last executing test programs:

3m42.841666889s ago: executing program 0 (id=1210):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000001980)={0x10, 0x0, &(0x7f0000001840)=[@clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0})

3m42.676075295s ago: executing program 0 (id=1214):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4001, 0x800)
r3 = eventfd2(0x4, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r3, 0x7, 0x2, r2})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0xd98, 0x2, r3})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0xc0, 0x5, 0x7, 0x7f, 0x0, 0x1, 0x9, 0x1, 0x41, 0x3, 0x58, 0x7, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0xcb, 0xd, 0x2000000000004, 0x6d, 0x2, 0x1002, 0x80000ef, 0x200, 0x7fffffffffffb, 0x8d, 0x2, 0x1, 0xfffffffffffffffe, 0x5, 0x3, 0xbdf], 0x2000, 0x67a64fa265d09613})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3m41.664181371s ago: executing program 0 (id=1218):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)}, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xd35, 0x0, 0x7ffffeffffffb, 0x5, 0x0, 0x1, 0xfffffffffffffffd, 0x9, 0x0, 0xbde], 0x2, 0x3c4210})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x24000010)
syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2"], 0x0)

3m39.644031109s ago: executing program 0 (id=1224):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

3m38.557033217s ago: executing program 0 (id=1233):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000080)={0x1, 0xc, 0x3})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
close_range(r0, 0xffffffffffffffff, 0x0)

3m38.275429144s ago: executing program 0 (id=1234):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

3m38.08423835s ago: executing program 32 (id=1234):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2m58.264920837s ago: executing program 5 (id=1444):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd24, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

2m57.912764175s ago: executing program 5 (id=1445):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xbfffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x33, 0xee, 0x9, 0xac5b, 0x80000001, 0xa5ca, 0xdb3, 0x3, 0x7}}}}]}, 0x58}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)

2m57.790839438s ago: executing program 5 (id=1446):
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)=@FILEID_UDF_WITH_PARENT={0x14, 0x52, {{0x3, 0x6, 0x7, 0xa}, 0x10001, 0xc}}, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)}], 0x1}}], 0x1, 0xc0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x200800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8050}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5830, 0x4, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x800000005479, 0x1034, 0x200000000006, 0xfffffffffffffffc, 0x3, 0xffffffdffffffffb, 0xfffdffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x8237000, 0x80cd4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m57.571316964s ago: executing program 5 (id=1447):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
move_mount(r1, &(0x7f0000000140)='.\x00', r0, &(0x7f0000000300)='./file0\x00', 0x41)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x220)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[])
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)

2m57.412051957s ago: executing program 5 (id=1450):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f00000002c0)='\\ ', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sendmmsg(0xffffffffffffffff, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)="4166deb08f5490e60cbd5dc80404c8a1d8b1dcefa938cbb0a2ca79523b6cc1574a6c7282edd54fa942633e7cf2fddaf1b19a9bd2aded624ffe3ed905bd5bc2ef28c3c689bdc609239748afb03e5201f0edcb4e0edfc9f07805d021a76bd013330c33937875ea24a4e7b7c9150afbfb67c43037a0f32d72c4b8b6a70cd359878738", 0x81}], 0x1}}], 0x1, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000280)={0x0, 0x80003734, 0x100, 0xfffffffe, 0x280}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x4000000000000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
syz_usb_connect(0x4, 0xfffffffffffffd9b, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, 0x94)

2m57.083438182s ago: executing program 5 (id=1453):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0x60000000004, 0x1000000000, 0x80000000000005, 0x41, 0x2000000, 0x0, 0x2004cb, 0xffffffffeffffffe, 0xa1d, 0x9, 0x5, 0x0, 0x3, 0x2, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000340)=@arm64={0x80, 0x9, 0xb, '\x00', 0x55})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xfec00000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0xff, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x8, 0x0, 0x6}, {0xeeee8000, 0xffff1000, 0x9, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xca, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x10000, 0x50, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m56.449100609s ago: executing program 33 (id=1453):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0x60000000004, 0x1000000000, 0x80000000000005, 0x41, 0x2000000, 0x0, 0x2004cb, 0xffffffffeffffffe, 0xa1d, 0x9, 0x5, 0x0, 0x3, 0x2, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000340)=@arm64={0x80, 0x9, 0xb, '\x00', 0x55})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xfec00000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0xff, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x8, 0x0, 0x6}, {0xeeee8000, 0xffff1000, 0x9, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xca, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x10000, 0x50, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m16.59437775s ago: executing program 4 (id=1955):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)={0x20, 0xe, 0x2, "02cf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000580)={0x0, 0x16, 0x2, "f610"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, &(0x7f00000005c0)=ANY=[@ANYBLOB="04a001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

1m12.612352812s ago: executing program 4 (id=1979):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x5, 0x5, 0x2, 0x4}, 0x50)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x41c902, 0xa6, 0x9}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}, @typed={0x6, 0x12, 0x0, 0x0, @str='\x84;'}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0))
unshare(0x62040200)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000)

1m12.048476597s ago: executing program 4 (id=1981):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
write$tun(r2, &(0x7f0000000180)={@val={0x0, 0x10}, @val={0x1, 0x0, 0x308, 0x3, 0x0, 0x1}, @arp=@ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xaad0469e39e46aa7}, @empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @mcast1}}, 0x42)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m10.881012982s ago: executing program 4 (id=1987):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0/file0\x00', 0x8)
dup(r0)

1m9.783050743s ago: executing program 4 (id=1992):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001dc0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0xb}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

1m7.672304327s ago: executing program 4 (id=1997):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000140), 0x10)
r3 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679c, 0x80, 0x2000006, 0x403ce}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x40480d7, 0x1})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="05000000"], 0x48}}, 0x0)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

1m7.325189433s ago: executing program 34 (id=1997):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000140), 0x10)
r3 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679c, 0x80, 0x2000006, 0x403ce}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x40480d7, 0x1})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="05000000"], 0x48}}, 0x0)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

11.368586637s ago: executing program 3 (id=2277):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(0x3)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
close(r2)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000480)=0x1, 0x89b5)
sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001480)="8f", 0x1}], 0x1}}], 0x1, 0x24040010)
close_range(r0, 0xffffffffffffffff, 0x0)

11.223429508s ago: executing program 3 (id=2279):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
write$proc_mixer(0xffffffffffffffff, 0x0, 0x86)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x48c})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
getdents64(r1, &(0x7f0000001f80)=""/4108, 0x100c)

10.475506778s ago: executing program 7 (id=2285):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000380)={0x0, 0x3ff, 0x5})
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
syz_clone3(&(0x7f0000000840)={0x80020000, 0x0, 0x0, 0x0, {0x9}, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0x0], 0x1}, 0x58)

10.314198793s ago: executing program 7 (id=2286):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

10.220671147s ago: executing program 3 (id=2287):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r0, &(0x7f0000000140)='disconnect aa:aa:aa:aa:aa:11 1', 0x16)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x41, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd0000008019000000050000000000000000000000000000d900", [0x80000000008, 0xffffffff9673e35d]}})
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000240)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201"], 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000040)=""/185)

10.196922578s ago: executing program 7 (id=2288):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket(0x11, 0x3, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x80101)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndctrl(&(0x7f0000000340), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

9.767524593s ago: executing program 6 (id=2291):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.288675198s ago: executing program 6 (id=2295):
socket$inet(0x2b, 0x801, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000001c0)={0x0, 0xb0a8, 0x1000, 0x1, 0x37a}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, &(0x7f0000000100)={@local, @remote})
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/seq/clients\x00', 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', r5})
io_uring_enter(r2, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)

9.248038393s ago: executing program 7 (id=2296):
openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0x5000009)
fallocate(r2, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xc, 0x2010, r2, 0xffff9000)

7.869061905s ago: executing program 3 (id=2298):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xb15, 0x2)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f003, 0x1})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r2)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_io_uring_complete(0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x13, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.735424655s ago: executing program 3 (id=2299):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x1}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000440)="18", 0x1, 0x200000c1, &(0x7f00000001c0)={0x11, 0x88a8, r5, 0x1, 0xff}, 0x14)

7.537047167s ago: executing program 6 (id=2300):
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000300)="a3f1", 0x2}], 0x1, 0x8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, 0x0}, 0x68)
r0 = io_uring_setup(0x9, 0x0)
io_uring_enter(r0, 0x2217, 0xcf74, 0x16, 0x0, 0x0)
io_uring_enter(r0, 0x47ba, 0x0, 0x51, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000040000000500000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f0000001c40)=ANY=[@ANYBLOB="1800000003000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f00000001c0))
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
ioctl$DVB_DEMUX_DMX_ADD_PID(r2, 0x40026f33, &(0x7f0000000100)=0x808c)
ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x3)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(r2, 0x40026f34, &(0x7f0000000040)=0x808c)

7.179709466s ago: executing program 6 (id=2302):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r3, 0x47fa, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="b000000016007f029e78f6030f7a0a762353bfb89fd8c902317bab30f89f080aaaaeb9d8091c815dcf03e14e877733fff4fe20a5be870f576b162e7de2d02673e789a4950c9cdc206e086fd0dc8ca9afcd9d522ac78876a4595146add31b35355848794ca3f8b38aef1e114ab9fb0200000000000000a3b0c81c6f8144e74fe13b80ca46c1a6c04ad73c9d44b605", 0x8e}, {&(0x7f00000000c0)}], 0x2}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

6.911991958s ago: executing program 7 (id=2305):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00001d9000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

5.24519281s ago: executing program 2 (id=2307):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f00000001c0)={0x0, 0x37, 0x6, "62ac4912f3d8"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000002c0)={0x40, 0x16}, 0x0, 0x0, 0x0, 0x0})

5.127582856s ago: executing program 1 (id=2308):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c)

3.77471149s ago: executing program 6 (id=2309):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x7}}, 0x14}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000080)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/oss_mixer\x00', 0x200000, 0x0)
unshare(0x40400)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff6000/0x9000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, 0x0, 0x0, r6}, 0x68)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x30, r4, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x6}, @NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @NL80211_ATTR_KEYS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x7040}, 0x20004010)

2.911972326s ago: executing program 2 (id=2310):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

2.693413663s ago: executing program 2 (id=2311):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000800)={0x1, 0x0, [{0xc000, 0x9c, &(0x7f0000000340)=""/156}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0xfffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = syz_io_uring_setup(0xd51, &(0x7f0000000000)={0x0, 0x7f36, 0x10000, 0x1, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r1, 0x47bc, 0x0, 0x40, 0x0, 0x0)

2.320356939s ago: executing program 2 (id=2312):
setitimer(0x0, &(0x7f0000000440)={{0x0, 0xea60}, {0x77359400}}, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r0)
r1 = inotify_init1(0x800)
fcntl$setstatus(r0, 0x4, 0x2c00)
r2 = gettid()
fcntl$setown(r0, 0x8, r2)
fcntl$setsig(r1, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')

2.06904973s ago: executing program 2 (id=2313):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r0, &(0x7f00000002c0)=""/153, 0x99)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0xd0fb8000)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000004c0)=""/120, 0x0, 0x80a0000})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, 0x0, &(0x7f0000000700)=""/100, 0x0, 0xd000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000900))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)

1.468497115s ago: executing program 2 (id=2314):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000014c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f00000008c0)={0x0, 0xc}, 0x0, 0x0, 0x0, &(0x7f0000000c00)=ANY=[], 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

1.205079806s ago: executing program 1 (id=2315):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x4c}}, 0x0)
socket$kcm(0xa, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x5, &(0x7f00000000c0), 0x106, 0x5}}, 0x20)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x35}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

1.100907883s ago: executing program 1 (id=2316):
socket$kcm(0xa, 0x3, 0x3a)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0xd747abdec56c9d0b, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x7ffffffff000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000020601080000000000000000000000080c00078008000640200000000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x20040000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000240)={0x0, 0x3c, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000030601eaff000000000000000700000a050001000700000025ab4ac0291d0f8e63d76ca5bd99c3763fba5afe8c87a5c5de501ef65f02e7045e2eb66e947433e15bead0961b46ce139a0418ba8ff85fa97f18a11872a8f9df0b1dfc87f91e3246a6c662f95ead8e8df60644ad93e3249694bdece4669ed473a52988021bb1f7b2c75ad46bb18121b9dbb49f3015b4f6e46976933af469bcd96a03b94b4408ae04b821b50384711326edd81104fa72a059f5a1d1fdac8c60a07035af00"/206], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814)

1.035884438s ago: executing program 1 (id=2317):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x300000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000088d82, 0x0)
r1 = syz_io_uring_setup(0xbdb, &(0x7f0000000040)={0x0, 0x5cd0, 0x100, 0x2, 0x1bc}, &(0x7f0000002180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x1, &(0x7f0000000140)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847b9, 0xebd0, 0xa, 0x0, 0x0)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)

771.745772ms ago: executing program 1 (id=2318):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x40000095, 0x0, 0xfffffffffffffffd}]})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0xc8, 0x3})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000000c0)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xfe, 0x86, 0xf3b8, 0xfffffffffffffffe, 0x1000, 0x400, 0x4002004c4, 0xb, 0x0, 0x1, 0x10, 0x0, 0x5, 0x4, 0x0, 0xa], 0xeeee8000, 0x402})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

408.618307ms ago: executing program 1 (id=2319):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000110001"], 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
syz_usb_connect(0x2, 0x440, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000c1b2fd40861246206fc10000000109022e040108004000090450000eff040100da0fe42101caf61f785b7bd6f9a40324b2b8253d68e955dd65abfed59c829185881ffcf5071e69d83a94cccf753dd12f7dafdf5b2d4e3c8bf7d1851b891f21b183913d49bf953bab3ee777ab2030fd27eea9c11becf582bd1b62acc0c22b85cc4a21fdf944da65c501f2bcfe60009f9f"], 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f0000000100)='./file0\x00', 0x0)

112.775789ms ago: executing program 6 (id=2320):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r1, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000200)={0x0, 0x100000, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r5, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)

