last executing test programs:

1m19.183376829s ago: executing program 2 (id=138):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r1)
sendmsg$NL802154_CMD_SET_PAN_ID(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000800)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan3\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan0\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan0\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan3\x00', <r6=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan3\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000640)={&(0x7f00000003c0), 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x5c, r2, 0x401, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r9, 0x40045532, &(0x7f0000000340)=0xfdd)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r10 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0xf5f136db7a581572)
sendmsg$alg(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="dc", 0x1}, {&(0x7f0000000040)="909cdb607fe698cd7f304ce13ace650aca8aaee16af222392f11ffc44e2a94a8f438cd04d4aa77256a686bf5ecb65c351dcc9053141c07837e5241fe35298090879e9e3cf25d711ecd1df45a7cd1929d679dc303efc6f010934b2d1d61bad7ffd493c0336da3953b55164f8f737a4e3d6efe7c32faed07bb7fe431dede2f85de9271d019ac998110ea74ead906327167f4fbf1e00d4432ac34c6cb244847dc065cb382857d5bc74de14d75d235a36e5f59809aa8fa5cb4697a57f2ccb95b730dac49cfea0e7f2718", 0xc8}, {&(0x7f0000000140)="18b9c6ebd2342d53d9c1360627c6977379988a7a0bd817dcef6710d853f88d4b0a71adea77827889e4e811268121744a7017e08c988cf92a4dbda1599fd6a77a84598f1e1c1d0b398d6415c42f49cb7b0473", 0x52}], 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="e8000000000000001701000002000000d10000005130129ceab4886410721647d364d01e2fa1026273e7cf65c3ddfc875bfd9f5e87fd646828471d2bfa5ef4a97f333b814b7f2c8a9930eb2a7572fb8ae86e845a0d5d4d866c3c11e7728430290fb0e1513edd5981bcc1015da60f45e3f5a1f070e3964f9ea7f0a80cbc79b4e4272c001599b1413222238f3eeaced73740b8151474d12f82c290f109226b40eb919bfc7ef9b1de34844a0e97357672774be1fe57dc9b748e953727133179efe0222f51f91a4bf255f9257a1375eee85d818fa10329572d0cc9b1847d6bf50ec0caff6a0000001800000000000000170100000300000001000000000000000000"], 0x100, 0x40000}, 0xc000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r1) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000800) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan1\x00'}) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000640)={&(0x7f00000003c0), 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x5c, r2, 0x401, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) (async)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r9, 0x40045532, &(0x7f0000000340)=0xfdd) (async)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) (async)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0xf5f136db7a581572) (async)
sendmsg$alg(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="dc", 0x1}, {&(0x7f0000000040)="909cdb607fe698cd7f304ce13ace650aca8aaee16af222392f11ffc44e2a94a8f438cd04d4aa77256a686bf5ecb65c351dcc9053141c07837e5241fe35298090879e9e3cf25d711ecd1df45a7cd1929d679dc303efc6f010934b2d1d61bad7ffd493c0336da3953b55164f8f737a4e3d6efe7c32faed07bb7fe431dede2f85de9271d019ac998110ea74ead906327167f4fbf1e00d4432ac34c6cb244847dc065cb382857d5bc74de14d75d235a36e5f59809aa8fa5cb4697a57f2ccb95b730dac49cfea0e7f2718", 0xc8}, {&(0x7f0000000140)="18b9c6ebd2342d53d9c1360627c6977379988a7a0bd817dcef6710d853f88d4b0a71adea77827889e4e811268121744a7017e08c988cf92a4dbda1599fd6a77a84598f1e1c1d0b398d6415c42f49cb7b0473", 0x52}], 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="e8000000000000001701000002000000d10000005130129ceab4886410721647d364d01e2fa1026273e7cf65c3ddfc875bfd9f5e87fd646828471d2bfa5ef4a97f333b814b7f2c8a9930eb2a7572fb8ae86e845a0d5d4d866c3c11e7728430290fb0e1513edd5981bcc1015da60f45e3f5a1f070e3964f9ea7f0a80cbc79b4e4272c001599b1413222238f3eeaced73740b8151474d12f82c290f109226b40eb919bfc7ef9b1de34844a0e97357672774be1fe57dc9b748e953727133179efe0222f51f91a4bf255f9257a1375eee85d818fa10329572d0cc9b1847d6bf50ec0caff6a0000001800000000000000170100000300000001000000000000000000"], 0x100, 0x40000}, 0xc000) (async)

1m19.060701462s ago: executing program 2 (id=139):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000200)={0x0, 0xc, 0x4, "ca258375"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f00000007c0)={0x0, 0x13, 0x4, "b17cc04c"}, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000005c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="205aba"], 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, &(0x7f0000000140)={0x14, &(0x7f0000000040)={0x60, 0x4, 0x8, {0x8, 0xe, "487c1756b961"}}, &(0x7f0000000080)={0x0, 0x3, 0x5b, @string={0x5b, 0x3, "db38c057c48c14a5a41887cbcbd39fef7373c384e5bf12716c9d6b15e6ac93b6a334989e4e1e30befb6522bdca8d68b8a96ced5e84e4762b7946bc6dd1047c7117f16447010f6d4652e3bd29abf0e0227dee0bb6bf4fe138c5"}}}, &(0x7f00000006c0)={0x44, &(0x7f0000000240)={0x20, 0x30, 0xfd, "1d29b0926a85be225b76a62d073d20744a5ac4036c7345d910a92c5802ab8e9c63d45b532cee3f1b835d6aae10fddc5bd2b3b228bd093ea06eba446aa0a54e5fe668c4f5773a789132668da3b423fdf66ca2bf9a6ab1e266ca730e65be73b83e8bd7a37717ca73a78257387e8ffe909c8782b25435648595667054daedeabebb7030cbdc5372986cf3dee009c7f58e3cfa8e629db16b24b2cab79d317da522e69756e940e6cbf816fbbc17f487e11a526440e61fbc05027d884c473788cae1b6f99bbe1c8bb6d53964a1bee5a0b06719cc95c91ba21178355c42f32baa540b7f3249e69e6de2e902e3c28b4c2e71ff384f7d12c6bd85fb092c50e40e8d"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x9}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000380)={0x20, 0x81, 0x1, "ea"}, &(0x7f00000003c0)={0x20, 0x82, 0x1, '+'}, &(0x7f0000000400)={0x20, 0x83, 0x3, "0f2e10"}, &(0x7f0000000580)={0x20, 0x84, 0x4, "db3ce9dd"}, &(0x7f0000000600)={0x20, 0x85, 0x3, "25cdba"}})

1m15.856023011s ago: executing program 2 (id=151):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="080e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "020a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="001602"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac3(r0, &(0x7f00000003c0)={0x14, &(0x7f0000000240)={0x20, 0x8, 0xb6, {0xb6, 0x1a, "670accc5050c11faea1c817737fc084bfab407162ff724ddfb57b349941adbce4e48111d08c015c945e4c250358db8f1ae7992bbb53e968dd17f1be9e38b40988ae6f7f6419501fc6a3208e9651b473cbbcd2725934e3cba4bc6b5c47ee34e73975e1d4e4ea35df8a600fc9dd45ae39d15263dcea66a6c40061704377a1b957449d42c308c6f7c541f6053b645b0cd9fe3a3f65fc3fbd7792ba80565e79d0cba0a7155f02aa8ae11aca1d45096e148756b45e505"}}, &(0x7f0000000300)={0x0, 0x3, 0xb0, @string={0xb0, 0x3, "e532ca0c0636a85d8d73e8c98a83294775385a4bcfb30fa0db0bd285e7c181b72ca6a6202619502ab12f834c134e86e6ab49efe4426191036e8ddc13ca35bcf7cbca10c04995a87b4bc46c8e3777c280e6230573b61547a88e4d26cb82ea001a5680e43f90ee61a0baa36d321221c94e30a1e02cfa1f3b8617bc8b510b95ab64e9847a58b1a006a0e6aa1f51580d98793123706c0da63f4e3cb4b03d8e0091a94dc66331f7201e32cb551360e88f"}}}, &(0x7f0000000700)={0x44, &(0x7f0000000400)={0x40, 0x2e, 0x45, "ae4258b42e3e85ac42fd603296b3143146147e75523ae3bd5ac2e97661cecfa9a976e4d87da3ddf1174ca00ea2866104188ac0722747d464a0b12e5d98978370107bd2266c"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000500)={0x20, 0x81, 0x1, "18"}, &(0x7f0000000580)={0x20, 0x82, 0x2, "6ea8"}, &(0x7f00000005c0)={0x20, 0x83, 0x3, "aea71a"}, &(0x7f0000000600)={0x20, 0x84, 0x1, "8c"}, &(0x7f0000000640)={0x20, 0x85, 0x3, "fca367"}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, &(0x7f0000000680)={0x14, &(0x7f0000000780)={0x20, 0x10, 0x8f, {0x8f, 0x31, "ed41e93c678daa83e329714d6271af065b24ea50dc7b7ca85f8363b5805c9ff8da5e29ec5e7177abbb87d44923bd523996f513f3e2622392334f8428a5ffc8010562e9ba8a8df16d56b2ddae0ca073bc05385bc8ba0d4a1b02b9bd4f89ebad2bc5fe5f3a431bd23ae1840a84c58a6ffb9483c35203fffdc957cd6d0a66718cf0b35e28959ff0d146e9f4c342d0"}}, &(0x7f0000000880)={0x0, 0x3, 0xf4, @string={0xf4, 0x3, "a072de9f656d487c78bf572d1c7f4b33ebf1e532b100a3372c2ed19766c4670544538b221f90759677c199572f59366bde53ae91f8633bc9067fd25c8bb463d4f90094b817af0da428c69d4ecffbb031c17b4e8bbe4081c82763167248af618a04b7b79d15c2474f67c6adfe8030486da0e326ce745de70964e5339bea41b9f9481fe5c41a1e6badb3f577a9e6e861a6f49e607c57877be56b24373889469efb85433d8822a72e089b22cf09699b297b387585e5d0b06e461ab9e49dca9212c5ac7e6306d8b6d9e5ea55718c8796c179ee7010629c9741cd3ca74fa4412e0f048e4d9be3d576a813972c4d14ba11dcc07de2"}}}, &(0x7f0000000dc0)={0x34, &(0x7f0000000b40)={0x40, 0x30, 0xb0, "0c10c99c40d77b653b4cd0db4a0003bfeca347b12cdb191e850b7850007be2e27c2a0c1018fd0714031fbc461ae2556ddd3af508435ce43d6a32a369c7ba58f4131a20ac62bf36e8e70b04df05f33ec9951a0d7f0a0a5193caffeab014b09dcb5ada375f2609621e73df73042515ce1066a38f7729c45d96abef19f50a9717b4b87e1cb64c3b97f8f99aba5ae2c6431e251ab76269a133d7b5f6e3641fa4d2f90e559cb8a99e5cb30883b2c4e1342cad"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x44}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000c40)={0x20, 0x0, 0xbe, {0xbc, "2c9ba4fcc7252d4233c5bef28db8d4fb02130c0d89bcdf4b334cc62093e2bbabc9caeb8c0bfc1ba482bd03ee9c1c8d39f1ecbf138f91fe7c5cbae9a04e5107efb35f45b01c4909d9d17e027ecd607355c79b568ead2e2e42e959704e06063b1ab45d55fb48ddd3dbd49464fe2c40e041b76e27e353de8b1f88e546b61676d8302f3df4060db4b2aa749915f6b86eb71da9ba117da9a92bac2adcd3bf5373d56907f8ace57853cd0b895617cc93fbd0b64cc06a1127ac994aa1b10a6b"}}, &(0x7f0000000d40)={0x20, 0x1, 0x1}, &(0x7f0000000d80)={0x20, 0x0, 0x1, 0xf}})
syz_usb_control_io$uac2(r0, 0x0, 0x0)

