last executing test programs:

13.299980173s ago: executing program 0 (id=3776):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x68}}, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

12.394109551s ago: executing program 0 (id=3779):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, 0x0, 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r2, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000580)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x01\x00\x00\x80h\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\x89\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\'.\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0xc)
lseek(r3, 0xfffffffffffffffe, 0x4)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0xe})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x5, 0x2000000000004, 0x1000000000000002, 0x102000000000002, 0x9, 0x2004c8, 0xffff, 0x2, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x4, 0x2000000000000003, 0x5], 0x80a0000, 0x40000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0x5}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000004c0)={'vlan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x1, 0x5, 0x9, 0xa32, 0xd8, 0x9, 0xa, 0x40, 0x9, 0x4, 0x8, 0x9, 0x0, 0x64, 0x10, 0x5, [0x7]}})
ioctl$NILFS_IOCTL_GET_SUSTAT(r0, 0x80306e85, &(0x7f0000000000))
sendmmsg$inet6(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)="58d8e764d9487be91c14b3489aaf78c3e8b191ea9bb17d23cde598c4b97ebfa415164f99a216f9baa1cb04ffa0ddaaf6a8a5ca01dfbb96de2771ce5b4c59e5dc796627", 0x43}, {&(0x7f0000000280)="8a4c20fde6b17d2e137e87ab0ab3941529888fb2653b93412d7437a565d8d709c6bec15b7017c964eb7630230d24489c9d0fc7b1e48c1337d4557f670bf0157ed86cb92e08ee6a00bda8c13b17716dd24a08f043e7c6b972402c1ffa054831958a982d1a7743306e632eb214ce24305f5dd7749e537a2650e9d7ad55538194c62b968d0ce682a51de7b872e1858486c6943405c36c0d9598f51bca8ce2c09530c90a35afca36b53d3864a2d3319a63", 0xaf}, {&(0x7f0000000340)="ef3a011786849eb33d6f97d60a54a48c4cbea855b8b663a3db4d0f884a7b347f5e843d46c6d2725e5b50976d4134ccaf6816b79c84c727e807ac2289310df99cb0d71985b8409832f4a88129dfbda80c7a93c9e53ccc83eaee9228089fb0f859915b655864cf1f46e0c280dee1d38c2156e7c5c87b331e3d6847de2d29c2f0b7908745f9935506d8bb80a84254432bfaf9c47f71c85581f65ce2c6ffefe170f3de8502dcf5d9", 0xa6}], 0x3}}], 0x1, 0x4c144)

11.380329143s ago: executing program 1 (id=3781):
sched_getparam(0x0, &(0x7f0000000000))
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x400)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
openat$ttynull(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080))
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000000d14000827bd7000fbdbdf25"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)

9.323760537s ago: executing program 0 (id=3784):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00220f000000540b4550182195f57584b34070f43fdfcd165006791b35"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004}, &(0x7f0000bbdffc))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

9.276190579s ago: executing program 1 (id=3785):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{}, [{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x80003}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x4c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0xe8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB='!\x00\x00\x00\x00\x00\x00\x00'], 0x48)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={0x34, r7, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

8.314855549s ago: executing program 1 (id=3788):
socket$rds(0x15, 0x5, 0x0)
r0 = openat$ttyS3(0xffffff9c, 0x0, 0x210100, 0x0)
syz_open_pts(r0, 0x81)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a7565aba55a87d2a251c295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507a0592c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd106926acb583ad63a4e7e1ca17c1b6aac63fefa9dcbe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0xa, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001c00070c2bbd70000000000002000000", @ANYRES32=r4, @ANYBLOB="4000100a14000100"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20024090)
socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0xffffffff, "5e5c3446aa0ecd604c893eba3198600b1891109654fe9676d14574be70b6225c", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f00000000c0)={"ff87c89d4e3e6bd4ae7ee3551b880c0ac56cb2a58b7da498a7045278c8043bbe", r6})

8.243641121s ago: executing program 3 (id=3789):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x44}, 0x28)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x8108}, {0xffffffffffffffff, 0x441}], 0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x40004, 0x1})
preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="d800000019008111e0020f060d8107040a60090000020000000455a1bc00090008000699e3ffffff140005000800000006000567b8b7b940020000090c0016060000000000000074d67f6f9400f7d1d9bbe94fa27100a00774cf93adbb50877c98eba68ff29aa2f7617f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a15007000000000000dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd442", 0xd8}], 0x1}, 0x0)

7.791500966s ago: executing program 1 (id=3790):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, 0x0, &(0x7f0000001400)='syzkaller\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0x108, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffcd, 0xffffffffffffff2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

7.64830565s ago: executing program 1 (id=3791):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, 0x0, 0x0)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x46ac01, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
mount(&(0x7f00000001c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ext2\x00', 0x21000d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
syz_clone(0x23100000, 0x0, 0x0, 0x0, 0x0, 0x0)

7.392370718s ago: executing program 2 (id=3792):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, 0x0, 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
read$FUSE(r2, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000580)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x01\x00\x00\x80h\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\x89\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\'.\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0xc)
lseek(r3, 0xfffffffffffffffe, 0x4)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0xe})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x5, 0x2000000000004, 0x1000000000000002, 0x102000000000002, 0x9, 0x2004c8, 0xffff, 0x2, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x4, 0x2000000000000003, 0x5], 0x80a0000, 0x40000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0x5}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000004c0)={'vlan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x1, 0x5, 0x9, 0xa32, 0xd8, 0x9, 0xa, 0x40, 0x9, 0x4, 0x8, 0x9, 0x0, 0x64, 0x10, 0x5, [0x7]}})
ioctl$NILFS_IOCTL_GET_SUSTAT(r0, 0x80306e85, &(0x7f0000000000))
sendmmsg$inet6(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)="58d8e764d9487be91c14b3489aaf78c3e8b191ea9bb17d23cde598c4b97ebfa415164f99a216f9baa1cb04ffa0ddaaf6a8a5ca01dfbb96de2771ce5b4c59e5dc796627", 0x43}, {&(0x7f0000000280)="8a4c20fde6b17d2e137e87ab0ab3941529888fb2653b93412d7437a565d8d709c6bec15b7017c964eb7630230d24489c9d0fc7b1e48c1337d4557f670bf0157ed86cb92e08ee6a00bda8c13b17716dd24a08f043e7c6b972402c1ffa054831958a982d1a7743306e632eb214ce24305f5dd7749e537a2650e9d7ad55538194c62b968d0ce682a51de7b872e1858486c6943405c36c0d9598f51bca8ce2c09530c90a35afca36b53d3864a2d3319a63", 0xaf}, {&(0x7f0000000340)="ef3a011786849eb33d6f97d60a54a48c4cbea855b8b663a3db4d0f884a7b347f5e843d46c6d2725e5b50976d4134ccaf6816b79c84c727e807ac2289310df99cb0d71985b8409832f4a88129dfbda80c7a93c9e53ccc83eaee9228089fb0f859915b655864cf1f46e0c280dee1d38c2156e7c5c87b331e3d6847de2d29c2f0b7908745f9935506d8bb80a84254432bfaf9c47f71c85581f65ce2c6ffefe170f3de8502dcf5d9", 0xa6}], 0x3}}], 0x1, 0x4c144)

6.974758291s ago: executing program 3 (id=3793):
sched_getparam(0x0, &(0x7f0000000000))
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x400)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
openat$ttynull(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080))
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000000d14000827bd7000fbdbdf25"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)

6.212170835s ago: executing program 0 (id=3794):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom$l2tp6(r0, 0x0, 0x0, 0x2043, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$netlink(0x10, 0x3, 0xc)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)

5.246815795s ago: executing program 3 (id=3795):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x6568, 0x4)
recvmmsg(r0, &(0x7f0000009c00)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x102, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="030000ffffffffffffffff000000000000000000bb990b2f727792deff785783db50aa9fd7f5eea710df83e0d4383c62111ee4539c8092b464f45257f064451b2481baaca5ad1fa56ec660abf6164a9e0fd732af676d067925fce5ecafdd69ee1196f7c28edc3329ce9bee38e24895cd5e3d7216674548d705cc9b52a17e02295d547b4786c32e565c4a9c23740c1e63195b", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
syz_open_dev$vim2m(0x0, 0x47b, 0x2)
r3 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r3, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000000)={<r6=>0xffffffffffffffff, 0x7, 0x0, 0x3})
close_range(r6, r4, 0x0)

5.023794382s ago: executing program 2 (id=3796):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c000280080001", @ANYRES32=r1], 0x78}}, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000180)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1, 0x0, 0x16}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x30, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010103, @dev={0xac, 0x14, 0x14, 0x13}}, {0x4e24, 0x4e20, 0x1c, 0x0, @opaque="72e026eef674ec3c50717231e54dc5d627fb1492"}}}, 0x3e)

4.178979449s ago: executing program 3 (id=3797):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{}, [{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x80003}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x4c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0xe8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB='!\x00\x00\x00\x00\x00\x00\x00'], 0x48)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={0x34, r7, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

3.152926321s ago: executing program 3 (id=3798):
socket$rds(0x15, 0x5, 0x0)
r0 = openat$ttyS3(0xffffff9c, 0x0, 0x210100, 0x0)
syz_open_pts(r0, 0x81)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a7565aba55a87d2a251c295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507a0592c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd106926acb583ad63a4e7e1ca17c1b6aac63fefa9dcbe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0xa, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001c00070c2bbd70000000000002000000", @ANYRES32=r4, @ANYBLOB="4000100a14000100"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20024090)
socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0xffffffff, "5e5c3446aa0ecd604c893eba3198600b1891109654fe9676d14574be70b6225c", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f00000000c0)={"ff87c89d4e3e6bd4ae7ee3551b880c0ac56cb2a58b7da498a7045278c8043bbe", r6})

3.033257494s ago: executing program 2 (id=3799):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, 0x0, &(0x7f0000001400)='syzkaller\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r2, 0x108, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffcd, 0xffffffffffffff2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

2.922829528s ago: executing program 1 (id=3800):
symlink(&(0x7f0000002bc0)='./file0/file0\x00', &(0x7f0000002c00)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x2c)
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000002c0)={0x84, @broadcast, 0x4e21, 0x3, 'lblcr\x00', 0x11, 0x10000004, 0x8}, 0x2c)
r2 = socket$kcm(0xa, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x18, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r4 = socket$inet6(0xa, 0x2, 0x2)
setsockopt$inet6_int(r4, 0x29, 0x3a, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r5=>0x0})
r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x2ffe, 0x2)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r7, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x18, 0x40, 0x8, 0x70bd2b, 0x25dfdbfe, {0x4, 0x7c}, [@nested={0x4, 0xb}]}, 0x18}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1)
syz_emit_ethernet(0x3b6, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x2000000000000040, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

2.384223655s ago: executing program 2 (id=3801):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x44}, 0x28)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x8108}, {0xffffffffffffffff, 0x441}], 0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x40004, 0x1})
preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="d800000019008111e0020f060d8107040a60090000020000000455a1bc00090008000699e3ffffff140005000800000006000567b8b7b940020000090c0016060000000000000074d67f6f9400f7d1d9bbe94fa27100a00774cf93adbb50877c98eba68ff29aa2f7617f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a15007000000000000dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd442", 0xd8}], 0x1}, 0x0)

2.375836215s ago: executing program 3 (id=3802):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00220f000000540b4550182195f57584b34070f43fdfcd165006791b35"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004}, &(0x7f0000bbdffc))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

1.495289713s ago: executing program 2 (id=3803):
sched_getparam(0x0, &(0x7f0000000000))
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x400)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
openat$ttynull(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080))
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000000d14000827bd7000fbdbdf25"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)

899.767001ms ago: executing program 0 (id=3804):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, 0x0, 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x41, 0x0)
r2 = memfd_create(&(0x7f0000000580)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x01\x00\x00\x80h\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\x89\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\'.\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0xc)
lseek(r2, 0xfffffffffffffffe, 0x4)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0xe})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x5, 0x2000000000004, 0x1000000000000002, 0x102000000000002, 0x9, 0x2004c8, 0xffff, 0x2, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x4, 0x2000000000000003, 0x5], 0x80a0000, 0x40000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0x5}], 0x1, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000004c0)={'vlan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x1, 0x5, 0x9, 0xa32, 0xd8, 0x9, 0xa, 0x40, 0x9, 0x4, 0x8, 0x9, 0x0, 0x64, 0x10, 0x5, [0x7]}})
ioctl$NILFS_IOCTL_GET_SUSTAT(r0, 0x80306e85, &(0x7f0000000000))
sendmmsg$inet6(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000180)="58d8e764d9487be91c14b3489aaf78c3e8b191ea9bb17d23cde598c4b97ebfa415164f99a216f9baa1cb04ffa0ddaaf6a8a5ca01dfbb96de2771ce5b4c59e5dc796627", 0x43}, {&(0x7f0000000280)="8a4c20fde6b17d2e137e87ab0ab3941529888fb2653b93412d7437a565d8d709c6bec15b7017c964eb7630230d24489c9d0fc7b1e48c1337d4557f670bf0157ed86cb92e08ee6a00bda8c13b17716dd24a08f043e7c6b972402c1ffa054831958a982d1a7743306e632eb214ce24305f5dd7749e537a2650e9d7ad55538194c62b968d0ce682a51de7b872e1858486c6943405c36c0d9598f51bca8ce2c09530c90a35afca36b53d3864a2d3319a63", 0xaf}, {&(0x7f0000000340)="ef3a011786849eb33d6f97d60a54a48c4cbea855b8b663a3db4d0f884a7b347f5e843d46c6d2725e5b50976d4134ccaf6816b79c84c727e807ac2289310df99cb0d71985b8409832f4a88129dfbda80c7a93c9e53ccc83eaee9228089fb0f859915b655864cf1f46e0c280dee1d38c2156e7c5c87b331e3d6847de2d29c2f0b7908745f9935506d8bb80a84254432bfaf9c47f71c85581f65ce2c6ffefe170f3de8502dcf5d9", 0xa6}], 0x3}}], 0x1, 0x4c144)