46.031046ms ago: executing program 3 (id=2321):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)={0x20, 0x6, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6(0xa, 0x1, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x2416, 0x9a41, 0x41, &(0x7f0000000240)="b68524a1990ca76020cb69f0da94ee6ea3b82d55928df309bcb9a90fe07cd59038d59fa1f4a3c8cff7aa593898f91221b213e6c819aa21d2f1aae295cef8c03777"}], 0x1})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x404c094)

0s ago: executing program 7 (id=2322):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
close(r0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r2, 0x400, 0x1)
r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r4 = memfd_create(&(0x7f00000002c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9\xd6\x1c\x1b*\x9a!?\x7f\xa5\xad\x9a,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{&\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+\x02\x00\x00\x00\x00\x00\x00\x00\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5', 0x2)
write$binfmt_misc(r4, &(0x7f0000000180)="e502", 0x2)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

kernel console output (not intermixed with test programs):

9 > 1
[  405.862195][ T5825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  406.006996][ T5825] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  406.024309][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  406.038655][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  406.586985][T12035] chnl_net:caif_netlink_parms(): no params data found
[  406.943826][T12046] mmap: syz.1.1459 (12046) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  406.986708][T12047] kvm: pic: single mode not supported
[  407.025640][T12035] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.081243][T12035] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.092729][T12035] bridge_slave_0: entered allmulticast mode
[  407.123170][T12035] bridge_slave_0: entered promiscuous mode
[  407.147664][T12035] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.160047][T12035] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.171954][T12035] bridge_slave_1: entered allmulticast mode
[  407.187736][T12035] bridge_slave_1: entered promiscuous mode
[  407.297698][T12035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  407.326343][T12035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  407.438224][T12058] netlink: 'syz.4.1462': attribute type 3 has an invalid length.
[  407.448238][T12035] team0: Port device team_slave_0 added
[  407.456882][T12035] team0: Port device team_slave_1 added
[  407.562356][T12035] batman_adv: batadv0: Adding interface: batadv_slave_0
[  407.575743][T12035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  407.643620][T12035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  407.740550][T12035] batman_adv: batadv0: Adding interface: batadv_slave_1
[  407.766301][T12035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  407.882501][T12035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  407.973250][T12062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1464'.
[  408.092638][ T5825] Bluetooth: hci4: command tx timeout
[  408.138422][T12035] hsr_slave_0: entered promiscuous mode
[  408.145602][T12035] hsr_slave_1: entered promiscuous mode
[  408.152207][T12035] debugfs: 'hsr0' already exists in 'hsr'
[  408.159427][T12035] Cannot create hsr debugfs directory
[  408.762567][ T5915] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  409.005003][ T5915] usb 2-1: config 0 has an invalid interface number: 39 but max is 0
[  409.015542][ T5915] usb 2-1: config 0 has no interface number 0
[  409.022556][ T5915] usb 2-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  409.085487][ T5915] usb 2-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  409.095573][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.108835][ T5915] usb 2-1: Product: syz
[  409.125711][ T5915] usb 2-1: Manufacturer: syz
[  409.151241][ T5915] usb 2-1: SerialNumber: syz
[  409.174102][ T5915] usb 2-1: config 0 descriptor??
[  409.370361][T12035] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  409.477805][T12083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.506038][T12035] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  409.521673][T12035] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  409.548435][T12035] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  410.057715][T12035] 8021q: adding VLAN 0 to HW filter on device bond0
[  410.172777][ T5825] Bluetooth: hci4: command tx timeout
[  410.177350][T12035] 8021q: adding VLAN 0 to HW filter on device team0
[  410.194727][ T5915] usb 2-1: USB disconnect, device number 25
[  410.201429][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.209085][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  410.270532][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  410.297401][ T8603] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.305028][ T8603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  410.429601][T12104] binder: 12103:12104 ioctl c0306201 2000000003c0 returned -14
[  410.516075][T12106] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1475'.
[  410.533152][   T29] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  410.558649][T12035] 8021q: adding VLAN 0 to HW filter on device batadv0
[  410.665428][T12035] veth0_vlan: entered promiscuous mode
[  410.703286][T12035] veth1_vlan: entered promiscuous mode
[  410.735301][   T29] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  410.740111][T12035] veth0_macvtap: entered promiscuous mode
[  410.766160][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.771264][T12035] veth1_macvtap: entered promiscuous mode
[  410.810870][   T29] usb 5-1: config 0 descriptor??
[  410.828868][   T29] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  410.830974][T12110] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  410.853726][T12035] batman_adv: batadv0: Interface activated: batadv_slave_0
[  410.873392][T12035] batman_adv: batadv0: Interface activated: batadv_slave_1
[  410.898600][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.918407][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.949697][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.987781][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.116053][ T3563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.162963][ T3563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.245712][ T3563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.264232][ T3563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.323246][T12118] tipc: Failed to remove unknown binding: 66,0,0/0:3015505185/3015505187
[  411.336263][T12118] tipc: Failed to remove unknown binding: 66,0,0/0:3015505185/3015505186
[  411.372622][T12118] tipc: Failed to remove unknown binding: 66,0,0/0:3015505185/3015505187
[  411.407089][T12118] tipc: Failed to remove unknown binding: 66,0,0/0:3015505185/3015505186
[  411.407887][T12120] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1454'.
[  411.428136][T12120] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1454'.
[  411.467912][T12120] ip6gretap0: entered promiscuous mode
[  411.495587][T12120] syz_tun: entered promiscuous mode
[  411.735314][T12132] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[  411.742300][T12132] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  411.763640][T12132] vhci_hcd vhci_hcd.0: Device attached
[  411.969481][T12134] vhci_hcd: connection closed
[  411.973176][ T8605] vhci_hcd vhci_hcd.6: stop threads
[  411.991972][ T8605] vhci_hcd vhci_hcd.6: release socket
[  412.010832][ T8605] vhci_hcd vhci_hcd.6: disconnect device
[  412.019500][ T5884] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[  412.044590][   T29] gspca_stv06xx: I2C: Read error writing address: -71
[  412.055229][   T29] usb 5-1: USB disconnect, device number 25
[  412.254162][ T5825] Bluetooth: hci4: command tx timeout
[  412.532684][   T29] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  413.059647][   T29] usb 4-1: Using ep0 maxpacket: 32
[  413.226804][   T29] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  413.254002][   T29] usb 4-1: config 0 has no interface number 0
[  413.662631][   T30] audit: type=1804 audit(1773150815.903:368): pid=12154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1489" name="/newroot/2/file0" dev="fuse" ino=1 res=1 errno=0
[  413.752434][   T29] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  413.763088][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.785718][   T29] usb 4-1: Product: syz
[  413.812963][   T29] usb 4-1: Manufacturer: syz
[  413.832702][   T29] usb 4-1: SerialNumber: syz
[  413.869491][   T29] usb 4-1: config 0 descriptor??
[  413.901293][   T29] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  413.932908][   T29] usb 4-1: selecting invalid altsetting 1
[  413.960936][   T29] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  413.994180][   T29] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  414.013922][   T29] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  414.042658][   T29] usb 4-1: media controller created
[  414.089552][   T29] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  414.093026][T12160] kvm: pic: non byte write
[  414.192668][T12147] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  414.199419][T12147] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  414.231627][T12147] vhci_hcd vhci_hcd.0: Device attached
[  414.261889][T12164] vhci_hcd: connection closed
[  414.263542][   T12] vhci_hcd vhci_hcd.3: stop threads
[  414.265775][   T29] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  414.268288][   T12] vhci_hcd vhci_hcd.3: release socket
[  414.277999][   T29] zl10353_read_register: readreg error (reg=127, ret==-71)
[  414.286847][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  414.292608][   T29] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  414.302868][T11387] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  414.334124][ T5825] Bluetooth: hci4: command tx timeout
[  414.393516][   T29] usb 4-1: USB disconnect, device number 20
[  414.624180][T12167] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1492'.
[  414.666829][T12170] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1492'.
[  414.688464][T12173] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1492'.
[  414.702553][T11387] usb 2-1: Using ep0 maxpacket: 16
[  414.730609][T11387] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  414.742549][T11387] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  414.757193][T11387] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  414.768147][T11387] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.790721][T11387] usb 2-1: Product: syz
[  414.798260][T11387] usb 2-1: Manufacturer: syz
[  414.832090][T11387] usb 2-1: SerialNumber: syz
[  415.266856][T11387] usb 2-1: 0:2 : does not exist
[  415.304476][T11387] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  415.424889][T11387] usb 2-1: USB disconnect, device number 26
[  415.541115][T12191] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1499'.
[  416.941794][T12202] kvm: requested 188571 ns i8254 timer period limited to 200000 ns
[  416.951330][T12202] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[  416.961365][T12202] kvm: requested 47771 ns i8254 timer period limited to 200000 ns
[  416.973867][T12202] kvm: requested 187733 ns i8254 timer period limited to 200000 ns
[  416.991351][T12202] kvm: requested 161752 ns i8254 timer period limited to 200000 ns
[  417.001424][T12202] kvm: requested 142476 ns i8254 timer period limited to 200000 ns
[  417.020900][T12202] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[  417.145619][ T5884] vhci_hcd vhci_hcd.6: vhci_device speed not set
[  417.836275][T12224] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1507'.
[  417.872562][T11387] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  417.885954][T12219] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1507'.
[  417.913033][T12223] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1507'.
[  418.032648][T11387] usb 2-1: Using ep0 maxpacket: 32
[  418.047122][T11387] usb 2-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  418.056877][T11387] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.082639][T11387] usb 2-1: Product: syz
[  418.097399][T11387] usb 2-1: Manufacturer: syz
[  418.102294][T11387] usb 2-1: SerialNumber: syz
[  418.139292][T11387] usb 2-1: config 0 descriptor??
[  418.151514][T11387] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[  418.171195][T11387] dw2102: su3000_power_ctrl: 1, initialized 0
[  418.272623][T11387] dvb-usb: bulk message failed: -22 (2/0)
[  418.304652][T11387] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  418.325464][T11387] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[  418.342723][T11387] usb 2-1: media controller created
[  418.348442][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.382534][T11387] dw2102: i2c transfer failed.
[  418.397838][T12222] dvb-usb: bulk message failed: -22 (4/0)
[  418.406155][T12222] dw2102: i2c transfer failed.
[  418.487171][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.498590][T11387] dw2102: i2c transfer failed.
[  418.505704][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.511550][T11387] dw2102: i2c transfer failed.
[  418.547197][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.815904][T11387] dw2102: i2c transfer failed.
[  418.822857][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.828618][T11387] dw2102: i2c transfer failed.
[  418.835045][T11387] dvb-usb: bulk message failed: -22 (6/0)
[  418.842176][T11387] dw2102: i2c transfer failed.
[  418.862718][T11387] dvb-usb: MAC address: 02:02:02:02:02:02
[  418.951603][T11387] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  418.987378][T11387] dvb-usb: bulk message failed: -22 (3/0)
[  418.999419][T11387] dw2102: command 0x0e transfer failed.
[  419.024009][T11387] dvb-usb: bulk message failed: -22 (3/0)
[  419.034816][T11387] dw2102: command 0x0e transfer failed.
[  419.355188][T11387] dvb-usb: bulk message failed: -22 (3/0)
[  419.381911][T11387] dw2102: command 0x0e transfer failed.
[  419.403202][T11387] dvb-usb: bulk message failed: -22 (3/0)
[  419.409793][T11387] dw2102: command 0x0e transfer failed.
[  419.434045][T11387] dvb-usb: bulk message failed: -22 (1/0)
[  419.440311][T11387] dw2102: command 0x51 transfer failed.
[  419.508511][T11387] DVB: Unable to find symbol ds3000_attach()
[  419.516749][T11387] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0'
[  419.639588][T11387] rc_core: IR keymap rc-su3000 not found
[  419.646130][T11387] Registered IR keymap rc-empty
[  419.662947][T11387] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  419.695117][T11387] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input15
[  419.721940][T11387] dvb-usb: schedule remote query interval to 150 msecs.
[  419.740429][T11387] dw2102: su3000_power_ctrl: 0, initialized 1
[  419.746983][T11387] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected.
[  419.766967][T11387] usb 2-1: USB disconnect, device number 27
[  419.875554][T11387] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[  420.480840][T12255] kvm: pic: non byte write
[  420.869490][T12265] binder: 12264:12265 ioctl c0306201 200000000180 returned -14
[  422.186615][T12234] syzkaller0: entered promiscuous mode
[  422.193103][T12234] syzkaller0: entered allmulticast mode
[  422.692819][T12293] kvm: pic: single mode not supported
[  422.692841][T12293] kvm: pic: level sensitive irq not supported
[  422.700901][T12293] kvm: pic: level sensitive irq not supported
[  422.709280][T12293] kvm: pic: single mode not supported
[  424.269452][T12310] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1537'.
[  425.364785][T12311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'.
[  425.575447][T12323] sctp: [Deprecated]: syz.6.1540 (pid 12323) Use of struct sctp_assoc_value in delayed_ack socket option.
[  425.575447][T12323] Use struct sctp_sack_info instead
[  426.816104][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1550'.
[  430.027634][T12408] netlink: 'syz.4.1570': attribute type 4 has an invalid length.
[  430.095888][T12408] netlink: 'syz.4.1570': attribute type 4 has an invalid length.
[  430.269795][T12413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  430.561689][T12431] syzkaller0: entered promiscuous mode
[  430.574086][T12431] syzkaller0: entered allmulticast mode
[  430.851156][T12437] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  430.928093][T12428] netlink: 'syz.4.1575': attribute type 12 has an invalid length.
[  430.971502][T12443] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1582'.
[  431.595260][T12460] vlan0: entered promiscuous mode
[  431.722674][  T980] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  432.052887][  T980] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  432.063000][  T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.085939][  T980] usb 4-1: config 0 descriptor??
[  432.109481][  T980] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  432.426378][ T5884] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  432.592749][ T5884] usb 2-1: Using ep0 maxpacket: 32