1m14.580328654s ago: executing program 0 (id=157):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/51, 0x0})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
ioctl$VHOST_NET_SET_BACKEND(r0, 0x8008af26, &(0x7f00000003c0)={0x1, r2})

1m14.393077927s ago: executing program 0 (id=159):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{0x0}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/114, 0x72}, {&(0x7f0000001740)=""/72, 0x48}], 0x4}, 0x7}], 0x3, 0x2000, 0x0)

1m14.332084345s ago: executing program 0 (id=160):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120120004106cd40cd060f011bd50000000109022400010000800009040bf50233776100090507dfff038140060905870318"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendto$inet(r1, &(0x7f0000000080)="b929", 0x2, 0xc47fe1bb4494442d, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x5, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x401, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x9, 0x242, 0x3, 0xe, 0x2, 0x80008071, 0x2, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x7c, 0x0, 0x2, 0x6, 0x80000008, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0xe, 0x8, 0xfffffff3, 0x129432e6, 0xc9, 0xf9, 0x7fff, 0x78, 0x6e7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x1, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0xe73, 0x401, 0x6, 0x1, 0xff, 0x5, 0x4, 0x5f31, 0x6, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfff, 0xffff, 0x2, 0x4, 0x6, 0x3, 0x3, 0x7, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x8000], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x1, 0x0, 0xd, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000009, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x5, 0x87c, 0x1002, 0x8, 0x7, 0x953a, 0x5, 0x6, 0x4, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0xe, 0x400001, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x100, 0x25], [0x6, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1fc, 0x2, 0x57, 0x5, 0x3, 0x3, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14a, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0x400, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x2, 0xa26, 0x5, 0x5, 0x2a, 0x30b1d693, 0xa1f, 0xf63, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000)
futimesat(0xffffffffffffffff, 0x0, &(0x7f0000000080)={{}, {0x77359400}})
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$unix(r3, &(0x7f00000020c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="24000000000000001701"], 0x28, 0x2000c000}}], 0x2, 0x88)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="28000000ac88eb1aa160f0573ffce18886120001002bbd7000fbdbdf2504004f80040071801000bc800400c380080013803a48ad04"], 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x8880)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x2, &(0x7f0000000000)=0xa0000100000001, 0x4, 0x0)
set_mempolicy_home_node(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
ioctl$TUNATTACHFILTER(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0})

1m12.917249392s ago: executing program 0 (id=170):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000002000)='./file1\x00', 0x42, 0x1ff)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000003c0)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f00000000c0)={r3, 0x1, r1, 0x5, 0x80000})
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
write$evdev(r1, &(0x7f0000000200)=[{{0x77359400}, 0x3, 0x4, 0x81}, {{0x0, 0xea60}, 0x1f, 0x7ff, 0x61c}, {{r4, r5/1000+60000}, 0x1f, 0x0, 0x3}, {{0x77359400}, 0x1f, 0x68, 0x400}], 0x60)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f00000000c0)={0x3, 'vlan0\x00', {0x8}, 0xc444})
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0/../file0/file0\x00', 0x0, 0x100000, 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000140)={0x0, 0x40, 0x20}, 0x18)
mknodat(r6, &(0x7f0000000180)='./file0\x00', 0x8000, 0xd)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)

1m12.580432647s ago: executing program 2 (id=171):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) (fail_nth: 11)

