last executing test programs:

23m52.627223282s ago: executing program 4 (id=399):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000380)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x1b, 0x88, 0x67}, 0x2c)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @empty, 0x2}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x10000, @private0={0xfc, 0x0, '\x00', 0x1}, 0xa}, 0x1c)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f00000000c0)=0x4, 0x4)
bind$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)

23m52.21201356s ago: executing program 4 (id=402):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x19, &(0x7f000001f700)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaebb88a800008100000088a800000e"], 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="580000001000050400"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000380012800b00010065727370616e0000280002800800140000000000050016000100000006000e00000000000600030000000000040012"], 0x58}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1e, 0x12, &(0x7f0000000500)=ANY=[@ANYRES64=r1, @ANYRES16=r0], 0x0, 0x36bb, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008b02"])
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000880)=[{&(0x7f00000004c0)='4', 0x1}, {&(0x7f0000000740)="45beb6187d5208eedc57354c86e136db43b3fe4050c30176d11fc43ff63bd8b5017944dc2df614ee757313a5576585c2f8fd12be4a6f19c31240d141c769b0e0f5d2fcd040d2d06fa7a3a87ef71b0e84ab9022ca1635e90de00241fe299f249b56549ecdb54725cdc8fcda185ebba4b648b6b272960ce43ae27980e7467fcd866a7f1e4c4e329469eaca07ca49d79383d43e7b41", 0x94}, {&(0x7f0000000800)="0447ccbf0c2a2f941d2dca645bd7e810a97d5ff60504fc94ad299cd8229228555a725f7e7e4164a7dc9d3972c3118d35386c3b96db9549b2577ff1577c3d3f39a008690b7510bc25e3ad82b1af79eff3a53d6f0f69b0db42739bbcfc073c", 0x5e}], 0x3)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x200, 0x8}, 0xc)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x4)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="01360f446933251b447d4c3c85837800"/34, @ANYRES32=r1, @ANYRES32, @ANYBLOB="0200"/28], 0x50)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x341802, 0x0)
connect$vsock_stream(r5, &(0x7f0000000680)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
r9 = dup(r8)
sendfile(r8, r9, 0x0, 0x80006)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="a97efd5135571800110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000067a50c0000000000185800000a0000000000000000000000850000008e000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x60, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x3, 0x0, 0x2}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000540)=[r3, r4, r5, r0, 0x1, r6, r7, r9], &(0x7f0000000580)=[{0x4, 0x4, 0x4}, {0x0, 0x1, 0xd, 0x7}, {0x1, 0x2, 0x7, 0x1}], 0x10, 0x2, @void, @value}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/dev\x00')
r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r10, 0xc0405602, &(0x7f0000000080)={0x2b, 0x2, 0x2, "d541b01d0000000000ee1e00", 0x33524742})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
ptrace$setregs(0x1a, r11, 0xc, &(0x7f0000000000))
r12 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r12, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)

23m49.958457256s ago: executing program 4 (id=406):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x4004, @fd=r0, 0x823, &(0x7f00000001c0)=[{0x0}], 0x1})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWOBJ={0x0, 0x12, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x18}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TABLE={0x0, 0x1, 'syz1\x00'}}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x800}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x43, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0xb}}], {0x14, 0x10}}, 0x90}}, 0x0)
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
fanotify_mark(r0, 0x40, 0x40000029, 0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r11, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0], [], [0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000200)={r12, 0x0, <r13=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r13})
close_range(r7, 0xffffffffffffffff, 0x0)

23m44.233664757s ago: executing program 4 (id=419):
io_setup(0x9, &(0x7f0000000b80)=<r0=>0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
io_getevents(0x0, 0x100000000000000, 0x0, 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000009c0)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000080)={r3})

23m43.936344284s ago: executing program 4 (id=423):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0x14, 0x30, 0x1, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)

23m42.471756306s ago: executing program 4 (id=429):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x4004, @fd=r0, 0x823, &(0x7f00000001c0)=[{0x0}], 0x1})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWOBJ={0x0, 0x12, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x18}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TABLE={0x0, 0x1, 'syz1\x00'}}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x800}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x43, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0xb}}], {0x14, 0x10}}, 0x90}}, 0x0)
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
fanotify_mark(r0, 0x40, 0x40000029, 0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r11, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0], [], [0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000200)={r12, 0x0, <r13=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r13})
close_range(r7, 0xffffffffffffffff, 0x0)

23m26.31105215s ago: executing program 32 (id=429):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x4004, @fd=r0, 0x823, &(0x7f00000001c0)=[{0x0}], 0x1})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWOBJ={0x0, 0x12, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x18}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TABLE={0x0, 0x1, 'syz1\x00'}}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x800}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x43, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0xb}}], {0x14, 0x10}}, 0x90}}, 0x0)
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
fanotify_mark(r0, 0x40, 0x40000029, 0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000440)={r11, 0x0, 0x0, 0x0, 0x0, [<r12=>0x0], [], [0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000200)={r12, 0x0, <r13=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r13})
close_range(r7, 0xffffffffffffffff, 0x0)

18m13.477318543s ago: executing program 5 (id=1386):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r1=>0x0})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r2)
sendmsg$NL802154_CMD_SET_TX_POWER(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x3ff}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0xc309}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

18m13.220990826s ago: executing program 5 (id=1388):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_STORE(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="290000000400000000000000000000000100000000000000020000000000040001"], 0x29)

18m12.990885647s ago: executing program 5 (id=1390):
r0 = socket(0x10, 0x803, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4040)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000d"])

18m12.693385065s ago: executing program 5 (id=1393):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}]}})
socket(0x2c, 0x803, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtaction={0xb8, 0x30, 0x1, 0x0, 0x0, {}, [{0xa4, 0x1, [@m_ctinfo={0x58, 0x2, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x2}, @TCA_CTINFO_ACT={0x18, 0x3, {0x2, 0x40, 0x10000001, 0x3, 0xfffffffa}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x10}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1b, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x5}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0cc5640, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x3, 0x3b4}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000004380), 0x101602, 0x0)
read$FUSE(r6, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000780)=0x7)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x47f9, 0x0, 0x0, 0x0, 0x0)

18m12.175249712s ago: executing program 5 (id=1398):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00'})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r1)
sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40)

18m11.948436255s ago: executing program 5 (id=1399):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0)

17m56.195205519s ago: executing program 33 (id=1399):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0)

8m47.960841076s ago: executing program 6 (id=3921):
r0 = socket(0x10, 0x3, 0x480)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x44080)
r4 = socket$inet6_dccp(0xa, 0x6, 0x0)
mount$bpf(0x0, 0x0, 0x0, 0x2000480, &(0x7f0000000580))
r5 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000034c0)=ANY=[@ANYBLOB="020e0000100000000000000000000000030005000000000002000000ac1e0001000000000000000003000600000000000200000000000000000000000000000008001200000002"], 0x80}}, 0x4008844)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000140), 0x4)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x7, '\x00', r3, 0xffffffffffffffff, 0x2, 0x1, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r8 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
r9 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f0000000300)=""/121, 0x79, <r10=>0x0, &(0x7f0000000380)=""/136, 0x88}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xb, &(0x7f0000000280)=ANY=[@ANYRES16=r9], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r11 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r11, 0x289e0cb5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x13, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x2, '\x00', r3, @fallback=0x2, r8, 0x8, &(0x7f0000000300)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0x6, 0x961d, 0x6}, 0x10, r10, 0xffffffffffffffff, 0x3, &(0x7f0000000380)=[r11], &(0x7f0000000440)=[{0x2, 0x2, 0x7, 0x5}, {0x1, 0x3, 0x9, 0x9}, {0x3, 0x3, 0x3, 0x5}], 0x10, 0x2, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r12=>0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'vlan0\x00'})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x2, {0x60, 0x0, 0x0, r12, {}, {0xfff2, 0xa}, {0xffe0, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0xef, 0x4, 0xfffffe01}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000)

8m47.715313089s ago: executing program 6 (id=3923):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x0)
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000040)=""/41, 0x29)
getdents(r1, 0x0, 0x58)

8m47.662142228s ago: executing program 6 (id=3925):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x26)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r1, 0x2, 0x0)
getdents64(r1, 0x0, 0x22)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./file2\x00')

8m47.528912783s ago: executing program 6 (id=3927):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r1 = socket$igmp6(0xa, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7000000010003c3bfa300000000000007030000f0ffffff7a0af0fff8ffffff71a4f0ff0000000065030200000000ff2d400500000000004400000001ede4ff6b03000000000000cc440000000000007a0a00fe00ffffffc303000001000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275dff00000001b6bf01c8e8b19aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8cde6aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd869"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r0, 0x0, 0x44004)

8m47.2226804s ago: executing program 6 (id=3928):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006000000001002f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001000088be"], 0xfdef)

8m44.948667263s ago: executing program 6 (id=3933):
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
creat(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
open(0x0, 0x145142, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
set_mempolicy(0x4005, 0x0, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="580000000206030000000000000000000000000011000300686173683a69702c706f7274000000000900020073797a31000000000c0007800800124004ff0000050005000a00000005000400010000000500010007000000d5a7d6851914cda9762d3bd06518c87ad3378196ef0b5793ce413c1431b65c0b836d9ddbf3e86c328a63fc37c2010c9a2d872fdff9051fbbfe107cedb7c8dfe77b09000000000000009adde443b21e2eb4b36bffba5db77575c3b61ff180c470eae226152322fab5a1a2580e8a808a13819094b42f26bc7e2178cb7ca41e92f0f2444709ad6c59a925f7e3712785ae37d2933a4851492a8e70e56976f1bda94ce8be6c444268aa"], 0x58}}, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000003ec0), 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fstat(r1, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f80)=ANY=[], 0x150, 0x4000000}}], 0x1, 0x0)
sendto$llc(0xffffffffffffffff, &(0x7f0000000400)="54269e88a6f23287aaccd3f3dcb01fdcd0b520c26de48a58a6a01a2e5afc4b431f57dbcd59ae7a3d1b98ab0eaea39338d6c29ea6e56d40d0c87be4ccbbb17d9d3f1264536bb45c1779cdbdea253eb9812231f1fa203583a2cc3d571086113411fa1d0a5ea58602d0635cb8b1f4bfca461d16", 0x72, 0x44012, 0x0, 0x0)

8m29.299472774s ago: executing program 34 (id=3933):
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
creat(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
open(0x0, 0x145142, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
set_mempolicy(0x4005, 0x0, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="580000000206030000000000000000000000000011000300686173683a69702c706f7274000000000900020073797a31000000000c0007800800124004ff0000050005000a00000005000400010000000500010007000000d5a7d6851914cda9762d3bd06518c87ad3378196ef0b5793ce413c1431b65c0b836d9ddbf3e86c328a63fc37c2010c9a2d872fdff9051fbbfe107cedb7c8dfe77b09000000000000009adde443b21e2eb4b36bffba5db77575c3b61ff180c470eae226152322fab5a1a2580e8a808a13819094b42f26bc7e2178cb7ca41e92f0f2444709ad6c59a925f7e3712785ae37d2933a4851492a8e70e56976f1bda94ce8be6c444268aa"], 0x58}}, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000003ec0), 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fstat(r1, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f80)=ANY=[], 0x150, 0x4000000}}], 0x1, 0x0)
sendto$llc(0xffffffffffffffff, &(0x7f0000000400)="54269e88a6f23287aaccd3f3dcb01fdcd0b520c26de48a58a6a01a2e5afc4b431f57dbcd59ae7a3d1b98ab0eaea39338d6c29ea6e56d40d0c87be4ccbbb17d9d3f1264536bb45c1779cdbdea253eb9812231f1fa203583a2cc3d571086113411fa1d0a5ea58602d0635cb8b1f4bfca461d16", 0x72, 0x44012, 0x0, 0x0)

12.034782926s ago: executing program 3 (id=5692):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
io_uring_setup(0x2b6, &(0x7f0000000040)={0x0, 0x10000000, 0x8000, 0xfffffffd, 0x2c})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0xfe}]}, 0x10)
sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0)

11.292413162s ago: executing program 7 (id=5699):
socket$pppl2tp(0x18, 0x1, 0x1)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

9.415455868s ago: executing program 3 (id=5703):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {0x8}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0)

9.069614568s ago: executing program 7 (id=5705):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040), 0x0, 0x0})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$swradio(&(0x7f0000000280), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, 0x0)
r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
ioctl$KVM_X86_SETUP_MCE(r9, 0x4008ae9c, &(0x7f0000000480)={0xe, 0x1, 0x7})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="03000000000000007b01"])
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="030100"], 0xc8)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cd0600000000000000e76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b99cb9fb96d225d092392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r10, 0xffffffffffffffff, 0x0)

8.340144337s ago: executing program 3 (id=5708):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r2 = syz_io_uring_setup(0x4e1, &(0x7f0000000200)={0x0, 0x33f8, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
iopl(0x3)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

6.821239191s ago: executing program 3 (id=5716):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
dup(r0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540))
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r1, @ANYRES32=r3], 0x44}}, 0x0)

5.435728543s ago: executing program 3 (id=5719):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, ')'}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

5.410624537s ago: executing program 2 (id=5720):
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x4c, r2, 0x1, 0x2000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {}, @broadcast}, @channel_switch={0x0, 0x4, {{0x25, 0x3, {0x0, 0x9d}}, @val={0x3e, 0x1}, @val={0x76, 0x6}}}}}]}, 0x4c}}, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x4040)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x6240, 0x0)

5.360121641s ago: executing program 1 (id=5721):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r0, r2, 0x1, 0x0, @void}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

5.330708551s ago: executing program 0 (id=5722):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28)
write$binfmt_script(r1, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)

5.231657281s ago: executing program 2 (id=5723):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x28af, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [{@euid_eq}]}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})

5.204370217s ago: executing program 0 (id=5724):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0)
read$dsp(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000})
keyctl$setperm(0x5, 0x0, 0x1100100)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@target={'target ', {'PCI:', '0', ':', '0', ':', '2', '.', '0'}}, 0x13)

5.192977366s ago: executing program 1 (id=5725):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x93)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000000f02000000000000bc26100000000000bf67200000000000160200000fff07006702000007000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r2, 0x0, 0x300)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x4c, 0x1a, 0x160, 0x73, 0x288, 0x258, 0x258, 0x288, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x7}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'team_slave_1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
syz_fuse_handle_req(r0, &(0x7f00000067c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='0'], 0x0, 0x0, 0x0, 0x0})

4.810649131s ago: executing program 1 (id=5726):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r2 = syz_io_uring_setup(0x4e1, &(0x7f0000000200)={0x0, 0x33f8, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
iopl(0x3)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

4.488761396s ago: executing program 7 (id=5727):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4814)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r3)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x1c1140, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x5)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000140)=0xffffffc0)

4.042540746s ago: executing program 0 (id=5728):
r0 = io_uring_setup(0x58c1, &(0x7f0000001240)={0x0, 0xfffffffd, 0x1, 0x2, 0xd1})
pause()
close_range(r0, 0xffffffffffffffff, 0x0)
socket(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x29)
syz_open_procfs(0x0, &(0x7f0000000400)='stack\x00')
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r3, &(0x7f0000000c00)=""/4098, 0x1002)

3.36274135s ago: executing program 2 (id=5729):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
dup(r0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540))
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r1, @ANYRES32=r3], 0x44}}, 0x0)

3.306706985s ago: executing program 2 (id=5730):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x80, 0x20, 0x2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}}, 0x0)

3.251648057s ago: executing program 1 (id=5731):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00')
r1 = socket(0x18, 0x3, 0x0)
connect$pppoe(r1, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0x8)

3.225832886s ago: executing program 2 (id=5732):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x200000, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
memfd_secret(0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078)

3.204820411s ago: executing program 1 (id=5733):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100000000000600d, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x20000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)
tgkill(0x0, 0x0, 0x9)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, 0x0, &(0x7f00000001c0)=0x2c)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0xbc}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0))

3.062025799s ago: executing program 7 (id=5734):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x22020400)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x57b6, 0x810003, 0x2, 0x0, 0x0)

1.638732822s ago: executing program 7 (id=5735):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r0, r2, 0x1, 0x0, @void}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

1.569171639s ago: executing program 0 (id=5736):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x93)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000000f02000000000000bc26100000000000bf67200000000000160200000fff07006702000007000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad4301000000000095000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r2, 0x0, 0x300)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x4c, 0x1a, 0x160, 0x73, 0x288, 0x258, 0x258, 0x288, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x7}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'team_slave_1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
syz_fuse_handle_req(r0, &(0x7f00000067c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='0'], 0x0, 0x0, 0x0, 0x0})

1.467508164s ago: executing program 3 (id=5737):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040), 0x0, 0x0})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$swradio(&(0x7f0000000280), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, 0x0)
r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
ioctl$KVM_X86_SETUP_MCE(r9, 0x4008ae9c, &(0x7f0000000480)={0xe, 0x1, 0x7})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="03000000000000007b01"])
write$binfmt_aout(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="030100"], 0xc8)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cd0600000000000000e76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b99cb9fb96d225d092392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r10, 0xffffffffffffffff, 0x0)

1.453752426s ago: executing program 2 (id=5738):
r0 = socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f0000004500))
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(r0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x7}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4-generic)\x00'}, 0x58)
ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f0000000100))
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0x0, 0x6}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x101}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x3}}, 0x8801)
r7 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x2250)
write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc)
splice(r5, 0x0, r7, 0x0, 0x4ffe6, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x2d, &(0x7f0000000280)=0xa)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0xc0}}, 0x0)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