[  432.639310][ T5884] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  432.656469][ T5884] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  432.673407][ T5884] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  432.715016][ T5884] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  432.775425][ T5884] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  432.793378][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.806263][ T5884] usb 2-1: Product: syz
[  432.813661][ T5884] usb 2-1: Manufacturer: syz
[  432.819180][ T5884] usb 2-1: SerialNumber: syz
[  432.841102][    C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  432.930166][ T5884] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input16
[  433.072658][ T5884] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  433.112698][ T5884]  (id 0x00)
[  433.693903][ T5884] rc_core: IR keymap rc-imon-pad not found
[  433.782537][ T5884] Registered IR keymap rc-empty
[  433.795685][ T5884] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  433.908358][ T5884] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  433.962195][  T980] gspca_stv06xx: I2C: Read error writing address: -71
[  433.979337][  T980] usb 4-1: USB disconnect, device number 21
[  434.015448][ T5884] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0
[  434.135109][ T5884] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0/input17
[  434.204817][ T5884] imon 2-1:155.0: iMON device (15c2:ffdc, intf0) on usb<2:28> initialized
[  435.269767][ T5884] usb 2-1: USB disconnect, device number 28
[  436.338913][T12521] netlink: 'syz.6.1606': attribute type 10 has an invalid length.
[  436.388387][T12521] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1606'.
[  436.464367][T12521] dummy0: entered promiscuous mode
[  436.519323][T12521] bridge0: port 3(dummy0) entered blocking state
[  436.631257][T12521] bridge0: port 3(dummy0) entered disabled state
[  436.676543][T12521] dummy0: entered allmulticast mode
[  436.705236][T12521] bridge0: port 3(dummy0) entered blocking state
[  436.711985][T12521] bridge0: port 3(dummy0) entered forwarding state
[  436.773016][   T29] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  436.800217][T12532] syzkaller0: entered promiscuous mode
[  436.828585][T12532] syzkaller0: entered allmulticast mode
[  436.932584][   T29] usb 7-1: Using ep0 maxpacket: 8
[  437.024788][   T29] usb 7-1: config 6 has an invalid interface number: 84 but max is 0
[  437.040045][   T29] usb 7-1: config 6 has no interface number 0
[  437.056748][   T29] usb 7-1: config 6 interface 84 has no altsetting 0
[  437.104761][   T29] usb 7-1: New USB device found, idVendor=1776, idProduct=501c, bcdDevice=27.70
[  437.132242][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.150424][   T29] usb 7-1: Product: syz
[  437.157562][   T29] usb 7-1: Manufacturer: syz
[  437.165726][   T29] usb 7-1: SerialNumber: syz
[  437.291113][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1613'.
[  437.403731][   T29] gspca_main: spca501-2.14.0 probing 1776:501c
[  437.416923][   T29] gspca_spca501: reg write: error -71
[  437.425402][   T29] spca501 7-1:6.84: Reg write failed for 0x02,0x07,0x05
[  437.435917][   T29] spca501 7-1:6.84: probe with driver spca501 failed with error -22
[  437.498939][   T29] usb 7-1: USB disconnect, device number 2
[  437.572737][  T980] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  437.734609][  T980] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  437.770955][  T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.807361][  T980] usb 3-1: config 0 descriptor??
[  438.234394][T12563] kvm: MONITOR instruction emulated as NOP!
[  438.282925][   T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  438.562677][   T29] usb 7-1: Using ep0 maxpacket: 8
[  438.594568][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  438.609155][   T29] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  438.628341][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.708501][   T29] usb 7-1: config 0 descriptor??
[  439.947736][   T29] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  440.048661][T12578] binder: BINDER_SET_CONTEXT_MGR already set
[  440.055654][T12578] binder: 12577:12578 ioctl 4018620d 200000000040 returned -16
[  440.164340][ T5884] usb 7-1: USB disconnect, device number 3
[  440.528797][  T980] usb 3-1: Cannot set autoneg
[  440.535789][  T980] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  440.574275][  T980] usb 3-1: USB disconnect, device number 20
[  440.977053][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  440.990675][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  441.538573][T12607] binder_alloc: 12606: binder_alloc_buf, no vma
[  443.487672][T12639] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  443.972601][  T980] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  444.166914][  T980] usb 3-1: Using ep0 maxpacket: 32
[  444.203695][  T980] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  444.274994][  T980] usb 3-1: config 0 interface 0 has no altsetting 0
[  444.316484][  T980] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  444.359800][  T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.423688][  T980] usb 3-1: config 0 descriptor??
[  445.251150][  T980] corsair-cpro 0003:1B1C:0C10.000D: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0
[  445.681203][  T980] corsair-cpro 0003:1B1C:0C10.000D: probe with driver corsair-cpro failed with error -71
[  445.727125][  T980] usb 3-1: USB disconnect, device number 21
[  445.952541][   T29] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  446.130121][   T29] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  446.156026][   T29] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  446.173255][   T29] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  446.185751][   T29] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  446.198260][   T29] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  446.218516][   T29] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  446.230047][   T29] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  446.241471][   T29] usb 2-1: Product: syz
[  446.247768][   T29] usb 2-1: Manufacturer: syz
[  446.297412][   T29] cdc_wdm 2-1:1.0: skipping garbage
[  446.303334][   T29] cdc_wdm 2-1:1.0: skipping garbage
[  446.327858][   T29] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  446.336819][   T29] cdc_wdm 2-1:1.0: Unknown control protocol
[  446.581821][    C1] hrtimer: interrupt took 27115 ns
[  447.279891][  T980] usb 2-1: USB disconnect, device number 29
[  447.444472][T12728] xt_hashlimit: max too large, truncated to 1048576
[  448.314667][ T5884] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  448.518046][ T5884] usb 2-1: Using ep0 maxpacket: 8
[  448.543787][ T5884] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  448.579917][ T5884] usb 2-1: config 0 has no interface number 0
[  448.607690][ T5884] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  448.660491][ T5884] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  448.732112][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.813042][ T5884] usb 2-1: config 0 descriptor??
[  448.858569][ T5884] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  449.187033][T12764] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1683'.
[  449.612080][T12770] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  449.731754][T12770] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1684'.
[  449.785264][T12771] IPv6: Can't replace route, no match found
[  450.875740][  T980] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  450.949732][  T980] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  451.439178][T11387] usb 2-1: USB disconnect, device number 30
[  451.992708][T11387] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  452.165837][T11387] usb 7-1: Using ep0 maxpacket: 32
[  452.201593][T11387] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[  452.264254][T11387] usb 7-1: config 0 has no interface number 0
[  452.297561][T11387] usb 7-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  452.341467][T11387] usb 7-1: config 0 interface 89 has no altsetting 0
[  452.374009][T11387] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[  452.402964][T11387] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.425420][T11387] usb 7-1: Product: syz
[  452.437830][T11387] usb 7-1: Manufacturer: syz
[  452.451520][T11387] usb 7-1: SerialNumber: syz
[  452.475986][T11387] usb 7-1: config 0 descriptor??
[  452.509249][T11387] em28xx 7-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  452.545178][T11387] em28xx 7-1:0.89: Video interface 89 found:
[  453.120137][T11387] em28xx 7-1:0.89: unknown em28xx chip ID (0)
[  454.582026][T11387] em28xx 7-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  454.614104][T11387] em28xx 7-1:0.89: board has no eeprom
[  454.704824][T11387] em28xx 7-1:0.89: Identified as Terratec Grabby (card=67)
[  454.733009][T12859] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  454.742347][T11387] em28xx 7-1:0.89: analog set to bulk mode.
[  454.758357][   T10] em28xx 7-1:0.89: Registering V4L2 extension
[  454.786031][T11387] usb 7-1: USB disconnect, device number 4
[  454.832222][T11387] em28xx 7-1:0.89: Disconnecting em28xx
[  454.911677][   T10] em28xx 7-1:0.89: Config register raw data: 0xffffffed
[  454.941894][   T10] em28xx 7-1:0.89: AC97 chip type couldn't be determined
[  454.973737][   T10] em28xx 7-1:0.89: No AC97 audio processor
[  455.027330][   T10] usb 7-1: Decoder not found
[  455.037252][   T10] em28xx 7-1:0.89: failed to create media graph
[  455.062202][   T10] em28xx 7-1:0.89: V4L2 device video103 deregistered
[  455.105299][   T10] em28xx 7-1:0.89: Registering snapshot button...
[  455.151354][   T10] input: em28xx snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.89/input/input18
[  455.219604][   T10] em28xx 7-1:0.89: Remote control support is not available for this card.
[  455.270669][T11387] em28xx 7-1:0.89: Closing input extension
[  455.314985][T11387] em28xx 7-1:0.89: Deregistering snapshot button
[  455.507873][T11387] em28xx 7-1:0.89: Freeing device
[  458.602936][   T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  458.781017][   T10] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  458.809310][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.831416][   T10] usb 2-1: Product: syz
[  458.842553][   T10] usb 2-1: Manufacturer: syz
[  458.850603][   T10] usb 2-1: SerialNumber: syz
[  458.942836][T11387] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  459.123434][T11387] usb 3-1: Using ep0 maxpacket: 32
[  459.153265][T11387] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  459.163303][T11387] usb 3-1: config 0 has no interface number 0
[  459.172093][T11387] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  459.184446][T11387] usb 3-1: config 0 interface 1 has no altsetting 0
[  459.215351][T11387] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  459.243863][T11387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.264919][T12931] syzkaller0: entered promiscuous mode
[  459.273163][T12931] syzkaller0: entered allmulticast mode
[  459.286529][T11387] usb 3-1: Product: syz
[  459.295911][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  459.312541][T11387] usb 3-1: Manufacturer: syz
[  459.321310][T11387] usb 3-1: SerialNumber: syz
[  459.338848][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  459.352485][T11387] usb 3-1: config 0 descriptor??
[  459.586199][T11387] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  459.613279][T11387] cx231xx 3-1:0.1: Failed to read PCB config
[  459.620229][T11387] cx231xx 3-1:0.1: probe with driver cx231xx failed with error -71
[  459.641217][T11387] usb 3-1: USB disconnect, device number 22
[  460.115447][T11387] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  460.372512][T11387] usb 3-1: Using ep0 maxpacket: 32
[  460.446377][T11387] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  460.558230][T11387] usb 3-1: config 0 has no interface number 0
[  460.610983][T11387] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  460.671725][T11387] usb 3-1: config 0 interface 1 has no altsetting 0
[  460.735238][T11387] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  460.752963][T11387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.817829][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000400. ret = -EPROTO
[  460.837122][T11387] usb 3-1: Product: syz
[  460.841941][T11387] usb 3-1: Manufacturer: syz
[  460.872869][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  460.888707][T11387] usb 3-1: SerialNumber: syz
[  460.903795][T11387] usb 3-1: config 0 descriptor??
[  460.909783][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  461.234122][T11387] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  461.270123][T11387] cx231xx 3-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4)
[  461.393913][T11387] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  461.453601][T11387] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  461.554628][   T10] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  461.578797][   T10] usb 2-1: USB disconnect, device number 31
[  461.599565][ T5884] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  461.614350][T11387] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  461.632858][T11387] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  461.652631][T11387] cx231xx 3-1:0.1: Failed to set devmode to analog: error: -32
[  461.705545][T11387] i2c i2c-2: Added multiplexed i2c bus 4
[  461.728374][T11387] i2c i2c-2: Added multiplexed i2c bus 5
[  461.740493][T11387] cx231xx 3-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]!
[  461.751610][T11387] cx231xx 3-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]!
[  461.792792][ T5884] usb 5-1: Using ep0 maxpacket: 32
[  461.812928][ T5884] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  461.848604][T11387] cx231xx 3-1:0.1: probe with driver cx231xx failed with error -71
[  461.864603][ T5884] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  461.910623][ T5884] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  461.954254][T11387] usb 3-1: USB disconnect, device number 23
[  461.986779][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  462.044815][ T5884] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  462.091465][ T5884] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  462.135106][ T5884] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  462.165478][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.211674][ T5884] usb 5-1: config 0 descriptor??
[  462.475252][ T5884] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  462.538626][ T5884] usb 5-1: USB disconnect, device number 26
[  462.606523][ T5884] usblp0: removed
[  462.964914][ T5884] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  463.113654][T12991] binder_alloc: 12990: pid 12990 spamming oneway? 1 buffers allocated for a total size of 4096
[  463.162593][ T5884] usb 5-1: Using ep0 maxpacket: 32
[  463.184102][ T5884] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  463.214014][ T5884] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  463.242623][ T5884] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  463.257732][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  463.286427][ T5884] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  463.313258][ T5884] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  463.345221][ T5884] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  463.383188][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.402993][  T980] IPVS: starting estimator thread 0...
[  463.409962][ T5884] usb 5-1: config 0 descriptor??
[  463.412600][T12998] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  463.522944][T13000] IPVS: using max 34 ests per chain, 81600 per kthread
[  463.573518][T11387] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  463.625778][ T5884] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 27 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  463.702544][   T10] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  463.734284][T11387] usb 4-1: config 0 has an invalid interface number: 39 but max is 0
[  463.745033][T11387] usb 4-1: config 0 has no interface number 0
[  463.751524][T11387] usb 4-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  463.765973][T11387] usb 4-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  463.777881][T11387] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.789007][T11387] usb 4-1: Product: syz
[  463.793602][T11387] usb 4-1: Manufacturer: syz
[  463.798869][T11387] usb 4-1: SerialNumber: syz
[  463.807062][T11387] usb 4-1: config 0 descriptor??
[  463.812599][  T980] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  463.839166][   T29] usb 5-1: USB disconnect, device number 27
[  463.852734][   T29] usblp0: removed
[  463.885354][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  463.899586][   T10] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  463.909334][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.920523][   T10] usb 3-1: config 0 descriptor??