74.472077ms ago: executing program 2 (id=3805):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x6568, 0x4)
recvmmsg(r0, &(0x7f0000009c00)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x102, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="030000ffffffffffffffff000000000000000000bb990b2f727792deff785783db50aa9fd7f5eea710df83e0d4383c62111ee4539c8092b464f45257f064451b2481baaca5ad1fa56ec660abf6164a9e0fd732af676d067925fce5ecafdd69ee1196f7c28edc3329ce9bee38e24895cd5e3d7216674548d705cc9b52a17e02295d547b4786c32e565c4a9c23740c1e63195b", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
syz_open_dev$vim2m(0x0, 0x47b, 0x2)
r3 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r3, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000000)={<r6=>0xffffffffffffffff, 0x7, 0x0, 0x3})
close_range(r6, r4, 0x0)

0s ago: executing program 0 (id=3806):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{}, [{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x80003}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}], [{}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x4c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}]}], {0x14}}, 0xe8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB='!\x00\x00\x00\x00\x00\x00\x00'], 0x48)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={0x34, r7, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

kernel console output (not intermixed with test programs):

l be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.455309][T13893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.673006][T13893] hsr_slave_0: entered promiscuous mode
[  743.679348][T13893] hsr_slave_1: entered promiscuous mode
[  743.687014][T13893] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  743.695360][T13893] Cannot create hsr debugfs directory
[  743.731255][T13961] 9pnet_fd: Insufficient options for proto=fd
[  744.613336][ T5784] Bluetooth: hci0: command tx timeout
[  744.819743][T13983] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[13987] was attempted by "ci2-linux-6-6-kasan/syz-executor exec"[13983]
[  745.056460][T13972] bridge0: port 2(bridge_slave_1) entered disabled state
[  745.064260][T13972] bridge0: port 1(bridge_slave_0) entered disabled state
[  745.492245][T13972] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.552485][T13972] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.682603][T13998] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2540'.
[  745.875448][T14002] 9pnet_fd: Insufficient options for proto=fd
[  746.127417][T13972] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  746.139912][T13972] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  746.149500][T13972] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  746.158655][T13972] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  746.300599][T13970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2537'.
[  746.370156][T14004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2543'.
[  746.379222][T14004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2543'.
[  746.640510][T14014] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2548'.
[  746.693373][ T5784] Bluetooth: hci0: command tx timeout
[  746.811941][T14022] 9pnet_fd: Insufficient options for proto=fd
[  747.111930][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  747.120749][ T1279] lapb6 selects TX queue 0, but real number of TX queues is 0
[  747.245010][T14032] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2552'.
[  747.268374][T14046] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2553'.
[  747.277593][T14046] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2553'.
[  747.596950][T13893] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  747.613093][T13893] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  747.631707][T13893] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  747.677316][T14056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2556'.
[  747.699298][T13893] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  747.788336][ T1135] hsr_slave_0: left promiscuous mode
[  747.796258][ T1135] hsr_slave_1: left promiscuous mode
[  747.802394][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  747.816251][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  747.826324][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  747.837667][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  747.856173][ T1135] bridge_slave_1: left allmulticast mode
[  747.868204][ T1135] bridge_slave_1: left promiscuous mode
[  747.884244][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.907682][ T1135] bridge_slave_0: left allmulticast mode
[  747.921022][ T1135] bridge_slave_0: left promiscuous mode
[  747.937905][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state
[  748.102305][ T1135] veth1_macvtap: left promiscuous mode
[  748.109961][ T1135] veth0_macvtap: left promiscuous mode
[  748.122869][ T1135] veth1_vlan: left promiscuous mode
[  748.141154][ T1135] veth0_vlan: left promiscuous mode
[  748.151263][T14071] 9pnet_fd: Insufficient options for proto=fd
[  748.681882][ T1135] bond6 (unregistering): Released all slaves
[  748.773365][ T5784] Bluetooth: hci0: command tx timeout
[  749.078371][ T1135] bond5 (unregistering): Released all slaves
[  749.537818][ T1135] bond4 (unregistering): Released all slaves
[  749.671579][ T1135] bond3 (unregistering): Released all slaves
[  749.780872][ T1135] bond2 (unregistering): Released all slaves
[  749.889084][ T1135] bond1 (unregistering): Released all slaves
[  750.301433][ T1135] team0 (unregistering): Port device team_slave_1 removed
[  750.338840][ T1135] team0 (unregistering): Port device team_slave_0 removed
[  750.381942][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  750.424518][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  750.671139][ T1135] team0 (unregistering): Port device dummy0 removed
[  750.694869][ T1135] team0 (unregistering): Port device bond0 removed
[  750.723375][ T1135] bond0 (unregistering): Released all slaves
[  750.875217][T14068] syzkaller0: entered promiscuous mode
[  750.880860][T14068] syzkaller0: entered allmulticast mode
[  750.899958][T13887] lo speed is unknown, defaulting to 1000
[  750.904942][T14085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2561'.
[  751.051111][T14112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2564'.
[  751.221150][T14120] 9pnet_fd: Insufficient options for proto=fd
[  753.257935][T14137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2571'.
[  753.439330][T13893] 8021q: adding VLAN 0 to HW filter on device bond0
[  753.542340][T13893] 8021q: adding VLAN 0 to HW filter on device team0
[  754.025177][T10964] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.032305][T10964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  754.092592][T10964] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.099741][T10964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  754.182913][T13887] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  754.205998][T14156] 9pnet_fd: Insufficient options for proto=fd
[  754.253221][ T1135] IPVS: stop unused estimator thread 0...
[  754.375139][T13887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  754.416597][T13887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  754.439072][T13887] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  754.468852][T13887] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  754.504809][T13887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.563556][T13887] usb 3-1: config 0 descriptor??
[  754.811480][T13893] 8021q: adding VLAN 0 to HW filter on device batadv0
[  754.930395][T13893] veth0_vlan: entered promiscuous mode
[  754.970643][T13893] veth1_vlan: entered promiscuous mode
[  755.010342][T13893] veth0_macvtap: entered promiscuous mode
[  755.020133][T13887] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  755.035847][T14177] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2580'.
[  755.060261][T13887] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  755.079350][T13893] veth1_macvtap: entered promiscuous mode
[  755.132239][T13893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  755.161000][T13893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.188348][T13893] batman_adv: batadv0: Interface activated: batadv_slave_0
[  755.206529][T13893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.217338][T13893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.236982][T13893] batman_adv: batadv0: Interface activated: batadv_slave_1
[  755.295887][T13893] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  755.325621][T13893] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  755.341207][T13893] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  755.350361][T13893] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  755.386898][T14186] syzkaller0: entered promiscuous mode
[  755.392401][T14186] syzkaller0: entered allmulticast mode
[  755.487252][T10960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  755.518989][T10960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.559968][T10962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  755.584633][T10962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.099813][T14193] 9pnet_fd: Insufficient options for proto=fd
[  757.169685][T14188] bridge0: port 2(bridge_slave_1) entered disabled state
[  757.177018][T14188] bridge0: port 1(bridge_slave_0) entered disabled state
[  757.583983][T13991] usb 3-1: USB disconnect, device number 34
[  758.587993][T14188] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  758.634985][T14188] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  759.016978][T14188] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  759.025917][T14188] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  759.035589][T14188] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  759.044697][T14188] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  759.202879][T14205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2588'.
[  759.360980][T14220] 9pnet_fd: Insufficient options for proto=fd
[  760.545632][T12462] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  760.554931][T12462] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  760.562799][T12462] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  760.571996][T12462] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  760.579841][T12462] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  760.597451][T12462] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  761.438560][T14232] chnl_net:caif_netlink_parms(): no params data found
[  761.542036][T14250] 9pnet_fd: Insufficient options for proto=fd
[  761.570607][T14232] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.585065][T14232] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.598285][T14232] bridge_slave_0: entered allmulticast mode
[  761.605895][T14232] bridge_slave_0: entered promiscuous mode
[  761.616391][T14232] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.624562][T14232] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.631798][T14232] bridge_slave_1: entered allmulticast mode
[  761.639548][T14232] bridge_slave_1: entered promiscuous mode
[  761.724086][T14232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  761.760762][T14232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  761.839184][T14232] team0: Port device team_slave_0 added
[  761.856230][T14232] team0: Port device team_slave_1 added
[  761.960580][T14232] batman_adv: batadv0: Adding interface: batadv_slave_0
[  761.973141][T14232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  762.007272][T14232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  762.039047][T14232] batman_adv: batadv0: Adding interface: batadv_slave_1
[  762.049142][T14232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  762.081378][T14232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  762.208967][T14232] hsr_slave_0: entered promiscuous mode
[  762.227905][T14232] hsr_slave_1: entered promiscuous mode
[  762.245148][T14232] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  762.262780][T14232] Cannot create hsr debugfs directory
[  762.692998][ T5784] Bluetooth: hci4: command tx timeout
[  763.301619][T14275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2605'.
[  763.311364][T14275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2605'.
[  764.652397][T14297] 9pnet_fd: Insufficient options for proto=fd
[  764.723242][T10966] bond0: (slave wlan1): Releasing backup interface
[  764.784644][ T5784] Bluetooth: hci4: command tx timeout
[  764.886219][T14302] random: crng reseeded on system resumption
[  766.883661][ T5784] Bluetooth: hci4: command tx timeout
[  767.602130][T14340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2615'.
[  767.698098][T14340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2615'.
[  767.908491][T10966] hsr_slave_0: left promiscuous mode
[  767.927928][T10966] hsr_slave_1: left promiscuous mode
[  767.946257][T10966] batman_adv: batadv0: Removing interface: batadv_slave_0
[  767.966681][T10966] batman_adv: batadv0: Removing interface: batadv_slave_1
[  767.987469][T10966] bridge_slave_1: left allmulticast mode
[  768.000550][T10966] bridge_slave_1: left promiscuous mode
[  768.021877][T10966] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.031169][T10966] bridge_slave_0: left allmulticast mode
[  768.039633][T10966] bridge_slave_0: left promiscuous mode
[  768.046924][T10966] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.308329][T14359] 9pnet_fd: Insufficient options for proto=fd
[  768.356656][T10966] bond4 (unregistering): Released all slaves
[  768.943128][ T5784] Bluetooth: hci4: command tx timeout
[  769.254951][T10966] bond3 (unregistering): Released all slaves
[  769.420326][T10966] bond2 (unregistering): Released all slaves
[  769.591925][T10966] bond1 (unregistering): Released all slaves
[  770.007930][T10966] team0 (unregistering): Port device team_slave_1 removed
[  770.050992][T10966] team0 (unregistering): Port device team_slave_0 removed
[  770.097226][T10966] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  770.137875][T10966] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  770.391267][T10966] team0 (unregistering): Port device dummy0 removed
[  770.415651][T10966] team0 (unregistering): Port device bond0 removed
[  770.444649][T10966] bond0 (unregistering): Released all slaves
[  770.580615][T14370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2624'.
[  771.096454][T14375] bridge0: port 2(bridge_slave_1) entered disabled state
[  771.104225][T14375] bridge0: port 1(bridge_slave_0) entered disabled state
[  771.266957][T14387] 9pnet_fd: Insufficient options for proto=fd
[  772.266288][T14375] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  772.344402][T14375] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  773.046060][T14375] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.073821][T14375] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.109046][T14375] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.149045][T14375] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  773.606669][T14232] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  773.788108][T14232] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  773.795052][T14401] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  773.936857][T14232] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  774.004969][T14401] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  774.069312][T14401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.180206][T14232] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  774.312265][T14401] usb 1-1: config 0 descriptor??
[  774.447361][T14232] 8021q: adding VLAN 0 to HW filter on device bond0
[  774.472573][T14232] 8021q: adding VLAN 0 to HW filter on device team0
[  774.475785][T10966] IPVS: stop unused estimator thread 0...
[  774.488661][T10964] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.495799][T10964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  774.575672][T10964] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.582892][T10964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  774.684889][T14410] batman_adv: batadv0: Removing interface: batadv_slave_0
[  774.711439][T14410] batman_adv: batadv0: Removing interface: batadv_slave_1
[  774.736215][T14428] syz.0.2635: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  774.749132][T14426] 9pnet_fd: Insufficient options for proto=fd
[  774.761233][T14428] CPU: 1 PID: 14428 Comm: syz.0.2635 Not tainted syzkaller #0
[  774.768733][T14428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  774.778859][T14428] Call Trace:
[  774.782247][T14428]  <TASK>
[  774.785261][T14428]  dump_stack_lvl+0x18c/0x250
[  774.790120][T14428]  ? show_regs_print_info+0x20/0x20
[  774.795403][T14428]  ? load_image+0x420/0x420
[  774.799978][T14428]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  774.806470][T14428]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  774.813012][T14428]  warn_alloc+0x246/0x340
[  774.817410][T14428]  ? zone_watermark_ok_safe+0x230/0x230
[  774.823025][T14428]  __vmalloc_node_range+0x126/0x1330
[  774.828356][T14428]  ? __mutex_trylock_common+0x159/0x260
[  774.833962][T14428]  ? mark_lock+0x94/0x320
[  774.838334][T14428]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  774.844358][T14428]  ? lock_chain_count+0x20/0x20
[  774.849251][T14428]  ? free_vm_area+0x50/0x50
[  774.853793][T14428]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  774.860083][T14428]  ? lockdep_hardirqs_on+0x98/0x150
[  774.865357][T14428]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  774.871558][T14428]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  774.877435][T14428]  vmalloc+0x79/0x90