1.370650948s ago: executing program 7 (id=5739):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x28af, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [{@euid_eq}]}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})

1.254267247s ago: executing program 0 (id=5740):
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$swradio(&(0x7f0000000940), 0x1, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540))
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0)

930.933333ms ago: executing program 0 (id=5741):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
r2 = syz_io_uring_setup(0x4e1, &(0x7f0000000200)={0x0, 0x33f8, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
iopl(0x3)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=5742):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})

kernel console output (not intermixed with test programs):

264780][   T47] usb 4-1: Manufacturer: syz
[ 1154.274141][   T47] usb 4-1: SerialNumber: syz
[ 1154.293745][   T47] usb 4-1: config 0 descriptor??
[ 1154.316890][   T47] qmi_wwan 4-1:0.207: bogus CDC Union: master=0, slave=1
[ 1154.472385][T18703] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1154.700295][   T47] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[ 1154.711749][   T47] usb 4-1: USB disconnect, device number 32
[ 1156.882493][T18741] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1156.893996][T18741] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1157.444657][T18741] overlayfs: failed to look up (tracing) for ino (-66)
[ 1161.393873][T18785] netlink: 'syz.3.3879': attribute type 1 has an invalid length.
[ 1161.600242][T18785] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3879'.
[ 1162.006284][T18794] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1164.446704][ T5869] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1164.472023][T18828] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1164.606509][ T5869] usb 3-1: Using ep0 maxpacket: 8
[ 1164.655774][ T5869] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1164.672428][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.721269][ T5869] usb 3-1: Product: syz
[ 1164.725492][ T5869] usb 3-1: Manufacturer: syz
[ 1164.747090][ T5869] usb 3-1: SerialNumber: syz
[ 1164.757318][ T5869] usb 3-1: config 0 descriptor??
[ 1164.988239][ T5869] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1166.248945][ T5869] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1166.292706][ T5869] usb 3-1: USB disconnect, device number 34
[ 1167.327143][ T5869] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1167.521653][ T5869] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1167.545162][ T5869] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1167.564607][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.576622][ T5869] usb 2-1: config 0 descriptor??
[ 1167.794304][ T5869] pwc: Askey VC010 type 2 USB webcam detected.
[ 1168.875375][ T5869] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1168.927644][ T5869] pwc: recv_control_msg error -32 req 02 val 2700
[ 1168.981506][ T5869] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1169.012051][ T5869] pwc: recv_control_msg error -32 req 04 val 1000
[ 1169.034331][ T5869] pwc: recv_control_msg error -32 req 04 val 1300
[ 1169.252815][ T5869] pwc: recv_control_msg error -71 req 02 val 2000
[ 1169.272100][ T5869] pwc: recv_control_msg error -71 req 02 val 2100
[ 1169.289875][ T5869] pwc: recv_control_msg error -71 req 04 val 1500
[ 1169.304818][ T5869] pwc: recv_control_msg error -71 req 02 val 2500
[ 1169.305122][ T5869] pwc: recv_control_msg error -71 req 02 val 2400
[ 1169.305416][ T5869] pwc: recv_control_msg error -71 req 02 val 2600
[ 1169.305707][ T5869] pwc: recv_control_msg error -71 req 02 val 2900
[ 1169.306055][ T5869] pwc: recv_control_msg error -71 req 02 val 2800
[ 1169.306513][ T5869] pwc: recv_control_msg error -71 req 04 val 1100
[ 1169.307898][ T5869] pwc: recv_control_msg error -71 req 04 val 1200
[ 1169.309063][ T5869] pwc: Registered as video103.
[ 1169.310023][ T5869] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input39
[ 1169.313155][ T5869] usb 2-1: USB disconnect, device number 32
[ 1173.076243][T18943] veth1_macvtap: left promiscuous mode
[ 1174.218184][ T5869] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[ 1174.847707][ T5869] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1174.912538][ T5869] usb 4-1: not running at top speed; connect to a high speed hub
[ 1175.055240][ T5869] usb 4-1: config index 0 descriptor too short (expected 1316, got 36)
[ 1175.081200][ T5869] usb 4-1: config 2 has an invalid interface number: 226 but max is 0
[ 1175.090562][ T5869] usb 4-1: config 2 has no interface number 0
[ 1175.100389][ T5869] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 1175.148433][ T5869] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1175.377555][ T5924] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1175.415408][ T5869] usb 4-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[ 1175.448621][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.473374][ T5869] usb 4-1: Product: syz
[ 1175.489562][ T5869] usb 4-1: Manufacturer: syz
[ 1175.517830][ T5869] usb 4-1: SerialNumber: syz
[ 1175.886073][ T5869] usb 4-1: can't set config #2, error -71
[ 1175.927927][ T5869] usb 4-1: USB disconnect, device number 33
[ 1175.962597][ T5924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.975459][ T5924] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1176.023199][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.040231][T18960] evm: overlay not supported
[ 1176.222129][ T5924] usb 2-1: config 0 descriptor??
[ 1176.230289][ T5924] pwc: Askey VC010 type 2 USB webcam detected.
[ 1177.277996][ T5924] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1177.304505][ T5924] pwc: recv_control_msg error -32 req 02 val 2700
[ 1177.427050][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.434073][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.049499][ T5924] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1178.062376][ T5924] pwc: recv_control_msg error -32 req 04 val 1000
[ 1178.105767][ T5924] pwc: recv_control_msg error -32 req 04 val 1300
[ 1178.325207][ T5924] pwc: recv_control_msg error -71 req 02 val 2000
[ 1178.336659][ T5924] pwc: recv_control_msg error -71 req 02 val 2100
[ 1179.088386][ T5924] pwc: recv_control_msg error -71 req 04 val 1500
[ 1179.103069][ T5924] pwc: recv_control_msg error -71 req 02 val 2500
[ 1179.113459][ T5924] pwc: recv_control_msg error -71 req 02 val 2400
[ 1179.120493][ T5924] pwc: recv_control_msg error -71 req 02 val 2600
[ 1179.127511][ T5924] pwc: recv_control_msg error -71 req 02 val 2900
[ 1179.134242][ T5924] pwc: recv_control_msg error -71 req 02 val 2800
[ 1179.147697][ T5924] pwc: recv_control_msg error -71 req 04 val 1100
[ 1179.154534][ T5924] pwc: recv_control_msg error -71 req 04 val 1200
[ 1179.169574][ T5924] pwc: Registered as video103.
[ 1179.175307][ T5924] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input40
[ 1179.230395][ T5924] usb 2-1: USB disconnect, device number 33
[ 1179.961469][T18997] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3953'.
[ 1184.066631][T19030] kvm: kvm [19027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x2fe
[ 1184.095242][T19030] kvm: kvm [19027]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xaff
[ 1184.137459][T19038] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3967'.
[ 1186.317872][T19052] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1187.677575][T18931] warn_alloc: 3 callbacks suppressed
[ 1187.677588][T18931] syz.6.3933: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1187.826459][T18931] CPU: 1 UID: 0 PID: 18931 Comm: syz.6.3933 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[ 1187.826486][T18931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1187.826498][T18931] Call Trace:
[ 1187.826505][T18931]  <TASK>
[ 1187.826513][T18931]  dump_stack_lvl+0x241/0x360
[ 1187.826541][T18931]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1187.826560][T18931]  ? __pfx__printk+0x10/0x10
[ 1187.826593][T18931]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[ 1187.826616][T18931]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[ 1187.826641][T18931]  warn_alloc+0x278/0x410
[ 1187.826671][T18931]  ? __pfx_warn_alloc+0x10/0x10
[ 1187.826700][T18931]  ? hash_ipport_create+0x801/0x1670
[ 1187.826721][T18931]  ? __get_vm_area_node+0x1c8/0x2d0
[ 1187.826739][T18931]  ? __get_vm_area_node+0x25c/0x2d0
[ 1187.826765][T18931]  __vmalloc_node_range_noprof+0x62f/0x1380
[ 1187.826803][T18931]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1187.826820][T18931]  ? hash_ipport_create+0x801/0x1670
[ 1187.826834][T18931]  ? __get_vm_area_node+0x1c8/0x2d0
[ 1187.826848][T18931]  ? __get_vm_area_node+0x25c/0x2d0
[ 1187.826865][T18931]  __vmalloc_node_range_noprof+0x53a/0x1380
[ 1187.826881][T18931]  ? hash_ipport_create+0x801/0x1670
[ 1187.826911][T18931]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1187.826927][T18931]  ? rcu_is_watching+0x15/0xb0
[ 1187.826941][T18931]  ? trace_kmalloc+0x1f/0xd0
[ 1187.826952][T18931]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[ 1187.826965][T18931]  ? __kvmalloc_node_noprof+0x72/0x190
[ 1187.826982][T18931]  __kvmalloc_node_noprof+0x142/0x190
[ 1187.826997][T18931]  ? hash_ipport_create+0x801/0x1670
[ 1187.827012][T18931]  hash_ipport_create+0x801/0x1670
[ 1187.827028][T18931]  ? __pfx_lock_acquire+0x10/0x10
[ 1187.827052][T18931]  ? __pfx_hash_ipport_create+0x10/0x10
[ 1187.827068][T18931]  ? __nla_parse+0x40/0x60
[ 1187.827083][T18931]  ? __pfx_hash_ipport_create+0x10/0x10
[ 1187.827097][T18931]  ip_set_create+0xa78/0x1960
[ 1187.827119][T18931]  ? ip_set_create+0x48a/0x1960
[ 1187.827141][T18931]  ? __pfx_ip_set_create+0x10/0x10
[ 1187.827179][T18931]  ? nfnetlink_rcv_msg+0x225/0x1180
[ 1187.827200][T18931]  nfnetlink_rcv_msg+0xbec/0x1180
[ 1187.827219][T18931]  ? nfnetlink_rcv_msg+0x225/0x1180
[ 1187.827252][T18931]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1187.827270][T18931]  ? stack_trace_save+0x118/0x1d0
[ 1187.827299][T18931]  ? dev_hard_start_xmit+0x27a/0x7d0
[ 1187.827313][T18931]  ? __dev_queue_xmit+0x1b73/0x3f50
[ 1187.827327][T18931]  ? __netlink_deliver_tap+0x561/0x7f0
[ 1187.827342][T18931]  ? netlink_deliver_tap+0x19d/0x1b0
[ 1187.827357][T18931]  ? netlink_unicast+0x7c4/0x990
[ 1187.827369][T18931]  ? netlink_sendmsg+0x8de/0xcb0
[ 1187.827383][T18931]  ? __sock_sendmsg+0x221/0x270
[ 1187.827400][T18931]  ? ____sys_sendmsg+0x53a/0x860
[ 1187.827413][T18931]  ? __sys_sendmsg+0x269/0x350
[ 1187.827440][T18931]  netlink_rcv_skb+0x206/0x480
[ 1187.827457][T18931]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1187.827478][T18931]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1187.827502][T18931]  ? safesetid_security_capable+0xb2/0x1d0
[ 1187.827524][T18931]  ? bpf_lsm_capable+0x9/0x10
[ 1187.827543][T18931]  ? security_capable+0x7e/0x2d0
[ 1187.827561][T18931]  nfnetlink_rcv+0x297/0x2ab0
[ 1187.827584][T18931]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1187.827603][T18931]  ? __dev_queue_xmit+0x2f4/0x3f50
[ 1187.827618][T18931]  ? __dev_queue_xmit+0x1775/0x3f50
[ 1187.827633][T18931]  ? kasan_save_track+0x51/0x80
[ 1187.827653][T18931]  ? ____sys_sendmsg+0x53a/0x860
[ 1187.827669][T18931]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1187.827688][T18931]  ? __dev_queue_xmit+0x2f4/0x3f50
[ 1187.827705][T18931]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1187.827730][T18931]  ? ref_tracker_free+0x643/0x7e0
[ 1187.827747][T18931]  ? __asan_memcpy+0x40/0x70
[ 1187.827770][T18931]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1187.827787][T18931]  ? __skb_clone+0x5c/0x6c0
[ 1187.827821][T18931]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1187.827843][T18931]  ? skb_clone+0x240/0x390
[ 1187.827857][T18931]  ? __pfx_lock_release+0x10/0x10
[ 1187.827876][T18931]  ? __netlink_deliver_tap+0x7b0/0x7f0
[ 1187.827898][T18931]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1187.827915][T18931]  netlink_unicast+0x7f6/0x990
[ 1187.827934][T18931]  ? __pfx_netlink_unicast+0x10/0x10
[ 1187.827946][T18931]  ? __virt_addr_valid+0x45f/0x530
[ 1187.827966][T18931]  ? __phys_addr_symbol+0x2f/0x70
[ 1187.827986][T18931]  ? __check_object_size+0x47a/0x730
[ 1187.828010][T18931]  netlink_sendmsg+0x8de/0xcb0
[ 1187.828033][T18931]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1187.828058][T18931]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1187.828073][T18931]  __sock_sendmsg+0x221/0x270
[ 1187.828092][T18931]  ____sys_sendmsg+0x53a/0x860
[ 1187.828111][T18931]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1187.828124][T18931]  ? __fget_files+0x2a/0x410
[ 1187.828140][T18931]  ? __fget_files+0x2a/0x410
[ 1187.828159][T18931]  __sys_sendmsg+0x269/0x350
[ 1187.828173][T18931]  ? __pfx_futex_wake+0x10/0x10
[ 1187.828194][T18931]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1187.828214][T18931]  ? bpf_raw_tracepoint_open+0x1ab/0x1f0
[ 1187.828269][T18931]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1187.828290][T18931]  ? do_syscall_64+0x100/0x230
[ 1187.828315][T18931]  ? do_syscall_64+0xb6/0x230
[ 1187.828338][T18931]  do_syscall_64+0xf3/0x230
[ 1187.828360][T18931]  ? clear_bhb_loop+0x35/0x90
[ 1187.828382][T18931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.828401][T18931] RIP: 0033:0x7f4226b8d169
[ 1187.828413][T18931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.828430][T18931] RSP: 002b:00007f42249d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1187.828446][T18931] RAX: ffffffffffffffda RBX: 00007f4226da6080 RCX: 00007f4226b8d169
[ 1187.828457][T18931] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000005
[ 1187.828466][T18931] RBP: 00007f4226c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 1187.828475][T18931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1187.828483][T18931] R13: 0000000000000000 R14: 00007f4226da6080 R15: 00007fffd552c3a8
[ 1187.828503][T18931]  </TASK>
[ 1187.845811][T19071] vlan2: entered promiscuous mode
[ 1188.445021][T18931] Mem-Info:
[ 1188.498985][T18931] active_anon:14 inactive_anon:5955 isolated_anon:0
[ 1188.498985][T18931]  active_file:3329 inactive_file:10389 isolated_file:0
[ 1188.498985][T18931]  unevictable:768 dirty:252 writeback:0
[ 1188.498985][T18931]  slab_reclaimable:10792 slab_unreclaimable:102704
[ 1188.498985][T18931]  mapped:31115 shmem:1471 pagetables:1030
[ 1188.498985][T18931]  sec_pagetables:0 bounce:0
[ 1188.498985][T18931]  kernel_misc_reclaimable:0
[ 1188.498985][T18931]  free:1319046 free_pcp:563 free_cma:0
[ 1188.516722][T19071] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[ 1188.556047][T18931] Node 0 active_anon:56kB inactive_anon:23820kB active_file:13176kB inactive_file:41548kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126372kB dirty:1008kB writeback:0kB shmem:4348kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11068kB pagetables:4120kB sec_pagetables:0kB all_unreclaimable? no
[ 1188.778768][T19071] vlan2: entered allmulticast mode
[ 1188.784410][T18931] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1188.825644][T19071] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1188.992821][T18931] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1189.103667][T18931] lowmem_reserve[]: 0 2490 2490 2490 2490
[ 1189.144429][T18931] Node 0 DMA32 free:1330712kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:52kB inactive_anon:25268kB active_file:12920kB inactive_file:41528kB unevictable:1536kB writepending:1072kB present:3129332kB managed:2550312kB mlocked:0kB bounce:0kB free_pcp:3704kB local_pcp:1016kB free_cma:0kB
[ 1189.195700][T18931] lowmem_reserve[]: 0 0 0 0 0
[ 1189.305579][T18931] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:56kB active_file:276kB inactive_file:8kB unevictable:0kB writepending:0kB present:1048580kB managed:368kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB
[ 1189.489892][T18931] lowmem_reserve[]: 0 0 0 0 0
[ 1189.494639][T18931] Node 1 Normal free:3907196kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:8kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1189.575460][T18931] lowmem_reserve[]: 0 0 0 0 0
[ 1189.630247][T18931] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1189.722001][T18931] Node 0 DMA32: 31*4kB (ME) 995*8kB (UME) 674*16kB (UME) 578*32kB (ME) 239*64kB (ME) 218*128kB (UME) 115*256kB (UME) 184*512kB (UME) 73*1024kB (UME) 26*2048kB (UM) 239*4096kB (UM) = 1311156kB
[ 1189.828391][T18931] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1189.857457][T15315] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1189.894841][T15315] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1189.906739][T18931] Node 1 Normal: 223*4kB (UME) 82*8kB (UME) 57*16kB (UME) 213*32kB (UME) 93*64kB (UME) 26*128kB (UME) 10*256kB (UME) 12*512kB (UM) 7*1024kB (UME) 5*2048kB (UME) 943*4096kB (M) = 3907196kB
[ 1189.925656][T15315] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1189.938241][T18931] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1189.957325][T15315] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1189.967566][T18931] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1189.977388][T15315] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1189.997009][T18931] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1190.006935][T15315] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1190.078950][T18931] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1190.171679][T18931] 15191 total pagecache pages
[ 1190.194611][T18931] 0 pages in swap cache
[ 1190.231717][T18931] Free swap  = 124860kB
[ 1190.398164][T18931] Total swap = 124996kB
[ 1190.429657][T18931] 2097051 pages RAM
[ 1190.433487][T18931] 0 pages HighMem/MovableOnly
[ 1191.131220][T18931] 427749 pages reserved
[ 1191.135398][T18931] 0 pages cma reserved
[ 1192.407224][T15315] Bluetooth: hci3: command tx timeout
[ 1192.534108][T19086] chnl_net:caif_netlink_parms(): no params data found
[ 1192.954524][T19086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1193.002624][T19086] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1193.038428][T19086] bridge_slave_0: entered allmulticast mode
[ 1193.064717][T19086] bridge_slave_0: entered promiscuous mode
[ 1193.094779][T19086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1193.126971][T19086] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1193.153507][T19086] bridge_slave_1: entered allmulticast mode
[ 1193.175121][T19086] bridge_slave_1: entered promiscuous mode
[ 1194.273910][T19086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1194.516659][ T5825] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1194.525206][T19086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1194.536451][T15315] Bluetooth: hci3: command tx timeout
[ 1194.808711][ T5825] usb 3-1: Using ep0 maxpacket: 8
[ 1194.821031][T19086] team0: Port device team_slave_0 added
[ 1194.850986][ T5825] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1194.984046][T19086] team0: Port device team_slave_1 added
[ 1195.011702][ T5825] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1195.070153][ T5825] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1195.700413][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.627125][T15315] Bluetooth: hci3: command tx timeout
[ 1197.003999][T19086] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1197.162246][T19086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1197.216475][T19086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1197.541535][T18931] syz_tun (unregistering): left allmulticast mode
[ 1198.349360][T19086] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1198.391749][T19086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1198.418076][T19086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1198.431297][ T5870] usb 3-1: USB disconnect, device number 35
[ 1198.559267][T19086] hsr_slave_0: entered promiscuous mode
[ 1198.638321][T19183] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1198.652324][T19183] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1198.658560][T19086] hsr_slave_1: entered promiscuous mode
[ 1198.728934][T19086] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1198.750584][T19086] Cannot create hsr debugfs directory
[ 1198.787818][T15315] Bluetooth: hci3: command tx timeout
[ 1200.512067][T19086] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1201.112707][T19086] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1201.159087][T19086] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1201.160136][T19203] netlink: 'syz.3.4018': attribute type 1 has an invalid length.