[  463.929929][   T10] cdc_ncm 3-1:0.0: CDC Union missing and no IAD found
[  463.942189][   T10] cdc_ncm 3-1:0.0: bind() failure
[  463.950191][   T10] cp210x 3-1:0.0: cp210x converter detected
[  463.968626][  T980] usb 7-1: config 0 has an invalid interface number: 117 but max is 0
[  463.977997][  T980] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  463.988694][  T980] usb 7-1: config 0 has no interface number 0
[  463.995223][  T980] usb 7-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  464.010424][  T980] usb 7-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  464.030941][  T980] usb 7-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  464.041586][  T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.050216][  T980] usb 7-1: Product: syz
[  464.055578][  T980] usb 7-1: Manufacturer: syz
[  464.060306][  T980] usb 7-1: SerialNumber: syz
[  464.073206][  T980] usb 7-1: config 0 descriptor??
[  464.231953][T11387] usb 4-1: USB disconnect, device number 22
[  464.256527][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  464.295218][  T980] usbtouchscreen 7-1:0.117: probe with driver usbtouchscreen failed with error -71
[  464.319422][  T980] usb 7-1: USB disconnect, device number 5
[  464.336881][   T10] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  464.367370][   T10] usb 3-1: cp210x converter now attached to ttyUSB0
[  464.568946][T13002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.584506][T13002] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.598977][T13002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.610766][T13002] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.623939][T11387] usb 3-1: USB disconnect, device number 24
[  464.642260][T11387] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  464.662380][T11387] cp210x 3-1:0.0: device disconnected
[  464.885963][T13022] syzkaller0: entered promiscuous mode
[  464.891826][T13022] syzkaller0: entered allmulticast mode
[  465.726941][  T980] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  465.922652][  T980] usb 7-1: Using ep0 maxpacket: 16
[  465.958526][  T980] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  465.988952][  T980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  466.044976][  T980] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  466.069622][  T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.091033][  T980] usb 7-1: Product: syz
[  466.110346][  T980] usb 7-1: Manufacturer: syz
[  466.132190][  T980] usb 7-1: SerialNumber: syz
[  466.161029][  T980] usb 7-1: config 0 descriptor??
[  466.189139][  T980] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  466.212765][  T980] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  466.446444][T13053] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  466.810375][  T980] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  466.869100][  T980] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  467.540790][  T980] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  468.038339][  T980] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  468.088943][  T980] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  468.154727][  T980] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  468.227791][  T980] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  468.278369][  T980] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  468.389009][  T980] usb 7-1: USB disconnect, device number 6
[  470.561010][T13100] bond0: entered promiscuous mode
[  470.602571][T13100] bond_slave_0: entered promiscuous mode
[  470.629945][T13100] bond_slave_1: entered promiscuous mode
[  470.650207][T13104] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1791'.
[  470.902793][T13097] bond0: left promiscuous mode
[  470.931081][T13097] bond_slave_0: left promiscuous mode
[  470.958158][T13097] bond_slave_1: left promiscuous mode
[  471.266075][T13112] binder: BINDER_SET_CONTEXT_MGR already set
[  471.335577][T13112] binder: 13111:13112 ioctl 4018620d 2000000002c0 returned -16
[  472.492048][T13124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1798'.
[  472.954803][T11387] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  473.137733][T11387] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  473.149089][T11387] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.159202][T11387] usb 2-1: Product: syz
[  473.164303][T11387] usb 2-1: Manufacturer: syz
[  473.172039][T11387] usb 2-1: SerialNumber: syz
[  473.422579][ T5826] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  473.602603][ T5826] usb 7-1: Using ep0 maxpacket: 32
[  473.610472][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  473.612667][ T5826] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  473.636234][ T5826] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.640478][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  473.645980][ T5826] usb 7-1: Product: syz
[  473.664013][ T5826] usb 7-1: Manufacturer: syz
[  473.670630][ T5826] usb 7-1: SerialNumber: syz
[  473.680333][ T5826] usb 7-1: config 0 descriptor??
[  473.901819][ T5826] RobotFuzz Open Source InterFace, OSIF 7-1:0.0: version d4.15 found at bus 007 address 007
[  474.397528][T13154] loop5: detected capacity change from 0 to 7
[  474.407074][T13154] Dev loop5: unable to read RDB block 7
[  474.417119][T13154]  loop5: unable to read partition table
[  474.425015][T13154] loop5: partition table beyond EOD, truncated
[  474.432140][T13154] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  474.601523][T13139] i2c i2c-1: failure reading status
[  474.897120][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  474.982589][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  475.169853][   T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  475.182407][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.193774][   T10] usb 5-1: Product: syz
[  475.199278][   T10] usb 5-1: Manufacturer: syz
[  475.205338][   T10] usb 5-1: SerialNumber: syz
[  475.338907][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  475.382569][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  475.411540][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  475.439988][T11387] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  475.471205][T11387] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  475.512127][T11387] usb 2-1: USB disconnect, device number 32
[  475.635399][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  475.655857][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  476.154586][  T980] usb 7-1: USB disconnect, device number 7
[  476.302975][T11387] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  476.484328][T11387] usb 2-1: Using ep0 maxpacket: 16
[  476.509390][T11387] usb 2-1: unable to get BOS descriptor or descriptor too short
[  476.568976][T11387] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  476.609024][T11387] usb 2-1: config 13 has no interface number 0
[  476.619875][T11387] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16
[  476.636282][T11387] usb 2-1: config 13 interface 50 has no altsetting 0
[  476.655619][T11387] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  476.678088][T11387] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.711761][T11387] usb 2-1: Product: syz
[  476.725733][T11387] usb 2-1: Manufacturer: syz
[  476.746080][T11387] usb 2-1: SerialNumber: syz
[  476.781490][T13168] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  476.903146][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  476.947858][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[  477.197601][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000118. ret = -EPROTO
[  477.239095][T11387] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  477.265012][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  477.299648][T11387] usb 2-1: MIDIStreaming interface descriptor not found
[  477.353703][   T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  477.410455][T11387] usb 2-1: USB disconnect, device number 33
[  477.446229][   T10] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  477.557530][   T10] usb 5-1: USB disconnect, device number 28
[  477.596199][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  478.366545][T13195] syzkaller0: entered promiscuous mode
[  478.466495][T13195] syzkaller0: entered allmulticast mode
[  479.074892][   T29] IPVS: starting estimator thread 0...
[  479.192702][T13207] IPVS: using max 57 ests per chain, 136800 per kthread
[  479.212616][T11387] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  479.376545][T11387] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  479.387255][T11387] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.424005][T11387] usb 5-1: Product: syz
[  479.450235][T11387] usb 5-1: Manufacturer: syz
[  479.488233][T11387] usb 5-1: SerialNumber: syz
[  479.967177][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  480.042977][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  480.712545][  T980] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  480.872529][  T980] usb 2-1: Using ep0 maxpacket: 8
[  480.880133][  T980] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  480.897873][  T980] usb 2-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  480.929076][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.954502][  T980] usb 2-1: Product: syz
[  480.976093][  T980] usb 2-1: Manufacturer: syz
[  480.996732][  T980] usb 2-1: SerialNumber: syz
[  481.014952][  T980] usb 2-1: config 0 descriptor??
[  481.205804][  T980] msi2500 2-1:0.0: Registered as swradio24
[  481.220823][  T980] msi2500 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  481.344819][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  481.833748][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -EPROTO
[  481.900039][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  481.948262][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  481.987272][T11387] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  482.030976][T11387] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  482.098946][T11387] usb 5-1: USB disconnect, device number 29
[  482.149226][   T29] usb 2-1: USB disconnect, device number 34
[  482.222230][T13243] syzkaller0: entered promiscuous mode
[  482.246548][T13243] syzkaller0: entered allmulticast mode
[  482.308467][T13179] Set syz1 is full, maxelem 65536 reached
[  482.663594][ T5826] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  482.884067][ T5826] usb 3-1: Using ep0 maxpacket: 8
[  482.891091][T13254] binder_alloc: 13253: binder_alloc_buf, no vma
[  482.914012][ T5826] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  482.935011][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.944100][ T5826] usb 3-1: Product: syz
[  482.948512][ T5826] usb 3-1: Manufacturer: syz
[  482.953940][ T5826] usb 3-1: SerialNumber: syz
[  482.987292][ T5826] usb 3-1: config 0 descriptor??
[  483.036250][ T5826] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244)
[  483.482954][  T980] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  483.647519][  T980] usb 2-1: config 0 has an invalid interface number: 104 but max is 0
[  483.663477][  T980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  483.694677][  T980] usb 2-1: config 0 has no interface number 0
[  483.711774][ T5826] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  483.726600][  T980] usb 2-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  483.747825][ T5826] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  483.778704][  T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.792922][ T5826] usb 3-1: USB disconnect, device number 25
[  483.846177][  T980] usb 2-1: config 0 descriptor??
[  484.472645][T11387] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  484.637130][T11387] usb 5-1: Using ep0 maxpacket: 32
[  484.655987][T11387] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.668712][T11387] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  484.679962][T11387] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  484.689448][T11387] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.701175][T11387] usb 5-1: config 0 descriptor??
[  484.709481][T11387] hub 5-1:0.0: USB hub found
[  484.925838][T13265] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1843'.
[  484.978433][T11387] hub 5-1:0.0: config failed, can't read hub descriptor (err -90)
[  485.187165][T13273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.199522][T13273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.839094][T13272] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  485.849744][T13265] .30ªX¹¦D: renamed from gretap0 (while UP)
[  485.871607][T13265] .30ªX¹¦D: entered allmulticast mode
[  485.889776][T13265] A link change request failed with some changes committed already. Interface .30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  485.934303][T11387] usbhid 5-1:0.0: can't add hid device: -71
[  485.940961][T11387] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  485.988781][T11387] usb 5-1: USB disconnect, device number 30
[  486.472558][T11387] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  486.663221][T11387] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  486.719211][T11387] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3
[  486.761696][T11387] usb 3-1: config 220 interface 0 has no altsetting 0
[  486.800889][T11387] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  486.852422][T11387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.887131][ T5826] usb 2-1: USB disconnect, device number 35
[  486.901817][T11387] usb 3-1: Product: syz
[  486.942652][T11387] usb 3-1: Manufacturer: syz
[  486.972173][T11387] usb 3-1: SerialNumber: syz
[  487.352174][T13301] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  487.512155][T11387] usb 3-1: USB disconnect, device number 26
[  488.487979][T13311] loop5: detected capacity change from 0 to 7
[  488.528574][T13311]  loop5: [POWERTEC] p1 p2 p3 p4 p5 p6
[  488.560297][T13311] loop5: p1 start 771753728 is beyond EOD, truncated
[  488.582977][T11387] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  488.612268][T13311] loop5: p2 start 1818846767 is beyond EOD, truncated
[  488.638909][T13311] loop5: p3 start 1764718181 is beyond EOD, truncated
[  488.682138][T13311] loop5: p4 size 2863267840 extends beyond EOD, truncated
[  488.768354][T13311] loop5: p5 start 1009845767 is beyond EOD, truncated
[  488.787611][T11387] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  488.814822][T13311] loop5: p6 start 3875569436 is beyond EOD, truncated
[  488.841663][T11387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.898141][T11387] usb 3-1: Product: syz
[  488.942537][T11387] usb 3-1: Manufacturer: syz
[  488.977188][T11387] usb 3-1: SerialNumber: syz
[  489.034864][ T5844] udevd[5844]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  489.434704][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  489.518665][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  489.668651][T13328] 8021q: adding VLAN 0 to HW filter on device bond2
[  489.703420][T13331] binder_alloc: 13330: binder_alloc_buf, no vma
[  489.748685][T13332] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  489.817813][T13332] bond2: (slave macvlan2): making interface the new active one
[  489.870493][T13332] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[  490.078356][T13338] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  490.188819][T13342] netlink: 'syz.4.1866': attribute type 1 has an invalid length.
[  490.224784][T13342] 8021q: adding VLAN 0 to HW filter on device bond3
[  490.253832][T13342] bond3: (slave ip6gretap1): making interface the new active one
[  490.264068][T13342] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  490.393700][T13342] veth5: entered promiscuous mode
[  490.436951][T13342] bond3: (slave veth5): Enslaving as an active interface with a down link
[  490.476982][T13344] erspan0: entered allmulticast mode
[  490.521487][T13344] bond3: (slave erspan0): Enslaving as an active interface with an up link
[  490.605247][T13346] netlink: 'syz.4.1867': attribute type 10 has an invalid length.
[  490.651224][T13346] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  490.668617][T13345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.206134][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO
[  491.320166][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  491.385355][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  491.463740][   T30] audit: type=1326 audit(1773150893.723:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  491.489581][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  491.542569][T11387] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  491.602661][   T30] audit: type=1326 audit(1773150893.743:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  491.671713][T11387] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  491.705550][   T30] audit: type=1326 audit(1773150893.783:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  491.777390][T11387] usb 3-1: USB disconnect, device number 27