[  774.881376][T14428]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  774.887227][T14428]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[  774.892907][T14428]  dvb_demux_do_ioctl+0x454/0x530
[  774.897975][T14428]  dvb_usercopy+0x195/0x2b0
[  774.902514][T14428]  ? dvb_dmxdev_buffer_read+0x4c0/0x4c0
[  774.908142][T14428]  ? dvb_generic_ioctl+0xb0/0xb0
[  774.913138][T14428]  ? dvb_demux_poll+0x220/0x220
[  774.918040][T14428]  dvb_demux_ioctl+0x29/0x30
[  774.922673][T14428]  __se_sys_ioctl+0xfd/0x170
[  774.927339][T14428]  do_syscall_64+0x55/0xa0
[  774.931780][T14428]  ? clear_bhb_loop+0x40/0x90
[  774.936578][T14428]  ? clear_bhb_loop+0x40/0x90
[  774.941304][T14428]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  774.947274][T14428] RIP: 0033:0x7f16abf9ce59
[  774.951761][T14428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  774.971437][T14428] RSP: 002b:00007f16acf1a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  774.979885][T14428] RAX: ffffffffffffffda RBX: 00007f16ac216090 RCX: 00007f16abf9ce59
[  774.987937][T14428] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000009
[  774.995941][T14428] RBP: 00007f16ac032d6f R08: 0000000000000000 R09: 0000000000000000
[  775.003942][T14428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  775.011941][T14428] R13: 00007f16ac216128 R14: 00007f16ac216090 R15: 00007ffdaedbe768
[  775.019964][T14428]  </TASK>
[  775.062259][T14428] Mem-Info:
[  775.069621][T14428] active_anon:9848 inactive_anon:0 isolated_anon:0
[  775.069621][T14428]  active_file:17617 inactive_file:40249 isolated_file:0
[  775.069621][T14428]  unevictable:768 dirty:147 writeback:0
[  775.069621][T14428]  slab_reclaimable:10499 slab_unreclaimable:90715
[  775.069621][T14428]  mapped:26195 shmem:2805 pagetables:626
[  775.069621][T14428]  sec_pagetables:0 bounce:0
[  775.069621][T14428]  kernel_misc_reclaimable:0
[  775.069621][T14428]  free:1343568 free_pcp:7081 free_cma:0
[  775.173692][T14428] Node 0 active_anon:41492kB inactive_anon:0kB active_file:70468kB inactive_file:160796kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106880kB dirty:584kB writeback:0kB shmem:11684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11532kB pagetables:2504kB sec_pagetables:0kB all_unreclaimable? no
[  775.264185][T14428] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  775.333045][T14428] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  775.379515][T14428] lowmem_reserve[]: 0 2521 2522 2522 2522
[  775.385745][T14428] Node 0 DMA32 free:1460752kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:45152kB inactive_anon:0kB active_file:70468kB inactive_file:159976kB unevictable:1536kB writepending:580kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:12860kB local_pcp:10628kB free_cma:0kB
[  775.445598][T14428] lowmem_reserve[]: 0 0 0 0 0
[  775.469967][T14428] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:4kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[  775.553516][T14428] lowmem_reserve[]: 0 0 0 0 0
[  775.591051][T14428] Node 1 Normal free:3892624kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:15872kB local_pcp:3872kB free_cma:0kB
[  775.712751][T14428] lowmem_reserve[]: 0 0 0 0 0
[  775.724252][T14428] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  775.779849][T14428] Node 0 DMA32: 567*4kB (UME) 233*8kB (UME) 74*16kB (U) 531*32kB (UME) 346*64kB (UM) 272*128kB (UME) 97*256kB (UME) 48*512kB (UME) 28*1024kB (UME) 12*2048kB (UM) 310*4096kB (M) = 1451684kB
[  775.855108][T14428] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  775.906494][T14232] 8021q: adding VLAN 0 to HW filter on device batadv0
[  775.922691][T14428] Node 1 Normal: 256*4kB (U) 48*8kB (UE) 59*16kB (UE) 185*32kB (UE) 61*64kB (UME) 12*128kB (UM) 2*256kB (UE) 1*512kB (M) 1*1024kB (E) 1*2048kB (E) 946*4096kB (M) = 3892624kB
[  776.002039][T14428] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  776.041195][T14428] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  776.140099][T14232] veth0_vlan: entered promiscuous mode
[  776.145803][T14428] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  776.197165][T14428] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  776.212509][T14232] veth1_vlan: entered promiscuous mode
[  776.242732][T14428] 59249 total pagecache pages
[  776.247541][T14428] 0 pages in swap cache
[  776.273959][T14428] Free swap  = 124352kB
[  776.296468][T14428] Total swap = 124996kB
[  776.314473][T14428] 2097051 pages RAM
[  776.318414][T14428] 0 pages HighMem/MovableOnly
[  776.327393][T14232] veth0_macvtap: entered promiscuous mode
[  776.353494][T14428] 416927 pages reserved
[  776.363087][T14428] 0 pages cma reserved
[  776.409335][T14232] veth1_macvtap: entered promiscuous mode
[  776.426254][T14401] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  776.468196][T14401] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  776.517485][T14401] [drm:udl_init] *ERROR* Selecting channel failed
[  776.532148][T14232] batman_adv: batadv0: Interface activated: batadv_slave_0
[  776.568079][T14232] batman_adv: batadv0: Interface activated: batadv_slave_1
[  776.606344][T14401] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2
[  776.619478][T14232] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  776.630946][T14401] [drm] Initialized udl on minor 2
[  776.654307][T14232] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  776.677309][T14401] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  776.692838][T14232] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  776.722050][T14401] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  776.732189][T14232] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  776.755408][T14402] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  776.772417][T14401] usb 1-1: USB disconnect, device number 38
[  776.786170][T14402] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  776.934366][T14453] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  777.017407][  T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  777.047746][  T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.074023][T14462] syzkaller0: entered promiscuous mode
[  777.084499][T14462] syzkaller0: entered allmulticast mode
[  777.179946][T10957] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  777.188525][T10957] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.666133][T14401] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  777.907518][T14401] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  778.001726][T14401] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  778.037492][T14486] 9pnet_fd: Insufficient options for proto=fd
[  778.089914][T14401] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  778.216973][T14401] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  778.301953][T14401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.363978][T14401] usb 2-1: config 0 descriptor??
[  778.866772][T14401] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  779.043128][T14401] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  780.288683][T14401] usb 2-1: USB disconnect, device number 49
[  780.498824][T14508] fido_id[14508]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  780.613967][T14515] syzkaller0: entered promiscuous mode
[  780.620413][T14515] syzkaller0: entered allmulticast mode
[  780.947680][T14521] 9pnet_fd: Insufficient options for proto=fd
[  782.285099][T14523] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  782.313754][T13993] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  782.562009][T13993] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  782.595790][T13993] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  782.633760][T13993] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  782.644915][T13993] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.666181][T14531] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  782.723847][T13993] usb 4-1: Quirk or no altest; falling back to MIDI 1.0
[  782.938633][T14531] fuse: Unknown parameter 'fo<d'
[  783.029994][T14553] netlink: 'syz.1.2668': attribute type 10 has an invalid length.
[  783.246532][T13993] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  783.785390][T14531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  783.828213][T14531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  783.863340][T14553] team0: Port device dummy0 added
[  784.275400][T14531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  784.293037][T14531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  784.474639][T13993] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  784.496432][T13993] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  784.521856][T13993] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  784.535484][T13993] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  784.545504][T13993] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.552348][T14402] usb 4-1: USB disconnect, device number 21
[  784.568649][T13993] usb 3-1: config 0 descriptor??
[  784.998601][T13993] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[  785.027690][T13993] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  785.572761][T14569] usb usb9: usbfs: process 14569 (syz.0.2674) did not claim interface 37 before use
[  785.601384][T14569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2674'.
[  785.610694][T14401] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  785.802727][T14401] usb 4-1: Using ep0 maxpacket: 8
[  785.820735][T14401] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  785.832800][T14401] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  785.869459][T14401] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  785.922126][T14401] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  785.955587][T14401] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  785.995380][T14401] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  786.035201][T14401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.278666][T14401] usb 4-1: usb_control_msg returned -32
[  786.287793][T14401] usbtmc 4-1:16.0: can't read capabilities
[  786.380106][T14580] overlayfs: missing 'lowerdir'
[  786.459998][T13993] usb 3-1: reset high-speed USB device number 35 using dummy_hcd
[  786.617305][T14578] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  788.548859][T14402] usb 4-1: USB disconnect, device number 22
[  788.822744][T13993] usb 3-1: device descriptor read/64, error -71
[  788.912809][T14401] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  789.042444][T14616] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  789.102757][T13993] usb 3-1: reset high-speed USB device number 35 using dummy_hcd
[  789.128042][T14401] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  789.142314][T14401] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.152141][T14401] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  789.168479][T14401] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  789.178818][T14401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.192127][T14401] usb 1-1: config 0 descriptor??
[  789.296260][T13993] usb 3-1: device firmware changed
[  789.309045][ T5902] usb 3-1: USB disconnect, device number 35
[  789.472737][ T5902] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  789.618619][T14401] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving
[  789.630039][T14401] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  789.674699][ T5902] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  789.712852][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  789.741822][ T5902] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  789.776925][ T5902] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  789.788013][T14624] syz.1.2695: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  789.802734][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.819976][T14624] CPU: 0 PID: 14624 Comm: syz.1.2695 Not tainted syzkaller #0
[  789.827476][T14624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  789.837567][T14624] Call Trace:
[  789.840873][T14624]  <TASK>
[  789.843830][T14624]  dump_stack_lvl+0x18c/0x250
[  789.845937][ T5902] usb 3-1: config 0 descriptor??
[  789.848544][T14624]  ? show_regs_print_info+0x20/0x20
[  789.858703][T14624]  ? load_image+0x420/0x420
[  789.863255][T14624]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  789.869717][T14624]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  789.876256][T14624]  warn_alloc+0x246/0x340
[  789.880631][T14624]  ? stack_trace_save+0xaa/0x100
[  789.885647][T14624]  ? zone_watermark_ok_safe+0x230/0x230
[  789.891251][T14624]  ? kasan_set_track+0x5f/0x70
[  789.896114][T14624]  ? kasan_set_track+0x4e/0x70
[  789.900910][T14624]  ? __kasan_kmalloc+0x8f/0xa0
[  789.905728][T14624]  ? xsk_init_queue+0xad/0x100
[  789.910601][T14624]  ? xsk_setsockopt+0x42e/0x760
[  789.915493][T14624]  ? do_sock_setsockopt+0x175/0x1a0
[  789.920787][T14624]  ? __x64_sys_setsockopt+0x182/0x200
[  789.926194][T14624]  __vmalloc_node_range+0x126/0x1330
[  789.931550][T14624]  ? free_vm_area+0x50/0x50
[  789.936114][T14624]  vmalloc_user+0x74/0x80
[  789.940494][T14624]  ? xskq_create+0xbf/0x170
[  789.945037][T14624]  xskq_create+0xbf/0x170
[  789.949414][T14624]  xsk_init_queue+0xad/0x100
[  789.954050][T14624]  xsk_setsockopt+0x42e/0x760
[  789.958770][T14624]  ? xsk_poll+0x680/0x680
[  789.963145][T14624]  ? __fget_files+0x28/0x4b0
[  789.967788][T14624]  ? __fget_files+0x28/0x4b0
[  789.972435][T14624]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  789.978040][T14624]  ? security_socket_setsockopt+0x7e/0xa0
[  789.983824][T14624]  ? xsk_poll+0x680/0x680
[  789.988204][T14624]  do_sock_setsockopt+0x175/0x1a0
[  789.993269][T14624]  ? __fdget+0x180/0x210
[  789.997561][T14624]  __x64_sys_setsockopt+0x182/0x200
[  790.002810][T14624]  do_syscall_64+0x55/0xa0
[  790.007253][T14624]  ? clear_bhb_loop+0x40/0x90
[  790.011990][T14624]  ? clear_bhb_loop+0x40/0x90
[  790.016705][T14624]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  790.022629][T14624] RIP: 0033:0x7fd299d9ce59
[  790.027072][T14624] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  790.046715][T14624] RSP: 002b:00007fd29ac71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  790.055171][T14624] RAX: ffffffffffffffda RBX: 00007fd29a015fa0 RCX: 00007fd299d9ce59
[  790.063194][T14624] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[  790.071185][T14624] RBP: 00007fd299e32d6f R08: 0000000000000004 R09: 0000000000000000
[  790.079176][T14624] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  790.087159][T14624] R13: 00007fd29a016038 R14: 00007fd29a015fa0 R15: 00007ffcd95de948
[  790.095161][T14624]  </TASK>
[  790.106436][ T5902] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  790.116626][T14401] usb 1-1: USB disconnect, device number 39
[  790.145643][T14624] Mem-Info:
[  790.151194][T14624] active_anon:30565 inactive_anon:0 isolated_anon:0
[  790.151194][T14624]  active_file:17617 inactive_file:40256 isolated_file:0
[  790.151194][T14624]  unevictable:768 dirty:99 writeback:0
[  790.151194][T14624]  slab_reclaimable:10545 slab_unreclaimable:92331
[  790.151194][T14624]  mapped:27653 shmem:23523 pagetables:625
[  790.151194][T14624]  sec_pagetables:0 bounce:0
[  790.151194][T14624]  kernel_misc_reclaimable:0
[  790.151194][T14624]  free:1313165 free_pcp:14151 free_cma:0
[  790.202214][T14624] Node 0 active_anon:122260kB inactive_anon:0kB active_file:70468kB inactive_file:160824kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:110612kB dirty:396kB writeback:0kB shmem:92556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11584kB pagetables:2500kB sec_pagetables:0kB all_unreclaimable? no
[  790.318408][T14402] usb 3-1: USB disconnect, device number 36
[  790.349060][T14632] batman_adv: batadv0: Adding interface: gretap1
[  790.375990][T14624] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  790.383343][T14632] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  790.432220][T14624] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  790.439704][T14632] batman_adv: batadv0: Interface activated: gretap1
[  790.469055][T14624] lowmem_reserve[]: 0 2521 2522 2522 2522
[  790.475859][T14624] Node 0 DMA32 free:1367364kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:104020kB inactive_anon:0kB active_file:70468kB inactive_file:160004kB unevictable:1536kB writepending:396kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:37932kB local_pcp:19628kB free_cma:0kB
[  790.507618][T14624] lowmem_reserve[]: 0 0 0 0 0
[  790.512522][T14624] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[  790.546413][T14624] lowmem_reserve[]: 0 0 0 0 0
[  790.552099][T14624] Node 1 Normal free:3892880kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:15616kB local_pcp:12000kB free_cma:0kB
[  790.583401][T14624] lowmem_reserve[]: 0 0 0 0 0
[  790.588341][T14624] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  790.602382][T14624] Node 0 DMA32: 1154*4kB (UME) 379*8kB (UME) 354*16kB (UME) 275*32kB (UME) 137*64kB (UME) 115*128kB (UME) 19*256kB (UME) 18*512kB (UME) 26*1024kB (UME) 7*2048kB (UM) 310*4096kB (M) = 1370400kB
[  790.642493][T14624] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  790.674483][T14624] Node 1 Normal: 256*4kB (U) 48*8kB (UE) 59*16kB (UE) 189*32kB (UE) 61*64kB (UME) 13*128kB (UM) 2*256kB (UE) 1*512kB (M) 1*1024kB (E) 1*2048kB (E) 946*4096kB (M) = 3892880kB
[  790.730357][T14624] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  790.752245][T14624] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  790.768503][T14624] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  790.778949][T14624] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  790.795159][T14624] 72994 total pagecache pages
[  790.799964][T14624] 0 pages in swap cache
[  790.812957][T14634] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  790.813965][T14624] Free swap  = 124352kB