[ 1201.206836][T19086] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1202.337350][T19086] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1202.963096][T19086] 8021q: adding VLAN 0 to HW filter on device team0
[ 1203.033123][ T6039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1203.040242][ T6039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1203.185375][ T6039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1203.192528][ T6039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1203.699185][T19086] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1204.000779][T19086] veth0_vlan: entered promiscuous mode
[ 1204.017798][T19086] veth1_vlan: entered promiscuous mode
[ 1204.062965][T19086] veth0_macvtap: entered promiscuous mode
[ 1204.086404][ T5870] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1204.098176][T19086] veth1_macvtap: entered promiscuous mode
[ 1204.127490][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.144510][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.374391][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.385843][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.396953][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.407485][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.419668][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.430292][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.440438][ T5870] usb 3-1: Using ep0 maxpacket: 16
[ 1204.445864][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.457619][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.468444][ T5870] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1204.478242][ T5870] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[ 1204.489128][T19086] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1204.498339][ T5870] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[ 1204.508887][ T5870] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1204.520316][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.538462][ T5870] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[ 1204.548484][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.558738][ T5870] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1204.565382][ T5870] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1204.574668][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.585208][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.615438][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.625575][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.666959][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.683756][ T5870] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[ 1204.706041][T19086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.756514][T19086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.787484][T19086] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1204.816943][T19086] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.825842][T19086] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.834691][T19086] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.850763][T19086] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.907169][ T5870] scsi host1: usb-storage 3-1:1.0
[ 1204.945939][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1204.972351][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1205.002271][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1205.011888][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1205.127053][ T5825] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1205.143964][   T47] usb 3-1: USB disconnect, device number 36
[ 1205.299116][ T5825] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1205.319237][ T5825] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1205.336707][ T5825] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1205.358123][ T5825] usb 2-1: config 0 descriptor??
[ 1205.359635][T19269] infiniband syz1: set active
[ 1205.368082][T19269] infiniband syz1: added team_slave_0
[ 1205.380406][ T5825] pwc: Askey VC010 type 2 USB webcam detected.
[ 1205.395560][T19269] RDS/IB: syz1: added
[ 1205.399918][T19269] smc: adding ib device syz1 with port count 1
[ 1205.406176][T19269] smc:    ib device syz1 port 1 has pnetid 
[ 1205.783321][ T5825] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1205.803071][ T5825] pwc: recv_control_msg error -32 req 02 val 2700
[ 1205.823677][ T5825] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1205.843961][ T5825] pwc: recv_control_msg error -32 req 04 val 1000
[ 1205.863833][ T5825] pwc: recv_control_msg error -32 req 04 val 1300
[ 1206.083117][ T5825] pwc: recv_control_msg error -71 req 02 val 2000
[ 1206.092741][ T5825] pwc: recv_control_msg error -71 req 02 val 2100
[ 1206.110383][ T5825] pwc: recv_control_msg error -71 req 04 val 1500
[ 1206.125270][ T5825] pwc: recv_control_msg error -71 req 02 val 2500
[ 1206.149989][ T5825] pwc: recv_control_msg error -71 req 02 val 2400
[ 1206.183161][ T5825] pwc: recv_control_msg error -71 req 02 val 2600
[ 1206.207413][ T5825] pwc: recv_control_msg error -71 req 02 val 2900
[ 1206.246377][ T5825] pwc: recv_control_msg error -71 req 02 val 2800
[ 1206.258411][ T5825] pwc: recv_control_msg error -71 req 04 val 1100
[ 1206.283389][ T5825] pwc: recv_control_msg error -71 req 04 val 1200
[ 1206.297620][ T5825] pwc: Registered as video103.
[ 1206.304276][ T5825] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input41
[ 1206.345178][ T5825] usb 2-1: USB disconnect, device number 34
[ 1207.537928][T19304] input: syz0 as /devices/virtual/input/input42
[ 1214.877427][T19394] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1214.893192][T19394] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1218.806603][T19266] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1219.469722][T19266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1219.503807][T19266] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1219.538191][T19266] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1219.560967][T19266] usb 4-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[ 1219.713737][T19266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1219.727162][T19266] usb 4-1: config 0 descriptor??
[ 1219.834134][T19467] 9pnet_fd: p9_fd_create_tcp (19467): problem connecting socket to 127.0.0.1
[ 1220.783019][T19471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4096'.
[ 1220.803630][T19471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4096'.
[ 1220.917947][T19266] hid-multitouch 0003:0EEF:72C4.001E: unknown main item tag 0x4
[ 1220.958967][T19266] hid-multitouch 0003:0EEF:72C4.001E: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.3-1/input0
[ 1223.506637][ T5899] usb 4-1: USB disconnect, device number 34
[ 1225.416373][ T5899] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[ 1225.570302][ T5899] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1225.610062][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.632735][ T5899] usb 3-1: Product: syz
[ 1225.642850][ T5899] usb 3-1: Manufacturer: syz
[ 1225.647528][ T5899] usb 3-1: SerialNumber: syz
[ 1225.661093][ T5899] usb 3-1: config 0 descriptor??
[ 1226.773797][ T5899] airspy 3-1:0.0: usb_control_msg() failed -110 request 09
[ 1227.056375][ T5899] airspy 3-1:0.0: Could not detect board
[ 1227.089060][ T5899] airspy 3-1:0.0: probe with driver airspy failed with error -110
[ 1227.287918][T19536] input: syz0 as /devices/virtual/input/input43
[ 1228.404037][ T5868] usb 3-1: USB disconnect, device number 37
[ 1230.197207][ T5825] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1230.596422][ T5825] usb 2-1: Using ep0 maxpacket: 32
[ 1230.613840][ T5825] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[ 1230.640759][T19580] input: syz0 as /devices/virtual/input/input44
[ 1230.649679][ T5825] usb 2-1: config 0 has no interface number 0
[ 1230.664862][ T5825] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1230.674948][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1230.683264][ T5825] usb 2-1: Product: syz
[ 1230.687851][ T5825] usb 2-1: Manufacturer: syz
[ 1230.692571][ T5825] usb 2-1: SerialNumber: syz
[ 1230.715292][ T5825] usb 2-1: config 0 descriptor??
[ 1231.190646][ T5825] usb 2-1: USB disconnect, device number 35
[ 1233.395546][T19619] input: syz0 as /devices/virtual/input/input45
[ 1234.260902][T15315] Bluetooth: hci1: ACL packet for unknown connection handle 200
[ 1235.698150][T19644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4154'.
[ 1238.827045][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.833618][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1240.856577][   T47] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1240.861163][T19688] Bluetooth: hci0: command 0x0406 tx timeout
[ 1241.446834][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1241.508881][   T47] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1241.518040][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1241.529395][   T47] usb 3-1: config 0 descriptor??
[ 1241.548635][   T47] pwc: Askey VC010 type 2 USB webcam detected.
[ 1242.100439][   T47] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1242.646606][T19724] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4176'.
[ 1242.655572][T19724] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4176'.
[ 1242.671961][T19724] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4176'.
[ 1242.684670][   T47] pwc: recv_control_msg error -32 req 02 val 2700
[ 1242.692332][   T47] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1242.699338][   T47] pwc: recv_control_msg error -32 req 04 val 1000
[ 1242.709719][   T47] pwc: recv_control_msg error -32 req 04 val 1300
[ 1242.983655][   T47] pwc: recv_control_msg error -71 req 02 val 2000
[ 1243.077588][   T47] pwc: recv_control_msg error -71 req 02 val 2100
[ 1243.106376][   T47] pwc: recv_control_msg error -71 req 04 val 1500
[ 1243.125180][   T47] pwc: recv_control_msg error -71 req 02 val 2500
[ 1243.147031][   T47] pwc: recv_control_msg error -71 req 02 val 2400
[ 1243.181849][   T47] pwc: recv_control_msg error -71 req 02 val 2600
[ 1243.218445][   T47] pwc: recv_control_msg error -71 req 02 val 2900
[ 1243.254413][   T47] pwc: recv_control_msg error -71 req 02 val 2800
[ 1243.306220][   T47] pwc: recv_control_msg error -71 req 04 val 1100
[ 1243.326413][   T47] pwc: recv_control_msg error -71 req 04 val 1200
[ 1243.490303][   T47] pwc: Registered as video103.
[ 1243.522446][   T47] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input46
[ 1243.573049][   T47] usb 3-1: USB disconnect, device number 38
[ 1243.641937][T19746] loop8: detected capacity change from 0 to 2
[ 1243.669711][T19746] Dev loop8: unable to read RDB block 2
[ 1243.675336][T19746]  loop8: unable to read partition table
[ 1243.686804][T19746] loop8: partition table beyond EOD, truncated
[ 1243.693001][T19746] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1246.017595][T19688] Bluetooth: hci5: sending frame failed (-49)
[ 1246.046686][T15315] Bluetooth: hci5: Opcode 0x1003 failed: -49
[ 1247.500064][T19794] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1249.381881][T19801] loop8: detected capacity change from 0 to 2
[ 1249.510145][T19801] Dev loop8: unable to read RDB block 2
[ 1249.515801][T19801]  loop8: unable to read partition table
[ 1249.566692][T19801] loop8: partition table beyond EOD, truncated
[ 1249.614297][T19801] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1252.837639][ T5924] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1253.108074][T15315] Bluetooth: hci2: unexpected event for opcode 0x0000
[ 1253.254695][T19837] syz1: rxe_newlink: already configured on team_slave_0
[ 1253.837220][ T5924] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[ 1253.866401][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1253.902892][ T5924] usb 3-1: config 0 descriptor??
[ 1254.211296][T19841] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1254.609514][T19841] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1254.816793][ T5924] usb 3-1: Cannot read MAC address
[ 1254.822069][ T5924] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[ 1254.861813][T19850] "syz.3.4215" (19850) uses obsolete ecb(arc4) skcipher
[ 1256.326850][ T5924] usb 3-1: USB disconnect, device number 39
[ 1257.260630][T15315] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1257.269515][T15315] Bluetooth: hci2: Injecting HCI hardware error event
[ 1257.281647][T15315] Bluetooth: hci2: hardware error 0x00
[ 1257.607889][T19866] loop8: detected capacity change from 0 to 2
[ 1257.648625][T19866] Dev loop8: unable to read RDB block 2
[ 1257.679416][T19866]  loop8: unable to read partition table
[ 1257.701830][T19866] loop8: partition table beyond EOD, truncated
[ 1257.733755][T19866] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1258.964789][T19883] overlayfs: failed to resolve './bus': -2
[ 1259.299515][T19887] overlayfs: missing 'lowerdir'
[ 1259.416790][T15315] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1263.102108][T19921] overlayfs: missing 'lowerdir'
[ 1264.204925][T19927] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1264.216888][T19927] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1264.250427][T19927] overlayfs: failed to look up (tracing) for ino (-66)
[ 1264.257470][ T5870] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 1264.426406][ T5870] usb 4-1: Using ep0 maxpacket: 32
[ 1264.438566][ T5870] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1264.449005][ T5870] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1264.491708][ T5870] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1264.505280][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.527274][ T5870] usb 4-1: config 0 descriptor??
[ 1264.554018][ T5870] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1264.560168][ T5870] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1264.580443][ T5870] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1264.826591][ T5868] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[ 1265.011837][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1265.046563][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1265.088212][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1265.101791][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1265.115021][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1265.135449][ T5868] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1265.144763][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1265.160057][ T5868] usb 2-1: Product: syz
[ 1265.164254][ T5868] usb 2-1: Manufacturer: syz
[ 1265.175048][ T5868] usb 2-1: SerialNumber: syz
[ 1265.328480][ T5868] usb 2-1: config 0 descriptor??
[ 1265.546442][ T5868] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1265.556611][ T5868] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1265.662089][T19955] kvm: kvm [19954]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x997
[ 1265.688550][T19955] kvm: kvm [19954]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2dd
[ 1265.770377][ T5868] radio-si470x 2-1:0.0: software version 0, hardware version 0
[ 1265.785730][ T5868] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[ 1265.928578][T19964] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1265.946946][T19964] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1265.970782][ T5868] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 1266.384628][ T5868] radio-si470x 2-1:0.0: submitting int urb failed (-90)
[ 1266.566791][ T5870] usb 4-1: USB disconnect, device number 35
[ 1267.039145][ T5868] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 1267.110668][ T5868] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[ 1267.134998][ T5868] usb 2-1: USB disconnect, device number 36
[ 1270.208260][ T5868] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1270.400517][ T5868] usb 3-1: Using ep0 maxpacket: 32
[ 1270.410657][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1270.427849][ T5868] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1270.481908][ T5868] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1270.493327][T20008] kvm: kvm [20006]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x997
[ 1270.516623][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1270.533467][ T5868] usb 3-1: config 0 descriptor??
[ 1270.540980][T20008] kvm: kvm [20006]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2dd
[ 1270.561115][ T5868] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1270.571811][ T5868] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1270.594746][ T5868] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1272.636990][ T5868] usb 3-1: USB disconnect, device number 40
[ 1272.879863][T20035] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1284.736396][ T5868] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[ 1284.941044][ T5868] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[ 1284.979245][ T5868] usb 4-1: config 0 has no interface number 0
[ 1285.042040][ T5868] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[ 1285.061723][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1285.082365][ T5868] usb 4-1: Product: syz
[ 1285.268444][T20185] overlayfs: missing 'workdir'
[ 1285.788382][ T5868] usb 4-1: Manufacturer: syz
[ 1285.800431][ T5868] usb 4-1: SerialNumber: syz
[ 1285.909437][ T5868] usb 4-1: config 0 descriptor??
[ 1285.944986][ T5868] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[ 1286.199636][T16558] usb 4-1: USB disconnect, device number 36
[ 1286.596372][   T47] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1287.655066][   T47] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1287.664045][   T47] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1287.674388][   T47] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1287.900567][   T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1287.912047][   T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1287.925466][   T47] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1287.938929][   T47] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1287.947012][   T47] usb 2-1: Product: syz
[ 1287.956287][   T47] usb 2-1: Manufacturer: syz
[ 1287.993280][   T47] cdc_wdm 2-1:1.0: skipping garbage
[ 1288.026464][   T47] cdc_wdm 2-1:1.0: skipping garbage
[ 1288.077660][   T47] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1288.103879][   T47] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1288.138638][T20222] overlayfs: missing 'lowerdir'
[ 1288.266024][   T47] usb 2-1: USB disconnect, device number 37
[ 1289.392908][ T5868] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1290.259761][ T5868] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1290.296667][ T5868] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1290.316601][ T5868] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1290.334902][ T5868] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1290.363077][ T5868] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1290.400438][ T5868] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1290.443481][ T5868] usb 8-1: config 0 descriptor??
[ 1290.469068][T20230] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1290.881462][   T47] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1291.145617][   T47] usb 3-1: config index 0 descriptor too short (expected 65026, got 72)
[ 1291.270034][   T47] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1291.489372][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1291.516354][   T47] usb 3-1: Product: syz
[ 1291.526924][   T47] usb 3-1: Manufacturer: syz
[ 1291.540364][   T47] usb 3-1: SerialNumber: syz
[ 1291.641599][   T47] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1291.748250][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1291.755683][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1292.423614][T19266] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1292.564086][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1292.576318][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1292.583747][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1292.606299][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.197923][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.205361][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.218619][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.226033][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.244225][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.270507][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1293.309782][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1294.049911][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1294.061217][ T5868] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 1294.091149][ T5868] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving
[ 1294.210122][ T5868] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[ 1294.289242][ T5868] usb 8-1: USB disconnect, device number 2
[ 1294.437484][T19266] usb 3-1: Service connection timeout for: 256
[ 1294.458705][T19266] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1294.496345][ T5924] usb 3-1: USB disconnect, device number 41
[ 1294.511764][T19266] ath9k_htc: Failed to initialize the device
[ 1294.519113][ T5924] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1296.024312][T20302] kernel read not supported for file /file1 (pid: 20302 comm: syz.1.4369)
[ 1296.107931][   T30] audit: type=1800 audit(1742701049.610:259): pid=20302 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.4369" name="file1" dev="mqueue" ino=83508 res=0 errno=0
[ 1296.166564][   T47] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 1296.366630][   T47] usb 4-1: Using ep0 maxpacket: 16
[ 1296.412038][   T47] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1296.449393][   T47] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1296.461610][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1296.508543][   T47] usb 4-1: config 0 descriptor??
[ 1296.526993][   T47] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input47
[ 1296.722194][ T5183] bcm5974 4-1:0.0: could not read from device
[ 1296.739944][ T5183] bcm5974 4-1:0.0: could not read from device
[ 1296.746307][   T47] usb 4-1: USB disconnect, device number 37
[ 1298.048223][T20319] Process accounting resumed
[ 1298.510313][T20340] loop8: detected capacity change from 0 to 2
[ 1298.587663][T20340] Dev loop8: unable to read RDB block 2
[ 1298.593316][T20340]  loop8: unable to read partition table
[ 1298.646174][T20340] loop8: partition table beyond EOD, truncated
[ 1298.715632][T20340] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1298.842270][T20345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4385'.
[ 1298.876600][T20345] netlink: 200 bytes leftover after parsing attributes in process `syz.3.4385'.
[ 1299.060293][T20348] "syz.1.4384" (20348) uses obsolete ecb(arc4) skcipher
[ 1300.269712][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.276690][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1302.152830][T20388] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4397'.
[ 1302.184395][T20388] netlink: 200 bytes leftover after parsing attributes in process `syz.7.4397'.
[ 1305.680037][T20429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4412'.
[ 1305.849376][T20429] netlink: 200 bytes leftover after parsing attributes in process `syz.0.4412'.
[ 1308.027398][ T5868] usb 2-1: new full-speed USB device number 38 using dummy_hcd
[ 1308.499195][ T5868] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1308.510356][ T5868] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1308.541560][ T5868] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1308.563753][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1308.614543][ T5868] usb 2-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.00
[ 1308.647461][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1308.676824][ T5868] usb 2-1: config 0 descriptor??
[ 1309.116627][ T5868] apple 0003:05AC:0241.0020: item fetching failed at offset 0/2
[ 1309.138734][ T5868] apple 0003:05AC:0241.0020: parse failed
[ 1309.144640][ T5868] apple 0003:05AC:0241.0020: probe with driver apple failed with error -22
[ 1309.753570][ T5869] usb 2-1: USB disconnect, device number 38
[ 1311.257493][T20471] ubi31: attaching mtd0
[ 1311.268959][T20471] ubi31: scanning is finished
[ 1311.273775][T20471] ubi31: empty MTD device detected
[ 1312.112881][T20471] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[ 1312.238268][T20476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4426'.
[ 1312.266490][T20476] netlink: 200 bytes leftover after parsing attributes in process `syz.3.4426'.
[ 1312.460126][T15315] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1312.776733][T15315] Bluetooth: hci3: command 0x0406 tx timeout
[ 1313.950160][T20503] CUSE: unknown device info "ÿ
"
[ 1313.955170][T20503] CUSE: zero length info key specified
[ 1314.468066][T19266] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1314.636398][T19266] usb 2-1: Using ep0 maxpacket: 32
[ 1314.662817][T19266] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[ 1314.686482][T19266] usb 2-1: config 0 has no interface number 0
[ 1314.702891][T19266] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1314.726380][T19266] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[ 1314.755014][T19266] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1314.785595][T19266] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1314.805825][T19266] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1314.835079][T19266] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[ 1314.854467][T19266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1314.877449][T19266] usb 2-1: Product: syz
[ 1314.891834][T19266] usb 2-1: Manufacturer: syz
[ 1314.896684][T19266] usb 2-1: SerialNumber: syz
[ 1314.917274][T19266] usb 2-1: config 0 descriptor??
[ 1314.927603][T20508] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1315.151621][T19266] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[ 1315.366343][T19266] etas_es58x 2-1:0.219: could not retrieve the product info string
[ 1315.418224][T20526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4441'.
[ 1315.459483][T19266] usb 2-1: USB disconnect, device number 39
[ 1315.480250][T19266] etas_es58x 2-1:0.219: Disconnecting syz syz
[ 1315.646434][T20526] netlink: 200 bytes leftover after parsing attributes in process `syz.0.4441'.
[ 1318.373551][T20553] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1318.384710][T20553] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1318.405083][T20553] overlayfs: failed to look up (tracing) for ino (-66)
[ 1318.568125][T20558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4454'.
[ 1318.597474][T20558] netlink: 200 bytes leftover after parsing attributes in process `syz.2.4454'.
[ 1320.948629][T20585] vivid-007: =================  START STATUS  =================
[ 1320.970644][T20585] vivid-007: Enable Output Cropping: true
[ 1320.976551][T20585] vivid-007: Enable Output Composing: true
[ 1320.982526][T20585] vivid-007: Enable Output Scaler: true
[ 1320.996293][T20585] vivid-007: Tx RGB Quantization Range: Automatic
[ 1321.010175][T20585] vivid-007: Transmit Mode: HDMI
[ 1321.058775][T20585] vivid-007: Hotplug Present: 0x00000000
[ 1321.064480][T20585] vivid-007: RxSense Present: 0x00000000
[ 1321.089555][T20585] vivid-007: EDID Present: 0x00000000
[ 1321.238264][T20585] vivid-007: ==================  END STATUS  ==================
[ 1321.602151][T20601] openvswitch: netlink: IPv4 tun info is not correct
[ 1322.383119][ T5868] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1322.637245][ T5868] usb 3-1: Using ep0 maxpacket: 8
[ 1322.670629][ T5868] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1322.777092][ T5868] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1322.802233][ T5868] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1322.822475][ T5868] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1322.832943][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1322.861584][ T5868] usb 3-1: Product: syz
[ 1322.867898][T20608] input: syz0 as /devices/virtual/input/input48
[ 1322.875636][ T5868] usb 3-1: Manufacturer: syz
[ 1322.885736][ T5868] usb 3-1: SerialNumber: syz
[ 1323.127737][ T5868] cdc_ncm 3-1:1.0: skipping garbage
[ 1323.137001][ T5868] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[ 1323.143824][ T5868] cdc_ncm 3-1:1.0: bind() failure
[ 1323.261132][ T5868] usb 3-1: USB disconnect, device number 42
[ 1325.760762][T20640] input: syz0 as /devices/virtual/input/input49
[ 1326.916975][T20658] vivid-007: =================  START STATUS  =================
[ 1326.924799][T20658] vivid-007: Enable Output Cropping: true
[ 1326.930648][T20658] vivid-007: Enable Output Composing: true
[ 1326.936559][T20658] vivid-007: Enable Output Scaler: true
[ 1326.942219][T20658] vivid-007: Tx RGB Quantization Range: Automatic
[ 1326.948766][T20658] vivid-007: Transmit Mode: HDMI
[ 1326.953780][T20658] vivid-007: Hotplug Present: 0x00000000
[ 1326.959537][T20658] vivid-007: RxSense Present: 0x00000000
[ 1326.965228][T20658] vivid-007: EDID Present: 0x00000000
[ 1326.970911][T20658] vivid-007: ==================  END STATUS  ==================
[ 1328.445234][T20680] "syz.2.4498" (20680) uses obsolete ecb(arc4) skcipher
[ 1328.839334][T20690] netlink: 'syz.7.4500': attribute type 1 has an invalid length.
[ 1328.847372][T20690] netlink: 224 bytes leftover after parsing attributes in process `syz.7.4500'.
[ 1329.906430][T16558] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1330.056330][T16558] usb 2-1: Using ep0 maxpacket: 8
[ 1330.094833][T16558] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1330.126443][T16558] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1330.166447][T16558] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1330.196607][T16558] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1330.234663][T16558] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1330.272488][T16558] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1330.284392][T16558] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.387433][T16558] usb 2-1: usb_control_msg returned -32
[ 1331.393052][T16558] usbtmc 2-1:16.0: can't read capabilities
[ 1331.422004][T16558] usb 2-1: USB disconnect, device number 40
[ 1332.269140][T20737] "syz.7.4516" (20737) uses obsolete ecb(arc4) skcipher
[ 1335.836398][ T5868] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1335.968276][T20777] netlink: 'syz.7.4527': attribute type 1 has an invalid length.
[ 1335.976148][T20777] netlink: 224 bytes leftover after parsing attributes in process `syz.7.4527'.
[ 1336.066317][ T5868] usb 4-1: Using ep0 maxpacket: 16
[ 1336.362814][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1336.419704][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1336.466547][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1336.509072][ T5868] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1336.545959][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1336.567390][ T5868] usb 4-1: config 0 descriptor??
[ 1337.881072][ T5868] HID 045e:07da: Invalid code 65791 type 1
[ 1337.930513][ T5868] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0021/input/input50
[ 1337.969189][ T5868] microsoft 0003:045E:07DA.0021: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[ 1338.257666][T19266] usb 4-1: USB disconnect, device number 38
[ 1340.739953][T20824] syz1: rxe_newlink: already configured on team_slave_0
[ 1345.216451][   T30] audit: type=1326 audit(1742701098.620:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20888 comm="syz.7.4569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1ebd8d169 code=0x7fc00000
[ 1345.238100][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1345.652420][ T5870] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[ 1347.088276][ T5870] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1347.176875][ T5870] usb 3-1: not running at top speed; connect to a high speed hub
[ 1347.210684][ T5870] usb 3-1: config 250 has an invalid interface number: 113 but max is 0
[ 1347.224696][ T5870] usb 3-1: config 250 has no interface number 0
[ 1347.235313][ T5870] usb 3-1: config 250 interface 113 has no altsetting 0
[ 1347.316608][T19266] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1347.489191][ T5870] usb 3-1: string descriptor 0 read error: -71
[ 1347.501909][ T5870] usb 3-1: New USB device found, idVendor=13d3, idProduct=afe9, bcdDevice=f2.81
[ 1347.927265][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1347.927826][T19266] usb 2-1: Using ep0 maxpacket: 32
[ 1347.944387][ T5870] usb 3-1: can't set config #250, error -71
[ 1347.978178][T19266] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[ 1347.991293][ T5870] usb 3-1: USB disconnect, device number 43
[ 1348.001440][T19266] usb 2-1: config 0 has no interface number 0
[ 1348.031771][T19266] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1348.055155][T19266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1348.094059][T19266] usb 2-1: Product: syz
[ 1348.103079][T19266] usb 2-1: Manufacturer: syz
[ 1348.113189][T19266] usb 2-1: SerialNumber: syz
[ 1348.159460][T19266] usb 2-1: config 0 descriptor??
[ 1348.353268][T20939] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1349.151683][T19266] usb 2-1: USB disconnect, device number 41
[ 1349.224343][T20948] ubi31: attaching mtd0
[ 1349.230474][T20948] ubi31: scanning is finished
[ 1349.480021][T20948] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1349.487843][T20948] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1349.495655][T20948] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1349.502813][T20948] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1349.510339][T20948] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1349.517232][T20948] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1349.525329][T20948] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2864489976
[ 1349.535445][T20948] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1349.547300][T20957] ubi31: background thread "ubi_bgt31d" started, PID 20957
[ 1349.892525][T20964] xt_hashlimit: max too large, truncated to 1048576
[ 1352.296664][T20987] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1353.442004][T21013] hub 9-0:1.0: USB hub found
[ 1353.449377][T21013] hub 9-0:1.0: 1 port detected
[ 1354.357039][T21022] netlink: zone id is out of range
[ 1354.451185][T21022] netlink: set zone limit has 8 unknown bytes
[ 1355.562822][T21042] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1356.542727][T21056] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1356.556119][T21056] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1356.805506][T21056] overlayfs: failed to look up (tracing) for ino (-66)
[ 1357.257033][ T5869] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1357.456180][ T5869] usb 4-1: config 0 has no interfaces?
[ 1357.487414][ T5869] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1357.496792][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.505093][ T5869] usb 4-1: Product: syz
[ 1357.509709][ T5869] usb 4-1: Manufacturer: syz
[ 1357.514596][ T5869] usb 4-1: SerialNumber: syz
[ 1357.523395][ T5869] usb 4-1: config 0 descriptor??
[ 1357.531713][T21074] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1357.564455][   T63] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1359.576772][   T55] Bluetooth: hci5: command 0x1003 tx timeout
[ 1359.583376][T15315] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1361.076003][   T47] usb 4-1: USB disconnect, device number 39
[ 1361.659302][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.665585][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.542634][T21129] openvswitch: netlink: IPv4 tun info is not correct
[ 1371.886415][ T5869] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1372.076290][ T5869] usb 4-1: Using ep0 maxpacket: 32
[ 1372.108519][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1372.442935][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1372.546277][ T5869] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1372.606293][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1372.658152][ T5869] usb 4-1: config 0 descriptor??
[ 1373.090371][ T5869] ft260 0003:0403:6030.0022: unknown main item tag 0x0
[ 1373.301256][ T5869] ft260 0003:0403:6030.0022: chip code: 0000 0000
[ 1373.503370][ T5869] ft260 0003:0403:6030.0022: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[ 1373.704057][ T5869] ft260 0003:0403:6030.0022: failed to retrieve status: -32, no wakeup
[ 1373.910201][ T5869] ft260 0003:0403:6030.0022: failed to retrieve status: -32
[ 1375.238764][T21254] netlink: 'syz.2.4673': attribute type 13 has an invalid length.
[ 1375.836407][ T5868] usb 4-1: USB disconnect, device number 40
[ 1380.213967][T21304] ubi: mtd0 is already attached to ubi31
[ 1380.580799][T21302] xt_hashlimit: size too large, truncated to 1048576
[ 1380.646561][T16558] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1380.817669][T16558] usb 8-1: Using ep0 maxpacket: 8
[ 1380.858701][T16558] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1380.902416][T16558] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.945684][T16558] usb 8-1: Product: syz
[ 1380.964437][T16558] usb 8-1: Manufacturer: syz
[ 1380.971454][T16558] usb 8-1: SerialNumber: syz
[ 1381.028391][T16558] usb 8-1: config 0 descriptor??
[ 1381.254167][T16558] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1381.776374][ T5868] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1382.139595][ T5868] usb 4-1: Using ep0 maxpacket: 32
[ 1382.146816][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1382.160017][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1382.171688][ T5868] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1382.181260][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1382.192771][ T5868] usb 4-1: config 0 descriptor??
[ 1383.104423][T21342] ubi: mtd0 is already attached to ubi31
[ 1383.402905][T16558] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1383.414008][ T5868] ft260 0003:0403:6030.0023: unknown main item tag 0x0
[ 1383.615953][T16558] usb 8-1: USB disconnect, device number 3
[ 1383.672788][ T5868] ft260 0003:0403:6030.0023: chip code: 0000 0000
[ 1383.690213][ T5868] ft260 0003:0403:6030.0023: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[ 1383.829179][T21349] ubi: mtd0 is already attached to ubi31
[ 1383.952011][ T5868] ft260 0003:0403:6030.0023: failed to retrieve status: -32, no wakeup
[ 1384.084622][ T5868] ft260 0003:0403:6030.0023: failed to retrieve status: -32
[ 1384.196274][ T5868] ft260 0003:0403:6030.0023: failed to reset I2C controller: -71
[ 1384.331043][ T5868] usb 4-1: USB disconnect, device number 41
[ 1384.444752][T21352] openvswitch: netlink: IPv4 tun info is not correct
[ 1387.650268][T21382] 9pnet_fd: Insufficient options for proto=fd
[ 1389.067454][T21391] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1389.996102][   T30] audit: type=1326 audit(1742701399.486:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21393 comm="syz.3.4713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7fc00000
[ 1391.422853][T21405] openvswitch: netlink: IPv4 tun info is not correct
[ 1392.213068][T21406] ubi: mtd0 is already attached to ubi31
[ 1394.902748][T21446] openvswitch: netlink: IPv4 tun info is not correct
[ 1395.615953][T21447] xt_hashlimit: max too large, truncated to 1048576
[ 1396.151108][T21455] ubi: mtd0 is already attached to ubi31
[ 1400.148285][T21499] Bluetooth: MGMT ver 1.23
[ 1401.336697][T21509] xt_hashlimit: max too large, truncated to 1048576
[ 1402.706356][ T5868] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1403.246170][ T5868] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1403.258465][ T5868] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1403.266601][ T5868] usb 8-1: Product: syz
[ 1403.270984][ T5868] usb 8-1: Manufacturer: syz
[ 1403.275600][ T5868] usb 8-1: SerialNumber: syz
[ 1403.285167][ T5868] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1404.207115][T16558] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1404.762213][T21542] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1405.516230][T16558] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[ 1405.523317][T16558] ath9k_htc: Failed to initialize the device
[ 1406.236878][ T5899] usb 8-1: USB disconnect, device number 4
[ 1406.253832][ T5899] usb 8-1: ath9k_htc: USB layer deinitialized
[ 1409.511920][   T30] audit: type=1326 audit(1742701418.996:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21574 comm="syz.1.4764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7fc00000
[ 1409.933259][T21587] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1411.936401][ T5899] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1412.256312][ T5899] usb 2-1: Using ep0 maxpacket: 32
[ 1412.263029][ T5899] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[ 1412.273054][ T5899] usb 2-1: config 0 has no interface number 0