[  491.871687][   T30] audit: type=1326 audit(1773150893.783:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  491.967437][   T30] audit: type=1326 audit(1773150893.783:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  491.973002][  T980] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  492.061106][T13364] syzkaller0: entered promiscuous mode
[  492.072626][T13364] syzkaller0: entered allmulticast mode
[  492.079071][   T30] audit: type=1326 audit(1773150893.783:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  492.135849][T13366] team0: entered promiscuous mode
[  492.142574][T13366] team_slave_0: entered promiscuous mode
[  492.152839][T13366] team_slave_1: entered promiscuous mode
[  492.161610][   T30] audit: type=1326 audit(1773150893.783:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  492.161691][T13366] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  492.205746][T13366] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  492.232694][  T980] usb 5-1: Using ep0 maxpacket: 16
[  492.232976][T13364] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  492.244077][  T980] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  492.245307][   T30] audit: type=1326 audit(1773150893.783:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  492.271512][  T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  492.281027][T11387] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  492.299081][  T980] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  492.331078][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.342954][T13368] bridge0: port 4(vlan2) entered blocking state
[  492.351016][  T980] usb 5-1: Product: syz
[  492.355740][T13368] bridge0: port 4(vlan2) entered disabled state
[  492.363974][  T980] usb 5-1: Manufacturer: syz
[  492.369384][T13368] vlan2: entered allmulticast mode
[  492.376144][  T980] usb 5-1: SerialNumber: syz
[  492.382202][T13368] bond0: entered allmulticast mode
[  492.388788][   T30] audit: type=1326 audit(1773150893.783:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  492.416574][  T980] usb 5-1: config 0 descriptor??
[  492.421990][T13368] bond_slave_0: entered allmulticast mode
[  492.432834][T13368] bond_slave_1: entered allmulticast mode
[  492.439611][T13368] macvlan2: entered allmulticast mode
[  492.447918][  T980] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  492.459352][T13368] team0: entered allmulticast mode
[  492.465460][   T30] audit: type=1326 audit(1773150893.783:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13354 comm="syz.1.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f65b819c799 code=0x7ffc0000
[  492.476026][T11387] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  492.492678][  T980] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  492.506376][T13368] team_slave_0: entered allmulticast mode
[  492.512881][T13368] team_slave_1: entered allmulticast mode
[  492.521392][T13368] vlan2: entered promiscuous mode
[  492.529795][T11387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.530815][T13368] bond0: entered promiscuous mode
[  492.548341][T13368] bond_slave_0: entered promiscuous mode
[  492.553903][T11387] usb 3-1: Product: syz
[  492.555027][T13368] bond_slave_1: entered promiscuous mode
[  492.566287][T11387] usb 3-1: Manufacturer: syz
[  492.566553][T13368] macvlan2: entered promiscuous mode
[  492.581439][T11387] usb 3-1: SerialNumber: syz
[  492.591903][T13363] tipc: Resetting bearer <eth:syzkaller0>
[  492.621074][T11387] usb 3-1: config 0 descriptor??
[  492.637649][T13363] tipc: Disabling bearer <eth:syzkaller0>
[  492.864120][T11387] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  493.079351][  T980] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  493.098416][  T980] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  493.309946][T13380] syzkaller0: entered promiscuous mode
[  493.329456][T13380] syzkaller0: entered allmulticast mode
[  493.745676][  T980] em28xx 5-1:0.0: Unknown AC97 audio processor detected!
[  493.784616][  T980] em28xx 5-1:0.0: couldn't setup AC97 register 2
[  494.204461][  T980] em28xx 5-1:0.0: couldn't setup AC97 register 4
[  494.221202][  T980] em28xx 5-1:0.0: couldn't setup AC97 register 6
[  494.238729][  T980] em28xx 5-1:0.0: couldn't setup AC97 register 54
[  494.258982][  T980] em28xx 5-1:0.0: couldn't setup AC97 register 56
[  494.290359][T11387] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  494.325013][  T980] usb 5-1: USB disconnect, device number 31
[  494.325700][T11387] usb 3-1: USB disconnect, device number 28
[  494.924504][T11387] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  494.951533][T13401] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1886'.
[  495.024917][T13401] bridge2: port 1(veth0_to_bond) entered blocking state
[  495.042972][T13401] bridge2: port 1(veth0_to_bond) entered disabled state
[  495.077451][T13401] veth0_to_bond: entered allmulticast mode
[  495.112792][T11387] usb 2-1: Using ep0 maxpacket: 8
[  495.117216][T13401] veth0_to_bond: entered promiscuous mode
[  495.145294][T11387] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  495.188695][T11387] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  495.236365][T11387] usb 2-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[  495.277280][T11387] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.329220][T11387] usb 2-1: Product: syz
[  495.340184][T11387] usb 2-1: Manufacturer: syz
[  495.366414][T11387] usb 2-1: SerialNumber: syz
[  495.399487][T11387] usb 2-1: config 0 descriptor??
[  496.078302][T13421] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1892'.
[  497.036753][T13454] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[  497.057623][T13458] bridge0: entered promiscuous mode
[  497.085789][T13458] vlan3: entered promiscuous mode
[  497.095765][T13454] kvm: requested 81295 ns i8254 timer period limited to 200000 ns
[  497.139865][T13454] kvm: requested 74590 ns i8254 timer period limited to 200000 ns
[  497.185990][T13454] kvm: requested 129904 ns i8254 timer period limited to 200000 ns
[  497.233421][T13454] kvm: requested 42742 ns i8254 timer period limited to 200000 ns
[  497.285776][T13454] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[  497.340392][T13454] kvm: requested 116495 ns i8254 timer period limited to 200000 ns
[  497.417428][T13454] kvm: requested 41904 ns i8254 timer period limited to 200000 ns
[  497.499869][T13462] netlink: 'syz.6.1913': attribute type 1 has an invalid length.
[  497.511922][T13454] kvm: requested 129066 ns i8254 timer period limited to 200000 ns
[  497.538244][T13454] kvm: requested 36038 ns i8254 timer period limited to 200000 ns
[  497.557023][T13462] netlink: 'syz.6.1913': attribute type 1 has an invalid length.
[  497.790181][  T796] usb 2-1: USB disconnect, device number 36
[  498.002153][T13470] syzkaller0: entered promiscuous mode
[  498.031679][T13470] syzkaller0: entered allmulticast mode
[  498.064305][T13474] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1907'.
[  498.134997][T13470] tipc: Started in network mode
[  498.140061][T13470] tipc: Node identity 12c714103914, cluster identity 4711
[  498.194394][T13470] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  498.233011][T13469] tipc: Resetting bearer <eth:syzkaller0>
[  498.244249][T13478] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1907'.
[  498.324138][T13469] tipc: Disabling bearer <eth:syzkaller0>
[  498.628483][T13485] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  499.171742][T13494] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  500.785462][T13528] binder: transaction release 297 bad handle 1, ret = -22
[  501.226286][T13543] syzkaller0: entered promiscuous mode
[  501.237775][T13543] syzkaller0: entered allmulticast mode
[  501.840979][T13553] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1930'.
[  501.911974][T13553] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1930'.
[  502.416255][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  502.426079][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  502.827352][T13563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1933'.
[  503.160007][T13579] netlink: ct family unspecified
[  503.181561][T13579] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  503.662906][ T5915] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  503.866198][ T5915] usb 2-1: Using ep0 maxpacket: 32
[  503.881848][ T5915] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  503.893204][ T5915] usb 2-1: config 0 has no interface number 0
[  503.918588][ T5915] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  503.969197][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.022057][ T5915] usb 2-1: Product: syz
[  504.044302][ T5915] usb 2-1: Manufacturer: syz
[  504.077563][ T5915] usb 2-1: SerialNumber: syz
[  504.102365][ T5915] usb 2-1: config 0 descriptor??
[  504.553623][ T5915] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  504.585090][ T5915] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  504.847793][T13617] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1951'.
[  504.907196][T13616] syzkaller0: entered promiscuous mode
[  504.916205][T13616] syzkaller0: entered allmulticast mode
[  504.931898][T13616] tipc: Started in network mode
[  504.942859][T13616] tipc: Node identity b2c5033e298c, cluster identity 4711
[  504.951195][T13616] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  504.964687][T13614] tipc: Resetting bearer <eth:syzkaller0>
[  504.993127][T13614] tipc: Disabling bearer <eth:syzkaller0>
[  505.052675][ T5826] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  505.172599][  T980] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  505.217714][ T5826] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  505.241570][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.283755][ T5826] usb 7-1: config 0 descriptor??
[  505.307168][ T5826] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  505.347443][  T980] usb 3-1: config 0 has no interfaces?
[  505.354426][  T980] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  505.367823][  T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.380972][  T980] usb 3-1: config 0 descriptor??
[  505.429534][ T5915] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  505.446089][ T5915] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -32
[  505.572895][  T980] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  505.608906][ T5915] usb 3-1: USB disconnect, device number 29
[  505.742610][  T980] usb 5-1: Using ep0 maxpacket: 32
[  505.768501][  T980] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  505.782731][T13635] syzkaller0: entered promiscuous mode
[  505.788888][T13635] syzkaller0: entered allmulticast mode
[  505.813749][  T980] usb 5-1: config 0 has no interface number 0
[  505.822233][  T980] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  505.875778][  T980] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  505.887911][  T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.898334][  T980] usb 5-1: Product: syz
[  505.909703][  T980] usb 5-1: Manufacturer: syz
[  505.915138][  T980] usb 5-1: SerialNumber: syz
[  505.940631][  T980] usb 5-1: config 0 descriptor??
[  505.949865][T13627] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  506.156690][ T5915] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  506.194782][T13627] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  506.337492][ T5915] usb 3-1: unable to get BOS descriptor or descriptor too short
[  506.351437][ T5915] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[  506.367499][ T5915] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7
[  506.388508][ T5915] usb 3-1: string descriptor 0 read error: -22
[  506.397533][ T5915] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[  506.412033][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.521425][T11387] usb 2-1: USB disconnect, device number 37
[  506.651149][ T5915] usb 3-1: Can't get UAC3 power state for id 10
[  506.749177][T13651] syzkaller0: entered promiscuous mode
[  506.755915][T13651] syzkaller0: entered allmulticast mode
[  507.143101][ T5826] usb 7-1: USB disconnect, device number 8
[  507.296497][ T5915] usb 3-1: 2:0: failed to get current value for ch 0 (-32)
[  507.873828][T13673] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  508.131377][ T5915] usb 3-1: 2:0: failed to get current value for ch 1 (-71)
[  508.404320][ T5915] usb 3-1: USB disconnect, device number 30
[  508.440596][  T980] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  508.511432][T13680] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1974'.
[  508.557005][  T980] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  508.610784][  T980] asix 5-1:0.188: probe with driver asix failed with error -71
[  508.654769][ T8618] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  508.668852][T13680] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1974'.
[  508.692747][  T980] usb 5-1: USB disconnect, device number 32
[  508.722671][ T8618] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  508.775804][ T8618] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  508.844556][ T8618] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  509.113341][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  509.113362][   T30] audit: type=1326 audit(1773150911.363:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13683 comm="syz.2.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56ddd9c799 code=0x7fc00000
[  509.199534][   T30] audit: type=1326 audit(1773150911.363:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13683 comm="syz.2.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f56ddd9c799 code=0x7fc00000
[  509.374343][T13694] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[  509.662634][ T5915] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  509.822615][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  509.865969][ T5915] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  509.925047][ T5915] usb 4-1: config 0 has no interface number 0
[  510.080985][ T5915] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  510.148101][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.197634][ T5915] usb 4-1: Product: syz
[  510.250840][ T5915] usb 4-1: Manufacturer: syz
[  510.274263][ T5915] usb 4-1: SerialNumber: syz
[  510.301436][ T5915] usb 4-1: config 0 descriptor??
[  510.334748][ T5915] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  510.436378][T13714] syzkaller0: entered promiscuous mode
[  510.462170][T13714] syzkaller0: entered allmulticast mode
[  511.042728][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  511.147648][   T30] audit: type=1326 audit(1773150913.403:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13715 comm="syz.2.1985" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56ddd9c799 code=0x0
[  511.222919][   T10] usb 7-1: Using ep0 maxpacket: 8
[  511.230876][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7
[  511.247241][   T10] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  511.257648][   T10] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  511.268930][   T10] usb 7-1: Product: syz
[  511.292514][   T10] usb 7-1: Manufacturer: syz
[  511.297647][   T10] usb 7-1: SerialNumber: syz
[  511.328855][T13731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1989'.
[  511.534163][   T10] usb 7-1: Handspring Visor / Palm OS: port 0, is for unknown use
[  511.545014][   T10] usb 7-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  511.559192][   T10] usb 7-1: Handspring Visor / Palm OS: Number of ports: 2
[  511.753453][   T10] usb 7-1: palm_os_3_probe - error -71 getting bytes available request
[  511.782919][   T10] visor 7-1:1.0: Handspring Visor / Palm OS converter detected
[  511.828004][   T10] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  511.873822][   T10] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  511.928152][   T10] usb 7-1: USB disconnect, device number 9
[  511.969114][   T10] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  512.037767][   T10] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  512.038227][   T10] visor 7-1:1.0: device disconnected
[  512.878866][  T796] usb 4-1: USB disconnect, device number 23
[  513.720216][ T8618] veth0_to_bond: left allmulticast mode
[  513.759190][ T8618] veth0_to_bond: left promiscuous mode
[  513.786577][ T8618] bridge2: port 1(veth0_to_bond) entered disabled state
[  514.744728][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  514.756639][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  514.765965][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  514.775798][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  514.784272][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  514.871051][ T8618] bond3 (unregistering): (slave ip6gretap1): Releasing active interface
[  514.893055][ T8618] bond3 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - ca:d8:82:a2:d4:97 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  514.919654][ T8618] bond3 (unregistering): (slave erspan0): making interface the new active one
[  515.030625][ T8618] bond3 (unregistering): (slave erspan0): Releasing active interface