1m12.271609001s ago: executing program 2 (id=172):
syz_open_dev$sndctrl(&(0x7f0000000000), 0x7fff, 0x2) (async)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x7fff, 0x2)
syz_open_dev$dri(&(0x7f0000000040), 0x5, 0x8801) (async)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x5, 0x8801)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000080))
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0], 0x7})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[<r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[<r6=>0x0, 0x0, 0x0, <r7=>0x0, 0x0], &(0x7f0000000200)=[<r8=>0x0, 0x0, 0x0], 0x3, 0x5, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x5, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000340)={r3, r4, r9, 0x0, 0x0, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000340)={r3, <r10=>r4, r9, 0x0, 0x0, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]})
syz_open_dev$dri(&(0x7f0000000380), 0x3ff, 0x500c0) (async)
r11 = syz_open_dev$dri(&(0x7f0000000380), 0x3ff, 0x500c0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r11, 0xc03064b7, &(0x7f00000003c0)={r3, r5, r10, 0x9, 0xf5, 0x6, 0x1000, 0x3ff, 0x11c4, 0x3, 0x3, 0x8fb5})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000480)={&(0x7f0000000400)=[0x0, <r12=>0x0, 0x0, <r13=>0x0, <r14=>0x0, 0x0, 0x0, <r15=>0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, r2, 0xeeeeeeee})
removexattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@random={'osx.', ']}:[\x00'})
writev(r0, &(0x7f0000000800)=[{&(0x7f0000000540)="1408eb4d26b0d1c3058a49f4993367a306b0129258fbe70423bfe08f620e750f01c55426bc0da637e29e6a94b6dcae38f4487c3a7d4db1844a969a6f475b30a5e27ce1b2c50135fed4d823e4624e92846c40a7a2e51b90dfc6611262744015998a878952e2f5bc19670d61f2accf572eb9821087cd216c9d604bcda6d4dc9a506e167dc2d4e36fc2bc15ee40dd375d9f346540e74f7078db1c89f2006f8545ae1dc89cd3f7acaf2be46db9fdfc05b1a1043ffca24e42213394b106904a40a1ef108f60a7d2ab7dedeef42b962e515acce96133673b4635896d611552063d140aa3ddeaebb20049f11460d771fbd06a31ce4c66a95f90095b8b0c", 0xfa}, {&(0x7f0000000640)="296a0b3b8bba7df6e9e039f8c038942ed1d1ee1fb002c89568942942dacf490df039c7e728bd0e6f7cb1d0b741fe7a60a9f6b51cad6917356881980ed7cabbaecf7161d9a8f1beab829fa82e62bd08524065f4e15a58ff147084e11be37fa15355e65853a1aefa7f96933fe71ff2bb3bb4a91d547994a8b3341ce31737226a6bd2095ad98b62c4c62b1fa4fda6f8d1e8179b", 0x92}, {&(0x7f0000000700)="cb49c72783d68554868e9f18827f10502f0240108fdf152703e1ba5d7ec3e6645ef6d8bbcc449f58ad8ac214ec0aca3f720d09dd60bcff8935cf7d78d31f7cd3df201f75e6dcb1f521a4abffd8304255a2f3c9a2ecc33ff2e04c6c96ddfb5d3de25810d400822016ad3f0233e98d8a30a1375206efbaa4b7e2f679be6a0f60b70d52dfcce8c687eecdf354476cfe1d90a47daccdf404750376fe13e7d6e478f86019555c6569f7fee581e96396a96db2d298f757f4232d0a2c2b9a492fd6808e01f890b78728e8", 0xc7}], 0x3)
r16 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r16, 0x40045564, 0xb)
ioctl$DRM_IOCTL_PANTHOR_DEV_QUERY_GROUP_PRIORITIES_INFO(0xffffffffffffffff, 0xc0106440, &(0x7f00000008c0)={0x3, 0x8, &(0x7f0000000880)})
syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
r17 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000a00)={&(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000940)=[0x0], &(0x7f0000000980)=[<r18=>0x0], &(0x7f00000009c0)=[<r19=>0x0, 0x0], 0x4, 0x1, 0x1, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000b40)={0x100, 0x5, &(0x7f0000000a40)=[r7, r6, r19, r8, r3], &(0x7f0000000a80)=[0x6, 0x2, 0x1000, 0x1, 0x2, 0x4, 0x1], &(0x7f0000000ac0)=[r12, r15, r13, r15, r14], &(0x7f0000000b00)=[0x83, 0x6, 0x6, 0x4]}) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000b40)={0x100, 0x5, &(0x7f0000000a40)=[r7, r6, r19, r8, r3], &(0x7f0000000a80)=[0x6, 0x2, 0x1000, 0x1, 0x2, 0x4, 0x1], &(0x7f0000000ac0)=[r12, r15, r13, r15, r14], &(0x7f0000000b00)=[0x83, 0x6, 0x6, 0x4]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r20 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_SECURITY(r20, 0x112, 0x4, &(0x7f0000000b80), 0x2)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000d40)={&(0x7f0000000bc0)=[0x0], &(0x7f0000000c00)=[{}, {}], &(0x7f0000000cc0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x4, 0x1, 0x0, r18})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001240)={&(0x7f0000000e00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x178, 0x18, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x128, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0xb8, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip6tnl0\x00'}, {0x14, 0x1, 'ip6_vti0\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'geneve1\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'veth0_to_bond\x00'}, {0x14, 0x1, 'dvmrp1\x00'}, {0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'ip6gretap0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'macvlan1\x00'}, {0x14, 0x1, 'batadv0\x00'}, {0x14, 0x1, 'wg0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWCHAIN={0x18c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x8000}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x80}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x10001}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x10000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1000}]}, @NFTA_CHAIN_USERDATA={0xef, 0xc, "a628ead908d9d3f002acbb0c0a6c7fb68c73375a4aa712471f4737b19456c475a9d946680e9f2587ae76f177d0f5222fcdc5e107fc6c374cb2cf36621672f6d1b0041ab854107d3fcb30dfc55a9f82938f5901df12662e610c08b44e49664fdaa54cf24961bbbbc8357da55abf9b1762dd7f6a0656a187f6bef0ffd74d7af37fc251489b37063eab25de6d4c7124e432e40d8c862b0b02dc353a982a74d9e7f4a80300baf2c64796aa745815e64ac97fc0b5e8fe1048a4205226ea28aea869878622729d27028140358f2a3bb276804e8a487ea2f32cf3b15b928f8c91a1e4ae4123603eaf10cf5976eabe"}]}, @NFT_MSG_NEWCHAIN={0xf0, 0x3, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x9c, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bond\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'hsr0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x15a0b264}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x55e94d9e}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x48490c6f}, @NFTA_HOOK_DEV={0x14, 0x3, 'bond_slave_1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'geneve1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bridge\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'syzkaller1\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x123d929}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x41c}}, 0x1)
setsockopt(r17, 0x4, 0xfffffffb, &(0x7f00000012c0)="5930567368410e6c72497da33ad8f494c346873a5f64f69b2494ea43daf444fae98476083bb31592ba873badac7bdd84e68955ed3c45556152acacc87c47e53fca548a3157ffa26e81ea6fd08524ac7971e63793e6a630f3c9f593f6e8916d900e0d115a19b1711389bcf353", 0x6c)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000001340)={{0x1, 0x1, 0x18, <r21=>r20, {0xffffff7f}}, './file0\x00'})
ioctl$TIOCL_GETMOUSEREPORTING(r21, 0x541c, &(0x7f0000001380)) (async)
ioctl$TIOCL_GETMOUSEREPORTING(r21, 0x541c, &(0x7f0000001380))
ioctl$VHOST_SET_VRING_CALL(r21, 0x4008af21, &(0x7f00000013c0)={0x3, r21})
close(r0)
getresuid(&(0x7f0000001400), &(0x7f0000001440), &(0x7f0000001480)) (async)
getresuid(&(0x7f0000001400), &(0x7f0000001440), &(0x7f0000001480)=<r22=>0x0)
setuid(r22) (async)
setuid(r22)
ioctl$KVM_GET_NR_MMU_PAGES(r21, 0xae45, 0x4)

1m12.049134114s ago: executing program 0 (id=175):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)}, 0x12)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2$9p(&(0x7f0000000080), 0x80)
mount$9p_fd(0x0, 0x0, 0x0, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m11.904963961s ago: executing program 2 (id=177):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{0x0}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/114, 0x72}, {&(0x7f0000001740)=""/72, 0x48}], 0x4}, 0x7}], 0x3, 0x2000, 0x0)

1m11.59610663s ago: executing program 32 (id=177):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{0x0}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/114, 0x72}, {&(0x7f0000001740)=""/72, 0x48}], 0x4}, 0x7}], 0x3, 0x2000, 0x0)

1m11.580146761s ago: executing program 0 (id=179):
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="080e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "020a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="001602"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac3(0xffffffffffffffff, &(0x7f00000003c0)={0x14, &(0x7f0000000240)={0x20, 0x8, 0xb6, {0xb6, 0x1a, "670accc5050c11faea1c817737fc084bfab407162ff724ddfb57b349941adbce4e48111d08c015c945e4c250358db8f1ae7992bbb53e968dd17f1be9e38b40988ae6f7f6419501fc6a3208e9651b473cbbcd2725934e3cba4bc6b5c47ee34e73975e1d4e4ea35df8a600fc9dd45ae39d15263dcea66a6c40061704377a1b957449d42c308c6f7c541f6053b645b0cd9fe3a3f65fc3fbd7792ba80565e79d0cba0a7155f02aa8ae11aca1d45096e148756b45e505"}}, &(0x7f0000000300)={0x0, 0x3, 0xb0, @string={0xb0, 0x3, "e532ca0c0636a85d8d73e8c98a83294775385a4bcfb30fa0db0bd285e7c181b72ca6a6202619502ab12f834c134e86e6ab49efe4426191036e8ddc13ca35bcf7cbca10c04995a87b4bc46c8e3777c280e6230573b61547a88e4d26cb82ea001a5680e43f90ee61a0baa36d321221c94e30a1e02cfa1f3b8617bc8b510b95ab64e9847a58b1a006a0e6aa1f51580d98793123706c0da63f4e3cb4b03d8e0091a94dc66331f7201e32cb551360e88f"}}}, &(0x7f0000000700)={0x44, &(0x7f0000000400)={0x40, 0x2e, 0x45, "ae4258b42e3e85ac42fd603296b3143146147e75523ae3bd5ac2e97661cecfa9a976e4d87da3ddf1174ca00ea2866104188ac0722747d464a0b12e5d98978370107bd2266c"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000500)={0x20, 0x81, 0x1, "18"}, &(0x7f0000000580)={0x20, 0x82, 0x2, "6ea8"}, &(0x7f00000005c0)={0x20, 0x83, 0x3, "aea71a"}, &(0x7f0000000600)={0x20, 0x84, 0x1, "8c"}, &(0x7f0000000640)={0x20, 0x85, 0x3, "fca367"}})
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000680)={0x14, &(0x7f0000000780)={0x20, 0x10, 0x8f, {0x8f, 0x31, "ed41e93c678daa83e329714d6271af065b24ea50dc7b7ca85f8363b5805c9ff8da5e29ec5e7177abbb87d44923bd523996f513f3e2622392334f8428a5ffc8010562e9ba8a8df16d56b2ddae0ca073bc05385bc8ba0d4a1b02b9bd4f89ebad2bc5fe5f3a431bd23ae1840a84c58a6ffb9483c35203fffdc957cd6d0a66718cf0b35e28959ff0d146e9f4c342d0"}}, &(0x7f0000000880)={0x0, 0x3, 0xf4, @string={0xf4, 0x3, "a072de9f656d487c78bf572d1c7f4b33ebf1e532b100a3372c2ed19766c4670544538b221f90759677c199572f59366bde53ae91f8633bc9067fd25c8bb463d4f90094b817af0da428c69d4ecffbb031c17b4e8bbe4081c82763167248af618a04b7b79d15c2474f67c6adfe8030486da0e326ce745de70964e5339bea41b9f9481fe5c41a1e6badb3f577a9e6e861a6f49e607c57877be56b24373889469efb85433d8822a72e089b22cf09699b297b387585e5d0b06e461ab9e49dca9212c5ac7e6306d8b6d9e5ea55718c8796c179ee7010629c9741cd3ca74fa4412e0f048e4d9be3d576a813972c4d14ba11dcc07de2"}}}, &(0x7f0000000dc0)={0x34, &(0x7f0000000b40)={0x40, 0x30, 0xb0, "0c10c99c40d77b653b4cd0db4a0003bfeca347b12cdb191e850b7850007be2e27c2a0c1018fd0714031fbc461ae2556ddd3af508435ce43d6a32a369c7ba58f4131a20ac62bf36e8e70b04df05f33ec9951a0d7f0a0a5193caffeab014b09dcb5ada375f2609621e73df73042515ce1066a38f7729c45d96abef19f50a9717b4b87e1cb64c3b97f8f99aba5ae2c6431e251ab76269a133d7b5f6e3641fa4d2f90e559cb8a99e5cb30883b2c4e1342cad"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x44}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000c40)={0x20, 0x0, 0xbe, {0xbc, "2c9ba4fcc7252d4233c5bef28db8d4fb02130c0d89bcdf4b334cc62093e2bbabc9caeb8c0bfc1ba482bd03ee9c1c8d39f1ecbf138f91fe7c5cbae9a04e5107efb35f45b01c4909d9d17e027ecd607355c79b568ead2e2e42e959704e06063b1ab45d55fb48ddd3dbd49464fe2c40e041b76e27e353de8b1f88e546b61676d8302f3df4060db4b2aa749915f6b86eb71da9ba117da9a92bac2adcd3bf5373d56907f8ace57853cd0b895617cc93fbd0b64cc06a1127ac994aa1b10a6b"}}, &(0x7f0000000d40)={0x20, 0x1, 0x1}, &(0x7f0000000d80)={0x20, 0x0, 0x1, 0xf}})
syz_usb_control_io$uac2(0xffffffffffffffff, 0x0, 0x0)

