151] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.718398][   T59] usb 2-1: Product: syz
[  917.725774][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  917.737262][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  917.746082][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  917.754423][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  917.762220][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  917.775914][   T59] usb 2-1: Manufacturer: syz
[  917.782375][ T6151] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.797529][   T59] usb 2-1: SerialNumber: syz
[  917.812917][   T59] usb 2-1: config 0 descriptor??
[  917.887630][T15835] siw: device registration error -23
[  917.900461][T15832] lo speed is unknown, defaulting to 1000
[  917.914151][ T6151] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.943772][T15832] wlan0 speed is unknown, defaulting to 1000
[  918.048910][    T9] usb 4-1: USB disconnect, device number 106
[  918.227407][T15827] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.3024' sets config #1
[  918.749030][ T6151] bridge_slave_0: left allmulticast mode
[  918.765104][ T6151] bridge_slave_0: left promiscuous mode
[  918.782882][ T6151] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.875864][ T5836] Bluetooth: hci1: command tx timeout
[  919.889727][   T59] usb-storage 2-1:0.0: USB Mass Storage device detected
[  920.051441][   T59] usb 2-1: USB disconnect, device number 82
[  920.539726][T15860] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.3030' sets config #1
[  921.471693][ T6151] dvmrp1 (unregistering): left allmulticast mode
[  921.929003][ T5836] Bluetooth: hci1: command tx timeout
[  922.065835][ T6151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  922.093059][ T6151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.106636][ T6151] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  922.119082][ T6151] bond0 (unregistering): Released all slaves
[  922.136459][ T6151] bond1 (unregistering): Released all slaves
[  922.157664][T15832] chnl_net:caif_netlink_parms(): no params data found
[  923.466150][ T6151] tipc: Left network mode
[  924.009168][ T5836] Bluetooth: hci1: command tx timeout
[  924.364209][T15832] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.389422][T15832] bridge0: port 1(bridge_slave_0) entered disabled state
[  924.423763][T15832] bridge_slave_0: entered allmulticast mode
[  924.448694][    T9] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  924.468243][T15832] bridge_slave_0: entered promiscuous mode
[  924.501151][T15899] siw: device registration error -23
[  924.502083][T15832] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.529249][T15832] bridge0: port 2(bridge_slave_1) entered disabled state
[  924.544594][T15832] bridge_slave_1: entered allmulticast mode
[  924.556558][T15832] bridge_slave_1: entered promiscuous mode
[  924.638777][    T9] usb 4-1: Using ep0 maxpacket: 16
[  924.656507][    T9] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  924.698727][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  924.754420][    T9] usb 4-1: config 0 has no interface number 0
[  924.902467][T15906] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.3040' sets config #1
[  924.937812][   T52] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  925.291554][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  925.301645][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.314435][T15832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  925.323658][    T9] usb 4-1: Product: syz
[  925.327839][    T9] usb 4-1: Manufacturer: syz
[  925.333342][ T8539] wlan0 speed is unknown, defaulting to 1000
[  925.339625][ T8539] infiniband syz2: ib_query_port failed (-19)
[  925.355895][T15832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  925.375813][    T9] usb 4-1: SerialNumber: syz
[  925.383841][    T9] usb 4-1: config 0 descriptor??
[  925.567464][T15832] team0: Port device team_slave_0 added
[  925.576662][   T52] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  925.593680][T15832] team0: Port device team_slave_1 added
[  925.601330][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.617568][   T52] usb 2-1: Product: syz
[  925.632112][   T52] usb 2-1: Manufacturer: syz
[  925.644082][   T52] usb 2-1: SerialNumber: syz
[  925.662475][   T52] usb 2-1: config 0 descriptor??
[  925.767659][T15832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  925.792277][    T9] usb 4-1: Found UVC 0.00 device syz (046d:08d3)
[  925.802901][T15832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  925.812516][    T9] usb 4-1: No valid video chain found.
[  925.888332][T13633] hid-generic C98F:0005:0000.002B: unknown main item tag 0x0
[  925.923402][T15832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  925.941937][T13633] hid-generic C98F:0005:0000.002B: unknown main item tag 0x0
[  926.011565][T13633] hid-generic C98F:0005:0000.002B: hidraw0: <UNKNOWN> HID v0.06 Device [syz0] on syz1
[  926.025610][T15832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  926.054853][T15832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  926.082281][ T5836] Bluetooth: hci1: command tx timeout
[  926.123754][T15832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  926.193283][ T6151] hsr_slave_0: left promiscuous mode
[  926.202517][ T6151] hsr_slave_1: left promiscuous mode
[  926.217907][ T6151] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  926.227796][ T6151] batman_adv: batadv0: Removing interface: batadv_slave_0
[  926.238082][ T6151] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  926.245608][ T6151] batman_adv: batadv0: Removing interface: batadv_slave_1
[  926.268636][ T6151] veth1_macvtap: left promiscuous mode
[  926.275678][ T6151] veth0_macvtap: left promiscuous mode
[  926.281473][ T6151] veth1_vlan: left promiscuous mode
[  926.286834][ T6151] veth0_vlan: left promiscuous mode
[  926.918964][   T59] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  927.284154][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  927.305981][   T59] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  927.330638][   T59] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  927.347763][   T59] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  927.357984][   T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.412504][   T59] usb 3-1: config 0 descriptor??