[  515.218800][ T8618] bond2 (unregistering): (slave macvlan2): Releasing active interface
[  515.235577][ T8618] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  515.246934][ T8618] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  515.263141][ T8618] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  515.278342][ T8618] bond0 (unregistering): Released all slaves
[  515.290603][ T8618] bond1 (unregistering): (slave veth3): Releasing active interface
[  515.301096][ T8618] bond1 (unregistering): Released all slaves
[  515.321851][ T8618] bond2 (unregistering): Released all slaves
[  515.358383][ T8618] bond3 (unregistering): (slave veth5): Releasing active interface
[  515.376565][ T8618] bond3 (unregistering): Released all slaves
[  515.409273][T13766] syzkaller0: entered promiscuous mode
[  515.416949][T13766] syzkaller0: entered allmulticast mode
[  515.467128][T13767] tipc: Started in network mode
[  515.477514][T13767] tipc: Node identity 0295b61699a7, cluster identity 4711
[  515.504722][T13767] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  515.527935][T13760] tipc: Resetting bearer <eth:syzkaller0>
[  515.570148][T13760] tipc: Disabling bearer <eth:syzkaller0>
[  515.624282][ T8618] tipc: Left network mode
[  515.865629][T13788] syzkaller0: entered promiscuous mode
[  515.875532][T13788] syzkaller0: entered allmulticast mode
[  515.898090][T13788] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  515.929514][ T8618] hsr_slave_0: left promiscuous mode
[  515.955053][ T8618] hsr_slave_1: left promiscuous mode
[  515.973648][ T8618] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.989925][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bd21400: rx timeout, send abort
[  516.026235][ T8618] batman_adv: batadv0: Removing interface: batadv_slave_1
[  516.490055][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bd23000: rx timeout, send abort
[  516.506172][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bd21400: abort rx timeout. Force session deactivation
[  516.893231][ T5836] Bluetooth: hci2: command tx timeout
[  517.002752][   T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  517.005585][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bd23000: abort rx timeout. Force session deactivation
[  517.046767][T13785] tipc: Resetting bearer <eth:syzkaller0>
[  517.149260][T13785] tipc: Disabling bearer <eth:syzkaller0>
[  517.178161][ T5915] tipc: Node number set to 735253520
[  517.190207][   T10] usb 2-1: Using ep0 maxpacket: 8
[  517.213893][   T10] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  517.238363][   T10] usb 2-1: config 0 has no interface number 0
[  517.262860][   T10] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  517.296384][   T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  517.309710][   T10] usb 2-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  517.356404][   T10] usb 2-1: Product: syz
[  517.395704][   T10] usb 2-1: config 0 descriptor??
[  517.442027][   T10] iowarrior 2-1:0.8: IOWarrior product=0x1512, serial= interface=8 now attached to iowarrior0
[  517.626288][T13779] chnl_net:caif_netlink_parms(): no params data found
[  517.685700][   T10] usb 2-1: USB disconnect, device number 38
[  517.692260][    C0] iowarrior 2-1:0.8: iowarrior_callback - usb_submit_urb failed with result -19
[  517.898746][ T8618] IPVS: stop unused estimator thread 0...
[  518.032185][T13779] bridge0: port 1(bridge_slave_0) entered blocking state
[  518.064326][T13779] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.098186][T13779] bridge_slave_0: entered allmulticast mode
[  518.125591][T13779] bridge_slave_0: entered promiscuous mode
[  518.150402][T13779] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.165844][T13779] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.187908][T13779] bridge_slave_1: entered allmulticast mode
[  518.228261][T13779] bridge_slave_1: entered promiscuous mode
[  518.234890][ T5915] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  518.433053][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  518.458397][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  518.524256][ T5915] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  518.570811][T13779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.595373][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.677187][ T5915] usb 4-1: Product: syz
[  518.703367][ T5915] usb 4-1: Manufacturer: syz
[  518.749625][ T5915] usb 4-1: SerialNumber: syz
[  518.768718][T13779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.795434][ T5915] usb 4-1: config 0 descriptor??
[  518.870163][ T5915] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  518.931489][ T5915] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  518.972777][ T5836] Bluetooth: hci2: command tx timeout
[  519.042010][T13779] team0: Port device team_slave_0 added
[  519.095139][T13779] team0: Port device team_slave_1 added
[  519.336715][T13779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  519.364012][T13779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  519.499042][ T5915] em28xx 4-1:0.0: chip ID is em2874
[  519.548286][T13779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  519.597688][T13859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2014'.
[  519.655728][T13779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  519.689839][T13779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  519.796566][T13779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  520.148774][ T5915] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  520.173704][ T5915] em28xx 4-1:0.0: board has no eeprom
[  520.185542][T13779] hsr_slave_0: entered promiscuous mode
[  520.216354][T13870] create_pit_timer: 2 callbacks suppressed
[  520.216383][T13870] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[  520.233747][T13779] hsr_slave_1: entered promiscuous mode
[  520.266803][T13779] debugfs: 'hsr0' already exists in 'hsr'
[  520.305007][T13779] Cannot create hsr debugfs directory
[  520.324420][T13870] kvm: requested 79619 ns i8254 timer period limited to 200000 ns
[  520.373855][T13870] kvm: requested 18438 ns i8254 timer period limited to 200000 ns
[  520.507002][T13870] kvm: requested 82133 ns i8254 timer period limited to 200000 ns
[  520.573737][T13870] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[  520.618611][T13870] kvm: requested 129066 ns i8254 timer period limited to 200000 ns
[  520.653842][T13870] kvm: requested 52800 ns i8254 timer period limited to 200000 ns
[  520.958886][T13887] Set syz0 is full, maxelem 0 reached
[  520.973062][   T10] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  521.053116][ T5836] Bluetooth: hci2: command tx timeout
[  521.143714][   T10] usb 7-1: Using ep0 maxpacket: 16
[  521.155688][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  521.182635][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  521.216277][T13833] em28xx 4-1:0.0: writing to i2c device at 0xfffe failed (error=-5)
[  521.218132][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  521.264825][T13779] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  521.282135][ T5915] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  521.290704][ T5915] em28xx 4-1:0.0: dvb set to bulk mode.
[  521.315438][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  521.322555][   T29] em28xx 4-1:0.0: Binding DVB extension
[  521.345305][T13779] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  521.362623][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  521.413196][ T5915] usb 4-1: USB disconnect, device number 24
[  521.418822][T13779] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  521.435142][ T5915] em28xx 4-1:0.0: Disconnecting em28xx
[  521.455902][   T10] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  521.500614][   T10] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  521.519784][T13779] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  521.529968][   T10] usb 7-1: Manufacturer: syz
[  521.539797][   T29] em28xx 4-1:0.0: Registering input extension
[  521.578141][   T10] usb 7-1: config 0 descriptor??
[  521.682751][   T29] rc_core: IR keymap rc-pinnacle-pctv-hd not found
[  521.691454][   T29] Registered IR keymap rc-empty
[  521.733302][   T29] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  521.776443][   T29] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input21
[  521.821059][   T29] em28xx 4-1:0.0: Input extension successfully initialized
[  521.832130][T13779] 8021q: adding VLAN 0 to HW filter on device bond0
[  521.872829][ T5915] em28xx 4-1:0.0: Closing input extension
[  521.925729][T13779] 8021q: adding VLAN 0 to HW filter on device team0
[  521.947124][ T5915] em28xx 4-1:0.0: Freeing device
[  521.986032][ T8610] bridge0: port 1(bridge_slave_0) entered blocking state
[  521.993678][ T8610] bridge0: port 1(bridge_slave_0) entered forwarding state
[  522.050570][ T8610] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.058762][ T8610] bridge0: port 2(bridge_slave_1) entered forwarding state
[  522.062648][   T10] rc_core: IR keymap rc-hauppauge not found
[  522.093324][T13915] fuse: root generation should be zero
[  522.111204][   T10] Registered IR keymap rc-empty
[  522.127359][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.162811][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.197011][   T10] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc1
[  522.236983][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc1/input22
[  522.293606][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.340131][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.353392][ T5915] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  522.362844][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.381280][T13779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  522.395690][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.422869][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.445130][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.492937][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.524982][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.535839][T13779] veth0_vlan: entered promiscuous mode
[  522.561282][T13779] veth1_vlan: entered promiscuous mode
[  522.567125][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  522.572895][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.572987][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  522.592722][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.620357][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  522.643223][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.646388][T13940] netlink: 'syz.2.2030': attribute type 7 has an invalid length.
[  522.671587][T13779] veth0_macvtap: entered promiscuous mode
[  522.675071][ T5915] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  522.695949][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  522.698021][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.709948][T13779] veth1_macvtap: entered promiscuous mode
[  522.735485][ T5915] usb 2-1: Product: syz
[  522.744680][ T5915] usb 2-1: Manufacturer: syz
[  522.746387][   T10] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 96
[  522.764341][ T5915] usb 2-1: SerialNumber: syz
[  522.786998][   T10] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  522.792074][ T5915] usb 2-1: config 0 descriptor??
[  522.799222][T13779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  522.818476][ T5915] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  522.838264][   T10] usb 7-1: USB disconnect, device number 10
[  522.855564][T13943] binder: BINDER_SET_CONTEXT_MGR already set
[  522.859124][T13779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  522.866667][T13943] binder: 13942:13943 ioctl 4018620d 200000000040 returned -16
[  522.870209][ T5915] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  522.917190][ T8603] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  522.978308][ T8603] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.016336][ T8603] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.069316][ T8603] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  523.137392][ T5836] Bluetooth: hci2: command tx timeout
[  523.150874][ T8605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  523.180101][ T8605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  523.266633][ T8618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  523.282927][ T8618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  523.439655][ T5915] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  523.473502][ T5915] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  524.552661][ T5915] em28xx 2-1:0.0: AC97 vendor ID = 0x00fc00fe
[  524.956904][ T5915] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[  525.010770][ T5915] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  525.032023][ T5915] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  525.096965][ T5915] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  525.132719][ T5915] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  525.173168][ T5915] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  525.239336][ T5915] usb 2-1: USB disconnect, device number 39
[  525.313100][T13976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2038'.
[  525.903653][ T5915] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  525.950797][T13982] binder: 13980:13982 ioctl c0306201 200000000540 returned -14
[  526.087117][ T5915] usb 8-1: Using ep0 maxpacket: 8
[  526.143347][ T5915] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  526.172673][ T5915] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.227866][ T5915] pvrusb2: Hardware description: Terratec Grabster AV400
[  526.303566][ T5915] pvrusb2: **********
[  526.333594][ T5915] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  526.370514][ T5915] pvrusb2: Important functionality might not be entirely working.
[  526.405168][ T5915] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  526.455319][ T5915] pvrusb2: **********
[  526.492420][ T2343] pvrusb2: Invalid write control endpoint
[  526.742281][   T10] usb 8-1: USB disconnect, device number 2
[  526.861838][ T2343] pvrusb2: Invalid write control endpoint
[  526.907917][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  527.010395][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  527.111943][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  527.232508][ T2343] pvrusb2: Device being rendered inoperable
[  527.273637][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  527.342760][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  527.366425][ T2343] pvrusb2: Attached sub-driver cx25840
[  527.372862][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  527.383538][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  527.837723][T14061] syzkaller0: entered promiscuous mode
[  527.853279][T14061] syzkaller0: entered allmulticast mode
[  528.031686][ T5825] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
[  530.109528][ T5825] Bluetooth: hci4: command 0x0406 tx timeout
[  530.250765][T14107] kvm: requested 186895 ns i8254 timer period limited to 200000 ns
[  530.376671][T14107] kvm: requested 93866 ns i8254 timer period limited to 200000 ns
[  531.783088][T14152] syzkaller0: entered promiscuous mode
[  531.811692][T14152] syzkaller0: entered allmulticast mode
[  533.369695][T14179] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  533.376442][T14177] kvm: pic: non byte write
[  533.513943][T14181] syzkaller0: entered promiscuous mode
[  533.541578][T14181] syzkaller0: entered allmulticast mode
[  535.624382][T14245] loop2: detected capacity change from 0 to 7
[  535.647961][T14245] Dev loop2: unable to read RDB block 7
[  535.656005][T14245]  loop2: AHDI p1 p2 p3
[  535.660325][T14245] loop2: partition table partially beyond EOD, truncated
[  535.670274][  T980] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  535.679362][T14245] loop2: p1 start 1818582900 is beyond EOD, truncated
[  535.698737][T14245] loop2: p3 start 335544320 is beyond EOD, truncated
[  535.842582][  T980] usb 2-1: Using ep0 maxpacket: 8
[  535.884440][  T980] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  535.927166][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.952597][  T980] usb 2-1: Product: syz
[  535.963758][  T980] usb 2-1: Manufacturer: syz
[  535.985553][  T980] usb 2-1: SerialNumber: syz
[  536.004879][  T980] usb 2-1: config 0 descriptor??
[  536.028889][  T980] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  536.272021][T14265] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  536.484492][T14272] syzkaller0: entered promiscuous mode
[  536.502075][T14272] syzkaller0: entered allmulticast mode
[  537.142941][  T796] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  537.186085][T14295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2106'.
[  537.324009][  T796] usb 8-1: Using ep0 maxpacket: 32
[  537.350995][  T796] usb 8-1: config 0 has an invalid interface number: 188 but max is 0
[  537.382504][  T796] usb 8-1: config 0 has no interface number 0