1m11.378519826s ago: executing program 33 (id=179):
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="080e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "020a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="001602"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac3(0xffffffffffffffff, &(0x7f00000003c0)={0x14, &(0x7f0000000240)={0x20, 0x8, 0xb6, {0xb6, 0x1a, "670accc5050c11faea1c817737fc084bfab407162ff724ddfb57b349941adbce4e48111d08c015c945e4c250358db8f1ae7992bbb53e968dd17f1be9e38b40988ae6f7f6419501fc6a3208e9651b473cbbcd2725934e3cba4bc6b5c47ee34e73975e1d4e4ea35df8a600fc9dd45ae39d15263dcea66a6c40061704377a1b957449d42c308c6f7c541f6053b645b0cd9fe3a3f65fc3fbd7792ba80565e79d0cba0a7155f02aa8ae11aca1d45096e148756b45e505"}}, &(0x7f0000000300)={0x0, 0x3, 0xb0, @string={0xb0, 0x3, "e532ca0c0636a85d8d73e8c98a83294775385a4bcfb30fa0db0bd285e7c181b72ca6a6202619502ab12f834c134e86e6ab49efe4426191036e8ddc13ca35bcf7cbca10c04995a87b4bc46c8e3777c280e6230573b61547a88e4d26cb82ea001a5680e43f90ee61a0baa36d321221c94e30a1e02cfa1f3b8617bc8b510b95ab64e9847a58b1a006a0e6aa1f51580d98793123706c0da63f4e3cb4b03d8e0091a94dc66331f7201e32cb551360e88f"}}}, &(0x7f0000000700)={0x44, &(0x7f0000000400)={0x40, 0x2e, 0x45, "ae4258b42e3e85ac42fd603296b3143146147e75523ae3bd5ac2e97661cecfa9a976e4d87da3ddf1174ca00ea2866104188ac0722747d464a0b12e5d98978370107bd2266c"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000500)={0x20, 0x81, 0x1, "18"}, &(0x7f0000000580)={0x20, 0x82, 0x2, "6ea8"}, &(0x7f00000005c0)={0x20, 0x83, 0x3, "aea71a"}, &(0x7f0000000600)={0x20, 0x84, 0x1, "8c"}, &(0x7f0000000640)={0x20, 0x85, 0x3, "fca367"}})
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000680)={0x14, &(0x7f0000000780)={0x20, 0x10, 0x8f, {0x8f, 0x31, "ed41e93c678daa83e329714d6271af065b24ea50dc7b7ca85f8363b5805c9ff8da5e29ec5e7177abbb87d44923bd523996f513f3e2622392334f8428a5ffc8010562e9ba8a8df16d56b2ddae0ca073bc05385bc8ba0d4a1b02b9bd4f89ebad2bc5fe5f3a431bd23ae1840a84c58a6ffb9483c35203fffdc957cd6d0a66718cf0b35e28959ff0d146e9f4c342d0"}}, &(0x7f0000000880)={0x0, 0x3, 0xf4, @string={0xf4, 0x3, "a072de9f656d487c78bf572d1c7f4b33ebf1e532b100a3372c2ed19766c4670544538b221f90759677c199572f59366bde53ae91f8633bc9067fd25c8bb463d4f90094b817af0da428c69d4ecffbb031c17b4e8bbe4081c82763167248af618a04b7b79d15c2474f67c6adfe8030486da0e326ce745de70964e5339bea41b9f9481fe5c41a1e6badb3f577a9e6e861a6f49e607c57877be56b24373889469efb85433d8822a72e089b22cf09699b297b387585e5d0b06e461ab9e49dca9212c5ac7e6306d8b6d9e5ea55718c8796c179ee7010629c9741cd3ca74fa4412e0f048e4d9be3d576a813972c4d14ba11dcc07de2"}}}, &(0x7f0000000dc0)={0x34, &(0x7f0000000b40)={0x40, 0x30, 0xb0, "0c10c99c40d77b653b4cd0db4a0003bfeca347b12cdb191e850b7850007be2e27c2a0c1018fd0714031fbc461ae2556ddd3af508435ce43d6a32a369c7ba58f4131a20ac62bf36e8e70b04df05f33ec9951a0d7f0a0a5193caffeab014b09dcb5ada375f2609621e73df73042515ce1066a38f7729c45d96abef19f50a9717b4b87e1cb64c3b97f8f99aba5ae2c6431e251ab76269a133d7b5f6e3641fa4d2f90e559cb8a99e5cb30883b2c4e1342cad"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x44}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000c40)={0x20, 0x0, 0xbe, {0xbc, "2c9ba4fcc7252d4233c5bef28db8d4fb02130c0d89bcdf4b334cc62093e2bbabc9caeb8c0bfc1ba482bd03ee9c1c8d39f1ecbf138f91fe7c5cbae9a04e5107efb35f45b01c4909d9d17e027ecd607355c79b568ead2e2e42e959704e06063b1ab45d55fb48ddd3dbd49464fe2c40e041b76e27e353de8b1f88e546b61676d8302f3df4060db4b2aa749915f6b86eb71da9ba117da9a92bac2adcd3bf5373d56907f8ace57853cd0b895617cc93fbd0b64cc06a1127ac994aa1b10a6b"}}, &(0x7f0000000d40)={0x20, 0x1, 0x1}, &(0x7f0000000d80)={0x20, 0x0, 0x1, 0xf}})
syz_usb_control_io$uac2(0xffffffffffffffff, 0x0, 0x0)

31.153106378s ago: executing program 5 (id=418):
syz_emit_vhci(&(0x7f0000000200)=ANY=[], 0x64)

31.106145583s ago: executing program 5 (id=419):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x3}, 0x7}], 0x3, 0x2000, 0x0)

30.156667488s ago: executing program 5 (id=427):
syz_emit_vhci(&(0x7f0000000200)=ANY=[], 0x64)

30.08816707s ago: executing program 5 (id=428):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
creat(0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_DISCSIGNAL(r1, 0x8010550e, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)

28.947307691s ago: executing program 5 (id=434):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0xd42, 0x800000001000005, 0xffffeffffffffff8, 0x1, 0xfffc, 0x200000000, 0x7, 0x8, 0xc, 0x2000000006, 0x200000000002, 0x0, 0x401, 0x0, 0x9, 0x10000008d], 0x8080000, 0x128657})
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000000)
ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000180))
ptrace$cont(0x21, r0, 0x8, 0x4)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000600)={'wpan1\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf25180000001c0030801800018008000100000000000c0003806e0c0ad30200000008000300", @ANYRES32=r3, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x100}, 0x24000000)

28.516849539s ago: executing program 5 (id=436):
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB], 0x64)

28.061570779s ago: executing program 34 (id=436):
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB], 0x64)

20.954669326s ago: executing program 6 (id=459):
mkdir(&(0x7f0000000140)='./control\x00', 0x191)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, 0x0, 0x40000000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x185242, 0x1df2a23c5997fa1f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x85, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

20.847254242s ago: executing program 6 (id=461):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_connect$uac2(0x3, 0xc7, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xef, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb5, 0x3, 0x1, 0xee, 0x10, 0x4, {0x8, 0xb, 0x2, 0x2, 0x1, 0x6, 0x20, 0x8d}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffa, 0x4, 0x9, 0x81}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x3, 0x7, 0x0, '5-'}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0xc, 0x10, 0x38, 0xfb}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x5, 0x9, 0xf0, {0x8, 0x25, 0x1, 0x80, 0x33, 0xa, 0x106}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@as_header={0x10, 0x24, 0x1, 0xa, 0x4, 0x1, 0x2, 0x2, 0x2, 0x8}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xfe, 0x41, 0x1, 0xdc, "ec", "5b02"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x7, 0x5, 0x1, 0x3, 0x40}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x800, 0x1, 0x9, "88a7a4fd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xfc, 0x87, 0xe, {0x8, 0x25, 0x1, 0x80, 0xf, 0x8, 0x7}}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0x7, 0x40, 0x25, 0x40, 0x3}, 0xba, &(0x7f0000000240)={0x5, 0xf, 0xba, 0x2, [@ptm_cap={0x3}, @generic={0xb2, 0x10, 0x1, "a422610bae893543685343d8410dd0448778aec5672df95fa0e167145a194d7108ab6982146801892ccadfccb8295717635957fe3c8ece0fd0ffc2eb2e740db4e0f0477f9d50c74a3466716b8856f1e13ac024adad18491234fb411a0c51f6f019ba0e90d6da39bc61b7d829d13d7b8309f262c34dbaeb1f88c1be2ce337bab65477c3226b56449ea1592a339ed8945583f52cada746bfff413df2c8a7b4efa8e3f82810f52e1b83d9b28c7284123a"}]}, 0x4, [{0x38, &(0x7f0000000080)=@string={0x38, 0x3, "0c38e7f106022be72ceb5870942c19df7c46b3fb4e9b17fcaae63518a6b02492e3ff3890aa72b39f07b8425de66f49e7c1f95e74a344"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41c}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x42c}}, {0x9c, &(0x7f00000003c0)=@string={0x9c, 0x3, "53a3914e7fb48dd2a7b53c035c20a4ef3ed5bcdfdc65576c4925e6c35f2f02296f3342f68b36d2f4bcd1527e99230c2971748f8249c980709cddd336603965fc9020fcf4f3acbdf65fd1f9908cf1b1d704b7566bfa935a2df498f755c037eeeb2a8dc47903b6886c986c718e5b722c2bc9de0b38964d3d4353e2172838ddbca7769f8114f257c3f1e7823f0ae5247c4690a1d3cc23c9718d620f"}}]})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0xa, 0x1000, 0x0, 0x0}], 0x1})
syz_usb_control_io$printer(r0, 0x0, 0x0)