[ 1412.286297][ T5899] usb 2-1: config 0 interface 184 has no altsetting 0
[ 1412.309522][ T5899] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1412.326292][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.366632][ T5899] usb 2-1: Product: syz
[ 1412.391212][ T5899] usb 2-1: Manufacturer: syz
[ 1412.536257][ T5899] usb 2-1: SerialNumber: syz
[ 1412.548212][ T5899] usb 2-1: config 0 descriptor??
[ 1412.554824][ T5899] smsc75xx v1.0.0
[ 1412.696408][T15315] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1412.704420][   T55] Bluetooth: hci5: command 0xfc11 tx timeout
[ 1414.176941][ T5899] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1414.190434][ T5899] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1415.042556][ T5899] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[ 1415.059948][ T5899] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[ 1415.076440][ T5899] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1415.085985][ T5899] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[ 1415.192352][ T5899] usb 2-1: USB disconnect, device number 42
[ 1415.268977][T21632] syz1: rxe_newlink: already configured on team_slave_0
[ 1418.149948][T21662] syz1: rxe_newlink: already configured on team_slave_0
[ 1418.196298][ T5869] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1418.248582][T21667] syz1: rxe_newlink: already configured on team_slave_0
[ 1418.366367][ T5869] usb 4-1: Using ep0 maxpacket: 32
[ 1418.376334][   T47] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1418.388752][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1418.400673][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1418.411126][ T5869] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1418.421278][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1418.449131][T21672] ubi: mtd0 is already attached to ubi31
[ 1418.556260][   T47] usb 3-1: Using ep0 maxpacket: 8
[ 1418.591557][ T5869] usb 4-1: config 0 descriptor??
[ 1418.648550][   T47] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 1418.684693][ T5869] hub 4-1:0.0: USB hub found
[ 1418.709995][   T47] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 1418.762323][   T47] usb 3-1: Product: syz
[ 1418.791172][   T47] usb 3-1: Manufacturer: syz
[ 1418.836324][   T47] usb 3-1: SerialNumber: syz
[ 1418.970194][   T47] usb 3-1: config 0 descriptor??
[ 1419.035520][   T47] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 1419.225666][ T5869] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1420.243241][ T5869] usbhid 4-1:0.0: can't add hid device: -71
[ 1420.252817][ T5869] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1420.277460][ T5869] usb 4-1: USB disconnect, device number 42
[ 1420.320380][   T47] gspca_zc3xx: reg_w_i err -71
[ 1420.325527][   T47] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1420.401893][   T47] usb 3-1: USB disconnect, device number 44
[ 1422.092675][T21699] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1422.128466][T21702] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1422.436743][ T5868] IPVS: starting estimator thread 0...
[ 1422.789823][T21711] IPVS: using max 20 ests per chain, 48000 per kthread
[ 1423.396649][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.402926][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.574689][T21723] ubi: mtd0 is already attached to ubi31
[ 1423.959304][T21726] xt_hashlimit: max too large, truncated to 1048576
[ 1424.676586][ T5868] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1424.850637][T21733] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4808'.
[ 1425.196288][ T5868] usb 3-1: Using ep0 maxpacket: 8
[ 1425.406463][T16558] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1425.621430][ T5868] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1425.650882][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1425.686496][ T5868] usb 3-1: Product: syz
[ 1425.690759][ T5868] usb 3-1: Manufacturer: syz
[ 1425.695369][ T5868] usb 3-1: SerialNumber: syz
[ 1425.711281][ T5868] usb 3-1: config 0 descriptor??
[ 1425.776415][T16558] usb 8-1: device descriptor read/64, error -71
[ 1425.937337][ T5868] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1426.046318][T16558] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1426.238920][T16558] usb 8-1: device descriptor read/64, error -71
[ 1426.377264][T16558] usb usb8-port1: attempt power cycle
[ 1426.973237][T16558] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1427.239115][T16558] usb 8-1: device descriptor read/8, error -71
[ 1427.463493][ T5868] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1427.482118][ T5868] usb 3-1: USB disconnect, device number 45
[ 1427.514271][T16558] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1427.550349][T16558] usb 8-1: device descriptor read/8, error -71
[ 1427.666497][T16558] usb usb8-port1: unable to enumerate USB device
[ 1427.945789][T21762] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1428.186708][ T5899] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1429.216458][ T5899] usb 4-1: Using ep0 maxpacket: 16
[ 1429.223198][ T5899] usb 4-1: config 2 has an invalid interface number: 142 but max is 0
[ 1429.235723][ T5899] usb 4-1: config 2 has no interface number 0
[ 1429.242200][ T5899] usb 4-1: config 2 interface 142 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1429.275713][ T5899] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c6.6e
[ 1429.291257][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1429.330110][ T5899] usb 4-1: Product: syz
[ 1429.340278][ T5899] usb 4-1: Manufacturer: syz
[ 1429.416295][ T5899] usb 4-1: SerialNumber: syz
[ 1429.471959][ T5899] usb 4-1: NFC: intf ffff888065629000 id ffffffff8f513200
[ 1429.690922][ T5899] usb 4-1: USB disconnect, device number 43
[ 1431.866798][T21793] 9pnet_fd: Insufficient options for proto=fd
[ 1432.422172][T21805] syz1: rxe_newlink: already configured on team_slave_0
[ 1432.877555][   T30] audit: type=1326 audit(1742701442.376:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21794 comm="syz.1.4831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7fc00000
[ 1434.043945][T21809] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1435.426315][ T5899] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1435.596519][ T5899] usb 2-1: Using ep0 maxpacket: 32
[ 1435.612069][ T5899] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[ 1435.637522][ T5899] usb 2-1: config 0 has no interface number 0
[ 1435.669755][ T5899] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1435.693067][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.836659][ T5899] usb 2-1: Product: syz
[ 1436.090592][ T5899] usb 2-1: Manufacturer: syz
[ 1436.095234][ T5899] usb 2-1: SerialNumber: syz
[ 1436.114438][ T5899] usb 2-1: config 0 descriptor??
[ 1436.400239][ T5899] usb 2-1: USB disconnect, device number 43
[ 1437.867108][   T30] audit: type=1326 audit(1742701447.346:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21841 comm="syz.3.4845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7fc00000
[ 1440.292954][T21878] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[ 1440.376391][T16558] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1440.546294][T16558] usb 8-1: Using ep0 maxpacket: 32
[ 1440.627752][T16558] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1440.650659][T16558] usb 8-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[ 1440.663730][T16558] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.681768][T16558] usb 8-1: config 0 descriptor??
[ 1441.127729][T16558] logitech 0003:046D:C295.0024: hidraw0: USB HID v0.07 Device [HID 046d:c295] on usb-dummy_hcd.7-1/input0
[ 1441.161880][T16558] logitech 0003:046D:C295.0024: no inputs found
[ 1441.205175][T21885] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1441.371493][ T5869] usb 8-1: USB disconnect, device number 9
[ 1442.141631][T16558] page_pool_release_retry() stalled pool shutdown: id 62, 2 inflight 61 sec
[ 1443.386331][ T5924] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1443.836460][ T5924] usb 8-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1443.845579][ T5924] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1444.657651][ T5924] usb 8-1: config 0 descriptor??
[ 1444.747585][T21920] ubi: mtd0 is already attached to ubi31
[ 1445.261979][ T5924] kaweth 8-1:0.0: Firmware present in device.
[ 1445.540284][ T5924] kaweth 8-1:0.0: Error reading configuration (-71), no net device created
[ 1445.549733][ T5924] kaweth 8-1:0.0: probe with driver kaweth failed with error -5
[ 1445.562070][ T5924] usb 8-1: USB disconnect, device number 10
[ 1449.779473][T21959] ubi: mtd0 is already attached to ubi31
[ 1450.236291][ T5924] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1450.397813][ T5924] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1450.410213][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.430694][ T5924] usb 2-1: config 0 descriptor??
[ 1450.669255][ T5924] kaweth 2-1:0.0: Firmware present in device.
[ 1450.854593][ T5924] kaweth 2-1:0.0: Error reading configuration (-71), no net device created
[ 1450.891037][ T5924] kaweth 2-1:0.0: probe with driver kaweth failed with error -5
[ 1451.058373][ T5924] usb 2-1: USB disconnect, device number 44
[ 1453.439078][T21998] ubi: mtd0 is already attached to ubi31
[ 1456.036311][T22029] ubi: mtd0 is already attached to ubi31
[ 1458.086321][T16558] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1458.989118][T16558] usb 8-1: Using ep0 maxpacket: 32
[ 1459.061787][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1459.074949][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1459.089837][T16558] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1459.103561][T16558] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1459.272025][T16558] usb 8-1: config 0 descriptor??
[ 1459.288710][T16558] hub 8-1:0.0: USB hub found
[ 1459.945794][T16558] hub 8-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1460.485607][   T30] audit: type=1326 audit(1742701469.976:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22061 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7fc00000
[ 1462.077008][   T30] audit: type=1326 audit(1742701470.536:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22061 comm="syz.3.4917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bff784127 code=0x7fc00000
[ 1462.119957][T16558] usbhid 8-1:0.0: can't add hid device: -71
[ 1462.156751][T16558] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[ 1462.218156][T16558] usb 8-1: USB disconnect, device number 11
[ 1462.226108][T22071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4919'.
[ 1462.613541][T22079] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4921'.
[ 1464.250425][T22097] ubi: mtd0 is already attached to ubi31
[ 1465.256479][   T47] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1465.296426][   T30] audit: type=1800 audit(1742701474.786:267): pid=22109 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.4932" name="/" dev="9p" ino=2 res=0 errno=0
[ 1465.448231][   T47] usb 3-1: Using ep0 maxpacket: 32
[ 1465.601328][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1465.648072][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1466.308332][   T47] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1466.333485][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1466.361003][   T47] usb 3-1: config 0 descriptor??
[ 1466.368836][   T47] hub 3-1:0.0: USB hub found
[ 1466.440953][T22120] xt_hashlimit: size too large, truncated to 1048576
[ 1466.630189][   T47] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1467.797222][   T47] usbhid 3-1:0.0: can't add hid device: -32
[ 1467.803253][   T47] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[ 1467.856965][   T47] usb 3-1: USB disconnect, device number 46
[ 1469.567123][T22150] ubi: mtd0 is already attached to ubi31
[ 1474.596508][ T5870] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1474.927106][ T5870] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1474.972632][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1474.986326][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1475.171550][ T5870] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1475.188017][ T5870] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1475.204763][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1475.217237][ T5870] usb 2-1: config 0 descriptor??
[ 1475.222698][T22201] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1476.278241][ T5870] plantronics 0003:047F:FFFF.0025: unknown main item tag 0xd
[ 1477.262614][ T5870] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving
[ 1477.296753][ T5870] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1477.318045][ T5870] usb 2-1: USB disconnect, device number 45
[ 1480.345155][T22257] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1484.548577][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.555191][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.771303][T22292] overlayfs: failed to resolve './file0': -2
[ 1487.807097][T19266] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1489.216627][T19266] usb 4-1: Using ep0 maxpacket: 32
[ 1489.321096][T22317] openvswitch: netlink: IPv4 tun info is not correct
[ 1489.655041][T19266] usb 4-1: device descriptor read/all, error -71
[ 1491.621188][T22340] overlayfs: failed to resolve './file0': -2
[ 1493.437087][T22353] ubi: mtd0 is already attached to ubi31
[ 1494.555574][   T55] Bluetooth: hci3: unexpected cc 0x203e length: 2 > 1
[ 1494.562753][   T55] Bluetooth: hci3: unexpected event for opcode 0x203e
[ 1494.896680][T16558] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1495.188189][T16558] usb 8-1: Using ep0 maxpacket: 32
[ 1495.287260][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1495.418601][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1495.452179][T16558] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1495.495691][T16558] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1495.544451][T16558] usb 8-1: config 0 descriptor??
[ 1495.562328][T16558] hub 8-1:0.0: USB hub found
[ 1495.776241][T16558] hub 8-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1496.796952][T16558] usbhid 8-1:0.0: can't add hid device: -32
[ 1496.816389][T16558] usbhid 8-1:0.0: probe with driver usbhid failed with error -32
[ 1496.889912][T22395] xt_hashlimit: max too large, truncated to 1048576
[ 1497.507392][T16558] usb 8-1: USB disconnect, device number 12
[ 1497.963437][T22404] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1502.395461][T22431] ubi: mtd0 is already attached to ubi31
[ 1502.616419][   T55] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1507.492635][T22479] ubi: mtd0 is already attached to ubi31
[ 1508.616597][   T55] Bluetooth: hci5: command 0xfc11 tx timeout
[ 1508.625921][T15315] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1510.628176][T22530] ubi: mtd0 is already attached to ubi31
[ 1513.902399][T22570] ubi: mtd0 is already attached to ubi31
[ 1514.256783][T19266] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1514.439037][T19266] usb 2-1: Using ep0 maxpacket: 8
[ 1514.475344][T19266] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1514.486570][T19266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1514.495317][T19266] usb 2-1: Product: syz
[ 1514.506501][T19266] usb 2-1: Manufacturer: syz
[ 1514.511230][T19266] usb 2-1: SerialNumber: syz
[ 1514.663178][T19266] usb 2-1: config 0 descriptor??
[ 1514.907374][T19266] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1516.637767][T22603] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1518.530585][T19266] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1518.716260][ T5869] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1518.876419][ T5869] usb 8-1: Using ep0 maxpacket: 32
[ 1518.920461][T19266] usb 2-1: USB disconnect, device number 46
[ 1520.398616][ T5869] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1520.449169][ T5869] usb 8-1: unable to read config index 0 descriptor/start: -71
[ 1520.491903][ T5869] usb 8-1: can't read configurations, error -71
[ 1520.822548][T22640] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1523.736601][ T5869] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[ 1524.556358][ T5869] usb 3-1: Using ep0 maxpacket: 16
[ 1524.569783][ T5869] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1524.583490][ T5869] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1524.593003][ T5869] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1524.602156][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.616084][T22673] overlayfs: missing 'workdir'
[ 1524.813922][ T5869] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[ 1525.115726][ T5869] usb 3-1: USB disconnect, device number 47
[ 1527.555841][T22712] can0: slcan on ttyS3.
[ 1527.941012][T22716] overlayfs: missing 'workdir'
[ 1528.949048][T22708] can0 (unregistered): slcan off ttyS3.
[ 1529.977178][T22722] Set syz1 is full, maxelem 65536 reached
[ 1531.033011][   T30] audit: type=1326 audit(1742701540.526:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22725 comm="syz.0.5131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e4858d169 code=0x7fc00000
[ 1532.219607][T22746] overlayfs: missing 'workdir'
[ 1533.376222][T22761] can0: slcan on ttyS3.
[ 1534.226857][T22757] can0 (unregistered): slcan off ttyS3.
[ 1534.350423][T22768] block device autoloading is deprecated and will be removed.
[ 1534.560265][T22778] overlayfs: missing 'lowerdir'
[ 1534.561702][T22777] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5151'.
[ 1537.136786][T22819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5162'.
[ 1538.333281][T22828] overlayfs: missing 'lowerdir'
[ 1538.404051][T22832] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1539.508265][T22843] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5172'.
[ 1539.517729][T22843] netlink: 'syz.0.5172': attribute type 5 has an invalid length.
[ 1540.844641][T22859] mkiss: ax0: crc mode is auto.
[ 1542.048536][T16558] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1542.554727][T22875] overlayfs: missing 'lowerdir'
[ 1542.559886][T16558] usb 2-1: Using ep0 maxpacket: 32
[ 1542.570316][T16558] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1542.594878][T16558] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1542.636356][T16558] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1542.660919][T16558] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1542.690011][T16558] usb 2-1: config 0 descriptor??
[ 1542.706114][T16558] hub 2-1:0.0: USB hub found
[ 1543.841740][T16558] hub 2-1:0.0: 1 port detected
[ 1544.690980][T22893] netlink: 68 bytes leftover after parsing attributes in process `syz.7.5188'.
[ 1546.047666][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.054046][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.067774][T16558] usb 2-1: USB disconnect, device number 47
[ 1546.496941][T22908] bridge0: entered promiscuous mode
[ 1546.503038][T22908] macvlan2: entered promiscuous mode
[ 1546.514218][T22908] bridge0: port 3(macvlan2) entered blocking state
[ 1546.521154][T22908] bridge0: port 3(macvlan2) entered disabled state
[ 1546.529996][T22908] macvlan2: entered allmulticast mode
[ 1546.535532][T22908] bridge0: entered allmulticast mode
[ 1546.832631][T22908] macvlan2: left allmulticast mode
[ 1546.837983][T22908] bridge0: left allmulticast mode
[ 1546.859001][T22908] bridge0: left promiscuous mode
[ 1547.120785][T22915] o2cb: This node has not been configured.
[ 1547.182900][T22915] o2cb: Cluster check failed. Fix errors before retrying.
[ 1547.224501][T22915] (syz.7.5196,22915,1):user_dlm_register:674 ERROR: status = -22
[ 1547.232715][T22915] (syz.7.5196,22915,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[ 1547.386839][T22925] netlink: 68 bytes leftover after parsing attributes in process `syz.7.5200'.
[ 1547.425347][T22926] fuse: Bad value for 'fd'
[ 1547.556348][T16558] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1547.589929][T22929] netlink: 56 bytes leftover after parsing attributes in process `syz.7.5203'.
[ 1547.603694][T22929] netlink: 'syz.7.5203': attribute type 5 has an invalid length.
[ 1548.647328][T16558] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1548.681378][T16558] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1549.652401][T16558] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1549.665653][T16558] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1549.681137][T16558] usb 4-1: Product: syz