[  537.411410][  T796] usb 8-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  537.462971][  T796] usb 8-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  537.508435][  T796] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.542510][  T796] usb 8-1: Product: syz
[  537.546829][  T796] usb 8-1: Manufacturer: syz
[  537.551742][  T796] usb 8-1: SerialNumber: syz
[  537.580015][  T796] usb 8-1: config 0 descriptor??
[  537.614611][T14289] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  537.874153][T14289] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  538.038233][T14314] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  538.281229][  T980] gspca_sonixj: reg_w1 err -71
[  538.343471][  T980] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  538.376120][  T980] usb 2-1: USB disconnect, device number 40
[  538.540688][   T30] audit: type=1800 audit(1773150940.793:434): pid=14331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2112" name="bus" dev="tmpfs" ino=1554 res=0 errno=0
[  540.124748][  T796] asix 8-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  540.158745][  T796] asix 8-1:0.188: probe with driver asix failed with error -71
[  540.215679][  T796] usb 8-1: USB disconnect, device number 3
[  540.415981][T14357] binder_alloc: 14355: pid 14355 spamming oneway? 1 buffers allocated for a total size of 4096
[  540.471206][T14358] binder_alloc: 14355: binder_alloc_buf size 64768 failed, no address space
[  540.529780][T14358] binder_alloc: allocated: 5120 (num: 2 largest: 4096), free: 7168 (num: 1 largest: 7168)
[  541.239035][T14371] bridge0: port 3(erspan0) entered blocking state
[  541.290245][T14371] bridge0: port 3(erspan0) entered disabled state
[  541.337669][T14371] erspan0: entered allmulticast mode
[  541.410555][T14371] erspan0: entered promiscuous mode
[  541.467637][T14372] erspan0: left allmulticast mode
[  541.480876][T14372] erspan0: left promiscuous mode
[  541.511365][T14372] bridge0: port 3(erspan0) entered disabled state
[  542.112650][   T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  542.306345][   T10] usb 3-1: Using ep0 maxpacket: 8
[  542.362238][   T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  542.414141][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.477168][   T10] usb 3-1: Product: syz
[  542.503254][   T10] usb 3-1: Manufacturer: syz
[  542.530255][   T10] usb 3-1: SerialNumber: syz
[  542.573767][   T10] usb 3-1: config 0 descriptor??
[  542.816459][   T10] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  544.242871][   T10] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  544.300234][   T10] usb 3-1: USB disconnect, device number 31
[  544.958173][T14420] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2139'.
[  545.055756][T14420] vlan2 (unregistering): left allmulticast mode
[  545.099000][T14420] bond0 (unregistering): left allmulticast mode
[  545.128174][T14420] bond_slave_0: left allmulticast mode
[  545.143521][T14420] bond_slave_1: left allmulticast mode
[  545.162652][T14420] macvlan2: left allmulticast mode
[  545.178822][T14420] team0: left allmulticast mode
[  545.190629][T14420] team_slave_0: left allmulticast mode
[  545.210283][T14420] team_slave_1: left allmulticast mode
[  545.236969][T14420] vlan2 (unregistering): left promiscuous mode
[  545.256649][T14420] bond0 (unregistering): left promiscuous mode
[  545.279213][T14420] bond_slave_0: left promiscuous mode
[  545.326935][T14420] bond_slave_1: left promiscuous mode
[  545.371209][T14420] macvlan2: left promiscuous mode
[  545.397274][T14420] bridge0: port 4(vlan2) entered disabled state
[  545.564776][T14420] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  545.616085][T14420] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  545.689847][T14420] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  545.722317][T14420] team0: left promiscuous mode
[  545.746383][T14420] team_slave_0: left promiscuous mode
[  545.776277][T14420] team_slave_1: left promiscuous mode
[  545.849294][T14420] bond0 (unregistering): Released all slaves
[  546.849161][T14452] kvm: pic: non byte read
[  546.889358][T14452] kvm: pic: level sensitive irq not supported
[  546.889411][T14452] kvm: pic: non byte read
[  548.311919][T14469] netlink: 'syz.3.2154': attribute type 1 has an invalid length.
[  548.852906][ T5826] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  549.030253][ T5826] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  549.030271][ T5826] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  549.030283][ T5826] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  549.030307][ T5826] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  549.041413][ T5826] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  549.041443][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  549.041462][ T5826] usb 2-1: Product: syz
[  549.041477][ T5826] usb 2-1: Manufacturer: syz
[  549.067113][ T5826] cdc_wdm 2-1:1.0: skipping garbage
[  549.067127][ T5826] cdc_wdm 2-1:1.0: skipping garbage
[  549.071226][ T5826] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  549.071250][ T5826] cdc_wdm 2-1:1.0: Unknown control protocol
[  549.288174][   T10] usb 2-1: USB disconnect, device number 41
[  549.742065][T14491] syzkaller0: entered promiscuous mode
[  549.742562][  T980] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  549.751780][T14491] syzkaller0: entered allmulticast mode
[  549.954248][  T980] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  549.984152][  T980] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  550.029695][  T980] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  550.084916][  T980] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.141584][  T980] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  550.178571][  T980] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  550.238481][  T980] usb 2-1: Product: syz
[  550.268895][  T980] usb 2-1: Manufacturer: syz
[  550.326490][  T980] cdc_wdm 2-1:1.0: skipping garbage
[  550.374447][  T980] cdc_wdm 2-1:1.0: skipping garbage
[  550.420853][  T980] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  550.470133][  T980] cdc_wdm 2-1:1.0: Unknown control protocol
[  550.843293][   T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  551.024186][   T10] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  551.058422][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  551.100223][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  551.139580][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  551.172565][  T980] usb 7-1: new full-speed USB device number 11 using dummy_hcd
[  551.192581][   T10] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  551.249251][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.299598][   T10] usb 8-1: config 0 descriptor??
[  551.346648][  T980] usb 7-1: config 0 has no interfaces?
[  551.371493][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  551.372022][T11387] usb 2-1: USB disconnect, device number 42
[  551.378161][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  551.378185][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  551.459414][  T980] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  551.476288][  T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.523451][  T980] usb 7-1: Product: syz
[  551.532200][  T980] usb 7-1: Manufacturer: syz
[  551.557423][  T980] usb 7-1: SerialNumber: syz
[  551.578665][  T980] usb 7-1: config 0 descriptor??
[  551.809080][   T10] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  552.111563][ T5915] usb 7-1: USB disconnect, device number 11
[  552.210162][T14532] syzkaller0: entered promiscuous mode
[  552.215991][T14532] syzkaller0: entered allmulticast mode
[  552.337980][   T30] audit: type=1326 audit(1773150954.593:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14534 comm="syz.2.2177" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56ddd9c799 code=0x0
[  552.414744][T14536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.425515][T14536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.461247][   T30] audit: type=1804 audit(1773150954.713:436): pid=14539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2178" name="/newroot/472/file1" dev="fuse" ino=1 res=1 errno=0
[  552.599992][T14545] binder: transaction release 354 bad handle 2, ret = -22
[  552.642822][ T5915] usb 8-1: USB disconnect, device number 4
[  552.819708][T14549] syzkaller0: entered promiscuous mode
[  552.825715][T14549] syzkaller0: entered allmulticast mode
[  553.322782][ T5915] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  553.505195][ T5915] usb 2-1: Using ep0 maxpacket: 32
[  553.541210][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  553.607422][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  553.720057][ T5915] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  553.782399][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.881474][ T5915] usb 2-1: config 0 descriptor??
[  554.305803][T14573] kvm: pic: non byte write
[  554.310531][T14573] kvm: pic: non byte write
[  554.320588][T14573] kvm: pic: non byte write
[  554.327032][T14573] kvm: pic: non byte write
[  554.331813][T14573] kvm: pic: non byte write
[  554.337454][T14573] kvm: pic: non byte write
[  554.342148][T14573] kvm: pic: non byte write
[  554.347145][T14573] kvm: pic: non byte write
[  554.354364][T14573] kvm: pic: non byte write
[  554.359076][T14573] kvm: pic: non byte write
[  554.366910][T14573] kvm: pic: single mode not supported
[  554.368535][T14573] kvm: pic: single mode not supported
[  554.374319][T14573] kvm: pic: level sensitive irq not supported
[  554.419800][ T5915] savu 0003:1E7D:2D5A.0010: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  554.457535][T14573] kvm: pic: level sensitive irq not supported
[  554.458165][T14573] kvm: pic: single mode not supported
[  554.465327][T14573] kvm: pic: level sensitive irq not supported
[  554.510034][T14578] netlink: 45 bytes leftover after parsing attributes in process `syz.6.2192'.
[  554.699183][T11387] usb 2-1: USB disconnect, device number 43
[  555.932517][T14611] syzkaller0: entered promiscuous mode
[  555.939156][T14611] syzkaller0: entered allmulticast mode
[  557.605344][T14644] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2212'.
[  557.649456][T14644] bridge0: port 3(dummy0) entered disabled state
[  557.716993][T14644] dummy0 (unregistering): left allmulticast mode
[  557.735345][T14644] bridge0: port 3(dummy0) entered disabled state
[  557.986650][  T980] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  558.083448][ T5915] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  558.132242][T14661] syzkaller0: entered promiscuous mode
[  558.138136][T14661] syzkaller0: entered allmulticast mode
[  558.169042][  T980] usb 3-1: config 0 has no interfaces?
[  558.191372][  T980] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  558.209576][  T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.222972][  T980] usb 3-1: Product: syz
[  558.238986][  T980] usb 3-1: Manufacturer: syz
[  558.245442][  T980] usb 3-1: SerialNumber: syz
[  558.258460][ T5915] usb 8-1: config 0 has no interfaces?
[  558.278616][  T980] usb 3-1: config 0 descriptor??
[  558.288238][ T5915] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  558.298492][ T5915] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.330854][ T5915] usb 8-1: Product: syz
[  558.352078][ T5915] usb 8-1: Manufacturer: syz
[  558.368898][ T5915] usb 8-1: SerialNumber: syz
[  558.396611][ T5915] usb 8-1: config 0 descriptor??
[  558.767839][ T5836] Bluetooth: hci2: Malformed MSFT vendor event: 0x02
[  558.825495][ T5884] usb 8-1: USB disconnect, device number 5
[  558.914422][T11387] usb 3-1: USB disconnect, device number 32
[  559.129282][T14675] netlink: 1276 bytes leftover after parsing attributes in process `syz.1.2222'.
[  559.753427][   T30] audit: type=1804 audit(1773150962.003:437): pid=14679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2224" name="/newroot/316/file0" dev="fuse" ino=1 res=1 errno=0
[  559.963807][T14684] loop8: detected capacity change from 0 to 524287999
[  560.091273][ T5841] Buffer I/O error on dev loop8, logical block 65535998, async page read
[  560.318003][T11387] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  560.493332][T11387] usb 4-1: Using ep0 maxpacket: 16
[  560.520687][T11387] usb 4-1: config 3 has an invalid interface number: 155 but max is 0
[  560.556011][T11387] usb 4-1: config 3 has an invalid interface association descriptor of length 3, skipping
[  560.593208][   T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  560.631434][T11387] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  560.713757][T11387] usb 4-1: config 3 has no interface number 0
[  560.759222][T11387] usb 4-1: config 3 interface 155 has no altsetting 0
[  560.786452][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.826186][T11387] usb 4-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c
[  560.844786][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  560.860485][T11387] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.891655][   T10] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  560.907466][T11387] usb 4-1: Product: syz
[  560.935708][T11387] usb 4-1: Manufacturer: syz
[  560.955905][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.966609][T11387] usb 4-1: SerialNumber: syz
[  561.011295][   T10] usb 3-1: config 0 descriptor??
[  561.228213][T11387] uvcvideo 4-1:3.155: probe with driver uvcvideo failed with error -22
[  561.282257][T11387] usb 4-1: USB disconnect, device number 25
[  561.384815][T14707] syzkaller0: entered promiscuous mode
[  561.414401][T14707] syzkaller0: entered allmulticast mode
[  561.819127][T14712] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  562.181748][   T10] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  562.260394][   T10] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  562.377247][   T10] cp2112 0003:10C4:EA90.0011: Part Number: 0x82 Device Version: 0xFE
[  563.019153][   T10] cp2112 0003:10C4:EA90.0011: error reading lock byte: -71
[  563.062727][   T10] usb 3-1: USB disconnect, device number 33
[  563.350585][T14730] binder_alloc: 14729: pid 14729 spamming oneway? 1 buffers allocated for a total size of 4096
[  563.364462][T14730] binder_alloc: 14729: pid 14729 spamming oneway? 2 buffers allocated for a total size of 5120
[  563.406022][ T5915] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  563.426342][T14732] netlink: 'syz.1.2241': attribute type 10 has an invalid length.
[  563.438723][T14732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2241'.
[  563.652551][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  563.686641][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  563.720052][ T5915] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  563.770675][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.792527][ T5915] usb 4-1: Product: syz
[  563.804106][ T5915] usb 4-1: Manufacturer: syz
[  563.831712][ T5915] usb 4-1: SerialNumber: syz
[  563.883087][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  563.889789][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  563.893497][ T5915] usb 4-1: config 0 descriptor??
[  563.949951][ T5915] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  563.992805][ T5915] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  564.385402][   T29] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  564.427516][T14697] syz.7.2228 (14697): drop_caches: 1
[  564.570772][ T5915] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  564.583034][   T29] usb 2-1: Using ep0 maxpacket: 8
[  564.602879][   T29] usb 2-1: config 38 has an invalid interface number: 131 but max is 0
[  564.635269][   T29] usb 2-1: config 38 has no interface number 0
[  564.641768][   T29] usb 2-1: config 38 interface 131 altsetting 7 has a duplicate endpoint with address 0x9, skipping
[  564.670240][   T29] usb 2-1: config 38 interface 131 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  564.685901][   T29] usb 2-1: config 38 interface 131 altsetting 7 endpoint 0x4 has an invalid bInterval 46, changing to 7
[  564.698428][   T29] usb 2-1: config 38 interface 131 has no altsetting 0
[  564.722295][   T29] usb 2-1: New USB device found, idVendor=0bb4, idProduct=0a46, bcdDevice=fc.63
[  564.741812][   T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.763775][   T29] usb 2-1: Product: syz
[  564.768300][   T29] usb 2-1: Manufacturer: syz
[  564.784989][   T29] usb 2-1: SerialNumber: syz
[  564.856849][T14755] tipc: Started in network mode
[  564.863547][T14755] tipc: Node identity 8ea16a380869, cluster identity 4711
[  564.873793][T14755] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  564.884812][T14755] syzkaller0: entered promiscuous mode
[  564.890483][T14755] syzkaller0: entered allmulticast mode
[  564.907080][T14755] tipc: Resetting bearer <eth:syzkaller0>
[  564.916569][T14754] tipc: Resetting bearer <eth:syzkaller0>
[  564.937535][T14754] tipc: Disabling bearer <eth:syzkaller0>
[  565.006506][ T5915] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  565.016344][ T5915] em28xx 4-1:0.0: board has no eeprom
[  565.122713][T11387] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  565.149133][   T29] usb 2-1: USB disconnect, device number 44