[  790.826579][T14624] Total swap = 124996kB
[  790.830817][T14624] 2097051 pages RAM
[  790.835456][T14624] 0 pages HighMem/MovableOnly
[  790.842186][T14624] 416927 pages reserved
[  790.847338][T14624] 0 pages cma reserved
[  792.982859][ T5892] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  793.199929][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.232988][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.276937][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  793.334572][ T5892] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  793.366765][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.440340][T14666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2708'.
[  793.449530][T14666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2708'.
[  794.261377][ T5892] usb 1-1: config 0 descriptor??
[  794.436034][T14668] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  794.690296][ T5892] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[  794.720126][ T5892] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  794.987874][ T5892] usb 1-1: USB disconnect, device number 40
[  795.154364][T14674] binder: 14673:14674 ioctl c0306201 0 returned -14
[  795.186990][T14674] binder: 14673:14674 ioctl c0306201 200000000240 returned -11
[  796.022685][   T27] audit: type=1800 audit(1778960746.917:678): pid=14676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2712" name="file1" dev="overlay" ino=122 res=0 errno=0
[  796.241027][T14690] 9pnet_fd: Insufficient options for proto=fd
[  796.487628][T14694] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2718'.
[  796.497108][T14694] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2718'.
[  797.426029][T14698] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  797.504303][T14700] binder: 14699:14700 ioctl c0306201 0 returned -14
[  797.523218][T14700] binder: 14699:14700 ioctl c0306201 200000000240 returned -11
[  797.922688][T14407] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  798.113372][T14407] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.159796][T14407] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  798.191810][T14711] 9pnet_fd: Insufficient options for proto=fd
[  798.192724][T14407] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  798.356393][T14407] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  798.426637][T14407] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.623509][T14407] usb 4-1: config 0 descriptor??
[  798.930850][T14716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2727'.
[  798.940071][T14716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2727'.
[  799.267993][T14407] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving
[  799.598233][T14407] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  799.633398][T14407] usb 4-1: USB disconnect, device number 23
[  799.744674][T14721] fido_id[14721]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  800.031373][T14726] binder: 14725:14726 ioctl c0306201 0 returned -14
[  800.042351][T14726] binder: 14725:14726 ioctl c0306201 200000000240 returned -11
[  800.431876][T14734] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  801.263176][T14739] 9pnet_fd: Insufficient options for proto=fd
[  801.512929][T14749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2737'.
[  801.521986][T14749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2737'.
[  802.253008][T14747] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  802.481970][T14755] binder: 14754:14755 ioctl c0306201 200000000240 returned -11
[  803.036422][T14770] 9pnet_fd: Insufficient options for proto=fd
[  803.427362][T14777] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  804.227893][T14780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2746'.
[  804.237008][T14780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2746'.
[  804.605933][T14786] binder: 14783:14786 ioctl c0306201 200000000240 returned -11
[  804.855926][T14794] 9pnet_fd: Insufficient options for proto=fd
[  804.970447][T14796] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  805.946039][T14806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2757'.
[  805.956935][T14806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2757'.
[  806.729896][T14813] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  808.484175][T14820] netlink: 'syz.1.2761': attribute type 8 has an invalid length.
[  808.536358][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  808.610046][T14826] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  809.532854][T14825] binder: 14824:14825 ioctl c0306201 200000000240 returned -11
[  809.548376][T14832] 9pnet_fd: Insufficient options for proto=fd
[  810.355516][T14842] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2767'.
[  810.364868][T14842] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2767'.
[  811.083966][T14844] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input76
[  811.406671][T14850] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  814.001814][T14869] 9pnet_fd: Insufficient options for proto=fd
[  814.009142][T14871] binder: 14870:14871 ioctl c0306201 200000000240 returned -11
[  814.169475][T14875] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2777'.
[  814.178782][T14875] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2777'.
[  814.973583][T14880] fuse: Unknown parameter 'use00000000000000000000'
[  815.232911][T14884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2780'.
[  815.250080][T14884] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  818.199088][T14899] netlink: 'syz.3.2784': attribute type 1 has an invalid length.
[  818.334727][T14906] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  819.171785][T14899] 8021q: adding VLAN 0 to HW filter on device bond1
[  820.604728][T14907] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  820.634839][T14915] binder: 14914:14915 ioctl c0306201 200000000240 returned -11
[  820.652752][T14907] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  820.713638][T14917] 9pnet_fd: Insufficient options for proto=fd
[  820.722734][T14907] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  820.763027][T14907] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  820.797403][T14907] bond1: (slave geneve2): making interface the new active one
[  820.822093][T14907] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  820.927772][T14921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2788'.
[  820.937483][T14921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2788'.
[  822.069278][T14928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2791'.
[  822.090466][T14928] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  825.555230][T14946] binder: 14945:14946 ioctl c0306201 200000000240 returned -11
[  825.651654][T14952] 9pnet_fd: Insufficient options for proto=fd
[  825.848445][T14962] syzkaller0: entered promiscuous mode
[  825.854725][T14962] syzkaller0: entered allmulticast mode
[  828.977757][T14982] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2809'.
[  829.157198][T14984] 9pnet_fd: Insufficient options for proto=fd
[  829.518212][T14990] syzkaller0: entered promiscuous mode
[  829.523852][T14990] syzkaller0: entered allmulticast mode
[  833.997266][T15014] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2819'.
[  834.213117][T14401] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  834.227299][T15018] 9pnet_virtio: no channels available for device syz
[  834.422306][T14401] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[  834.437548][T14401] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  834.448998][T14401] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  834.463258][T14401] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  834.472519][T14401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.484085][T14401] usb 1-1: config 0 descriptor??
[  834.539766][T14401] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  836.115653][T15027] 9pnet_fd: Insufficient options for proto=fd
[  836.486324][T14401] usb 1-1: USB disconnect, device number 41
[  837.977964][T15047] 9pnet_fd: Insufficient options for proto=fd
[  838.361431][T15059] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2828'.
[  840.167696][T15076] 9pnet_fd: Insufficient options for proto=fd
[  840.327303][T15082] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2845'.
[  840.784187][ T5902] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  841.354483][ T5902] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  841.368304][ T5902] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  841.382541][ T5902] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  841.392165][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.401963][ T5902] usb 2-1: Product: syz
[  841.406670][ T5902] usb 2-1: Manufacturer: syz
[  841.411814][ T5902] usb 2-1: SerialNumber: syz
[  841.447407][ T5902] usb 2-1: config 0 descriptor??
[  841.462041][T15078] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  841.476200][T15078] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  841.500868][ T5902] usb 2-1: ucan: probing device on interface #0
[  841.511518][ T5902] usb 2-1: ucan: invalid EP count (1)
[  841.518552][ T5902] usb 2-1: ucan: probe failed; try to update the device firmware
[  842.070935][ T5902] IPVS: starting estimator thread 0...
[  842.182814][T15106] IPVS: using max 31 ests per chain, 74400 per kthread
[  842.365335][T15111] IPv6: addrconf: prefix option has invalid lifetime
[  844.420345][T15114] 9pnet_fd: Insufficient options for proto=fd
[  844.564194][T15118] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2855'.
[  845.368436][T13892] usb 2-1: USB disconnect, device number 50
[  845.542820][T15146] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2865'.
[  846.161839][T15171] 9pnet_virtio: no channels available for device syz
[  846.302743][T13892] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  846.524171][T13892] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  846.546080][T13892] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  846.577738][T13892] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  846.592872][T13892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.605944][T13892] usb 2-1: Product: syz
[  846.611848][T13892] usb 2-1: Manufacturer: syz
[  846.623318][T13892] usb 2-1: SerialNumber: syz
[  846.642304][T13892] usb 2-1: config 0 descriptor??
[  846.650627][T15166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  846.659181][T15166] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  846.674117][T13892] usb 2-1: ucan: probing device on interface #0
[  846.675492][T15174] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2876'.
[  846.690326][T13892] usb 2-1: ucan: invalid EP count (1)
[  846.696566][T13892] usb 2-1: ucan: probe failed; try to update the device firmware
[  847.342689][T14401] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  847.558966][T15190] IPv6: addrconf: prefix option has invalid lifetime
[  848.788958][T14401] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  849.381722][T14401] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  849.390845][T14401] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  849.399969][T14401] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.410712][T14401] usb 3-1: config 0 descriptor??
[  849.645366][T13993] usb 2-1: USB disconnect, device number 51
[  850.049311][T15202] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2885'.
[  850.238812][T15206] binder: 15204:15206 ioctl c0285840 200000000000 returned -22
[  850.270664][T15181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2878'.
[  851.325719][T15216] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2890'.
[  851.500129][T15216] syzkaller1: entered promiscuous mode
[  851.588632][T15216] syzkaller1: entered allmulticast mode
[  852.076817][T14401] usb 3-1: USB disconnect, device number 37
[  852.399046][T15228] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2894'.
[  852.683719][T15233] binder: 15231:15233 ioctl c0285840 200000000000 returned -22
[  856.165963][T15252] ceph: No mds server is up or the cluster is laggy
[  856.545288][T15265] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2904'.
[  856.592831][T15265] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2904'.
[  856.628581][T15268] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2905'.
[  856.644650][T15269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  856.713929][T15269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  856.733373][T15269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  856.760900][T15269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  856.807707][T15269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  858.912902][T15299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2916'.
[  858.950356][T15299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2916'.
[  859.182695][T14401] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  859.226195][T15309] syzkaller0: entered promiscuous mode
[  859.237668][T15309] syzkaller0: entered allmulticast mode
[  859.387554][T14401] usb 4-1: config 0 has no interfaces?
[  859.429309][T14401] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  859.481522][T14401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.575514][T14401] usb 4-1: config 0 descriptor??
[  860.009437][T14401] usb 4-1: USB disconnect, device number 24
[  860.417680][T15321] 9pnet_fd: Insufficient options for proto=fd
[  861.705109][T15335] bridge2: entered promiscuous mode
[  861.710514][T15335] bridge2: entered allmulticast mode
[  862.285241][T15337] tipc: Started in network mode
[  862.290362][T15337] tipc: Node identity 84e, cluster identity 4711
[  862.401329][T15337] tipc: Node number set to 2126
[  862.824448][T15341] syzkaller0: entered promiscuous mode
[  862.872704][T15341] syzkaller0: entered allmulticast mode
[  865.006627][   T27] audit: type=1800 audit(1778960815.927:679): pid=15357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2934" name="/" dev="fuse" ino=4 res=0 errno=0
[  865.128296][T15365] __nla_validate_parse: 3 callbacks suppressed
[  865.128336][T15365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2937'.
[  866.955420][T12462] Bluetooth: hci0: command 0x0406 tx timeout
[  867.360643][T15384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2946'.
[  867.369185][T15387] binder: 15385:15387 ioctl c0306201 0 returned -14
[  867.377631][T15387] binder: 15385:15387 ioctl c0306201 200000000240 returned -11
[  867.998159][T15400] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  869.538659][T15419] binder: 15418:15419 ioctl c0306201 200000000240 returned -11
[  869.567354][T15410] syzkaller0: entered promiscuous mode
[  869.587189][T15410] syzkaller0: entered allmulticast mode
[  869.678484][T15421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2956'.
[  869.977915][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  871.568018][T15447] binder: 15446:15447 ioctl c0306201 200000000240 returned -11
[  872.056168][T15453] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  873.044870][T15456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2968'.
[  874.077540][T15471] binder: 15470:15471 ioctl c0306201 200000000240 returned -11
[  874.392137][T15479] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2977'.
[  875.201262][T15486] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  876.328712][T15495] syzkaller0: entered promiscuous mode
[  876.366237][T15495] syzkaller0: entered allmulticast mode
[  876.555444][T15498] binder: 15497:15498 ioctl c0306201 200000000240 returned -11
[  877.027566][T15507] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input78
[  877.077115][T15510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2987'.
[  877.739191][T15506] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  877.773134][T15506] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  877.791945][T15506] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  877.811629][T15506] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  877.817865][T15506] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  877.967503][T15506] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  878.003080][T15531] binder: 15530:15531 ioctl c0306201 200000000240 returned -11
[  878.272835][ T5892] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  878.468893][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  878.500131][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  878.511710][T15540] ceph: No mds server is up or the cluster is laggy
[  879.092763][T12462] Bluetooth: hci1: command 0x0c1a tx timeout
[  879.234463][ T5892] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  879.245628][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.254506][ T5892] usb 4-1: Product: syz
[  879.261010][ T5892] usb 4-1: Manufacturer: syz
[  879.266132][ T5892] usb 4-1: SerialNumber: syz
[  879.298572][ T5892] usb 4-1: config 0 descriptor??
[  879.309010][T15505] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  879.316656][T15505] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  879.346860][ T5892] usb 4-1: ucan: probing device on interface #0
[  879.356325][ T5892] usb 4-1: ucan: invalid EP count (1)
[  879.366389][ T5892] usb 4-1: ucan: probe failed; try to update the device firmware
[  879.811264][T15562] binder: 15561:15562 ioctl c0306201 200000000240 returned -11
[  879.819990][ T5784] Bluetooth: hci0: command 0x0406 tx timeout
[  879.826312][T12462] Bluetooth: hci4: command 0x0c1a tx timeout
[  879.896254][T14401] IPVS: starting estimator thread 0...
[  880.002667][T15566] IPVS: using max 20 ests per chain, 48000 per kthread
[  880.718899][T15572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  880.862853][T15573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  880.986108][T15573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  881.103251][T15573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3005'.