19.516396963s ago: executing program 6 (id=464):
r0 = syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRESDEC], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'veth0_macvtap\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x51}})
syz_usb_disconnect(0xffffffffffffffff)
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
syz_usb_disconnect(r0)

16.413166331s ago: executing program 6 (id=473):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x2010, &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x2c000, 0x0)

16.400198396s ago: executing program 6 (id=474):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000000060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d657461000000001400028008000240000000130800034000000004cbbdaeb00a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a32"], 0xc0}}, 0x0) (async)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x186}, 0x1c) (async)
sendmsg$inet6(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0xa, 0x4a22, 0xe, @ipv4={'\x00', '\xff\xff', @remote}, 0x14f}, 0x1c, 0x0, 0x0, 0x0, 0xfffffde7}, 0x2606c0c0)
sendto$inet6(r0, &(0x7f0000000340)="7f", 0x1, 0x10, 0x0, 0x0) (async, rerun: 64)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000002600)=""/197, 0xc5, 0x0, 0x0}, &(0x7f0000000100)=0x40) (async, rerun: 64)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) (async)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x180, 0x0)

16.137514382s ago: executing program 6 (id=476):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x3}, 0x7}], 0x3, 0x2000, 0x0)

15.934136479s ago: executing program 35 (id=476):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x3}, 0x7}], 0x3, 0x2000, 0x0)

7.128630465s ago: executing program 7 (id=502):
r0 = socket(0x15, 0x5, 0x0)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
getpeername$unix(r2, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x44, 0x30, 0x1, 0x70bd27, 0x25dfdbfa, {}, [{0x30, 0x1, [@m_ipt={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8080}, 0x9080)

6.833085383s ago: executing program 7 (id=503):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf250100000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x5c}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x3}, 0x7}], 0x3, 0x2000, 0x0)

6.504480575s ago: executing program 1 (id=505):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x7c}}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x6, 0x1, 0x3], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x500)

6.132665377s ago: executing program 1 (id=509):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)

6.077976438s ago: executing program 1 (id=510):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_connect$uac2(0x3, 0xcd, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xef, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbb, 0x3, 0x1, 0xee, 0x10, 0x4, {0x8, 0xb, 0x2, 0x2, 0x1, 0x6, 0x20, 0x8d}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffa, 0x4, 0x9, 0x81}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x3, 0x7, 0x0, '5-'}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0xc, 0x10, 0x38, 0xfb}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x5, 0x9, 0xf0, {0x8, 0x25, 0x1, 0x80, 0x33, 0xa, 0x106}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x2, 0x8}, @as_header={0x10, 0x24, 0x1, 0xa, 0x4, 0x1, 0x2, 0x2, 0x2, 0x8}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xfe, 0x41, 0x1, 0xdc, "ec", "5b02"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x7, 0x5, 0x1, 0x3, 0x40}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x800, 0x1, 0x9, "88a7a4fd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xfc, 0x87, 0xe, {0x8, 0x25, 0x1, 0x80, 0xf, 0x8, 0x7}}}}}}}}]}}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0xa, 0x1000, 0x0, 0x0}], 0x1})
syz_usb_control_io$printer(r0, 0x0, 0x0)

5.913695177s ago: executing program 7 (id=511):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000005706ed0b002cc3ec000000a30000000000000009000904"], 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc000000aad8cdbee256bdd4f0491600330600000000000000807f00000100000000", @ANYBLOB], 0xfc}}, 0x0) (async)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)=ANY=[@ANYBLOB="140000002300000322bd7002fadbdf2501000000"], 0x14}}, 0xc004) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000002100)={'wlan1\x00', <r5=>0x0})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSACCEPT(r6, 0x89e3) (async)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3) (async)
r8 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async)
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r8, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000001c0)="c7442400e0330000c7442402524c0000c7442406000000000f011c240f01b8a4000000f0816215e65f00000fc7af00600000c4c11de5baf05f0000ea0b0000001401660f3882996fc4a40b66baf80cb890b36888ef66bafc0cb0fdee660f388146050f06", 0x64}], 0x1, 0x46, &(0x7f0000000240)=[@efer={0x2, 0x8001}, @cr4={0x1, 0x240006}], 0x2) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="2c0000002d000100000000000000000008000000", @ANYRES32, @ANYBLOB="b733f0e7", @ANYRES32=0xee00, @ANYBLOB="0c0000800500010031000000"], 0x2c}], 0x1}, 0x0) (async)
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x30, r7, 0x1, 0x30bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_VLAN={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x20000040) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000001300)=ANY=[@ANYBLOB="0015f700000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5.732745724s ago: executing program 7 (id=513):
mkdir(&(0x7f0000000140)='./control\x00', 0x191)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000000)='./control\x00', 0x40000000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(0x0, 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x185242, 0x1df2a23c5997fa1f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x85, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

5.647911594s ago: executing program 7 (id=514):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
syz_usb_disconnect(0xffffffffffffffff)
r2 = socket(0x28, 0x5, 0x0)
r3 = socket(0x8, 0x3, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r3, 0x7)
connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r4 = accept4$unix(r3, 0x0, 0x0, 0x0)
recvfrom$unix(r4, &(0x7f0000000140)=""/129, 0x81, 0x40000002, 0x0, 0x0)
close(0x3)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000200)=[@nested_amd_vmload={0x182, 0x18}, @nested_amd_vmload={0x182, 0x18, 0x1}, @nested_amd_vmsave={0x183, 0x18, 0x1}, @uexit={0x0, 0x18, 0x7}, @nested_load_code={0x12e, 0x61, {0x0, "c483bd6f99f44000006ad8f50f01d866baf80cb836db908eef66bafc0c66b8060066ef0fc77bb60ff7f7f3440fbd3136430f2247b918090000b807000000ba000000000f303e4409f4"}}, @rdmsr={0x66, 0x18, {0x91c}}, @nested_amd_clgi={0x17f, 0x10}, @nested_load_code={0x12e, 0x67, {0x1, "c4611d6c7e9666bad104b800000100ef66baf80cb89d7e4885ef66bafc0cb015ee0fa8ae6666430f2eca0f01c22e3666460f0019c7442400a4000000c74424025fca154bff2c242ec0ad3d00000044"}}, @rdmsr={0x66, 0x18, {0x31f}}, @set_irq_handler={0xc8, 0x20, {0x2c}}, @nested_amd_vmsave={0x183, 0x18, 0x3}, @enable_nested={0x12c, 0x18}, @nested_amd_stgi={0x17e, 0x10}, @wr_drn={0x68, 0x20, {0x6, 0x9}}, @rdmsr={0x66, 0x18, {0x4000009a}}, @cpuid={0x64, 0x18, {0xe0e8, 0x2}}, @nested_amd_vmsave={0x183, 0x18, 0x1}, @code={0xa, 0x73, {"65430f7855000f01ca640f01df8fc978020e3e470f220066ba610066edc74424000f000000c7442402540f0000c7442406000000000f0114243ef0816bfa00000000c744240009000000c7442402ae1d0000c7442406000000000f011424670f01c8"}}, @code={0xa, 0x73, {"c744240000800000c744240284f0804fc7442406000000000f011c2466b81e018ee0470f00d466baf80cb8a2c5a48bef66bafc0cb04eee670f0848b8c08b0000000000000f23c00f21f83503000d000f23f885965a8190673e0f01cf0f01ca44d316"}}, @out_dx={0x6a, 0x28, {0x1e6c, 0x3, 0x7}}, @rdmsr={0x66, 0x18, {0xb3e}}, @rdmsr={0x66, 0x18, {0x8de}}, @nested_load_syzos={0x136, 0x98, {0x0, 0x4, [@in_dx={0x69, 0x20, {0x1244, 0x3}}, @nested_amd_clgi={0x17f, 0x10}, @nested_amd_stgi={0x17e, 0x10}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x1, @ro_nat=0x640a, 0x2, 0x0, 0x9}}]}}], 0x406})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(r0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600040, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2d)

4.684716612s ago: executing program 1 (id=516):
rt_sigpending(0x0, 0xaa288ee98f9e0e67)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
pwrite64(r1, &(0x7f0000000a00)="e67ab166972ce298f4681ef5c755f60473b17b7887d68440dd9005bc69f6eeaeec2d13731c56a864fa45a465e64de6855c66e7190ed911b5d36f3db423da49146adf5742e2d98e81963fdb3911c91d94a7327708bacf3aeb1d10471980e3132947b42b079a9a09a3c48e452ca2446aa1569b8e1e028e6ebbcdd573302a47511455505e04f75899cb3edd2fd2073319dc1a43074fe7d24e00", 0x98, 0xef8d)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a00e204050001000793f4"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