[  927.449373][ T8539] usb 4-1: USB disconnect, device number 107
[  927.521728][   T52] usb-storage 2-1:0.0: USB Mass Storage device detected
[  928.775957][   T59] plantronics 0003:047F:FFFF.002C: No inputs registered, leaving
[  928.829883][   T52] usb 2-1: USB disconnect, device number 83
[  928.868931][   T59] plantronics 0003:047F:FFFF.002C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  928.917063][T15948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3048'.
[  928.983072][   T59] usb 3-1: USB disconnect, device number 93
[  929.197602][T15950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3049'.
[  929.263890][ T6151] team0 (unregistering): Port device team_slave_1 removed
[  929.301738][ T6151] team0 (unregistering): Port device team_slave_0 removed
[  929.706787][T15948] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.772765][T15950] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.812364][T15952] wlan0 speed is unknown, defaulting to 1000
[  929.884505][T15832] hsr_slave_0: entered promiscuous mode
[  929.920816][T15832] hsr_slave_1: entered promiscuous mode
[  929.940161][T15832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  929.955167][T15832] Cannot create hsr debugfs directory
[  929.973219][T15948] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.993540][T15952] wlan0 speed is unknown, defaulting to 1000
[  930.031184][T15950] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.573321][T15952] wlan0 speed is unknown, defaulting to 1000
[  930.602705][T15952] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  930.637278][T15950] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.740794][T15948] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.764221][T15952] wlan0 speed is unknown, defaulting to 1000
[  930.827725][T15950] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.854779][T15952] wlan0 speed is unknown, defaulting to 1000
[  930.870609][T15948] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.024640][T15952] wlan0 speed is unknown, defaulting to 1000
[  931.054374][ T6151] IPVS: stop unused estimator thread 0...
[  931.126956][T15952] wlan0 speed is unknown, defaulting to 1000
[  931.249740][T15970] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.3052' sets config #1
[  931.331173][T15952] wlan0 speed is unknown, defaulting to 1000
[  931.569934][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  931.762817][T15950] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  932.037825][T15948] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  932.072528][T15950] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  932.126890][T15950] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  932.236264][T15948] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  932.267381][T15950] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  932.306662][T15948] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  932.327471][T15948] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  932.479143][ T5877] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  932.751230][T15990] page: refcount:3 mapcount:0 mapping:ffff888148cd3678 index:0x2f126 pfn:0x5d366
[  932.760477][T15990] memcg:ffff88805a146000
[  932.764741][T15990] aops:def_blk_aops ino:fa00000
[  932.769654][T15990] flags: 0xfff00000000139(locked|uptodate|dirty|lru|active|node=0|zone=1|lastcpupid=0x7ff)
[  932.779720][T15990] raw: 00fff00000000139 ffffea000174d9c8 ffff888029012078 ffff888148cd3678
[  932.788351][T15990] raw: 000000000002f126 0000000000000000 00000003ffffffff ffff88805a146000
[  932.797000][T15990] page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, index))
[  932.805729][T15990] page_owner tracks the page as allocated
[  932.811497][T15990] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 15993, tgid 15989 (syz.1.3057), ts 932633556283, free_ts 932570319335
[  932.832404][T15990]  post_alloc_hook+0x1d8/0x230