[  881.323416][T14401] usb 4-1: USB disconnect, device number 25
[  881.892808][ T5784] Bluetooth: hci0: command 0x0406 tx timeout
[  881.898921][T12462] Bluetooth: hci4: command 0x0c1a tx timeout
[  882.184108][T15591] binder: BINDER_SET_CONTEXT_MGR already set
[  882.199375][T15591] binder: 15590:15591 ioctl 4018620d 200000000040 returned -16
[  882.233916][T15591] binder: 15590:15591 ioctl c0306201 0 returned -14
[  882.263168][T15591] binder: 15590:15591 ioctl c0306201 200000000240 returned -11
[  882.525071][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3014'.
[  882.573752][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3014'.
[  882.584193][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3014'.
[  882.604869][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3014'.
[  882.829661][T12462] Bluetooth: hci1: unexpected event for opcode 0x2024
[  883.322716][T14401] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  883.460404][T15619] netlink: 296 bytes leftover after parsing attributes in process `syz.3.3021'.
[  883.834258][T14401] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  883.884429][T14401] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  883.912411][T14401] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  883.948162][T14401] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.982940][T14401] usb 3-1: Product: syz
[  883.987141][T14401] usb 3-1: Manufacturer: syz
[  883.991817][T12462] Bluetooth: hci4: command 0x0c1a tx timeout
[  884.001945][T14401] usb 3-1: SerialNumber: syz
[  884.032877][T14401] usb 3-1: config 0 descriptor??
[  884.044935][T15606] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  884.052209][T15606] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  884.094234][T14401] usb 3-1: ucan: probing device on interface #0
[  884.121978][T14401] usb 3-1: ucan: invalid EP count (1)
[  884.148042][T14401] usb 3-1: ucan: probe failed; try to update the device firmware
[  884.663335][T14401] IPVS: starting estimator thread 0...
[  884.763000][T15631] IPVS: using max 19 ests per chain, 45600 per kthread
[  886.735766][T15637] binder: 15636:15637 ioctl c0306201 0 returned -14
[  886.743994][T15637] binder: 15636:15637 ioctl c0306201 200000000240 returned -11
[  886.767253][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  886.777653][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  886.787415][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  886.797261][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  886.806954][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  887.800514][T14401] usb 3-1: USB disconnect, device number 38
[  887.863421][T13993] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  888.064312][T13993] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  888.084939][T13993] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  888.108122][T13993] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  888.124804][T13993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  888.182959][T15652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  888.192239][T15659] ieee802154 phy1 wpan1: encryption failed: -22
[  888.211972][T13993] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  888.488920][T15652] fuse: Unknown parameter 'fo<d'
[  888.544938][T13993] usb 2-1: USB disconnect, device number 52
[  888.953272][T15674] binder: 15673:15674 ioctl c0306201 0 returned -14
[  888.971110][T15674] binder: 15673:15674 ioctl c0306201 200000000240 returned -11
[  889.758609][T15689] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  889.949167][T15692] ieee802154 phy1 wpan1: encryption failed: -22
[  890.733490][T15698] loop7: detected capacity change from 0 to 16384
[  891.904720][T15704] loop7: detected capacity change from 16384 to 0
[  892.132969][ T5902] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  892.141715][T15717] binder: 15716:15717 ioctl c0306201 200000000240 returned -11
[  892.402371][ T5902] usb 2-1: unable to get BOS descriptor or descriptor too short
[  892.428771][ T5902] usb 2-1: unable to read config index 0 descriptor/start: -71
[  892.438772][ T5902] usb 2-1: can't read configurations, error -71
[  892.963044][T14407] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  893.053465][T15726] ieee802154 phy1 wpan1: encryption failed: -22
[  893.164453][T14407] usb 3-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99
[  893.263507][T14407] usb 3-1: config 0 interface 0 has no altsetting 0
[  893.283262][T14407] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  893.293841][T14407] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  893.303319][T14407] usb 3-1: Product: syz
[  893.307606][T14407] usb 3-1: Manufacturer: syz
[  893.312305][T14407] usb 3-1: SerialNumber: syz
[  893.695424][T14407] usb 3-1: config 0 descriptor??
[  893.726520][T15720] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  893.826352][T14407] usb 3-1: selecting invalid altsetting 0
[  894.560445][T15749] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  894.749579][ T5902] usb 3-1: USB disconnect, device number 39
[  895.209051][T15755] binder: 15754:15755 ioctl c0306201 200000000240 returned -11
[  897.051862][T15770] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3071'.
[  897.060972][T15770] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3071'.
[  898.203253][T15787] binder: 15786:15787 ioctl c0306201 200000000240 returned -11
[  898.859295][T15804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3082'.
[  898.868399][T15804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3082'.
[  898.950766][T15803] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  900.983319][T15832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3091'.
[  900.992416][T15832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3091'.
[  901.249910][T15830] binder: 15829:15830 ioctl c0306201 200000000240 returned -11
[  902.314635][ T5902] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  902.447295][T15844] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  902.472810][ T5902] usb 3-1: device descriptor read/64, error -71
[  902.762668][ T5902] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  902.942689][ T5902] usb 3-1: device descriptor read/64, error -71
[  903.118326][ T5902] usb usb3-port1: attempt power cycle
[  903.336057][T15856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3101'.
[  903.345164][T15856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3101'.
[  904.118287][T15858] binder: 15857:15858 ioctl c0306201 200000000240 returned -11
[  904.322675][ T5902] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  904.354188][ T5902] usb 3-1: device descriptor read/8, error -71
[  904.383984][T15860] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  904.632746][ T5902] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  904.710471][ T5902] usb 3-1: device descriptor read/8, error -71
[  904.846135][ T5902] usb usb3-port1: unable to enumerate USB device
[  905.304662][T15875] syzkaller0: entered promiscuous mode
[  905.310208][T15875] syzkaller0: entered allmulticast mode
[  906.695969][T15894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3110'.
[  906.705101][T15894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3110'.
[  907.702924][T15898] binder: 15897:15898 ioctl c0306201 200000000240 returned -11
[  907.960844][T15907] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.982880][T10966] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.990160][T10966] bridge0: port 1(bridge_slave_0) entered forwarding state
[  907.997859][ T5902] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  908.162668][ T5902] usb 3-1: device descriptor read/64, error -71
[  908.350827][T15916] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  908.432662][ T5902] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  908.582679][ T5902] usb 3-1: device descriptor read/64, error -71
[  908.703461][ T5902] usb usb3-port1: attempt power cycle
[  909.116625][ T5902] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  909.163442][ T5902] usb 3-1: device descriptor read/8, error -71
[  909.225270][T15924] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3121'.
[  909.234967][T15924] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3121'.
[  910.152753][ T5902] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  910.201259][ T5902] usb 3-1: device descriptor read/8, error -71
[  910.333670][ T5902] usb usb3-port1: unable to enumerate USB device
[  911.500901][T15953] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3130'.
[  911.510060][T15953] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3130'.
[  912.717993][T15960] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  913.219280][T15965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3133'.
[  914.962684][ T5892] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  915.047573][T15986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3140'.
[  915.056785][T15986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3140'.
[  915.954700][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  915.967809][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  915.999265][ T5892] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  916.011078][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.021055][ T5892] usb 4-1: Product: syz
[  916.025652][ T5892] usb 4-1: Manufacturer: syz
[  916.030365][ T5892] usb 4-1: SerialNumber: syz
[  916.096604][ T5892] usb 4-1: config 0 descriptor??
[  916.102696][T15976] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  916.110503][T15976] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  916.131029][ T5892] usb 4-1: ucan: probing device on interface #0
[  916.139167][ T5892] usb 4-1: ucan: invalid EP count (1)
[  916.145092][ T5892] usb 4-1: ucan: probe failed; try to update the device firmware
[  916.329479][T15996] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.3143'.
[  919.863430][T14407] usb 4-1: USB disconnect, device number 26
[  919.959917][T16024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3149'.
[  919.969556][T16024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3149'.
[  921.115474][T16036] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  922.393994][T16045] binder_alloc: 16044: binder_alloc_buf, no vma
[  923.334853][T16054] syzkaller0: entered promiscuous mode
[  923.341765][T16054] syzkaller0: entered allmulticast mode
[  923.414463][T16053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3159'.
[  923.448616][T16053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3159'.
[  924.077896][T16074] binder_alloc: 16073: binder_alloc_buf, no vma
[  925.198258][T16088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3172'.
[  925.207421][T16088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3172'.
[  925.342741][T14407] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  926.055338][T14407] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  926.102625][T14407] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  926.135522][T14407] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  926.165917][T14407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.213094][T16083] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  926.223871][T14407] usb 1-1: Quirk or no altest; falling back to MIDI 1.0
[  926.549826][T16093] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.276626][T16083] fuse: Unknown parameter 'fo<d'
[  927.303018][T14401] usb 1-1: USB disconnect, device number 42
[  927.423609][T16093] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.656160][T16093] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.761756][T16102] netlink: 'syz.3.3178': attribute type 29 has an invalid length.
[  927.802348][T16093] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.816205][T16103] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  927.837528][T16102] netlink: 'syz.3.3178': attribute type 29 has an invalid length.
[  927.899859][T16104] netlink: 'syz.3.3178': attribute type 29 has an invalid length.
[  927.913882][T16102] netlink: 'syz.3.3178': attribute type 29 has an invalid length.
[  927.932006][T16102] netlink: 'syz.3.3178': attribute type 29 has an invalid length.
[  927.961146][T16107] binder_alloc: 16106: binder_alloc_buf, no vma
[  928.012529][T16093] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  928.095213][T16093] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  928.961335][T16093] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  928.981559][T16093] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  929.722699][T13993] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  929.793804][T16131] binder_alloc: 16130: binder_alloc_buf, no vma
[  929.945675][T13993] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  929.960878][T13993] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  929.981244][T13993] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  930.010103][T13993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.897195][T16122] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  930.927266][T13993] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  931.141018][T16122] fuse: Unknown parameter 'fo<d'
[  931.172493][T13993] usb 2-1: USB disconnect, device number 55
[  931.309839][T16147] overlayfs: missing 'lowerdir'
[  931.426436][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  931.549971][T16153] binder: BINDER_SET_CONTEXT_MGR already set
[  931.572836][T16153] binder: 16150:16153 ioctl 4018620d 200000000040 returned -16
[  931.581033][T16153] binder: 16150:16153 ioctl c0306201 200000000240 returned -11
[  932.992313][T16166] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  933.067597][T16169] overlayfs: missing 'lowerdir'
[  933.237508][T16174] binder_alloc: 16173: binder_alloc_buf, no vma
[  933.582678][T14400] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  934.424490][T14400] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  934.438756][T14400] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  934.478589][T14400] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  934.497890][T14400] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.523986][T16178] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  934.548150][T14400] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  934.754468][T16178] fuse: Unknown parameter 'fo<d'
[  934.778997][T14400] usb 3-1: USB disconnect, device number 48
[  937.993620][T16234] netlink: 'syz.0.3231': attribute type 3 has an invalid length.
[  938.112705][T14400] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  938.172064][T16241] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  938.781314][T14400] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  938.972793][T14400] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  939.008491][T14400] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  939.056068][T14400] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.095046][T16230] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  939.114493][T14400] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  939.362484][T16230] fuse: Unknown parameter 'fo<d'
[  939.426740][ T5892] usb 2-1: USB disconnect, device number 56
[  939.484572][T16259] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3239'.
[  941.482854][T16285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3248'.
[  942.784866][T16309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3258'.
[  942.835444][T16309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3258'.
[  942.882900][T16309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3258'.
[  942.932331][T16309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3258'.
[  943.287071][T16317] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3261'.
[  943.386078][T16321] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  943.511993][T16323] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3263'.
[  943.551367][T16323] syzkaller1: entered promiscuous mode
[  943.591222][T16323] syzkaller1: entered allmulticast mode
[  944.024785][T16337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3269'.
[  944.043483][T16337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3269'.
[  944.163005][ T5902] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  944.383484][ T5902] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  944.452846][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  944.596055][ T5902] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  944.656012][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.715843][ T5902] usb 4-1: Product: syz
[  944.720161][ T5902] usb 4-1: Manufacturer: syz
[  944.731219][ T5902] usb 4-1: SerialNumber: syz
[  944.762480][ T5902] usb 4-1: config 0 descriptor??
[  944.777170][T16332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  944.789752][T16332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  944.812839][ T5902] usb 4-1: ucan: probing device on interface #0
[  944.828277][ T5902] usb 4-1: ucan: invalid EP count (1)
[  944.844684][ T5902] usb 4-1: ucan: probe failed; try to update the device firmware
[  945.348870][T16351] 9pnet_virtio: no channels available for device syz
[  948.016219][T16362] __nla_validate_parse: 2 callbacks suppressed
[  948.016232][T16362] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3274'.
[  948.077975][T16362] syzkaller1: entered promiscuous mode
[  948.084771][T16362] syzkaller1: entered allmulticast mode
[  948.474728][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3279'.
[  948.484440][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3279'.
[  948.511949][T14400] usb 4-1: USB disconnect, device number 27
[  948.518440][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3279'.