3.590993386s ago: executing program 1 (id=525):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000140))
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
creat(&(0x7f00000001c0)='./file0/file0\x00', 0x108)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512-ce\x00'}, 0x58)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r8, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001640)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f569a15bfd30f671c0a2fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37577813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f1265b9d114c99fb469914a213bb289c5bdf5af3835d089a2300"/1504, 0x5e0}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc246104000000000000002d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f", 0xd7}, {&(0x7f0000000b00)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435b2156e55eb2b2b2e0300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd540810275770aa531098c572f714f6852063afc8358fb33cc7ef5c52565d586cfe6805bb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c7be309200691488d6616780cd4e9020865ef41a22175dc52d35dac1232ae1164d7fee64a50651978436207fca4a9026a8a903e7857324459b7e8a143e6fdac0823c8d1a3ac864ad2d0402344aee2511247e716436fe118e65455da74ef25627785638dfa4bf365840fe12fbf73f0d42bcc66efc8693855156f6151e49471e1b7cccbfb01344f76cca177551c73147c32615b53f74a0b7c7ac25b86a01ce3", 0x18e}, {&(0x7f0000000cc0)="f2a0f0f863621b483b19e7ecfce0d34e53fbf295927214684f4d69e90f0ec506442d2126c3f5ab0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93229060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a055fdeb2ba044d0d54e341d1d1ef1eb2c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a200"/349, 0x15d}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990", 0xa2}], 0x5, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x44, &(0x7f0000000000)={0x0, 0x0}, 0x10)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="0004c900000072031f0cb7541ed620ac239efb443312a08cd4f13db6d1749e2b8233cbd29cd90dce7d46a77c14cbf1c601f7d2766e6a7f400367b0975e3b69cbe46f40ab452719439cdd7afd8e61006ce6db71195b5b256ee01b7f1e46e022a2ee7e4412c200000000000000393a667e8a3a4d20fe92c7f89fd13febf54cb617bf489cd085abf34fef5f3a4c09a3de8de6e2271bec59a5dc42f64a021ea725ef017fb8027345"], 0x0, 0x0, 0x0}, 0x0)
r9 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND(r9, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x0, 0x1000000}}}, 0x90)

1.428735517s ago: executing program 3 (id=531):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) (fail_nth: 8)

1.409133639s ago: executing program 3 (id=532):
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
socket$packet(0x11, 0x2, 0x300)
write$tun(r2, &(0x7f0000001800)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0xfffe, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x30, 0x68, 0x0, 0x60, 0x67, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "21f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984da"}}, 0x3e)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x32315659}})
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f00000001c0))
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000000314021328bd7000fddbdf2509000200737900080000140033006d6163767461703000"/56], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x20008000)

1.315512631s ago: executing program 3 (id=533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000001c0)={0x6c, 0x2, 0x6, 0x1, 0x6000006, 0x1c02, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x21c}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xa00}}, @IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0) (async)
openat$6lowpan_enable(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

1.250035846s ago: executing program 3 (id=534):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf250100000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x5c}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x3}, 0x7}], 0x3, 0x2000, 0x0)

1.245674181s ago: executing program 3 (id=535):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_connect$uac2(0x3, 0xcd, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xef, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbb, 0x3, 0x1, 0xee, 0x10, 0x4, {0x8, 0xb, 0x2, 0x2, 0x1, 0x6, 0x20, 0x8d}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffa, 0x4, 0x9, 0x81}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x3, 0x7, 0x0, '5-'}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x3}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0xc, 0x10, 0x38, 0xfb}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x5, 0x9, 0xf0, {0x8, 0x25, 0x1, 0x80, 0x33, 0xa, 0x106}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x2, 0x8}, @as_header={0x10, 0x24, 0x1, 0xa, 0x4, 0x1, 0x2, 0x2, 0x2, 0x8}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xfe, 0x41, 0x1, 0xdc, "ec", "5b02"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x7, 0x5, 0x1, 0x3, 0x40}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x800, 0x1, 0x9, "88a7a4fd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xfc, 0x87, 0xe, {0x8, 0x25, 0x1, 0x80, 0xf, 0x8, 0x7}}}}}}}}]}}, &(0x7f0000000480)={0x0, 0x0, 0xba, &(0x7f0000000240)={0x5, 0xf, 0xba, 0x2, [@ptm_cap={0x3}, @generic={0xb2, 0x10, 0x1, "a422610bae893543685343d8410dd0448778aec5672df95fa0e167145a194d7108ab6982146801892ccadfccb8295717635957fe3c8ece0fd0ffc2eb2e740db4e0f0477f9d50c74a3466716b8856f1e13ac024adad18491234fb411a0c51f6f019ba0e90d6da39bc61b7d829d13d7b8309f262c34dbaeb1f88c1be2ce337bab65477c3226b56449ea1592a339ed8945583f52cada746bfff413df2c8a7b4efa8e3f82810f52e1b83d9b28c7284123a"}]}, 0x4, [{0x38, &(0x7f0000000080)=@string={0x38, 0x3, "0c38e7f106022be72ceb5870942c19df7c46b3fb4e9b17fcaae63518a6b02492e3ff3890aa72b39f07b8425de66f49e7c1f95e74a344"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41c}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x42c}}, {0x9c, &(0x7f00000003c0)=@string={0x9c, 0x3, "53a3914e7fb48dd2a7b53c035c20a4ef3ed5bcdfdc65576c4925e6c35f2f02296f3342f68b36d2f4bcd1527e99230c2971748f8249c980709cddd336603965fc9020fcf4f3acbdf65fd1f9908cf1b1d704b7566bfa935a2df498f755c037eeeb2a8dc47903b6886c986c718e5b722c2bc9de0b38964d3d4353e2172838ddbca7769f8114f257c3f1e7823f0ae5247c4690a1d3cc23c9718d620f"}}]})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0xa, 0x1000, 0x0, 0x0}], 0x1})
syz_usb_control_io$printer(r0, 0x0, 0x0)

477.242558ms ago: executing program 1 (id=536):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x5c}, {&(0x7f0000001880)=""/4112, 0x1010}, {&(0x7f0000001680)=""/114, 0x72}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x5}, 0x7}, {{0x0, 0x0, 0x0}, 0xd3a7}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xef23fe83}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0xa9e5}], 0x9, 0x2030, 0x0)

428.089445ms ago: executing program 4 (id=537):
mkdir(&(0x7f0000000140)='./control\x00', 0x191)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000000)='./control\x00', 0x40000000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x185242, 0x1df2a23c5997fa1f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x85, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

361.988566ms ago: executing program 4 (id=538):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0x0)

313.693917ms ago: executing program 4 (id=539):
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.sectors\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
fadvise64(r0, 0x0, 0x0, 0x5)
connect$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)

221.230012ms ago: executing program 4 (id=540):
rt_sigpending(0x0, 0xaa288ee98f9e0e67)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
pwrite64(r1, &(0x7f0000000a00)="e67ab166972ce298f4681ef5c755f60473b17b7887d68440dd9005bc69f6eeaeec2d13731c56a864fa45a465e64de6855c66e7190ed911b5d36f3db423da49146adf5742e2d98e81963fdb3911c91d94a7327708bacf3aeb1d10471980e3132947b42b079a9a09a3c48e452ca2446aa1569b8e1e028e6ebbcdd573302a47511455505e04f75899cb3edd2fd2073319dc1a43074fe7d24e00", 0x98, 0xef8d)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a00e204050001000793f4"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