[ 1549.685581][T16558] usb 4-1: Manufacturer: syz
[ 1549.690371][T16558] usb 4-1: SerialNumber: syz
[ 1549.922941][   T30] audit: type=1326 audit(1742701559.196:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22930 comm="syz.0.5202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e4858d169 code=0x7fc00000
[ 1549.946574][T16558] usb 4-1: config 0 descriptor??
[ 1550.875367][T16558] usb 4-1: selecting invalid altsetting 0
[ 1550.886570][ T5869] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1550.946504][T16558] usb 4-1: USB disconnect, device number 46
[ 1551.259262][ T5869] usb 8-1: Using ep0 maxpacket: 32
[ 1551.304766][ T5869] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1551.316323][ T5869] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1551.326097][ T5869] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1551.336407][ T5869] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1551.484488][T22957] fuse: Bad value for 'fd'
[ 1552.111877][ T5869] usb 8-1: config 0 descriptor??
[ 1552.125770][ T5869] usb 8-1: can't set config #0, error -71
[ 1552.135865][ T5869] usb 8-1: USB disconnect, device number 15
[ 1552.156951][T22960] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5213'.
[ 1552.350857][T22971] 9pnet_fd: Insufficient options for proto=fd
[ 1554.256008][   T30] audit: type=1326 audit(1742701563.746:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22974 comm="syz.2.5218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912e38d169 code=0x7fc00000
[ 1554.277595][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1557.157613][T23013] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5230'.
[ 1557.171972][T23013] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5230'.
[ 1557.426262][ T5899] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1558.437189][ T5899] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1558.450132][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1558.458710][T23021] tap0: tun_chr_ioctl cmd 1074025680
[ 1558.475079][ T5899] usb 2-1: config 0 descriptor??
[ 1558.904460][ T5899] elan 0003:04F3:0755.0026: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[ 1559.257356][T22605] usb 2-1: USB disconnect, device number 48
[ 1561.106249][ T5869] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1561.185979][T23064] 9pnet_fd: Insufficient options for proto=fd
[ 1561.437876][ T5869] usb 2-1: Using ep0 maxpacket: 32
[ 1561.444834][ T5869] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1561.457878][ T5869] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1561.470086][ T5869] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1561.479371][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1562.086426][T23073] xt_hashlimit: max too large, truncated to 1048576
[ 1562.441482][ T5869] usb 2-1: config 0 descriptor??
[ 1563.328767][ T5869] usbhid 2-1:0.0: can't add hid device: -32
[ 1563.334880][ T5869] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[ 1564.448304][ T5825] usb 2-1: USB disconnect, device number 49
[ 1564.724928][T23102] 9pnet_fd: Insufficient options for proto=fd
[ 1565.182681][ T5899] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1566.261761][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1566.592434][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1566.654432][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1566.706226][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1566.719406][ T5899] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1566.729585][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.739501][ T5899] usb 3-1: config 0 descriptor??
[ 1566.989201][T16558] IPVS: starting estimator thread 0...
[ 1567.086791][T23125] IPVS: using max 20 ests per chain, 48000 per kthread
[ 1568.011246][T23131] ubi: mtd0 is already attached to ubi31
[ 1570.442565][ T5899] usbhid 3-1:0.0: can't add hid device: -71
[ 1570.470769][ T5899] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1570.501719][ T5899] usb 3-1: USB disconnect, device number 48
[ 1580.844110][T15315] Bluetooth: hci3: unexpected event for opcode 0xffff
[ 1585.040438][   T30] audit: type=1326 audit(1742701593.656:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23283 comm="syz.3.5322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7fc00000
[ 1585.062471][   T30] audit: type=1326 audit(1742701594.236:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23283 comm="syz.3.5322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bff784127 code=0x7fc00000
[ 1585.096318][ T5899] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1585.286310][ T5899] usb 8-1: Using ep0 maxpacket: 8
[ 1585.635960][ T5899] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1585.654398][ T5899] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1585.672016][ T5899] usb 8-1: Product: syz
[ 1585.685603][ T5899] usb 8-1: Manufacturer: syz
[ 1585.692165][ T5899] usb 8-1: SerialNumber: syz
[ 1585.710669][ T5899] usb 8-1: config 0 descriptor??
[ 1586.379007][ T5899] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1587.216522][T22605] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1587.406683][T22605] usb 4-1: Using ep0 maxpacket: 32
[ 1587.457849][T22605] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1587.533806][T22605] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1587.578502][T22605] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1587.606170][T22605] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1587.624303][T22605] usb 4-1: config 0 descriptor??
[ 1587.633949][T22605] hub 4-1:0.0: USB hub found
[ 1587.872704][T22605] hub 4-1:0.0: 1 port detected
[ 1588.196624][ T5899] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1588.266524][ T5899] usb 8-1: USB disconnect, device number 16
[ 1589.167501][T19266] usb 4-1: USB disconnect, device number 47
[ 1590.186538][T23342] ubi: mtd0 is already attached to ubi31
[ 1591.694906][T23367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5349'.
[ 1591.851234][T23367] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5349'.
[ 1593.211115][T23384] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1594.170813][T23390] ubi: mtd0 is already attached to ubi31
[ 1594.648611][T23394] openvswitch: netlink: IPv4 tun info is not correct
[ 1595.369673][T23403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1595.399054][T23403] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1597.151834][T23426] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1599.446223][ T5899] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1599.786371][T23472] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1600.566242][ T5899] usb 8-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1600.575398][ T5899] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1600.618275][ T5899] usb 8-1: config 0 descriptor??
[ 1600.934685][ T5899] kaweth 8-1:0.0: Firmware present in device.
[ 1601.146808][ T5899] kaweth 8-1:0.0: Statistics collection: 0
[ 1601.152686][ T5899] kaweth 8-1:0.0: Multicast filter limit: 0
[ 1601.158949][ T5899] kaweth 8-1:0.0: MTU: 0
[ 1601.163712][ T5899] kaweth 8-1:0.0: Read MAC address 00:00:00:00:00:00
[ 1601.892782][ T5899] kaweth 8-1:0.0: probe with driver kaweth failed with error -5
[ 1601.918667][ T5899] usb 8-1: USB disconnect, device number 17
[ 1603.550916][T23491] Set syz1 is full, maxelem 65536 reached
[ 1604.891411][T23514] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5401'.
[ 1606.058750][T23528] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5405'.
[ 1607.516597][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.525950][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1609.844230][T23566] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5418'.
[ 1611.182751][T23583] ubi: mtd0 is already attached to ubi31
[ 1611.696362][ T5825] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1612.296744][T15315] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1612.304739][   T55] Bluetooth: hci5: command 0xfc11 tx timeout
[ 1612.616260][ T5825] usb 3-1: device descriptor read/64, error -71
[ 1612.638854][T23606] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5433'.
[ 1612.856094][T23617] xt_hashlimit: size too large, truncated to 1048576
[ 1612.866241][ T5825] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1612.952935][T23619] ubi: mtd0 is already attached to ubi31
[ 1613.106251][ T5825] usb 3-1: device descriptor read/64, error -71
[ 1613.494273][ T5825] usb usb3-port1: attempt power cycle
[ 1613.671002][T15315] Bluetooth: hci1: unexpected event for opcode 0x200f
[ 1614.717770][T23637] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5445'.
[ 1615.636439][T23664] xt_hashlimit: size too large, truncated to 1048576
[ 1616.701383][T23676] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5458'.
[ 1616.834237][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xcf
[ 1616.852621][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2d1
[ 1616.916320][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa39
[ 1616.940691][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2fd
[ 1616.990121][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x339
[ 1617.010891][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbe1
[ 1617.029200][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x3db
[ 1617.043633][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbd9
[ 1617.071614][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xdcf
[ 1617.109348][T23678] kvm: kvm [23677]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x521
[ 1619.770173][T23708] xt_hashlimit: size too large, truncated to 1048576
[ 1621.379023][T23736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5476'.
[ 1625.083139][T23745] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5481'.
[ 1625.460274][T23745] netlink: 'syz.2.5481': attribute type 5 has an invalid length.
[ 1625.589338][T23750] xt_hashlimit: size too large, truncated to 1048576
[ 1626.630206][   T30] audit: type=1326 audit(1742701635.626:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23754 comm="syz.1.5483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7fc00000
[ 1626.662081][   T30] audit: type=1326 audit(1742701635.976:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23754 comm="syz.1.5483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f18bd984127 code=0x7fc00000
[ 1626.683544][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1627.926348][T23780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5491'.
[ 1628.956259][ T5870] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1629.576604][   T30] audit: type=1326 audit(1742701638.716:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23797 comm="syz.7.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1ebd8d169 code=0x7fc00000
[ 1629.609172][ T5870] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1629.627994][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1629.645144][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1629.671763][ T5870] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1629.700892][ T5870] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1629.714358][ T5870] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1629.731157][ T5870] usb 4-1: Manufacturer: syz
[ 1629.740586][ T5870] usb 4-1: config 0 descriptor??
[ 1629.770033][   T30] audit: type=1326 audit(1742701639.266:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23797 comm="syz.7.5500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa1ebd84127 code=0x7fc00000
[ 1630.727447][ T5870] appleir 0003:05AC:8243.0027: unknown main item tag 0x0
[ 1630.747678][ T5870] appleir 0003:05AC:8243.0027: No inputs registered, leaving
[ 1630.778422][ T5870] appleir 0003:05AC:8243.0027: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1631.173872][T19266] usb 4-1: USB disconnect, device number 48
[ 1632.536368][T23130] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1632.799172][T23130] usb 2-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1632.885249][T23130] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1632.968358][T23130] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=30.20
[ 1633.195237][T23130] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1633.450842][T23130] usb 2-1: Product: syz
[ 1633.455386][T23130] usb 2-1: Manufacturer: syz
[ 1633.469776][T23130] usb 2-1: SerialNumber: syz
[ 1633.481065][T23130] usb 2-1: config 0 descriptor??
[ 1634.952791][ T5825] usb 2-1: USB disconnect, device number 50
[ 1634.972436][   T30] audit: type=1326 audit(1742701644.456:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23847 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912e38d169 code=0x7fc00000
[ 1636.026342][   T30] audit: type=1326 audit(1742701644.656:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23847 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f912e384127 code=0x7fc00000
[ 1636.047856][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1636.390140][T23862] xt_hashlimit: max too large, truncated to 1048576
[ 1637.340415][T23871] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1637.351546][T23871] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1637.372907][T23871] overlayfs: failed to look up (tracing) for ino (-66)
[ 1637.876321][ T5825] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1638.086495][ T5825] usb 8-1: Using ep0 maxpacket: 16
[ 1638.103361][ T5825] usb 8-1: config 0 has an invalid interface number: 41 but max is 0
[ 1638.120198][ T5825] usb 8-1: config 0 has no interface number 0
[ 1638.152114][ T5825] usb 8-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1638.191701][ T5825] usb 8-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1638.222972][ T5825] usb 8-1: config 0 interface 41 has no altsetting 0
[ 1638.246962][ T5825] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1638.260568][ T5825] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1638.269546][ T5825] usb 8-1: Product: syz
[ 1638.280625][ T5825] usb 8-1: Manufacturer: syz
[ 1638.285441][ T5825] usb 8-1: SerialNumber: syz
[ 1638.338465][T23881] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1638.346413][T23881] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1638.349556][ T5825] usb 8-1: config 0 descriptor??
[ 1638.794339][T23890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5527'.
[ 1638.836629][T23890] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5527'.
[ 1638.847010][T23881] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1638.864824][T23881] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1638.873335][T23877] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1638.916324][T23877] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1638.940339][T23881] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1638.976648][T23881] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1639.063994][T23881] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1639.074525][T23881] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1639.148507][T23877] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1639.155850][T23877] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[ 1639.238896][   T30] audit: type=1326 audit(1742701648.736:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23895 comm="syz.1.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7ffc0000
[ 1639.305824][   T30] audit: type=1326 audit(1742701648.766:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23895 comm="syz.1.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f18bd98d169 code=0x7ffc0000
[ 1639.376198][   T30] audit: type=1326 audit(1742701648.766:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23895 comm="syz.1.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7ffc0000
[ 1639.976510][T15315] Bluetooth: hci4: command 0x0406 tx timeout
[ 1640.440531][ T5825] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[ 1640.659879][ T5825] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[ 1640.677548][ T5825] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[ 1640.688018][ T5825] CoreChips 8-1:0.41: probe with driver CoreChips failed with error -71
[ 1640.701316][ T5825] usb 8-1: USB disconnect, device number 18
[ 1640.856589][T15315] Bluetooth: hci1: command 0x0406 tx timeout
[ 1641.079604][T15315] Bluetooth: hci0: command 0x0406 tx timeout
[ 1641.096196][T15315] Bluetooth: hci3: command 0x0406 tx timeout
[ 1641.903812][T23926] syz1: rxe_newlink: already configured on team_slave_0
[ 1642.193214][T15315] Bluetooth: hci4: command 0x0406 tx timeout
[ 1642.936386][T15315] Bluetooth: hci1: command 0x0406 tx timeout
[ 1643.107226][T15315] Bluetooth: hci0: command 0x0406 tx timeout
[ 1643.176174][T15315] Bluetooth: hci3: command 0x0406 tx timeout
[ 1643.316261][   T30] audit: type=1326 audit(1742701652.806:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1643.347305][   T30] audit: type=1326 audit(1742701652.806:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1643.370602][   T30] audit: type=1326 audit(1742701652.806:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1643.392327][   T30] audit: type=1326 audit(1742701652.806:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1643.413881][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1643.446182][   T30] audit: type=1326 audit(1742701652.806:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1644.158230][   T30] audit: type=1326 audit(1742701652.806:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23939 comm="syz.3.5544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1644.324286][T23948] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5546'.
[ 1644.356250][T23948] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5546'.
[ 1644.610444][T23955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1644.621727][T23955] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1644.642252][T23955] overlayfs: failed to look up (tracing) for ino (-66)
[ 1645.413722][T23967] syz1: rxe_newlink: already configured on team_slave_0
[ 1649.278907][T23977] Set syz1 is full, maxelem 65536 reached
[ 1650.622276][T24014] syz1: rxe_newlink: already configured on team_slave_0
[ 1652.892945][T24034] futex_wake_op: syz.7.5574 tries to shift op by -1; fix this program
[ 1652.983480][T24038] netem: change failed
[ 1653.876984][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xcf
[ 1653.933847][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2d1
[ 1653.943592][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa39
[ 1653.955262][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2fd
[ 1653.971140][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x339
[ 1654.002387][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbe1
[ 1654.086659][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x3db
[ 1654.150070][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbd9
[ 1654.227771][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xdcf
[ 1654.283974][T24050] kvm: kvm [24049]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x521
[ 1656.206338][ T5870] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1657.447151][ T5870] usb 2-1: Using ep0 maxpacket: 8
[ 1657.470394][ T5870] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1657.483340][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1657.503530][ T5870] usb 2-1: Product: syz
[ 1657.507958][ T5870] usb 2-1: Manufacturer: syz
[ 1657.512581][ T5870] usb 2-1: SerialNumber: syz
[ 1657.532251][ T5870] usb 2-1: config 0 descriptor??
[ 1657.760860][ T5870] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1657.896440][T16558] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[ 1658.058766][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1658.069980][T16558] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1658.079913][T16558] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1658.094764][T16558] usb 8-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[ 1658.104381][T16558] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1658.131984][T16558] usb 8-1: config 0 descriptor??
[ 1658.603086][T16558] hid-multitouch 0003:0EEF:72C4.0028: unknown main item tag 0x4
[ 1658.614063][T16558] hid-multitouch 0003:0EEF:72C4.0028: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.7-1/input0
[ 1658.774311][ T5870] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1658.956973][T22605] usb 8-1: USB disconnect, device number 19
[ 1659.433313][T24127] overlayfs: missing 'lowerdir'
[ 1659.855241][T22605] usb 2-1: USB disconnect, device number 51
[ 1660.206230][T16558] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[ 1660.486209][T16558] usb 8-1: Using ep0 maxpacket: 32