[  948.561559][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3279'.
[  949.528067][T16390] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3285'.
[  949.595478][T16395] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  949.834932][T16404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3289'.
[  949.854455][T16404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3289'.
[  949.875438][T16404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3289'.
[  949.893186][T16404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3289'.
[  949.982760][T14400] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  950.510231][T14400] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  950.522783][T14400] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  950.536830][T14400] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  950.546071][T14400] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.554554][T14400] usb 3-1: Product: syz
[  950.558716][T14400] usb 3-1: Manufacturer: syz
[  950.563601][T14400] usb 3-1: SerialNumber: syz
[  950.569815][T14400] usb 3-1: config 0 descriptor??
[  950.666568][T16401] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  950.686966][T16401] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  950.802968][T14400] usb 3-1: ucan: probing device on interface #0
[  950.818318][T14400] usb 3-1: ucan: invalid EP count (1)
[  950.828445][T14400] usb 3-1: ucan: probe failed; try to update the device firmware
[  951.255752][T16413] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  954.011020][T16435] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3297'.
[  954.664876][T16443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3298'.
[  954.680868][T16443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3298'.
[  954.690311][T16443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3298'.
[  954.703012][T16443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3298'.
[  954.712358][T14407] usb 3-1: USB disconnect, device number 49
[  955.635099][T16462] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3306'.
[  956.762690][ T5892] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  956.944365][ T5892] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  956.954812][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  956.976314][ T5892] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  956.985649][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.998366][ T5892] usb 3-1: Product: syz
[  957.003979][ T5892] usb 3-1: Manufacturer: syz
[  957.010184][ T5892] usb 3-1: SerialNumber: syz
[  957.024590][T16482] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  957.082936][ T5892] usb 3-1: config 0 descriptor??
[  957.091357][T16474] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  957.102450][T16474] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  957.133987][ T5892] usb 3-1: ucan: probing device on interface #0
[  957.140433][ T5892] usb 3-1: ucan: invalid EP count (1)
[  957.155763][ T5892] usb 3-1: ucan: probe failed; try to update the device firmware
[  957.172723][T14407] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  957.366707][T14407] usb 1-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99
[  957.377171][T14407] usb 1-1: config 0 interface 0 has no altsetting 0
[  957.392486][T14407] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  957.402250][T14407] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  957.415378][T14407] usb 1-1: Product: syz
[  957.422484][T14407] usb 1-1: Manufacturer: syz
[  957.437558][T14407] usb 1-1: SerialNumber: syz
[  957.455167][T14407] usb 1-1: config 0 descriptor??
[  957.469008][T16472] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  957.501444][T14407] usb 1-1: selecting invalid altsetting 0
[  960.151015][ T5892] usb 1-1: USB disconnect, device number 43
[  960.723360][T16504] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3319'.
[  960.788725][T14407] usb 3-1: USB disconnect, device number 50
[  961.183753][T16521] bridge1: entered promiscuous mode
[  961.189168][T16521] bridge1: entered allmulticast mode
[  961.522789][T14400] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  961.774135][T14400] usb 2-1: unable to get BOS descriptor or descriptor too short
[  961.794672][T14400] usb 2-1: New USB device found, idVendor=1235, idProduct=8204, bcdDevice= 0.40
[  961.817847][T16532] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  961.826922][T14400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.862716][T14400] usb 2-1: Product: syz
[  961.872624][T14400] usb 2-1: Manufacturer: syz
[  961.877505][T14400] usb 2-1: SerialNumber: syz
[  962.012794][T14407] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  962.095528][T16524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  962.133035][T16524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  962.264575][T14407] usb 3-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99
[  962.275090][T14407] usb 3-1: config 0 interface 0 has no altsetting 0
[  962.295122][T14407] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  962.306397][T14407] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  962.316368][T14407] usb 3-1: Product: syz
[  962.320626][T14407] usb 3-1: Manufacturer: syz
[  962.330756][T14407] usb 3-1: SerialNumber: syz
[  962.337098][T14407] usb 3-1: config 0 descriptor??
[  962.347328][T16526] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  962.361047][T14407] usb 3-1: selecting invalid altsetting 0
[  962.442796][T16524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  962.526450][T16524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  962.593779][T16524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  962.642932][T16524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  962.677188][T16524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  962.717617][T16524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  962.763026][T16524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  962.797611][T16524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  963.962204][ T5892] usb 3-1: USB disconnect, device number 51
[  964.222658][T14401] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  964.318554][T14400] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  964.328714][T14400] usb 2-1: MIDIStreaming interface descriptor not found
[  964.394367][T14400] usb 2-1: USB disconnect, device number 57
[  964.413312][T14401] usb 1-1: Using ep0 maxpacket: 8
[  964.418862][T16547] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3331'.
[  964.435104][ T5892] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  964.444716][T14401] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  964.452153][T14401] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  964.470325][T14401] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  964.484719][T14401] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  964.497401][T14401] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  964.516152][T14401] usb 1-1: config 168 interface 0 has no altsetting 0
[  964.524743][T14401] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  964.532237][T14401] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  964.551798][T14401] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  964.563696][T14401] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  964.575468][T14401] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  964.589202][T14401] usb 1-1: config 168 interface 0 has no altsetting 0
[  964.608830][T14401] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  964.618743][T14401] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  964.630341][T14401] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  964.642995][T14401] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  964.654228][T14401] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  964.662776][ T5892] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  964.668703][T14401] usb 1-1: config 168 interface 0 has no altsetting 0
[  964.688348][T14401] usb 1-1: string descriptor 0 read error: -22
[  964.694781][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  964.698209][T14401] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  964.714918][T14401] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.729134][ T5892] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  964.743231][T14401] adutux 1-1:168.0: interrupt endpoints not found
[  964.749142][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.761550][ T5892] usb 3-1: Product: syz
[  964.766100][ T5892] usb 3-1: Manufacturer: syz
[  964.770766][ T5892] usb 3-1: SerialNumber: syz
[  964.803489][ T5892] usb 3-1: config 0 descriptor??
[  964.813364][T16544] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  964.820664][T16544] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  964.834065][ T5892] usb 3-1: ucan: probing device on interface #0
[  964.840350][ T5892] usb 3-1: ucan: invalid EP count (1)
[  964.849927][ T5892] usb 3-1: ucan: probe failed; try to update the device firmware
[  965.165872][T16542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.183106][T16542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.206285][T16542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.225498][T16542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.342652][T14401] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  965.542619][T14401] usb 2-1: Using ep0 maxpacket: 8
[  965.549834][T14401] usb 2-1: unable to get BOS descriptor or descriptor too short
[  965.559219][T14401] usb 2-1: config 138 has an invalid interface number: 205 but max is 0
[  965.567872][T14401] usb 2-1: config 138 has no interface number 0
[  965.574323][T14401] usb 2-1: config 138 interface 205 altsetting 112 bulk endpoint 0x3 has invalid maxpacket 16
[  965.585544][T14401] usb 2-1: config 138 interface 205 has no altsetting 0
[  965.596989][T14401] usb 2-1: New USB device found, idVendor=1286, idProduct=204a, bcdDevice=65.3e
[  965.617523][T14401] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  965.631755][T14401] usb 2-1: Product: syz
[  965.638438][T14401] usb 2-1: Manufacturer: syz
[  965.643417][T16542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.652828][T14401] usb 2-1: SerialNumber: syz
[  965.664445][T16559] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  965.672758][T16542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.694279][ T5892] usb 1-1: USB disconnect, device number 44
[  965.886727][T16559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.897654][T16559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.912018][T16559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.926888][T16559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.938156][T16559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.950632][T16559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  965.962512][T16559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  965.980017][T16559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  966.196611][T16559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  966.210079][T16559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  966.247678][T14401] usb 2-1: USB disconnect, device number 58
[  967.419133][T14401] usb 3-1: USB disconnect, device number 52
[  967.545453][T16582] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3340'.
[  967.722945][ T5892] usb 1-1: new full-speed USB device number 45 using dummy_hcd
[  967.862756][ T5902] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  967.907864][ T5892] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  967.922669][ T5892] usb 1-1: config 0 has no interface number 0
[  967.935807][ T5892] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  967.945342][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  967.953391][T14401] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  967.963804][ T5892] usb 1-1: Product: syz
[  967.968017][ T5892] usb 1-1: Manufacturer: syz
[  967.973082][ T5892] usb 1-1: SerialNumber: syz
[  967.980002][ T5892] usb 1-1: config 0 descriptor??
[  967.988914][ T5892] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  967.997991][ T5892] usb 1-1: selecting invalid altsetting 1
[  968.003843][ T5892] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  968.018759][ T5892] usb 1-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  968.063090][ T5902] usb 4-1: too many configurations: 13, using maximum allowed: 8
[  968.071912][ T5902] usb 4-1: config 0 has no interfaces?
[  968.078522][ T5902] usb 4-1: config 0 has no interfaces?
[  968.086371][ T5902] usb 4-1: config 0 has no interfaces?
[  968.092969][ T5902] usb 4-1: config 0 has no interfaces?
[  968.099446][ T5902] usb 4-1: config 0 has no interfaces?
[  968.105982][ T5902] usb 4-1: config 0 has no interfaces?
[  968.112649][ T5902] usb 4-1: config 0 has no interfaces?
[  968.119742][ T5902] usb 4-1: config 0 has no interfaces?
[  968.127284][ T5902] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  968.136421][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.144565][ T5902] usb 4-1: Product: syz
[  968.148770][ T5902] usb 4-1: Manufacturer: syz
[  968.153116][T14401] usb 3-1: Using ep0 maxpacket: 8
[  968.153726][ T5902] usb 4-1: SerialNumber: syz
[  968.163530][T14401] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  968.171790][T14401] usb 3-1: config 0 has no interface number 0
[  968.175899][ T5902] usb 4-1: config 0 descriptor??
[  968.186025][T14401] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  968.197445][T14401] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  968.207237][T14401] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.232703][T13892] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  968.234153][T14401] usb 3-1: config 0 descriptor??
[  968.260615][T14401] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  968.410674][T14401] usb 4-1: USB disconnect, device number 28
[  968.425932][T13892] usb 2-1: Using ep0 maxpacket: 16
[  968.443281][T13892] usb 2-1: unable to get BOS descriptor or descriptor too short
[  968.452305][T13892] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  968.464626][T14407] usb 1-1: USB disconnect, device number 45
[  968.468314][T13892] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  968.480973][T13892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.489075][T13892] usb 2-1: Product: syz
[  968.493405][T13892] usb 2-1: Manufacturer: syz
[  968.498050][T13892] usb 2-1: SerialNumber: syz
[  968.717422][T13892] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  968.726736][T13892] snd-usb-audio: probe of 2-1:1.0 failed with error -22
[  969.698825][T14407] usb 3-1: USB disconnect, device number 53
[  970.108210][T16608] bridge3: entered promiscuous mode
[  970.116575][T16608] bridge3: entered allmulticast mode
[  970.484708][T14401] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  970.782640][T14401] usb 4-1: Using ep0 maxpacket: 32
[  971.406073][T14401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  971.466781][T14401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  971.482405][T14401] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  971.492372][T14401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.503266][T14401] usb 4-1: config 0 descriptor??
[  971.510875][T14401] hub 4-1:0.0: USB hub found
[  971.622681][T16620] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3352'.
[  971.723908][T16606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  971.762968][T16606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  971.781321][T14401] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  972.093413][T16632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3354'.
[  972.133640][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3354'.
[  972.144161][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3354'.
[  972.153948][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3354'.
[  972.184637][T16606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.196179][T16606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  972.231109][T14401] hid-generic 0003:046D:C31C.001A: unknown main item tag 0x0
[  972.275903][T14401] hid-generic 0003:046D:C31C.001A: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0
[  973.635025][T16606] usb 4-1: reset high-speed USB device number 29 using dummy_hcd
[  973.682681][ T5902] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  973.825902][T16647] bridge1: entered promiscuous mode
[  973.831162][T16647] bridge1: entered allmulticast mode
[  973.883159][ T5902] usb 1-1: Using ep0 maxpacket: 32
[  973.904291][ T5902] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[  973.940057][ T5902] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  973.992940][ T5902] usb 1-1: config 0 has no interface number 0
[  974.023868][ T5902] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  974.153402][ T5902] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  974.267573][T16638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  974.366703][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.518425][ T5902] usb 1-1: Product: syz
[  974.572678][ T5902] usb 1-1: Manufacturer: syz
[  974.572790][T16638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  974.577361][ T5902] usb 1-1: SerialNumber: syz
[  974.672121][T16606] usbhid 4-1:0.0: reset_resume error -1
[  974.683596][ T5902] usb 1-1: config 0 descriptor??
[  974.757171][ T5902] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.119/input/input94
[  974.859661][T14400] usb 4-1: USB disconnect, device number 29
[  975.004653][T16641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  975.042934][T16641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  975.094783][ T5902] usb 1-1: USB disconnect, device number 46