209.058079ms ago: executing program 4 (id=541):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0xd7, 0x7, 0x4f}, {0x5000, 0x25000, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x1, 0x2, 0x0, 0x4, 0x1, 0x81, 0x0, 0xc4, 0x5}, {0x50000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x1, 0x3, 0x9, 0xd, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0xdddd0000, 0xeeee0000, 0xb, 0x0, 0x3, 0x1, 0x1, 0x4, 0x4, 0x90, 0x1, 0xfc}, {0x6000, 0x4000, 0xf, 0xff, 0x3, 0x4, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0x4000, 0x8000000, 0xf, 0x5, 0x28, 0x94, 0xa, 0x0, 0x54, 0x1, 0xff, 0x7}, {0xeeef0000, 0x5}, {0x4, 0x9}, 0x60050000, 0x0, 0xffff1000, 0x200300, 0x5, 0x2000, 0xe6e70c00, [0x3, 0x401, 0x4000000000006, 0xc5]})
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000840)={"d28c6a32b1fbb2a4f3c68375204eb2ad26845c9eb25ff613938a1daeeb618f9c18bf473f8e92dfa778b445665b09c58e8e2455d29a302f3b794664935d5f901a0d4c8437e8a3f45f9a30121cd75709f205b0e6da79ee7c3f4eba3d6ea7a1cd1f8dc281bdb55efe3bd1c70de5ae98c5f4fbbee3042184e012647a59042c1d433c70b6e39032321d713b6433c83b7349c0a69f68e9804bea03e2f2aab3391bb649667eccd51ed7a27768125c40cab9a4312757c1977a4fd64d6a1d89a9404f575a2af8770171fed05807e63f00d42245ac19db7aeb987ed951c60966e2f4e265c5c579199dfc9357fc17e0f2d22a2bfad393ad9fc9f942364e9617df63fb95d23966e02e3795cd4b0a0b9187138b91ab1c926c09c471b5b365b20fae559845d3dd654a9d940e014ef62aa4de41a1f880fc1fe69568dcd523d3e518a4f3499e5dd23b5af3f2ed9673e14eb943776d3dce8b376d3b9961c36731f8de7a36a5aea8e1e728e4707e9d596b00757fed8282e74273bd82907619c636cfa8a5853faffc338fb0e6de763d55f8e239afa4f61dd1ba2ec34d409859f7bcb8a2a725ceb795cd8efb5b601ee99257f0ba3816296057d67c7940839839c6e082b8927f9a26b18a2da987e46de823bc11c94faa214635e3214441c4851d57f9cdebf6e6458ff3ab36439e9b4ca2166abe79a5f577955b02392b5b0c1e887bbf598e1b78bb344eb945701bf9abe9412d1c63addd85fda9a0c8b0aa711775c1e509f01b7e3c8c6960c43038c52aa88f47fd2c4d5d03b5c60388e0db50038d2ea18db14534c7aede0a56d1faf7f0b8e5e1572e69c847819a8e2b128b67493511a0abdea23a90f877a018a2a0ed9414675af77c549a84575bcf6544c797cf75b1ecf61d246a4e111f0002bafd102255c03feb150f018f053e8a57e583800fa579ce3f46cd0c048738de07b3fa36e48db891edcbbf7e7dd8a99b7d74d5d54e9b29e0122d29e0b8f77fe599fd36f6e2967497a88f9e4018601bad4810aea8684dfb88366bce7bc76583a59a04d573f7a38e925e00b431598e4f9a4a9e2d1ee637a6f95d682ddf112edfc280060079e3c000e4d1b5cee6315f667511070795488136ab4aa50ced2ddd57d4993fb11b6fe7cdc8cc48f1f0a18139833b3e1bd04404fa5550640e4140697b8c7ca17dd7e35b8a45817f837060c18172b7f69af33926077cf93791655d1aba016e5a49203594401c3132f22ecc3c15090c216612a24879196aa6d1eddf5734c11902d8d5981d6bdc91d45ec563cf0d3ee79723d9e64628a657900858a0edd77ae44bd771178286c88782be3b4ad212704c424c5bf94bbeb0706701642d25b990c362e45472a7062956911aab63a03af2a31b8eac0fa9cd44404e15def01494aa5e2fee24e6be46dec2e60fc499981fb168e8456eccee5f4735062583e9ef5bdd"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x20, @ioapic={0x2000, 0x2, 0x9, 0xffffffff, 0x0, [{0x81, 0xb, 0x2, '\x00', 0xff}, {0x6, 0x3, 0x5, '\x00', 0xcf}, {0x1, 0x2, 0x91, '\x00', 0x6}, {0x4, 0xfd, 0x8, '\x00', 0x97}, {0x9, 0xb, 0x80, '\x00', 0x8}, {0xfa, 0x6, 0xf, '\x00', 0x6}, {0x7, 0x5, 0x4, '\x00', 0xcf}, {0x7, 0xd, 0xf, '\x00', 0x1}, {0x98, 0x0, 0x4, '\x00', 0xff}, {0x1, 0x1, 0xfb, '\x00', 0x9}, {0xd, 0xfd, 0x8f, '\x00', 0x9}, {0x2, 0x5, 0x10, '\x00', 0x5}, {0xf, 0x6, 0x42, '\x00', 0x7f}, {0x9, 0x1, 0x8, '\x00', 0x8}, {0x81, 0x10, 0x4, '\x00', 0x3d}, {0x1, 0xe, 0x2, '\x00', 0x20}, {0x0, 0xc, 0x20, '\x00', 0x5}, {0x20, 0x40, 0x8, '\x00', 0xfc}, {0xb, 0x2, 0x5, '\x00', 0x4}, {0x81, 0x5, 0x9, '\x00', 0x8}, {0x1, 0x6, 0x5, '\x00', 0xa}, {0x9, 0xfc, 0x90, '\x00', 0x21}, {0x4, 0xeb, 0xc0}, {0x6, 0x5, 0x0, '\x00', 0xb}]}})

37.792318ms ago: executing program 3 (id=542):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) (async)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) (rerun: 64)
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf2501000000000000000741000000140018000080007564703a73797a32064c710b1c"], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async, rerun: 32)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) (rerun: 32)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/61, 0x3d}], 0x1)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000a36000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x1000, 0x3}) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x390, <r3=>r1, 0x2}) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020)
ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000240)={0x9f0000, 0x80000000, 0x1, r4, 0x0, &(0x7f0000000180)={0x9909d7, 0x2, '\x00', @p_u8=&(0x7f0000000140)=0x9}})

16.631165ms ago: executing program 4 (id=543):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x13, r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1, 0x9}]}, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000380)={0x40000, 0x0, {[0x7d, 0x8, 0x2, 0xbdf1, 0x6, 0x6, 0x0, 0x1]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 8)

0s ago: executing program 7 (id=544):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCFLSH(r0, 0x540b, 0x1)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r0, &(0x7f0000002200)=ANY=[], 0xff2e)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0xa000, 0xfffa}, 0x1d, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x4388, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x0, 0xe660, 0x4, 0x7, 0x101, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0x4, 0x0, 0x71, 0xfffffff8, 0x7, 0x1, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0xb83, 0x7, 0x5, 0x0, 0xf, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x5, 0xed2d, 0x4, 0x0, 0x5, 0x2, 0x1, 0x4, 0x9, 0x8, 0x800, 0x6, 0x7, 0xf, 0x1, 0xfe000000, 0xff7f, 0x2, 0x7f, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x400, 0x4, 0x1, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8001, 0x83, 0x80000003, 0x9, 0x43e7, 0x9, 0x5, 0x2, 0x2, 0xf38, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x8, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x1a, 0x1c, 0xfffffff7, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0xf58, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7ffe, 0x7, 0x200a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xe, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0xb0b2748, 0xb1c, 0x1, 0x200, 0xffbf2441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x13, r3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_void(r4, 0x1, 0x1b, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @local, 0x9}]}, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000380)={0x40000, 0x0, {[0x7d, 0x8, 0x2, 0xbdf1, 0x6, 0x6, 0x0, 0x1]}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