[ 1661.210273][T16558] usb 8-1: config 0 has an invalid interface number: 219 but max is 0
[ 1661.226207][T16558] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1661.276997][T16558] usb 8-1: config 0 has no interface number 0
[ 1661.283119][T16558] usb 8-1: config 0 interface 219 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1661.300339][T16558] usb 8-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[ 1661.324841][T16558] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1661.352108][T16558] usb 8-1: Product: syz
[ 1661.369174][T16558] usb 8-1: Manufacturer: syz
[ 1661.395362][T16558] usb 8-1: SerialNumber: syz
[ 1661.415484][T16558] usb 8-1: config 0 descriptor??
[ 1661.638654][T16558] etas_es58x 8-1:0.219: Starting syz syz (Serial Number syz)
[ 1661.776286][T22605] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1661.936229][T22605] usb 4-1: Using ep0 maxpacket: 8
[ 1661.949449][T22605] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1662.017502][T24161] overlayfs: missing 'lowerdir'
[ 1662.376781][T22605] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1662.385111][T22605] usb 4-1: Product: syz
[ 1662.412466][T22605] usb 4-1: Manufacturer: syz
[ 1662.450424][T22605] usb 4-1: SerialNumber: syz
[ 1662.482312][T22605] usb 4-1: config 0 descriptor??
[ 1662.763275][T24165] ubi: mtd0 is already attached to ubi31
[ 1663.156154][T22605] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1663.194144][T16558] usb 8-1: USB disconnect, device number 20
[ 1663.292720][T24171] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5621'.
[ 1663.328430][T24171] netlink: 'syz.2.5621': attribute type 39 has an invalid length.
[ 1663.742069][T24181] ceph: No mds server is up or the cluster is laggy
[ 1664.966328][T22605] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1665.501848][T24197] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5629'.
[ 1665.746852][T24202] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1665.755918][T24202] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1666.176936][T22605] usb 4-1: USB disconnect, device number 49
[ 1666.562141][T24212] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1667.660607][ T5899] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1667.848438][ T5899] usb 2-1: Using ep0 maxpacket: 32
[ 1667.873811][ T5899] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[ 1667.901060][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1667.921399][ T5899] usb 2-1: config 0 has no interface number 0
[ 1667.946183][ T5899] usb 2-1: config 0 interface 219 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1667.995539][ T5899] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[ 1668.005404][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1668.026186][ T5899] usb 2-1: Product: syz
[ 1668.030378][ T5899] usb 2-1: Manufacturer: syz
[ 1668.049577][ T5899] usb 2-1: SerialNumber: syz
[ 1668.057208][ T5899] usb 2-1: config 0 descriptor??
[ 1668.272580][ T5899] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[ 1668.860105][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.876271][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.736348][ T5899] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1669.946431][ T5899] usb 3-1: Using ep0 maxpacket: 8
[ 1669.956185][ T5899] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1669.965574][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1669.973741][ T5899] usb 3-1: Product: syz
[ 1669.981682][ T5899] usb 3-1: Manufacturer: syz
[ 1669.997921][ T5899] usb 3-1: SerialNumber: syz
[ 1670.012179][ T5899] usb 3-1: config 0 descriptor??
[ 1670.628473][T22605] usb 2-1: USB disconnect, device number 52
[ 1670.916795][ T5899] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1671.056452][T24255] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1672.062720][ T5899] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1672.143930][T24266] netem: change failed
[ 1672.570944][T24273] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1673.193844][T24271] mkiss: ax0: crc mode is auto.
[ 1673.540412][T19266] usb 3-1: USB disconnect, device number 52
[ 1674.283233][T24291] "syz.3.5658" (24291) uses obsolete ecb(arc4) skcipher
[ 1674.370293][ T5899] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1674.526321][ T5899] usb 2-1: Using ep0 maxpacket: 32
[ 1674.537740][ T5899] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[ 1674.556205][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1674.736910][ T5899] usb 2-1: config 0 has no interface number 0
[ 1674.763353][ T5899] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1674.839339][T24299] syz1: rxe_newlink: already configured on team_slave_0
[ 1675.666176][ T5899] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1675.686136][ T5899] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1675.716181][ T5899] usb 2-1: config 0 interface 219 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1675.745250][ T5899] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[ 1675.776167][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1675.816253][ T5899] usb 2-1: Product: syz
[ 1675.825289][ T5899] usb 2-1: Manufacturer: syz
[ 1675.836368][ T5899] usb 2-1: SerialNumber: syz
[ 1675.853353][ T5899] usb 2-1: config 0 descriptor??
[ 1675.919460][T24305] tmpfs: Bad value for 'mpol'
[ 1676.079461][ T5899] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[ 1676.600062][T24317] mkiss: ax0: crc mode is auto.
[ 1677.385614][ T5899] usb 2-1: USB disconnect, device number 53
[ 1677.399208][T24318] rdma_rxe: rxe_newlink: failed to add veth0_virt_wifi
[ 1677.825785][T24329] ubi: mtd0 is already attached to ubi31
[ 1680.613524][T24356] Falling back ldisc for ptm0.
[ 1682.761987][T24370] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5683'.
[ 1682.771391][T24370] netlink: 'syz.3.5683': attribute type 5 has an invalid length.
[ 1683.070974][   T30] audit: type=1326 audit(1742701692.546:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.093031][   T30] audit: type=1326 audit(1742701692.546:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.130617][   T30] audit: type=1326 audit(1742701692.546:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.174285][   T30] audit: type=1326 audit(1742701692.546:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.227147][   T30] audit: type=1326 audit(1742701692.546:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.258211][   T30] audit: type=1326 audit(1742701692.546:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.295892][   T30] audit: type=1326 audit(1742701692.546:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.333156][   T30] audit: type=1326 audit(1742701692.546:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.363400][   T30] audit: type=1326 audit(1742701692.546:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1683.391301][   T30] audit: type=1326 audit(1742701692.546:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24371 comm="syz.3.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bff78d169 code=0x7ffc0000
[ 1685.140266][T24394] mkiss: ax0: crc mode is auto.
[ 1685.183318][T24397] netlink: 56 bytes leftover after parsing attributes in process `syz.7.5694'.
[ 1685.200897][T24397] netlink: 'syz.7.5694': attribute type 5 has an invalid length.
[ 1686.646254][T24412] ubi: mtd0 is already attached to ubi31
[ 1689.206522][T24445] mkiss: ax0: crc mode is auto.
[ 1690.156059][T24455] ubi: mtd0 is already attached to ubi31
[ 1690.897001][T24457] overlayfs: missing 'lowerdir'
[ 1691.766205][ T5825] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1692.177851][ T5825] usb 4-1: Using ep0 maxpacket: 32
[ 1692.273632][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1692.442141][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1692.585149][ T5825] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1692.754116][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1692.795782][ T5825] usb 4-1: config 0 descriptor??
[ 1693.167947][T24491] mkiss: ax0: crc mode is auto.
[ 1693.281689][ T5825] ft260 0003:0403:6030.0029: unknown main item tag 0x0
[ 1693.479820][ T5825] ft260 0003:0403:6030.0029: failed to retrieve chip version
[ 1693.494243][ T5825] ft260 0003:0403:6030.0029: probe with driver ft260 failed with error -32
[ 1693.953359][T24503] overlayfs: missing 'lowerdir'
[ 1694.393665][T24508] xt_hashlimit: max too large, truncated to 1048576
[ 1695.403432][ T5825] usb 4-1: USB disconnect, device number 50
[ 1695.660957][T24523] "syz.2.5738" (24523) uses obsolete ecb(arc4) skcipher
[ 1697.087654][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1697.087672][   T30] audit: type=1326 audit(1742701706.566:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24536 comm="syz.1.5742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18bd98d169 code=0x7ffc0000
[ 1802.086048][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1802.086074][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P24532/1:b..l
[ 1802.086971][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=119321, q=141 ncpus=2)
[ 1802.086993][    C0] task:syz.0.5741      state:R  running task     stack:25440 pid:24532 tgid:24531 ppid:16595  task_flags:0x40044c flags:0x00004002
[ 1802.087061][    C0] Call Trace:
[ 1802.087070][    C0]  <TASK>
[ 1802.087086][    C0]  __schedule+0x18bc/0x4c40
[ 1802.087140][    C0]  ? __pfx___schedule+0x10/0x10
[ 1802.087172][    C0]  ? mark_lock+0x9a/0x360
[ 1802.087216][    C0]  ? preempt_schedule+0xe1/0xf0
[ 1802.087243][    C0]  preempt_schedule_common+0x84/0xd0
[ 1802.087273][    C0]  preempt_schedule+0xe1/0xf0
[ 1802.087301][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[ 1802.087327][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1802.087365][    C0]  preempt_schedule_thunk+0x1a/0x30
[ 1802.087400][    C0]  _raw_spin_unlock+0x3e/0x50
[ 1802.087425][    C0]  unmap_page_range+0x3a0d/0x4510
[ 1802.087476][    C0]  ? validate_chain+0x11e/0x5920
[ 1802.087517][    C0]  ? __pfx_unmap_page_range+0x10/0x10
[ 1802.087548][    C0]  ? mas_next_node+0xb99/0xe00
[ 1802.087585][    C0]  ? mas_next_slot+0xdc6/0xea0
[ 1802.087620][    C0]  ? uprobe_munmap+0x183/0x460
[ 1802.087657][    C0]  ? unmap_single_vma+0x1bd/0x2b0
[ 1802.087695][    C0]  unmap_vmas+0x3cc/0x5f0
[ 1802.087734][    C0]  ? __pfx_unmap_vmas+0x10/0x10
[ 1802.087792][    C0]  ? tlb_gather_mmu_fullmm+0x160/0x210
[ 1802.087824][    C0]  exit_mmap+0x283/0xd40
[ 1802.087858][    C0]  ? __pfx_exit_mmap+0x10/0x10
[ 1802.087895][    C0]  ? __pfx_exit_aio+0x10/0x10
[ 1802.087935][    C0]  ? uprobe_clear_state+0x271/0x290
[ 1802.087965][    C0]  ? mm_update_next_owner+0xa2/0x8a0
[ 1802.087993][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1802.088022][    C0]  __mmput+0x115/0x410
[ 1802.088046][    C0]  exit_mm+0x220/0x310
[ 1802.088076][    C0]  ? __pfx_exit_mm+0x10/0x10
[ 1802.088103][    C0]  ? taskstats_exit+0x326/0xa60
[ 1802.088138][    C0]  do_exit+0x9ad/0x2940
[ 1802.088173][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1802.088200][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1802.088229][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1802.088260][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1802.088288][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1802.088319][    C0]  do_group_exit+0x207/0x2c0
[ 1802.088358][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1802.088383][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1802.088413][    C0]  get_signal+0x168c/0x1720
[ 1802.088447][    C0]  ? __pfx_get_signal+0x10/0x10
[ 1802.088476][    C0]  arch_do_signal_or_restart+0x96/0x860
[ 1802.088520][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1802.088543][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1802.088584][    C0]  ? syscall_exit_to_user_mode+0xa3/0x340
[ 1802.088617][    C0]  syscall_exit_to_user_mode+0xce/0x340
[ 1802.088652][    C0]  do_syscall_64+0x100/0x230
[ 1802.088683][    C0]  ? clear_bhb_loop+0x35/0x90
[ 1802.088715][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1802.088744][    C0] RIP: 0033:0x7f0e4858d169
[ 1802.088768][    C0] RSP: 002b:00007f0e49359038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1802.088790][    C0] RAX: 0000000000ec7000 RBX: 00007f0e487a5fa0 RCX: 00007f0e4858d169
[ 1802.088823][    C0] RDX: 00000000fffffd2c RSI: 0000200000000000 RDI: 0000000000000004
[ 1802.088839][    C0] RBP: 00007f0e4860e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 1802.088855][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1802.088869][    C0] R13: 0000000000000000 R14: 00007f0e487a5fa0 R15: 00007ffc91185648
[ 1802.088902][    C0]  </TASK>
[ 1802.088918][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g119321 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 1802.088943][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=120363
[ 1802.088957][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g119321 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[ 1802.088981][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1802.088995][    C0] rcu: RCU grace-period kthread stack dump:
[ 1802.089004][    C0] task:rcu_preempt     state:I stack:26104 pid:18    tgid:18    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1802.089066][    C0] Call Trace:
[ 1802.089075][    C0]  <TASK>
[ 1802.089089][    C0]  __schedule+0x18bc/0x4c40
[ 1802.089120][    C0]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1802.089167][    C0]  ? __pfx___schedule+0x10/0x10
[ 1802.089200][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1802.089237][    C0]  ? __pfx___mod_timer+0x10/0x10
[ 1802.089264][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1802.089298][    C0]  ? schedule+0x90/0x320
[ 1802.089327][    C0]  schedule+0x14b/0x320
[ 1802.089358][    C0]  schedule_timeout+0x15a/0x290
[ 1802.089384][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1802.089412][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1802.089443][    C0]  ? prepare_to_swait_event+0x330/0x350
[ 1802.089476][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1802.089509][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[ 1802.089541][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1802.089575][    C0]  ? rcu_gp_init+0x1256/0x1630
[ 1802.089613][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1802.089643][    C0]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[ 1802.089677][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1802.089707][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1802.089743][    C0]  ? finish_swait+0xd4/0x1e0
[ 1802.089779][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1802.089812][    C0]  rcu_gp_kthread+0xa7/0x3b0
[ 1802.089857][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1802.089886][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1802.089917][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1802.089947][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1802.089977][    C0]  kthread+0x7a9/0x920
[ 1802.090005][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090035][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1802.090066][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090093][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090125][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090152][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1802.090178][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1802.090206][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090236][    C0]  ret_from_fork+0x4b/0x80
[ 1802.090260][    C0]  ? __pfx_kthread+0x10/0x10
[ 1802.090289][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1802.090326][    C0]  </TASK>
[ 1802.090335][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1802.090352][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1802.090390][    C1] NMI backtrace for cpu 1
[ 1802.090403][    C1] CPU: 1 UID: 0 PID: 30 Comm: kauditd Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[ 1802.090421][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1802.090430][    C1] RIP: 0010:__kasan_check_read+0xa/0x20
[ 1802.090452][    C1] Code: db eb d0 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 89 f6 48 8b 0c 24 <31> d2 e9 ef e6 ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
[ 1802.090466][    C1] RSP: 0018:ffffc90000a28b18 EFLAGS: 00000046
[ 1802.090479][    C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff819cfa80
[ 1802.090490][    C1] RDX: 0000000000010000 RSI: 0000000000000008 RDI: ffffffff903bd170
[ 1802.090501][    C1] RBP: ffffc90000a28c50 R08: ffff888012b0c487 R09: 1ffff11002561890
[ 1802.090513][    C1] R10: dffffc0000000000 R11: ffffed1002561891 R12: 1ffff92000145170
[ 1802.090525][    C1] R13: ffffffff89fd6624 R14: ffff888012b0c400 R15: dffffc0000000000
[ 1802.090537][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1802.090550][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1802.090561][    C1] CR2: 0000200000003c80 CR3: 0000000042d2a000 CR4: 00000000003526f0
[ 1802.090576][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1802.090586][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1802.090596][    C1] Call Trace:
[ 1802.090602][    C1]  <NMI>
[ 1802.090609][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1802.090636][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1802.090669][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1802.090696][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1802.090726][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1802.090745][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1802.090767][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1802.090790][    C1]  ? __kasan_check_read+0xa/0x20
[ 1802.090809][    C1]  ? default_do_nmi+0x63/0x160
[ 1802.090827][    C1]  ? exc_nmi+0x123/0x1f0
[ 1802.090845][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1802.090866][    C1]  ? advance_sched+0x9b4/0xca0
[ 1802.090889][    C1]  ? lock_release+0xb0/0xa30
[ 1802.090911][    C1]  ? __kasan_check_read+0xa/0x20
[ 1802.090930][    C1]  ? __kasan_check_read+0xa/0x20
[ 1802.090950][    C1]  ? __kasan_check_read+0xa/0x20
[ 1802.090968][    C1]  </NMI>
[ 1802.090974][    C1]  <IRQ>
[ 1802.090980][    C1]  lock_release+0xb0/0xa30
[ 1802.091014][    C1]  ? do_raw_spin_lock+0x14f/0x370
[ 1802.091033][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1802.091056][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1802.091075][    C1]  ? taprio_set_budgets+0x32c/0x370
[ 1802.091098][    C1]  _raw_spin_unlock+0x16/0x50
[ 1802.091118][    C1]  advance_sched+0x9b4/0xca0
[ 1802.091145][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1802.091165][    C1]  __hrtimer_run_queues+0x59b/0xd30
[ 1802.091189][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1802.091204][    C1]  ? handle_softirqs+0x7e0/0x9b0
[ 1802.091222][    C1]  ? read_tsc+0x9/0x20
[ 1802.091238][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1802.091262][    C1]  hrtimer_interrupt+0x403/0xa40
[ 1802.091288][    C1]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1802.091314][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1802.091336][    C1]  </IRQ>
[ 1802.091341][    C1]  <TASK>
[ 1802.091348][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1802.091370][    C1] RIP: 0010:console_flush_all+0x996/0xeb0
[ 1802.091390][    C1] Code: 48 21 c3 0f 85 16 02 00 00 e8 d6 ed 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 c7 ed 20 00 eb 06 e8 c0 ed 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 26 a6 85 00 4c 8b
[ 1802.091403][    C1] RSP: 0018:ffffc90000a67780 EFLAGS: 00000293
[ 1802.091417][    C1] RAX: ffffffff81a0f1b0 RBX: ffffffff8f37a878 RCX: ffff88801da93c00
[ 1802.091429][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1802.091438][    C1] RBP: ffffc90000a67930 R08: ffffffff81a0f187 R09: 1ffffffff28a2f08
[ 1802.091450][    C1] R10: dffffc0000000000 R11: fffffbfff28a2f09 R12: ffffffff8f37a820
[ 1802.091462][    C1] R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc90000a67980
[ 1802.091477][    C1]  ? console_flush_all+0x967/0xeb0
[ 1802.091494][    C1]  ? console_flush_all+0x990/0xeb0
[ 1802.091519][    C1]  ? console_flush_all+0x1a3/0xeb0
[ 1802.091540][    C1]  ? __pfx_console_flush_all+0x10/0x10
[ 1802.091560][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1802.091584][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1802.091608][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1802.091630][    C1]  console_unlock+0x14f/0x3b0
[ 1802.091647][    C1]  ? __pfx_console_unlock+0x10/0x10