[  975.187825][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3364'.
[  975.211316][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3364'.
[  975.245878][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3364'.
[  975.278360][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3364'.
[  976.652601][T14400] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  976.874517][T14400] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.911729][T14400] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  976.950540][T14400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.974213][T14400] usb 1-1: config 0 descriptor??
[  977.196289][T14400] usbhid 1-1:0.0: can't add hid device: -71
[  977.202427][T14400] usbhid: probe of 1-1:0.0 failed with error -71
[  977.202882][ T5892] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  977.220136][T14400] usb 1-1: USB disconnect, device number 47
[  977.426273][ T5892] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  977.448168][ T5892] usb 4-1: config 0 has no interface number 0
[  977.470296][ T5892] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  977.492673][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.512594][ T5892] usb 4-1: Product: syz
[  977.516875][ T5892] usb 4-1: Manufacturer: syz
[  977.527078][ T5892] usb 4-1: SerialNumber: syz
[  977.538930][ T5892] usb 4-1: config 0 descriptor??
[  977.557705][ T5892] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  977.578534][ T5892] usb 4-1: selecting invalid altsetting 1
[  977.587774][ T5892] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  977.614753][ T5892] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  977.765602][ T5892] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  977.796172][ T5892] usb 4-1: USB disconnect, device number 30
[  977.832889][T14400] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  978.042600][T14400] usb 1-1: Using ep0 maxpacket: 32
[  978.084586][T14400] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  978.124841][T14400] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  978.163936][T14400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  978.209646][T14400] usb 1-1: config 0 descriptor??
[  978.228733][T14400] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  978.266015][T14400] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  978.336030][T16684] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3373'.
[  978.466723][T16688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3374'.
[  978.515366][T16688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3374'.
[  978.568193][T16688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3374'.
[  978.612977][T16688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3374'.
[  978.849195][T16698] bridge2: entered promiscuous mode
[  978.858877][T16670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  978.870028][T16698] bridge2: entered allmulticast mode
[  978.877574][T16670] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  978.907622][T14400] usb 1-1: USB disconnect, device number 48
[  978.933230][T14400] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  979.302692][ T5892] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  980.232600][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  980.242029][ T5892] usb 4-1: New USB device found, idVendor=2b73, idProduct=0013, bcdDevice= 0.40
[  980.259861][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.307713][ T5892] usb 4-1: Product: syz
[  980.336473][ T5892] usb 4-1: Manufacturer: syz
[  980.355286][ T5892] usb 4-1: SerialNumber: syz
[  981.252051][T16719] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3384'.
[  981.701636][T16731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3386'.
[  981.730442][T16731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3386'.
[  981.760263][T16731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3386'.
[  981.781923][T16731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3386'.
[  982.152762][T14407] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  982.336141][T14407] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  982.356550][T14407] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  982.376216][T14407] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  982.392343][T14407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  982.407195][T14407] usb 1-1: config 0 descriptor??
[  982.420211][T14407] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  983.344647][T16757] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3394'.
[  983.561021][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3395'.
[  983.595481][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3395'.
[  983.604726][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3395'.
[  983.614247][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3395'.
[  984.902314][T14407] usb 1-1: USB disconnect, device number 49
[  985.906168][T16790] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  987.797442][T16815] netlink: 'syz.1.3411': attribute type 10 has an invalid length.
[  987.802773][T14407] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  988.569789][T16818] syzkaller1: entered promiscuous mode
[  988.604922][T16818] syzkaller1: entered allmulticast mode
[  989.152764][T14407] usb 1-1: Using ep0 maxpacket: 16
[  989.187429][T14407] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  989.267797][T14407] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  989.368453][T14407] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  989.460334][T14407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.583473][T14407] usb 1-1: config 0 descriptor??
[  990.065955][T16826] __nla_validate_parse: 1 callbacks suppressed
[  990.065999][T16826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3416'.
[  990.086212][T16826] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled
[  990.216328][T14407] ntrig 0003:1B96:0008.001B: nested delimiters
[  990.489848][T14407] ntrig 0003:1B96:0008.001B: item 0 1 2 10 parsing failed
[  990.497844][T14407] ntrig 0003:1B96:0008.001B: parse failed
[  990.503864][T14407] ntrig: probe of 0003:1B96:0008.001B failed with error -22
[  990.519048][T14407] usb 1-1: USB disconnect, device number 50
[  990.872826][T14400] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  991.063742][T14400] usb 3-1: Using ep0 maxpacket: 32
[  991.081850][T14400] usb 3-1: too many configurations: 17, using maximum allowed: 8
[  991.108537][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  991.125722][T14400] usb 3-1: config 0 has no interface number 0
[  991.138255][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  991.170770][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  991.211996][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  991.231897][T14400] usb 3-1: config 0 has no interface number 0
[  991.254878][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  991.382076][T16847] netlink: 'syz.3.3423': attribute type 10 has an invalid length.
[  991.406469][T16847] team0: Port device dummy0 added
[  992.456341][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.642194][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.652347][T14400] usb 3-1: config 0 has no interface number 0
[  992.662936][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.672856][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.692193][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.700553][T14400] usb 3-1: config 0 has no interface number 0
[  992.706907][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.717064][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.728308][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.736530][T14400] usb 3-1: config 0 has no interface number 0
[  992.742952][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.752871][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.763916][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.771940][T14400] usb 3-1: config 0 has no interface number 0
[  992.778235][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.788080][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.799564][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.807695][T14400] usb 3-1: config 0 has no interface number 0
[  992.818589][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.832637][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.846764][T14400] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  992.855409][T14400] usb 3-1: config 0 has no interface number 0
[  992.861856][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  992.882712][T14400] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  992.917271][T14400] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  992.974347][T14400] usb 3-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  993.818660][T14400] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  993.826773][T14400] usb 3-1: Product: syz
[  993.830954][T14400] usb 3-1: Manufacturer: syz
[  993.835666][T14400] usb 3-1: SerialNumber: syz
[  993.842426][T14400] usb 3-1: config 0 descriptor??
[  993.886338][T14400] usb 3-1: can't set config #0, error -71
[  993.901931][T14400] usb 3-1: USB disconnect, device number 54
[  993.946686][T16859] syzkaller0: entered promiscuous mode
[  993.952286][T16859] syzkaller0: entered allmulticast mode
[  994.412711][T14400] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  994.594186][T14400] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  994.608359][T14400] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  994.618584][T14400] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  994.630826][T14400] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  994.642806][T16861] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  996.772712][T14402] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  996.983768][T14402] usb 1-1: Using ep0 maxpacket: 16
[  997.015575][T14402] usb 1-1: unable to get BOS descriptor or descriptor too short
[  997.029732][T14402] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  997.052177][T14402] usb 1-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  997.063793][T14402] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.471594][T14402] usb 1-1: Product: syz
[  997.501645][T14402] usb 1-1: Manufacturer: syz
[  997.516752][T14402] usb 1-1: SerialNumber: syz
[  998.356831][T16890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  998.366752][T16890] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1000.765605][T16915] syzkaller0: entered promiscuous mode
[ 1000.782114][T16915] syzkaller0: entered allmulticast mode
[ 1004.951029][T16947] netlink: 'syz.1.3460': attribute type 10 has an invalid length.
[ 1005.970585][T16954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3466'.
[ 1005.980091][T16954] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3466'.
[ 1007.422374][T16978] netlink: 'syz.1.3474': attribute type 10 has an invalid length.
[ 1009.867231][T16988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3477'.
[ 1009.876504][T16988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3477'.
[ 1011.182448][T17009] netlink: 'syz.3.3483': attribute type 10 has an invalid length.
[ 1014.659832][T17048] netlink: 'syz.3.3493': attribute type 10 has an invalid length.
[ 1016.472810][T17052] syzkaller0: entered promiscuous mode
[ 1016.478476][T17052] syzkaller0: entered allmulticast mode
[ 1018.607973][T17072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3502'.
[ 1018.617337][T17072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3502'.
[ 1019.435829][T17076] syzkaller0: entered promiscuous mode
[ 1019.441478][T17076] syzkaller0: entered allmulticast mode
[ 1022.345193][T17103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3513'.
[ 1022.354418][T17103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3513'.
[ 1023.236941][T17111] syzkaller0: entered promiscuous mode
[ 1023.242464][T17111] syzkaller0: entered allmulticast mode
[ 1025.053702][T17133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3525'.
[ 1025.062851][T17133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3525'.
[ 1027.309056][T17158] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3535'.
[ 1027.318318][T17158] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3535'.
[ 1032.188662][T17182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3545'.
[ 1032.197869][T17182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3545'.
[ 1037.360679][T17214] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3555'.
[ 1037.369885][T17214] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3555'.
[ 1038.318742][T17219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3556'.
[ 1039.772173][T17234] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1039.862002][T17234] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1039.974518][T17234] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.112792][T17234] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.551462][T17234] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1040.588105][T17234] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1040.625398][T17234] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1040.661306][T17234] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1047.120727][T17287] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3579'.
[ 1054.295906][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1058.667784][T17391] binder: 17385:17391 ioctl c0285840 200000000000 returned -22
[ 1059.565263][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'.
[ 1059.595642][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'.
[ 1059.622819][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'.
[ 1059.642633][T17399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3619'.
[ 1060.463261][T17411] autofs4:pid:17411:autofs_fill_super: called with bogus options
[ 1061.987489][T17421] binder: 17418:17421 ioctl c0285840 200000000000 returned -22
[ 1063.029172][T17429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3629'.
[ 1063.091614][T17429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3629'.
[ 1063.112154][T17429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3629'.
[ 1063.132960][T17429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3629'.
[ 1065.599483][T17464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3640'.
[ 1065.623777][T17465] binder: 17456:17465 ioctl c0285840 200000000000 returned -22
[ 1065.793903][T17467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3640'.
[ 1065.943727][T17467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3640'.
[ 1066.087560][T17467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3640'.
[ 1068.184531][T17499] binder: 17497:17499 ioctl c0285840 200000000000 returned -22
[ 1068.972836][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1069.043572][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1069.092839][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1069.106604][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1069.283752][T17508] syzkaller0: entered promiscuous mode
[ 1069.292825][T17508] syzkaller0: entered allmulticast mode
[ 1071.030879][T17533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1071.065341][T17534] binder: 17529:17534 ioctl c0285840 200000000000 returned -22
[ 1071.139783][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1071.276095][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1071.377094][T17536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1074.668895][T17571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3671'.
[ 1074.688873][T17571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3671'.
[ 1074.718871][T17571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3671'.
[ 1074.739316][T17571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3671'.
[ 1074.835376][T17576] binder: 17573:17576 ioctl c0285840 200000000000 returned -22
[ 1076.101160][T17589] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1076.402780][T17591] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1079.184258][T17618] binder: 17615:17618 ioctl c0285840 200000000000 returned -22
[ 1081.742807][T17631] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3688'.
[ 1081.877268][T17634] 9pnet_virtio: no channels available for device syz
[ 1083.248760][T17643] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1083.629544][T17646] binder: 17644:17646 ioctl c0285840 200000000000 returned -22
[ 1085.500124][T17662] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3698'.
[ 1086.001187][T17667] 9pnet_virtio: no channels available for device syz
[ 1086.945472][T17673] binder: 17671:17673 ioctl c0285840 200000000000 returned -22
[ 1088.783760][T17685] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3707'.
[ 1089.130909][T17691] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1089.968747][T17696] binder: 17694:17696 ioctl c0285840 200000000000 returned -22
[ 1092.521987][T17719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3718'.
[ 1092.531372][T17719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3718'.
[ 1094.512875][T17732] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1094.534430][T17733] netlink: 'syz.3.3720': attribute type 10 has an invalid length.
[ 1097.023019][T17752] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3728'.
[ 1097.465944][T17754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3727'.
[ 1097.475041][T17754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3727'.
[ 1099.150114][T17775] netlink: 'syz.3.3733': attribute type 10 has an invalid length.
[ 1100.541782][T17781] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1101.643058][T17788] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3737'.
[ 1102.855304][T17799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3740'.
[ 1102.864489][T17799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3740'.