[  932.837234][T15990]  get_page_from_freelist+0x21c7/0x22a0
[  932.842849][T15990]  __alloc_frozen_pages_noprof+0x181/0x370
[  932.848737][T15990]  alloc_pages_mpol+0x232/0x4a0
[  932.853624][T15990]  alloc_pages_noprof+0xa9/0x190
[  932.858650][T15990]  folio_alloc_noprof+0x1e/0x30
[  932.863554][T15990]  filemap_alloc_folio_noprof+0xdf/0x470
[  932.869244][T15990]  page_cache_ra_order+0x5e5/0xc70
[  932.874386][T15990]  do_sync_mmap_readahead+0x4b5/0x5f0
[  932.879802][T15990]  filemap_fault+0x62a/0x1200
[  932.884507][T15990]  __do_fault+0x135/0x390
[  932.888896][T15990]  __handle_mm_fault+0x363e/0x5380
[  932.894041][T15990]  handle_mm_fault+0x2d5/0x7f0
[  932.898846][T15990]  __get_user_pages+0x16f0/0x2a40
[  932.903894][T15990]  populate_vma_page_range+0x26b/0x340
[  932.909413][T15990]  __mm_populate+0x24c/0x380
[  932.914021][T15990] page last free pid 15990 tgid 15989 stack trace:
[  932.920568][T15990]  __free_frozen_pages+0xb05/0xcd0
[  932.925714][T15990]  __put_partials+0x161/0x1c0
[  932.930561][T15990]  put_cpu_partial+0x17c/0x250
[  932.935380][T15990]  __slab_free+0x2f7/0x400
[  932.939944][T15990]  qlist_free_all+0x9a/0x140
[  932.944569][T15990]  kasan_quarantine_reduce+0x148/0x160
[  932.950084][T15990]  __kasan_slab_alloc+0x22/0x80
[  932.954983][T15990]  __kmalloc_cache_noprof+0x1be/0x3d0
[  932.960530][T15990]  snd_seq_oss_open+0xe3/0xea0
[  932.965327][T15990]  odev_open+0x67/0xa0
[  932.969434][T15990]  chrdev_open+0x4c9/0x5e0
[  932.973866][T15990]  do_dentry_open+0xdf0/0x1970
[  932.978671][T15990]  vfs_open+0x3b/0x340
[  932.982755][T15990]  path_openat+0x2ee5/0x3830
[  932.987388][T15990]  do_filp_open+0x1fa/0x410
[  932.991943][T15990]  do_sys_openat2+0x121/0x1c0
[  932.996750][T15990] ------------[ cut here ]------------
[  933.002246][T15990] kernel BUG at mm/filemap.c:3433!
[  933.007404][T15990] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  933.013722][T15990] CPU: 1 UID: 0 PID: 15990 Comm: syz.1.3057 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[  933.025766][T15990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  933.035810][T15990] RIP: 0010:filemap_fault+0x1181/0x1200
[  933.041355][T15990] Code: 38 c1 0f 8c 8e fc ff ff 4c 89 e7 e8 79 64 28 00 e9 81 fc ff ff e8 3f 95 c8 ff 48 89 df 48 c7 c6 40 04 74 8b e8 50 a6 0d 00 90 <0f> 0b e8 28 95 c8 ff 48 8b 3c 24 48 c7 c6 c0 0a 74 8b e8 38 a6 0d
[  933.060957][T15990] RSP: 0018:ffffc9000458f3e0 EFLAGS: 00010246
[  933.067007][T15990] RAX: 73ba97f5097a5900 RBX: ffffea000174d980 RCX: 73ba97f5097a5900
[  933.074961][T15990] RDX: 0000000000000000 RSI: ffffffff8d91f812 RDI: ffff88802f13bc00
[  933.082917][T15990] RBP: ffffc9000458f518 R08: 0000000000000003 R09: 0000000000000004
[  933.090878][T15990] R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: dffffc0000000000
[  933.098833][T15990] R13: 1ffffd40002e9b31 R14: ffffea000174d998 R15: ffffea000174d988
[  933.106788][T15990] FS:  00007f07684d86c0(0000) GS:ffff888126202000(0000) knlGS:0000000000000000
[  933.115705][T15990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  933.122273][T15990] CR2: 0000200000001df4 CR3: 000000007ac0e000 CR4: 00000000003526f0
[  933.130234][T15990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  933.138199][T15990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  933.146157][T15990] Call Trace:
[  933.149424][T15990]  <TASK>
[  933.152347][T15990]  ? __pfx_filemap_fault+0x10/0x10
[  933.157461][T15990]  ? __handle_mm_fault+0x280a/0x5380
[  933.162747][T15990]  __do_fault+0x135/0x390
[  933.167064][T15990]  __handle_mm_fault+0x363e/0x5380
[  933.172173][T15990]  ? __pfx___handle_mm_fault+0x10/0x10
[  933.177628][T15990]  ? find_vma+0xe7/0x160
[  933.181865][T15990]  ? __pfx_find_vma+0x10/0x10
[  933.186533][T15990]  handle_mm_fault+0x2d5/0x7f0
[  933.191287][T15990]  do_user_addr_fault+0x764/0x1390
[  933.196395][T15990]  exc_page_fault+0x68/0x110
[  933.200976][T15990]  asm_exc_page_fault+0x26/0x30