[ 1802.091667][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1802.091689][    C1]  vprintk_emit+0x730/0xa10
[ 1802.091706][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[ 1802.091722][    C1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1802.091742][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1802.091766][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1802.091787][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1802.091814][    C1]  _printk+0xd5/0x120
[ 1802.091838][    C1]  ? kauditd_hold_skb+0xe7/0x210
[ 1802.091859][    C1]  ? __pfx__printk+0x10/0x10
[ 1802.091885][    C1]  ? netlink_has_listeners+0x2ea/0x3a0
[ 1802.091903][    C1]  kauditd_hold_skb+0x1be/0x210
[ 1802.091924][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1802.091943][    C1]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1802.091962][    C1]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1802.091983][    C1]  kauditd_send_queue+0x2b1/0x310
[ 1802.092008][    C1]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1802.092029][    C1]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1802.092051][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1802.092069][    C1]  ? kauditd_thread+0xb4/0x9b0
[ 1802.092087][    C1]  kauditd_thread+0x74a/0x9b0
[ 1802.092105][    C1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1802.092128][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1802.092149][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1802.092171][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1802.092190][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1802.092213][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1802.092234][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1802.092253][    C1]  kthread+0x7a9/0x920
[ 1802.092274][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092297][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1802.092316][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092337][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092360][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092382][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1802.092402][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1802.092423][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092446][    C1]  ret_from_fork+0x4b/0x80
[ 1802.092465][    C1]  ? __pfx_kthread+0x10/0x10
[ 1802.092487][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1802.092510][    C1]  </TASK>
[ 1938.444389][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 226s! [kworker/u8:11:21683]
[ 1938.444422][    C0] Modules linked in:
[ 1938.444436][    C0] irq event stamp: 3390616
[ 1938.444445][    C0] hardirqs last  enabled at (3390615): [<ffffffff8c013da3>] irqentry_exit+0x63/0x90
[ 1938.444488][    C0] hardirqs last disabled at (3390616): [<ffffffff8c0119ae>] sysvec_apic_timer_interrupt+0xe/0xc0
[ 1938.444522][    C0] softirqs last  enabled at (3390614): [<ffffffff81836c57>] __irq_exit_rcu+0xf7/0x220
[ 1938.444549][    C0] softirqs last disabled at (3390591): [<ffffffff81836c57>] __irq_exit_rcu+0xf7/0x220
[ 1938.444578][    C0] CPU: 0 UID: 0 PID: 21683 Comm: kworker/u8:11 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[ 1938.444603][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1938.444619][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 1938.444652][    C0] RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30
[ 1938.444677][    C0] Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c0 f4 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 70 f0 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00
[ 1938.444696][    C0] RSP: 0018:ffffc9000dcdf640 EFLAGS: 00000293
[ 1938.444713][    C0] RAX: ffffffff81b5ef25 RBX: 1ffff110170e88c9 RCX: ffff888031e98000
[ 1938.444730][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1938.444744][    C0] RBP: ffffc9000dcdf840 R08: ffffffff81b5eef0 R09: 1ffffffff28a2f08
[ 1938.444760][    C0] R10: dffffc0000000000 R11: fffffbfff28a2f09 R12: ffff8880b863f9c8
[ 1938.444788][    C0] R13: ffff8880b8744648 R14: ffff8880b863f9c0 R15: 0000000000000001
[ 1938.444802][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1938.444818][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1938.444832][    C0] CR2: 00002000001ff030 CR3: 000000000e938000 CR4: 00000000003526f0
[ 1938.444848][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1938.444860][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1938.444873][    C0] Call Trace:
[ 1938.444880][    C0]  <IRQ>
[ 1938.444898][    C0]  ? watchdog_timer_fn+0x75b/0x960
[ 1938.444931][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1938.444962][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.444988][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1938.445022][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1938.445052][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[ 1938.445087][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1938.445105][    C0]  ? handle_softirqs+0x7e0/0x9b0
[ 1938.445128][    C0]  ? read_tsc+0x9/0x20
[ 1938.445147][    C0]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1938.445180][    C0]  ? hrtimer_interrupt+0x403/0xa40
[ 1938.445221][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[ 1938.445252][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1938.445278][    C0]  </IRQ>
[ 1938.445285][    C0]  <TASK>
[ 1938.445293][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1938.445327][    C0]  ? smp_call_function_many_cond+0x1b90/0x2d30
[ 1938.445345][    C0]  ? smp_call_function_many_cond+0x1bc5/0x2d30
[ 1938.445368][    C0]  ? smp_call_function_many_cond+0x1ba4/0x2d30
[ 1938.445396][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1938.445423][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1938.445450][    C0]  ? __pfx___text_poke+0x10/0x10
[ 1938.445474][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1938.445496][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1938.445519][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1938.445544][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1938.445565][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 1938.445587][    C0]  text_poke_bp_batch+0x352/0xb30
[ 1938.445610][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1938.445643][    C0]  ? arch_jump_label_transform_apply+0x17/0x30
[ 1938.445668][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1938.445695][    C0]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 1938.445726][    C0]  text_poke_finish+0x30/0x50
[ 1938.445745][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 1938.445767][    C0]  static_key_enable_cpuslocked+0x136/0x260
[ 1938.445794][    C0]  static_key_enable+0x1a/0x20
[ 1938.445816][    C0]  toggle_allocation_gate+0xbc/0x260
[ 1938.445856][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1938.445895][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1938.445931][    C0]  ? process_scheduled_works+0x9c6/0x18e0
[ 1938.445952][    C0]  process_scheduled_works+0xabe/0x18e0
[ 1938.445998][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1938.446027][    C0]  ? assign_work+0x364/0x3d0
[ 1938.446053][    C0]  worker_thread+0x870/0xd30
[ 1938.446082][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.446110][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1938.446136][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1938.446159][    C0]  kthread+0x7a9/0x920
[ 1938.446182][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446209][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1938.446232][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446256][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446284][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446307][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1938.446348][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1938.446375][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446403][    C0]  ret_from_fork+0x4b/0x80
[ 1938.446425][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.446463][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1938.446495][    C0]  </TASK>
[ 1938.446504][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1938.446533][    C1] NMI backtrace for cpu 1
[ 1938.446543][    C1] CPU: 1 UID: 0 PID: 30 Comm: kauditd Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[ 1938.446559][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1938.446568][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[ 1938.446590][    C1] Code: 89 fb e8 23 00 00 00 48 8b 3d f4 13 92 0c 48 89 de 5b e9 83 5e 59 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 00 d5 03 00 65 8b 15 80 f5
[ 1938.446603][    C1] RSP: 0018:ffffc90000a28d18 EFLAGS: 00000097
[ 1938.446616][    C1] RAX: 0000000000010000 RBX: 0000000000000001 RCX: ffff88801da93c00
[ 1938.446626][    C1] RDX: ffff88801da93c00 RSI: 0000000000000001 RDI: 0000000000000007
[ 1938.446636][    C1] RBP: ffffc90000a28ea0 R08: ffffffff81af4d18 R09: 1ffffffff35152a9
[ 1938.446647][    C1] R10: dffffc0000000000 R11: fffffbfff35152aa R12: 1ffff110170e58cb
[ 1938.446659][    C1] R13: dffffc0000000000 R14: ffff888027e6c340 R15: ffff8880b872c600
[ 1938.446670][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1938.446682][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1938.446693][    C1] CR2: 0000200000003c80 CR3: 0000000042d2a000 CR4: 00000000003526f0
[ 1938.446707][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1938.446716][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1938.446725][    C1] Call Trace:
[ 1938.446731][    C1]  <NMI>
[ 1938.446738][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1938.446764][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1938.446794][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1938.446819][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1938.446859][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1938.446883][    C1]  ? nmi_handle+0x14f/0x5a0
[ 1938.446905][    C1]  ? nmi_handle+0x2a/0x5a0
[ 1938.446926][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1938.446945][    C1]  ? __kasan_check_read+0xa/0x20
[ 1938.446962][    C1]  ? default_do_nmi+0x63/0x160
[ 1938.446979][    C1]  ? exc_nmi+0x123/0x1f0
[ 1938.446996][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1938.447019][    C1]  ? debug_deactivate+0x38/0x220
[ 1938.447035][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1938.447055][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1938.447076][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[ 1938.447096][    C1]  </NMI>
[ 1938.447101][    C1]  <IRQ>
[ 1938.447106][    C1]  debug_deactivate+0x42/0x220
[ 1938.447122][    C1]  __hrtimer_run_queues+0x305/0xd30
[ 1938.447158][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1938.447172][    C1]  ? handle_softirqs+0x7e0/0x9b0
[ 1938.447188][    C1]  ? read_tsc+0x9/0x20
[ 1938.447203][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1938.447226][    C1]  hrtimer_interrupt+0x403/0xa40
[ 1938.447250][    C1]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1938.447274][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1938.447295][    C1]  </IRQ>
[ 1938.447300][    C1]  <TASK>
[ 1938.447305][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1938.447326][    C1] RIP: 0010:console_flush_all+0x996/0xeb0
[ 1938.447344][    C1] Code: 48 21 c3 0f 85 16 02 00 00 e8 d6 ed 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 c7 ed 20 00 eb 06 e8 c0 ed 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 26 a6 85 00 4c 8b
[ 1938.447357][    C1] RSP: 0018:ffffc90000a67780 EFLAGS: 00000293
[ 1938.447369][    C1] RAX: ffffffff81a0f1b0 RBX: ffffffff8f37a878 RCX: ffff88801da93c00
[ 1938.447381][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1938.447390][    C1] RBP: ffffc90000a67930 R08: ffffffff81a0f187 R09: 1ffffffff28a2f08
[ 1938.447400][    C1] R10: dffffc0000000000 R11: fffffbfff28a2f09 R12: ffffffff8f37a820
[ 1938.447412][    C1] R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc90000a67980
[ 1938.447425][    C1]  ? console_flush_all+0x967/0xeb0
[ 1938.447441][    C1]  ? console_flush_all+0x990/0xeb0
[ 1938.447464][    C1]  ? console_flush_all+0x1a3/0xeb0
[ 1938.447484][    C1]  ? __pfx_console_flush_all+0x10/0x10
[ 1938.447503][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1938.447524][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1938.447547][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1938.447568][    C1]  console_unlock+0x14f/0x3b0
[ 1938.447584][    C1]  ? __pfx_console_unlock+0x10/0x10
[ 1938.447603][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1938.447623][    C1]  vprintk_emit+0x730/0xa10
[ 1938.447639][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[ 1938.447654][    C1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1938.447673][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1938.447695][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.447714][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1938.447739][    C1]  _printk+0xd5/0x120
[ 1938.447761][    C1]  ? kauditd_hold_skb+0xe7/0x210
[ 1938.447781][    C1]  ? __pfx__printk+0x10/0x10
[ 1938.447805][    C1]  ? netlink_has_listeners+0x2ea/0x3a0
[ 1938.447823][    C1]  kauditd_hold_skb+0x1be/0x210
[ 1938.447842][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1938.447859][    C1]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1938.447877][    C1]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1938.447898][    C1]  kauditd_send_queue+0x2b1/0x310
[ 1938.447917][    C1]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1938.447937][    C1]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1938.447957][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1938.447974][    C1]  ? kauditd_thread+0xb4/0x9b0
[ 1938.447991][    C1]  kauditd_thread+0x74a/0x9b0
[ 1938.448008][    C1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 1938.448029][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.448049][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1938.448070][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1938.448087][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1938.448110][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1938.448130][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1938.448152][    C1]  kthread+0x7a9/0x920
[ 1938.448172][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448193][    C1]  ? __pfx_kauditd_thread+0x10/0x10
[ 1938.448211][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448231][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448253][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448273][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1938.448291][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1938.448312][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448333][    C1]  ret_from_fork+0x4b/0x80
[ 1938.448350][    C1]  ? __pfx_kthread+0x10/0x10
[ 1938.448371][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1938.448393][    C1]  </TASK>
[ 1938.448538][    C0] Kernel panic - not syncing: softlockup: hung tasks
[ 1938.448553][    C0] CPU: 0 UID: 0 PID: 21683 Comm: kworker/u8:11 Tainted: G             L     6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[ 1938.448578][    C0] Tainted: [L]=SOFTLOCKUP
[ 1938.448586][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1938.448599][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 1938.448628][    C0] Call Trace:
[ 1938.448636][    C0]  <IRQ>
[ 1938.448645][    C0]  dump_stack_lvl+0x241/0x360
[ 1938.448664][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 1938.448685][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1938.448705][    C0]  ? __pfx__printk+0x10/0x10
[ 1938.448738][    C0]  ? vscnprintf+0x5d/0x90
[ 1938.448763][    C0]  panic+0x349/0x880
[ 1938.448791][    C0]  ? watchdog_timer_fn+0x914/0x960
[ 1938.448820][    C0]  ? __pfx_panic+0x10/0x10
[ 1938.448852][    C0]  ? irq_work_queue+0xd1/0x150
[ 1938.448878][    C0]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1938.448907][    C0]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1938.448934][    C0]  watchdog_timer_fn+0x957/0x960
[ 1938.448965][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1938.448995][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.449021][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1938.449053][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1938.449082][    C0]  __hrtimer_run_queues+0x551/0xd30
[ 1938.449116][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1938.449134][    C0]  ? handle_softirqs+0x7e0/0x9b0
[ 1938.449156][    C0]  ? read_tsc+0x9/0x20
[ 1938.449176][    C0]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[ 1938.449207][    C0]  hrtimer_interrupt+0x403/0xa40
[ 1938.449246][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[ 1938.449276][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1938.449302][    C0]  </IRQ>
[ 1938.449310][    C0]  <TASK>
[ 1938.449318][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1938.449345][    C0] RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30
[ 1938.449365][    C0] Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c0 f4 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 70 f0 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00
[ 1938.449381][    C0] RSP: 0018:ffffc9000dcdf640 EFLAGS: 00000293
[ 1938.449398][    C0] RAX: ffffffff81b5ef25 RBX: 1ffff110170e88c9 RCX: ffff888031e98000
[ 1938.449414][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1938.449426][    C0] RBP: ffffc9000dcdf840 R08: ffffffff81b5eef0 R09: 1ffffffff28a2f08
[ 1938.449440][    C0] R10: dffffc0000000000 R11: fffffbfff28a2f09 R12: ffff8880b863f9c8
[ 1938.449455][    C0] R13: ffff8880b8744648 R14: ffff8880b863f9c0 R15: 0000000000000001
[ 1938.449475][    C0]  ? smp_call_function_many_cond+0x1b90/0x2d30
[ 1938.449494][    C0]  ? smp_call_function_many_cond+0x1bc5/0x2d30
[ 1938.449525][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1938.449551][    C0]  ? kmem_cache_alloc_bulk_noprof+0x156/0x7c0
[ 1938.449577][    C0]  ? __pfx___text_poke+0x10/0x10
[ 1938.449601][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1938.449622][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1938.449645][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1938.449669][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1938.449690][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 1938.449711][    C0]  text_poke_bp_batch+0x352/0xb30
[ 1938.449733][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1938.449765][    C0]  ? arch_jump_label_transform_apply+0x17/0x30
[ 1938.449790][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1938.449816][    C0]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 1938.449846][    C0]  text_poke_finish+0x30/0x50
[ 1938.449865][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 1938.449892][    C0]  static_key_enable_cpuslocked+0x136/0x260
[ 1938.449919][    C0]  static_key_enable+0x1a/0x20
[ 1938.449941][    C0]  toggle_allocation_gate+0xbc/0x260
[ 1938.449968][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1938.449997][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1938.450034][    C0]  ? process_scheduled_works+0x9c6/0x18e0
[ 1938.450056][    C0]  process_scheduled_works+0xabe/0x18e0
[ 1938.450101][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1938.450131][    C0]  ? assign_work+0x364/0x3d0
[ 1938.450158][    C0]  worker_thread+0x870/0xd30
[ 1938.450188][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1938.450217][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1938.450244][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1938.450268][    C0]  kthread+0x7a9/0x920
[ 1938.450292][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450321][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1938.450345][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450370][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450399][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450424][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1938.450448][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 1938.450474][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450501][    C0]  ret_from_fork+0x4b/0x80
[ 1938.450523][    C0]  ? __pfx_kthread+0x10/0x10
[ 1938.450550][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1938.450583][    C0]  </TASK>
[ 1939.592770][    C0] Shutting down cpus with NMI
[ 1939.593178][    C0] Kernel Offset: disabled