[ 1104.579759][T17811] netlink: 'syz.1.3744': attribute type 10 has an invalid length.
[ 1106.569990][T17824] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3750'.
[ 1106.580518][T17824] syzkaller1: entered promiscuous mode
[ 1106.589222][T17824] syzkaller1: entered allmulticast mode
[ 1106.855285][T17828] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1109.012681][T17847] netlink: 'syz.3.3755': attribute type 10 has an invalid length.
[ 1110.823942][T17859] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1113.272207][T17866] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3762'.
[ 1114.865125][T17891] netlink: 'syz.3.3768': attribute type 10 has an invalid length.
[ 1115.735646][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.116894][T17904] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1118.080737][T17910] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3774'.
[ 1118.244706][T17910] syzkaller1: entered promiscuous mode
[ 1118.250218][T17910] syzkaller1: entered allmulticast mode
[ 1120.898557][T17932] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1121.009573][T17937] netlink: 'syz.1.3781': attribute type 10 has an invalid length.
[ 1121.119253][T17932] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1121.375678][T17932] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1121.493750][T17932] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1121.730664][T17932] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.795855][T17932] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.852018][T17932] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.910904][T17932] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.071805][T17949] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3786'.
[ 1123.082199][T17949] syzkaller1: entered promiscuous mode
[ 1123.091338][T17949] syzkaller1: entered allmulticast mode
[ 1124.864144][T17967] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1125.394847][T17978] netlink: 'syz.3.3793': attribute type 10 has an invalid length.
[ 1127.380837][T17986] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1127.426424][T17986] syzkaller1: entered promiscuous mode
[ 1127.958334][T17986] syzkaller1: entered allmulticast mode
[ 1128.957965][ T5137] udevd[5137]: worker [15009] /devices/platform/dummy_hcd.3/usb4/4-1 is taking a long time
[ 1129.082626][ T5137] udevd[5137]: worker [15013] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time
[ 1129.252839][ T5137] udevd[5137]: worker [16833] /devices/platform/dummy_hcd.0/usb1/1-1 is taking a long time
[ 1130.861495][T18011] netlink: 'syz.2.3803': attribute type 10 has an invalid length.
[ 1130.881345][T18011] team0: Port device dummy0 added
[ 1132.412666][   T29] INFO: task kworker/1:5:5892 blocked for more than 143 seconds.
[ 1132.425069][   T29]       Not tainted syzkaller #0
[ 1133.082699][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1133.198971][   T29] task:kworker/1:5     state:D stack:21448 pid:5892  ppid:2      flags:0x00004000
[ 1133.208470][   T29] Workqueue: usb_hub_wq hub_event
[ 1133.218337][   T29] Call Trace:
[ 1133.241108][   T29]  <TASK>
[ 1133.251481][   T29]  __schedule+0x1553/0x45a0
[ 1133.282518][   T29]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1133.302677][   T29]  ? asan.module_dtor+0x20/0x20
[ 1133.307633][   T29]  ? __mutex_lock+0x6a4/0xcc0
[ 1133.312498][   T29]  ? __mutex_trylock_common+0x8a/0x260
[ 1133.318076][   T29]  ? kthread_data+0x4f/0xc0
[ 1133.322786][   T29]  ? wq_worker_sleeping+0x63/0x240
[ 1133.328001][   T29]  schedule+0xbd/0x170
[ 1133.332159][   T29]  schedule_preempt_disabled+0x13/0x20
[ 1133.337903][   T29]  __mutex_lock+0x6a9/0xcc0
[ 1133.342625][   T29]  ? __mutex_lock+0x4f9/0xcc0
[ 1133.347405][   T29]  ? usb_audio_probe+0x3b3/0x1df0
[ 1133.352693][   T29]  ? mutex_lock_nested+0x20/0x20
[ 1133.357800][   T29]  ? mark_lock+0x94/0x320
[ 1133.362237][   T29]  usb_audio_probe+0x3b3/0x1df0
[ 1133.367314][   T29]  ? lock_chain_count+0x20/0x20
[ 1133.372414][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[ 1133.380605][   T29]  ? snd_usb_autosuspend+0x1b0/0x1b0
[ 1133.386061][   T29]  ? ktime_get_mono_fast_ns+0x19d/0x1c0
[ 1133.391750][   T29]  ? pm_runtime_enable+0x1b2/0x2c0
[ 1133.397255][   T29]  usb_probe_interface+0x5c9/0xb20
[ 1133.402810][   T29]  ? usb_register_driver+0x3d0/0x3d0
[ 1133.408207][   T29]  really_probe+0x25b/0xb20
[ 1133.412879][   T29]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1133.418182][   T29]  __driver_probe_device+0x18c/0x330
[ 1133.423664][   T29]  driver_probe_device+0x4f/0x420
[ 1133.428812][   T29]  __device_attach_driver+0x2ca/0x510
[ 1133.434365][   T29]  bus_for_each_drv+0x252/0x2e0
[ 1133.439326][   T29]  ? coredump_store+0x90/0x90
[ 1133.444133][   T29]  ? bus_find_device+0x300/0x300
[ 1133.449221][   T29]  __device_attach+0x2c2/0x420
[ 1133.454342][   T29]  ? device_attach+0x20/0x20
[ 1133.459072][   T29]  ? __kmem_cache_free+0xba/0x1e0
[ 1133.464480][   T29]  ? do_raw_spin_unlock+0x121/0x230
[ 1133.469789][   T29]  bus_probe_device+0x180/0x260
[ 1133.475017][   T29]  device_add+0x85b/0xc20
[ 1133.479461][   T29]  usb_set_configuration+0x1a79/0x20c0
[ 1133.485316][   T29]  usb_generic_driver_probe+0x8d/0x150
[ 1133.490881][   T29]  usb_probe_device+0x13d/0x270
[ 1133.496101][   T29]  ? usb_register_device_driver+0x230/0x230
[ 1133.502099][   T29]  really_probe+0x25b/0xb20
[ 1133.507868][   T29]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1133.515234][   T29]  __driver_probe_device+0x18c/0x330
[ 1133.520659][   T29]  driver_probe_device+0x4f/0x420
[ 1133.526933][   T29]  __device_attach_driver+0x2ca/0x510
[ 1133.534473][   T29]  bus_for_each_drv+0x252/0x2e0
[ 1133.539433][   T29]  ? coredump_store+0x90/0x90
[ 1133.545378][   T29]  ? bus_find_device+0x300/0x300
[ 1133.550428][   T29]  __device_attach+0x2c2/0x420
[ 1133.557423][   T29]  ? device_attach+0x20/0x20
[ 1133.562114][   T29]  ? __kmem_cache_free+0xba/0x1e0
[ 1133.568402][   T29]  ? do_raw_spin_unlock+0x121/0x230
[ 1133.575700][   T29]  bus_probe_device+0x180/0x260
[ 1133.580710][   T29]  device_add+0x85b/0xc20
[ 1133.586486][   T29]  usb_new_device+0xa3c/0x1660
[ 1133.591401][   T29]  ? usb_disconnect+0x8a0/0x8a0
[ 1133.598381][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1133.604829][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[ 1133.610125][   T29]  hub_event+0x29bf/0x49f0
[ 1133.616714][   T29]  ? hub_post_resume+0x120/0x120
[ 1133.621758][   T29]  ? read_lock_is_recursive+0x20/0x20
[ 1133.628450][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1133.635754][   T29]  ? process_scheduled_works+0x96f/0x15d0
[ 1133.641646][   T29]  ? process_scheduled_works+0x96f/0x15d0
[ 1133.647829][   T29]  process_scheduled_works+0xa5d/0x15d0
[ 1133.653940][   T29]  ? worker_attach_to_pool+0x380/0x380
[ 1133.659520][   T29]  ? assign_work+0x3d2/0x5d0
[ 1133.665087][   T29]  worker_thread+0xa55/0xfc0
[ 1133.669792][   T29]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1133.676136][   T29]  ? _raw_spin_unlock+0x40/0x40
[ 1133.681141][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[ 1133.687378][   T29]  kthread+0x2fa/0x390
[ 1133.691545][   T29]  ? pr_cont_work+0x560/0x560
[ 1133.696524][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1133.701257][   T29]  ret_from_fork+0x48/0x80
[ 1133.705994][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1133.710680][   T29]  ret_from_fork_asm+0x11/0x20
[ 1133.715947][   T29]  </TASK>
[ 1133.775231][   T29] 
[ 1133.775231][   T29] Showing all locks held in the system:
[ 1133.795932][   T29] 1 lock held by khungtaskd/29:
[ 1133.806855][   T29]  #0: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[ 1133.830479][   T29] 2 locks held by getty/5529:
[ 1133.842590][   T29]  #0: ffff88814cf4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1133.852434][   T29]  #1: ffffc9000328b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390
[ 1133.862673][   T29] 2 locks held by kworker/u5:3/5779:
[ 1133.867989][   T29]  #0: ffff888021a8a138 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.879374][   T29]  #1: ffffc9000485fd00 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.891216][   T29] 2 locks held by kworker/u5:6/5784:
[ 1133.896665][   T29]  #0: ffff888021a8a138 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.908083][   T29]  #1: ffffc9000494fd00 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.919944][   T29] 6 locks held by kworker/1:5/5892:
[ 1133.925206][   T29]  #0: ffff888148279538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.936660][   T29]  #1: ffffc90005577d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1133.948805][   T29]  #2: ffff888143767190 (&dev->mutex){....}-{3:3}, at: hub_event+0x180/0x49f0
[ 1133.957834][   T29]  #3: ffff888062110190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1133.967178][   T29]  #4: ffff88807623f160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1133.976972][   T29]  #5: ffffffff8e364c68 (register_mutex#6){+.+.}-{3:3}, at: usb_audio_probe+0x3b3/0x1df0
[ 1133.986937][   T29] 2 locks held by kworker/u4:14/10957:
[ 1133.992431][   T29]  #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1134.002841][   T29]  #1: ffff8880b8f289c0 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0
[ 1134.011605][   T29] 2 locks held by kworker/u5:0/12462:
[ 1134.017247][   T29]  #0: ffff888021a8a138 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.028753][   T29]  #1: ffffc900036d7d00 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.040813][   T29] 6 locks held by kworker/1:7/13892:
[ 1134.046168][   T29] 6 locks held by kworker/0:11/14400:
[ 1134.051591][   T29]  #0: ffff888148279538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.063383][   T29]  #1: ffffc900032f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.078185][   T29]  #2: ffff8880251d7190 (&dev->mutex){....}-{3:3}, at: hub_event+0x180/0x49f0
[ 1134.087327][   T29]  #3: ffff88803107c190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1134.099681][   T29]  #4: ffff88801d7b3160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1134.109152][   T29]  #5: ffffffff8e364c68 (register_mutex#6){+.+.}-{3:3}, at: usb_audio_probe+0x3b3/0x1df0
[ 1134.121894][   T29] 6 locks held by kworker/0:13/14402:
[ 1134.127541][   T29]  #0: ffff888148279538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.142049][   T29]  #1: ffffc90003327d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[ 1134.156885][   T29]  #2: ffff888143731190 (&dev->mutex){....}-{3:3}, at: hub_event+0x180/0x49f0
[ 1134.165979][   T29]  #3: ffff88807ea17190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1134.178230][   T29]  #4: ffff88802fc1f160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x89/0x420
[ 1134.187865][   T29]  #5: ffffffff8e364c68 (register_mutex#6){+.+.}-{3:3}, at: usb_audio_probe+0x3b3/0x1df0
[ 1134.200709][   T29] 4 locks held by udevd/15009:
[ 1134.205719][   T29]  #0: ffff88802ce9f9e0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb1/0xd50
[ 1134.214858][   T29]  #1: ffff888077f25888 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x5c/0x410
[ 1134.224382][   T29]  #2: ffff88802beb49b8 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x410
[ 1134.234134][   T29]  #3: ffff888062110190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[ 1134.243679][   T29] 4 locks held by udevd/15013:
[ 1134.248473][   T29]  #0: ffff88802de25540 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb1/0xd50
[ 1134.257579][   T29]  #1: ffff8880250dcc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x5c/0x410
[ 1134.267032][   T29]  #2: ffff88814d3475d8 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x410
[ 1134.276890][   T29]  #3: ffff88807a154190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[ 1134.286522][   T29] 4 locks held by udevd/16833:
[ 1134.291363][   T29]  #0: ffff888025dbf540 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb1/0xd50
[ 1134.300579][   T29]  #1: ffff88805ba26088 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x5c/0x410
[ 1134.310241][   T29]  #2: ffff8880543318c0 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x410
[ 1134.320149][   T29]  #3: ffff88807ea17190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[ 1134.329886][   T29] 
[ 1134.332302][   T29] =============================================
[ 1134.332302][   T29] 
[ 1134.341494][   T29] NMI backtrace for cpu 0
[ 1134.345848][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[ 1134.353116][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1134.363194][   T29] Call Trace:
[ 1134.366494][   T29]  <TASK>
[ 1134.369464][   T29]  dump_stack_lvl+0x18c/0x250
[ 1134.374187][   T29]  ? show_regs_print_info+0x20/0x20
[ 1134.379414][   T29]  ? load_image+0x420/0x420
[ 1134.383957][   T29]  nmi_cpu_backtrace+0x3a6/0x3e0
[ 1134.388917][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[ 1134.395101][   T29]  ? _printk+0xde/0x130
[ 1134.399281][   T29]  ? load_image+0x420/0x420
[ 1134.403820][   T29]  ? load_image+0x420/0x420
[ 1134.408349][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1134.414447][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[ 1134.420449][   T29]  watchdog+0xf3d/0xf80
[ 1134.424637][   T29]  ? watchdog+0x1e1/0xf80
[ 1134.428997][   T29]  kthread+0x2fa/0x390
[ 1134.433082][   T29]  ? hungtask_pm_notify+0x90/0x90
[ 1134.438129][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1134.442740][   T29]  ret_from_fork+0x48/0x80
[ 1134.447182][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1134.451795][   T29]  ret_from_fork_asm+0x11/0x20
[ 1134.456613][   T29]  </TASK>
[ 1134.459962][   T29] Sending NMI from CPU 0 to CPUs 1:
[ 1134.465521][    C1] NMI backtrace for cpu 1
[ 1134.465529][    C1] CPU: 1 PID: 5126 Comm: klogd Not tainted syzkaller #0
[ 1134.465542][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1134.465550][    C1] RIP: 0010:rcu_is_watching+0x0/0xb0
[ 1134.465576][    C1] Code: 84 1d ff ff ff eb 8a e8 ce 83 15 09 48 c7 c7 40 89 13 8d 4c 89 f6 e8 6f 67 ec 02 e9 44 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 <f3> 0f 1e fa 41 57 41 56 53 65 ff 05 88 cf 92 7e e8 8b 99 15 09 89
[ 1134.465588][    C1] RSP: 0018:ffffc900032d7ae0 EFLAGS: 00000202
[ 1134.465600][    C1] RAX: ffffffff8872adfe RBX: ffff88807fa24000 RCX: 0000000000000000
[ 1134.465610][    C1] RDX: ffff88807e448000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1134.465619][    C1] RBP: 0000000000000001 R08: dffffc0000000000 R09: 1ffffffff2238ca0
[ 1134.465628][    C1] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffc900032d7c20
[ 1134.465639][    C1] R13: dffffc0000000000 R14: ffffffff8872adcd R15: 0000000000000001
[ 1134.465648][    C1] FS:  00007fc345fe5c80(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1134.465660][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1134.465669][    C1] CR2: 00007f16ac1e8158 CR3: 000000007e966000 CR4: 00000000003506e0
[ 1134.465681][    C1] Call Trace:
[ 1134.465686][    C1]  <TASK>
[ 1134.465693][    C1]  sock_def_readable+0xe7/0x420
[ 1134.465717][    C1]  unix_dgram_sendmsg+0x106e/0x16d0
[ 1134.465775][    C1]  ? unix_dgram_poll+0x680/0x680
[ 1134.465788][    C1]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[ 1134.465808][    C1]  ? aa_sock_msg_perm+0x94/0x150
[ 1134.465826][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1134.465845][    C1]  ? security_socket_sendmsg+0x80/0xa0
[ 1134.465862][    C1]  __sys_sendto+0x4a9/0x6b0
[ 1134.465876][    C1]  ? __ia32_sys_getpeername+0x90/0x90
[ 1134.465895][    C1]  ? log_buf_vmcoreinfo_setup+0x450/0x450
[ 1134.465917][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1134.465935][    C1]  ? lock_chain_count+0x20/0x20
[ 1134.465953][    C1]  __x64_sys_sendto+0xde/0xf0
[ 1134.465968][    C1]  do_syscall_64+0x55/0xa0
[ 1134.465980][    C1]  ? clear_bhb_loop+0x40/0x90
[ 1134.465999][    C1]  ? clear_bhb_loop+0x40/0x90
[ 1134.466017][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1134.466034][    C1] RIP: 0033:0x7fc346135407
[ 1134.466045][    C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1134.466057][    C1] RSP: 002b:00007ffec4628ed0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 1134.466070][    C1] RAX: ffffffffffffffda RBX: 00007fc345fe5c80 RCX: 00007fc346135407
[ 1134.466080][    C1] RDX: 0000000000000049 RSI: 00007ffec4629010 RDI: 0000000000000003
[ 1134.466088][    C1] RBP: 00007ffec4629440 R08: 0000000000000000 R09: 0000000000000000
[ 1134.466096][    C1] R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffec4629458
[ 1134.466104][    C1] R13: 00007ffec4629010 R14: 000000000000002e R15: 00007ffec4629010
[ 1134.466121][    C1]  </TASK>
[ 1134.467075][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[ 1134.758878][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[ 1134.766077][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1134.776150][   T29] Call Trace:
[ 1134.779448][   T29]  <TASK>
[ 1134.782392][   T29]  dump_stack_lvl+0x18c/0x250
[ 1134.787091][   T29]  ? show_regs_print_info+0x20/0x20
[ 1134.792308][   T29]  ? load_image+0x420/0x420
[ 1134.796830][   T29]  panic+0x2dc/0x730
[ 1134.800744][   T29]  ? schedule_preempt_disabled+0x20/0x20
[ 1134.806404][   T29]  ? bpf_jit_dump+0xd0/0xd0
[ 1134.810923][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[ 1134.816527][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[ 1134.822695][   T29]  watchdog+0xf7c/0xf80
[ 1134.826868][   T29]  ? watchdog+0x1e1/0xf80
[ 1134.831215][   T29]  kthread+0x2fa/0x390
[ 1134.835296][   T29]  ? hungtask_pm_notify+0x90/0x90
[ 1134.840332][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1134.844951][   T29]  ret_from_fork+0x48/0x80
[ 1134.849384][   T29]  ? kthread_blkcg+0xd0/0xd0
[ 1134.853986][   T29]  ret_from_fork_asm+0x11/0x20
[ 1134.858784][   T29]  </TASK>
[ 1134.862391][   T29] Kernel Offset: disabled
[ 1134.866722][   T29] Rebooting in 86400 seconds..