[  565.324501][T11387] usb 8-1: config 0 has an invalid interface number: 2 but max is 0
[  565.342825][T11387] usb 8-1: config 0 has no interface number 0
[  565.349775][T11387] usb 8-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  565.364457][ T5915] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  565.389878][ T5915] em28xx 4-1:0.0: dvb set to bulk mode.
[  565.408059][T11387] usb 8-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  565.426032][  T980] em28xx 4-1:0.0: Binding DVB extension
[  565.474342][T11387] usb 8-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64
[  565.486651][T11387] usb 8-1: config 0 interface 2 has no altsetting 0
[  565.559430][T11387] usb 8-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  565.576385][T11387] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.588250][T11387] usb 8-1: Product: syz
[  565.593452][T11387] usb 8-1: Manufacturer: syz
[  565.598759][T11387] usb 8-1: SerialNumber: syz
[  565.610764][T11387] usb 8-1: config 0 descriptor??
[  565.618563][T14757] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22
[  565.663423][T14757] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22
[  565.951960][T11387] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  566.255412][T11387] usb 8-1: USB disconnect, device number 6
[  566.550334][T14783] netlink: 'syz.2.2256': attribute type 4 has an invalid length.
[  566.602661][T14728] em28xx 4-1:0.0: reading from i2c device at 0xfffe failed (error=-5)
[  566.664715][   T29] usb 4-1: USB disconnect, device number 26
[  566.705361][   T29] em28xx 4-1:0.0: Disconnecting em28xx
[  566.866072][  T980] em28xx 4-1:0.0: Registering input extension
[  566.899077][   T29] em28xx 4-1:0.0: Closing input extension
[  566.906624][   T30] audit: type=1804 audit(1773150969.153:438): pid=14792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2258" name="/newroot/427/file1" dev="fuse" ino=1 res=1 errno=0
[  566.984428][   T29] em28xx 4-1:0.0: Freeing device
[  568.882567][   T10] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  569.065597][   T10] usb 2-1: Using ep0 maxpacket: 8
[  569.092748][   T10] usb 2-1: config 162 has an invalid interface number: 84 but max is 2
[  569.134198][   T10] usb 2-1: config 162 has an invalid interface number: 3 but max is 2
[  569.203571][   T10] usb 2-1: config 162 has no interface number 0
[  569.257429][   T10] usb 2-1: config 162 has no interface number 1
[  569.306855][   T10] usb 2-1: config 162 interface 84 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  569.392979][   T10] usb 2-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  569.456617][   T10] usb 2-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  569.504599][   T10] usb 2-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  569.550511][   T10] usb 2-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  569.577890][   T10] usb 2-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  569.612655][   T29] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  569.635769][   T10] usb 2-1: config 162 interface 84 has no altsetting 0
[  569.652702][   T10] usb 2-1: config 162 interface 2 has no altsetting 0
[  569.704745][   T10] usb 2-1: config 162 interface 3 has no altsetting 0
[  569.724837][   T10] usb 2-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[  569.740392][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.764766][   T10] usb 2-1: Product: syz
[  569.769677][   T10] usb 2-1: Manufacturer: syz
[  569.772765][   T29] usb 8-1: Using ep0 maxpacket: 8
[  569.790604][   T29] usb 8-1: config 0 has no interfaces?
[  569.800651][   T29] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  569.810894][   T10] usb 2-1: SerialNumber: syz
[  569.821586][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.847773][   T29] usb 8-1: config 0 descriptor??
[  570.030406][T14821] IPv6: NLM_F_REPLACE set, but no existing node found!
[  570.105890][ T5836] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  570.127645][   T10] usb 2-1: USB disconnect, device number 45
[  570.636339][ T5915] usb 8-1: USB disconnect, device number 7
[  570.845023][T14863] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2281'.
[  570.887328][T14863] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2281'.
[  572.122627][   T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  572.270465][T14897] kvm_intel: kvm [14896]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x1
[  572.304776][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.338705][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.379502][   T10] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  572.400431][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.431129][   T10] usb 4-1: config 0 descriptor??
[  572.475111][   T30] audit: type=1800 audit(1773150974.733:439): pid=14903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2294" name="bus" dev="tmpfs" ino=2279 res=0 errno=0
[  572.897355][   T10] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  572.942004][   T10] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  573.047793][   T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0012/input/input25
[  573.127936][T14890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.144856][   T10] cm6533_jd 0003:0D8C:0022.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  573.217335][T14890] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.309120][   T10] usb 4-1: USB disconnect, device number 27
[  573.758548][T14925] fido_id[14925]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  573.833233][T14916] syzkaller0: entered promiscuous mode
[  573.845996][T14916] syzkaller0: entered allmulticast mode
[  574.492873][T14936] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  574.620944][T14932] syzkaller0: entered promiscuous mode
[  574.650826][T14932] syzkaller0: entered allmulticast mode
[  576.902605][   T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  577.067442][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  577.107906][   T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  577.124206][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.149708][   T10] usb 3-1: config 0 descriptor??
[  577.179618][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  577.591851][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[  577.633019][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[  577.665499][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[  577.707100][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[  577.740125][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[  577.774921][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[  577.810762][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[  577.841947][   T10] pwc: recv_control_msg error -32 req 02 val 2100
[  578.081929][   T10] pwc: recv_control_msg error -32 req 02 val 2500
[  578.336054][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[  578.377562][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  578.419134][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  578.445782][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  578.472075][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  578.534857][   T10] pwc: Registered as video103.
[  578.587570][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input26
[  578.658675][   T10] usb 3-1: USB disconnect, device number 34
[  580.652725][   T29] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  580.826632][   T29] usb 3-1: Using ep0 maxpacket: 16
[  580.847774][   T29] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  580.857811][   T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.892147][   T29] usb 3-1: config 0 descriptor??
[  580.906186][   T29] gspca_main: sonixj-2.14.0 probing 0471:0327
[  581.764354][  T980] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  581.934868][  T980] usb 2-1: config 8 has an invalid interface number: 80 but max is 0
[  581.943623][  T980] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  581.955800][  T980] usb 2-1: config 8 has no interface number 0
[  581.962866][  T980] usb 2-1: config 8 interface 80 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[  581.978200][  T980] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f
[  581.989365][  T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.005409][  T980] usb 2-1: NFC: intf ffff888011b3f000 id ffffffff8f1cfe00
[  582.082760][ T5915] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  582.252748][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  582.260590][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  582.274210][ T5915] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  582.284267][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.293033][ T5915] usb 4-1: Product: syz
[  582.297346][ T5915] usb 4-1: Manufacturer: syz
[  582.302072][ T5915] usb 4-1: SerialNumber: syz
[  582.309910][ T5915] usb 4-1: config 0 descriptor??
[  582.319814][ T5915] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  582.329768][ T5915] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  687.792469][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  687.799457][    C0] rcu: 	1-...!: (0 ticks this GP) idle=aa9c/1/0x4000000000000000 softirq=120854/120854 fqs=1
[  687.811121][    C0] rcu: 	(detected by 0, t=10506 jiffies, g=91409, q=195 ncpus=2)
[  687.819046][    C0] Sending NMI from CPU 0 to CPUs 1:
[  687.819079][    C1] NMI backtrace for cpu 1
[  687.819105][    C1] CPU: 1 UID: 0 PID: 15048 Comm: syz.7.2322 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  687.819209][    C1] Tainted: [L]=SOFTLOCKUP
[  687.819214][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  687.819230][    C1] RIP: 0010:sched_mm_cid_fork+0x56c/0xc80
[  687.819290][    C1] Code: 00 00 0f b6 c0 41 29 c6 4c 89 e3 e9 64 ff ff ff 49 c7 c5 98 de 1a 8e 49 c1 ed 03 eb 0b 44 89 e0 f7 d8 0f 81 2a fd ff ff f3 90 <48> b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 75 50 44 8b
[  687.819303][    C1] RSP: 0018:ffffc90005affc78 EFLAGS: 00000887
[  687.819352][    C1] RAX: 0000000080000000 RBX: 0000000000000002 RCX: dffffc0000000000
[  687.819363][    C1] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: ffff888032c5d510
[  687.819372][    C1] RBP: ffff888032c5d510 R08: 1ffff1100658b951 R09: 0000000000000000
[  687.819383][    C1] R10: ffff888032c5cbcc R11: fffff52000b5ff80 R12: 0000000080000000
[  687.819393][    C1] R13: 1ffffffff1c35bd3 R14: 0000000000000002 R15: ffff888032c5c980
[  687.819403][    C1] FS:  00007f4a25ff66c0(0000) GS:ffff888125563000(0000) knlGS:0000000000000000
[  687.819415][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  687.819425][    C1] CR2: 0000001b31d10ff8 CR3: 0000000027108000 CR4: 00000000003526f0
[  687.819439][    C1] Call Trace:
[  687.819453][    C1]  <TASK>
[  687.819471][    C1]  bprm_execve+0xda1/0x1460
[  687.819522][    C1]  ? __pfx_bprm_execve+0x10/0x10
[  687.819569][    C1]  ? alloc_bprm+0x508/0x5c0
[  687.819583][    C1]  ? count+0x1cb/0x230
[  687.819598][    C1]  do_execveat_common+0x50d/0x690
[  687.819617][    C1]  __x64_sys_execveat+0xc7/0xf0
[  687.819632][    C1]  do_syscall_64+0x14d/0xf80
[  687.819705][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.819767][    C1]  ? clear_bhb_loop+0x40/0x90
[  687.819783][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.819797][    C1] RIP: 0033:0x7f4a27d9c799
[  687.819813][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  687.819825][    C1] RSP: 002b:00007f4a25ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  687.819840][    C1] RAX: ffffffffffffffda RBX: 00007f4a28015fa0 RCX: 00007f4a27d9c799
[  687.819851][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  687.819860][    C1] RBP: 00007f4a27e32c99 R08: 0000000000001000 R09: 0000000000000000
[  687.819869][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  687.819877][    C1] R13: 00007f4a28016038 R14: 00007f4a28015fa0 R15: 00007f4a2813fa48
[  687.819895][    C1]  </TASK>
[  687.820071][    C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g91409 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  688.101372][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  688.111599][    C0] rcu: RCU grace-period kthread stack dump:
[  688.117923][    C0] task:rcu_preempt     state:R  running task     stack:27744 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  688.131422][    C0] Call Trace:
[  688.134802][    C0]  <TASK>
[  688.138004][    C0]  __schedule+0x15dd/0x52d0
[  688.143143][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  688.148298][    C0]  ? __pfx___schedule+0x10/0x10
[  688.153252][    C0]  ? schedule+0x90/0x360
[  688.157558][    C0]  schedule+0x164/0x360
[  688.161914][    C0]  schedule_timeout+0x158/0x2c0
[  688.167141][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  688.172511][    C0]  ? __pfx_process_timeout+0x10/0x10
[  688.178006][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  688.183990][    C0]  ? prepare_to_swait_event+0x340/0x370
[  688.189637][    C0]  rcu_gp_fqs_loop+0x312/0x11d0
[  688.194612][    C0]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[  688.200610][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  688.206168][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  688.211378][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  688.217709][    C0]  rcu_gp_kthread+0x9e/0x2b0
[  688.222299][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  688.227574][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  688.233817][    C0]  ? __kthread_parkme+0x7a/0x1f0
[  688.239023][    C0]  ? __kthread_parkme+0x19c/0x1f0
[  688.244424][    C0]  kthread+0x388/0x470
[  688.248773][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  688.254152][    C0]  ? __pfx_kthread+0x10/0x10
[  688.258741][    C0]  ret_from_fork+0x51e/0xb90
[  688.263721][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  688.269103][    C0]  ? __switch_to+0xc7d/0x1450
[  688.274259][    C0]  ? __pfx_kthread+0x10/0x10
[  688.278854][    C0]  ret_from_fork_asm+0x1a/0x30
[  688.283860][    C0]  </TASK>
[  688.286975][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  688.293302][    C0] CPU: 0 UID: 0 PID: 8605 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  688.304868][    C0] Tainted: [L]=SOFTLOCKUP
[  688.309279][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  688.319577][    C0] Workqueue: events_unbound toggle_allocation_gate
[  688.326129][    C0] RIP: 0010:smp_call_function_many_cond+0xce5/0x12c0
[  688.333090][    C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 24 e6 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 cf e1 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 b3 e1
[  688.353560][    C0] RSP: 0018:ffffc90005887720 EFLAGS: 00000293
[  688.359662][    C0] RAX: ffffffff81b9bbfd RBX: 1ffff110170e812d RCX: ffff88807a568000
[  688.368185][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  688.376817][    C0] RBP: ffffc90005887860 R08: ffffffff90118bb7 R09: 1ffffffff2023176
[  688.385413][    C0] R10: dffffc0000000000 R11: fffffbfff2023177 R12: ffff8880b8740968
[  688.394277][    C0] R13: dffffc0000000000 R14: ffff8880b863bf80 R15: 0000000000000001
[  688.403060][    C0] FS:  0000000000000000(0000) GS:ffff888125463000(0000) knlGS:0000000000000000
[  688.412366][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  688.418971][    C0] CR2: 0000001b30c1fff8 CR3: 000000000e54c000 CR4: 00000000003526f0
[  688.427752][    C0] Call Trace:
[  688.431146][    C0]  <TASK>
[  688.434274][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  688.439931][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  688.446720][    C0]  ? kmem_cache_alloc_bulk_noprof+0xae/0x7e0
[  688.453335][    C0]  ? __pfx___text_poke+0x10/0x10
[  688.458632][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  688.463847][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  688.468954][    C0]  smp_text_poke_batch_finish+0x5f5/0x1160
[  688.475023][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  688.480297][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  688.487140][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[  688.494020][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  688.500093][    C0]  static_key_enable_cpuslocked+0x128/0x240
[  688.506213][    C0]  static_key_enable+0x1a/0x20
[  688.511883][    C0]  toggle_allocation_gate+0xab/0x290
[  688.518227][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  688.524653][    C0]  ? process_scheduled_works+0xa25/0x1830
[  688.530660][    C0]  ? process_scheduled_works+0xa25/0x1830
[  688.536486][    C0]  process_scheduled_works+0xb02/0x1830
[  688.542139][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  688.548124][    C0]  ? assign_work+0x3d5/0x5e0
[  688.552795][    C0]  worker_thread+0xa50/0xfc0
[  688.557397][    C0]  kthread+0x388/0x470
[  688.561543][    C0]  ? __pfx_worker_thread+0x10/0x10
[  688.566820][    C0]  ? __pfx_kthread+0x10/0x10
[  688.571576][    C0]  ret_from_fork+0x51e/0xb90
[  688.576179][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  688.581502][    C0]  ? __switch_to+0xc7d/0x1450
[  688.586173][    C0]  ? __pfx_kthread+0x10/0x10
[  688.591016][    C0]  ret_from_fork_asm+0x1a/0x30
[  688.595872][    C0]  </TASK>