[  933.205812][T15990] RIP: 0010:rep_movs_alternative+0xf/0x90
[  933.211519][T15990] Code: c4 10 c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e
[  933.231108][T15990] RSP: 0018:ffffc9000458f998 EFLAGS: 00050202
[  933.237170][T15990] RAX: 00007ffffffff001 RBX: 0000000000000001 RCX: 0000000000000001
[  933.245142][T15990] RDX: 0000000000000001 RSI: 0000200000001df4 RDI: ffff88804efd6b34
[  933.253112][T15990] RBP: 000000000000d4cc R08: ffff88804efd6b34 R09: 1ffff11009dfad66
[  933.261071][T15990] R10: dffffc0000000000 R11: ffffed1009dfad67 R12: 0000000000000000
[  933.269045][T15990] R13: 0000000000000001 R14: ffff88804efd6b34 R15: 0000200000001df4
[  933.277007][T15990]  _copy_from_user+0x7a/0xb0
[  933.281590][T15990]  snd_rawmidi_kernel_write1+0x3ab/0x650
[  933.287221][T15990]  snd_rawmidi_write+0x5ad/0xbd0
[  933.292148][T15990]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  933.297594][T15990]  ? __pfx_default_wake_function+0x10/0x10
[  933.303395][T15990]  ? __import_iovec+0x40e/0x7f0
[  933.308243][T15990]  ? bpf_lsm_file_permission+0x9/0x20
[  933.313606][T15990]  ? security_file_permission+0x75/0x290
[  933.319224][T15990]  ? rw_verify_area+0x258/0x650
[  933.324064][T15990]  vfs_writev+0x4a2/0x9a0
[  933.328378][T15990]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  933.333820][T15990]  ? __pfx_vfs_writev+0x10/0x10
[  933.338659][T15990]  ? __fget_files+0x2a/0x420
[  933.343245][T15990]  ? __fget_files+0x3a0/0x420
[  933.347920][T15990]  ? __fget_files+0x2a/0x420
[  933.352510][T15990]  do_writev+0x14d/0x2d0
[  933.356758][T15990]  ? __pfx_do_writev+0x10/0x10
[  933.361532][T15990]  ? do_syscall_64+0xba/0x210
[  933.366210][T15990]  do_syscall_64+0xf6/0x210
[  933.370699][T15990]  ? clear_bhb_loop+0x45/0xa0
[  933.375363][T15990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  933.381239][T15990] RIP: 0033:0x7f076758e969
[  933.385646][T15990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  933.405237][T15990] RSP: 002b:00007f07684d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  933.413637][T15990] RAX: ffffffffffffffda RBX: 00007f07677b5fa0 RCX: 00007f076758e969
[  933.421597][T15990] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000009
[  933.429568][T15990] RBP: 00007f0767610ab1 R08: 0000000000000000 R09: 0000000000000000
[  933.437526][T15990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  933.445485][T15990] R13: 0000000000000000 R14: 00007f07677b5fa0 R15: 00007ffee4bfdd98
[  933.453449][T15990]  </TASK>
[  933.456466][T15990] Modules linked in:
[  933.462457][T15990] ---[ end trace 0000000000000000 ]---
[  933.467933][T15990] RIP: 0010:filemap_fault+0x1181/0x1200
[  933.473519][T15990] Code: 38 c1 0f 8c 8e fc ff ff 4c 89 e7 e8 79 64 28 00 e9 81 fc ff ff e8 3f 95 c8 ff 48 89 df 48 c7 c6 40 04 74 8b e8 50 a6 0d 00 90 <0f> 0b e8 28 95 c8 ff 48 8b 3c 24 48 c7 c6 c0 0a 74 8b e8 38 a6 0d
[  933.493182][T15990] RSP: 0018:ffffc9000458f3e0 EFLAGS: 00010246
[  933.499278][T15990] RAX: 73ba97f5097a5900 RBX: ffffea000174d980 RCX: 73ba97f5097a5900
[  933.507269][T15990] RDX: 0000000000000000 RSI: ffffffff8d91f812 RDI: ffff88802f13bc00
[  933.515282][T15990] RBP: ffffc9000458f518 R08: 0000000000000003 R09: 0000000000000004
[  933.523294][T15990] R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: dffffc0000000000
[  933.531297][T15990] R13: 1ffffd40002e9b31 R14: ffffea000174d998 R15: ffffea000174d988
[  933.539309][T15990] FS:  00007f07684d86c0(0000) GS:ffff888126202000(0000) knlGS:0000000000000000
[  933.548334][T15990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  933.554952][T15990] CR2: 0000200000001df4 CR3: 000000007ac0e000 CR4: 00000000003526f0
[  933.562959][T15990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  933.570960][T15990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  933.578973][T15990] Kernel panic - not syncing: Fatal exception
[  933.585321][T15990] Kernel Offset: disabled
[  933.589638][T15990] Rebooting in 86400 seconds..