  130.941918][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.953731][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.964396][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  131.044295][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  131.056256][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  131.067162][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  131.078852][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  131.092554][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  131.182786][   T24] hid-rmi 0003:0461:4E72.0006: hidraw0: USB HID vff.fc Device [HID 0461:4e72] on usb-dummy_hcd.1-1/input0
[  131.329319][  T140] bridge_slave_1: left allmulticast mode
[  131.335997][  T140] bridge_slave_1: left promiscuous mode
[  131.344433][  T140] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.361613][  T140] bridge_slave_0: left allmulticast mode
[  131.367486][  T140] bridge_slave_0: left promiscuous mode
[  131.373492][  T140] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.383453][ T5939] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  131.548746][ T5939] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  131.561667][ T5939] usb 4-1: config 0 has no interface number 0
[  131.569395][  T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.584795][ T5939] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  131.595719][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.604538][  T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.615442][  T140] bond0 (unregistering): Released all slaves
[  131.621867][ T5939] usb 4-1: Product: syz
[  131.629952][ T5939] usb 4-1: Manufacturer: syz
[  131.636104][ T5939] usb 4-1: SerialNumber: syz
[  131.645797][ T5939] usb 4-1: config 0 descriptor??
[  131.868329][ T5939] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  131.883876][ T5939] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  131.896662][ T5939] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  131.908521][ T5939] usb 4-1: media controller created
[  131.930010][ T5939] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  132.050136][  T140] hsr_slave_0: left promiscuous mode
[  132.064280][  T140] hsr_slave_1: left promiscuous mode
[  132.076224][ T6449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.087094][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.094658][  T140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.102579][ T6449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.121439][ T5939] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  132.123186][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.135661][  T140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.163339][  T140] veth1_macvtap: left promiscuous mode
[  132.178295][  T140] veth0_macvtap: left promiscuous mode
[  132.188225][  T140] veth1_vlan: left promiscuous mode
[  132.193811][  T140] veth0_vlan: left promiscuous mode
[  132.222705][ T5939] usb 4-1: USB disconnect, device number 15
[  132.734986][  T140] team0 (unregistering): Port device team_slave_1 removed
[  132.809052][  T140] team0 (unregistering): Port device team_slave_0 removed
[  133.018127][ T5160] Bluetooth: hci0: command tx timeout
[  133.172029][ T6444] chnl_net:caif_netlink_parms(): no params data found
[  133.182155][ T5160] Bluetooth: hci2: command tx timeout
[  133.188577][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  133.343696][ T5939] usb 2-1: USB disconnect, device number 11
[  133.475473][ T6473] syzkaller1: entered promiscuous mode
[  133.481622][ T6473] syzkaller1: entered allmulticast mode
[  133.587705][ T6440] chnl_net:caif_netlink_parms(): no params data found
[  133.711934][ T6444] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.736119][ T6444] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.747540][ T6444] bridge_slave_0: entered allmulticast mode
[  133.758190][ T6444] bridge_slave_0: entered promiscuous mode
[  133.828478][ T6444] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.856887][ T6444] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.898183][ T6444] bridge_slave_1: entered allmulticast mode
[  133.925322][ T6444] bridge_slave_1: entered promiscuous mode
[  134.091849][  T140] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.158066][ T6507] netlink: 'syz.1.189': attribute type 29 has an invalid length.
[  134.168255][ T6503] netlink: 'syz.1.189': attribute type 29 has an invalid length.
[  134.189236][ T6444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.206613][ T5889] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  134.275463][  T140] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.299623][ T6444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.368867][ T5889] usb 4-1: Using ep0 maxpacket: 32
[  134.378644][ T5889] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  134.389629][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.402889][ T5889] usb 4-1: config 0 descriptor??
[  134.424332][  T140] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.460594][ T6440] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.468966][ T6440] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.477183][ T6440] bridge_slave_0: entered allmulticast mode
[  134.485368][ T6440] bridge_slave_0: entered promiscuous mode
[  134.500839][ T6444] team0: Port device team_slave_0 added
[  134.508423][ T6440] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.517688][ T6440] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.525403][ T6440] bridge_slave_1: entered allmulticast mode
[  134.535583][ T6440] bridge_slave_1: entered promiscuous mode
[  134.594305][  T140] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.619500][ T6444] team0: Port device team_slave_1 added
[  134.620341][ T6501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.637939][ T6501] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.662082][ T5889] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  134.678301][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  134.686895][ T5889] dib0700: firmware download failed at 7 with -22
[  134.700634][ T5889] usb 4-1: USB disconnect, device number 16
[  134.720141][ T6440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.738803][ T6440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.767992][ T6444] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.775984][ T6444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  134.803255][ T6444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.817023][ T6444] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.824066][ T6444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  134.850893][ T6444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.912309][ T6440] team0: Port device team_slave_0 added
[  134.985687][ T6444] hsr_slave_0: entered promiscuous mode
[  134.997002][ T6444] hsr_slave_1: entered promiscuous mode
[  135.010541][ T6440] team0: Port device team_slave_1 added
[  135.098126][ T5160] Bluetooth: hci0: command tx timeout
[  135.124185][ T6440] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.132717][ T6440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  135.163206][ T6440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  135.237851][ T5889] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  135.256926][ T5160] Bluetooth: hci2: command tx timeout
[  135.300965][ T6527] netlink: 12 bytes leftover after parsing attributes in process `syz.3.193'.
[  135.352439][ T6440] batman_adv: batadv0: Adding interface: batadv_slave_1
[  135.366766][ T6440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  135.422479][ T5889] usb 2-1: Using ep0 maxpacket: 32
[  135.427125][ T6440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.447505][ T5889] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  135.466183][ T5889] usb 2-1: config 0 has no interface number 0
[  135.481081][ T5889] usb 2-1: config 0 interface 184 has no altsetting 0
[  135.520775][ T5889] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  135.520808][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.520829][ T5889] usb 2-1: Product: syz
[  135.520844][ T5889] usb 2-1: Manufacturer: syz
[  135.520859][ T5889] usb 2-1: SerialNumber: syz
[  135.543039][ T5889] usb 2-1: config 0 descriptor??
[  135.592116][ T6537] Zero length message leads to an empty skb
[  135.687152][  T140] bridge_slave_1: left allmulticast mode
[  135.693531][  T140] bridge_slave_1: left promiscuous mode
[  135.699766][  T140] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.731643][  T140] bridge_slave_0: left allmulticast mode
[  135.747476][  T140] bridge_slave_0: left promiscuous mode
[  135.760906][  T140] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.046980][  T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.060496][  T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.072200][  T140] bond0 (unregistering): Released all slaves
[  136.176132][ T6440] hsr_slave_0: entered promiscuous mode
[  136.185921][ T6440] hsr_slave_1: entered promiscuous mode
[  136.187070][ T5889] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  136.194913][ T6440] debugfs: 'hsr0' already exists in 'hsr'
[  136.203663][ T5889] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  136.247143][ T6440] Cannot create hsr debugfs directory
[  136.390994][ T6544] netlink: 'syz.3.196': attribute type 29 has an invalid length.
[  136.451471][ T6543] netlink: 'syz.3.196': attribute type 29 has an invalid length.
[  136.589989][  T140] hsr_slave_0: left promiscuous mode
[  136.597028][  T140] hsr_slave_1: left promiscuous mode
[  136.604272][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.612044][  T140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.620904][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.630273][  T140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.644987][  T140] veth1_macvtap: left promiscuous mode
[  136.650889][  T140] veth0_macvtap: left promiscuous mode
[  136.656659][  T140] veth1_vlan: left promiscuous mode
[  136.661946][  T140] veth0_vlan: left promiscuous mode
[  136.946745][  T140] team0 (unregistering): Port device team_slave_1 removed
[  136.975290][  T140] team0 (unregistering): Port device team_slave_0 removed
[  137.187168][ T5160] Bluetooth: hci0: command tx timeout
[  137.347394][ T5160] Bluetooth: hci2: command tx timeout
[  137.428716][ T6444] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  137.467310][ T5889] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  137.482046][ T6444] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  137.491581][ T5889] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  137.504442][ T5889] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  137.538230][ T5889] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[  137.553708][ T6444] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  137.594100][ T5889] usb 2-1: USB disconnect, device number 12
[  137.604574][ T6444] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  137.702871][ T6560] netlink: 348 bytes leftover after parsing attributes in process `syz.3.200'.
[  137.896881][ T6440] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  137.938848][ T6440] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  137.990864][ T6440] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  138.031992][ T6440] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  138.276556][ T6444] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.371608][ T6444] 8021q: adding VLAN 0 to HW filter on device team0
[  138.407411][  T140] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.414928][  T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.452213][  T140] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.459991][  T140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.545455][ T6440] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.653690][ T6440] 8021q: adding VLAN 0 to HW filter on device team0
[  138.723918][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.731425][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.807352][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.814712][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.852302][ T6588] syz.1.203 (6588): drop_caches: 2
[  139.257925][ T5160] Bluetooth: hci0: command tx timeout
[  139.278409][ T6444] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.290036][ T6613] tmpfs: Bad value for 'mpol'
[  139.418411][ T5160] Bluetooth: hci2: command tx timeout
[  139.692298][ T6440] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.341623][ T6444] veth0_vlan: entered promiscuous mode
[  140.395284][ T6444] veth1_vlan: entered promiscuous mode
[  140.552786][ T6440] veth0_vlan: entered promiscuous mode
[  140.570493][ T6444] veth0_macvtap: entered promiscuous mode
[  140.604520][ T6444] veth1_macvtap: entered promiscuous mode
[  140.624212][ T6440] veth1_vlan: entered promiscuous mode
[  140.890849][ T6444] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.949389][ T6444] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.049336][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.083982][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.134145][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.162023][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.218717][ T6440] veth0_macvtap: entered promiscuous mode
[  141.268565][ T6440] veth1_macvtap: entered promiscuous mode
[  141.352625][ T6660] syz.3.211 (6660): drop_caches: 2
[  141.378594][ T5889] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  141.491540][ T6440] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.509122][ T6440] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.562115][  T140] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.620242][  T140] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.676111][   T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.685607][ T5889] usb 2-1: Using ep0 maxpacket: 32
[  141.695436][ T5889] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 1536, setting to 1024
[  141.707958][ T5889] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  141.716470][   T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.724600][ T5889] usb 2-1: string descriptor 0 read error: -22
[  141.739562][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.747040][ T5889] usb 2-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  141.757998][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.761499][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.801055][ T6669] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  141.822290][ T5889] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  141.836268][ T5889] usb 2-1: MIDIStreaming interface descriptor not found
[  141.882086][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.891081][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.041727][   T30] audit: type=1326 audit(1774002877.959:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6668 comm="syz.1.213" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f56a4d9c799 code=0x0
[  142.104314][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.133602][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.260860][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.290211][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.582328][ T6695] netlink: 16 bytes leftover after parsing attributes in process `syz.4.178'.
[  142.688265][  T808] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  142.882463][  T808] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  142.914556][  T808] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  142.956309][  T808] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  142.992550][  T808] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  143.014536][  T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.041334][  T808] usb 4-1: Product: syz
[  143.054057][  T808] usb 4-1: Manufacturer: syz
[  143.066507][  T808] usb 4-1: SerialNumber: syz
[  143.084380][  T808] usb 4-1: config 0 descriptor??
[  143.100862][ T6690] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  143.123438][ T6690] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  143.172899][  T808] usb 4-1: ucan: probing device on interface #0
[  143.252971][ T6715] x_tables: duplicate entry at hook 2
[  143.272812][ T6715] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  143.282157][ T6715] IPv6: NLM_F_CREATE should be set when creating new route
[  143.366976][  T808] usb 4-1: ucan: could not read protocol version, ret=128
[  143.388580][  T808] usb 4-1: ucan: probe failed; try to update the device firmware
[  143.568028][  T808] usb 4-1: USB disconnect, device number 17
[  143.794984][ T6737] netlink: 76 bytes leftover after parsing attributes in process `syz.4.223'.
[  144.205851][ T5841] usb 2-1: USB disconnect, device number 13
[  144.869163][ T6769] FAULT_INJECTION: forcing a failure.
[  144.869163][ T6769] name failslab, interval 1, probability 0, space 0, times 0
[  144.892010][ T6769] CPU: 0 UID: 0 PID: 6769 Comm: syz.1.231 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  144.892043][ T6769] Tainted: [L]=SOFTLOCKUP
[  144.892050][ T6769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  144.892061][ T6769] Call Trace:
[  144.892068][ T6769]  <TASK>
[  144.892076][ T6769]  dump_stack_lvl+0xe8/0x150
[  144.892111][ T6769]  should_fail_ex+0x412/0x560
[  144.892145][ T6769]  should_failslab+0xa8/0x100
[  144.892169][ T6769]  __kmalloc_noprof+0xe8/0x760
[  144.892199][ T6769]  ? tomoyo_encode+0x28b/0x550
[  144.892233][ T6769]  tomoyo_encode+0x28b/0x550
[  144.892267][ T6769]  tomoyo_realpath_from_path+0x58d/0x5d0
[  144.892306][ T6769]  ? tomoyo_path_number_perm+0x219/0x630
[  144.892331][ T6769]  tomoyo_path_number_perm+0x246/0x630
[  144.892360][ T6769]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  144.892384][ T6769]  ? __lock_acquire+0x6b5/0x2cf0
[  144.892426][ T6769]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  144.892471][ T6769]  ? __fget_files+0x2a/0x420
[  144.892499][ T6769]  ? __fget_files+0x2a/0x420
[  144.892523][ T6769]  ? __fget_files+0x3a0/0x420
[  144.892545][ T6769]  ? __fget_files+0x2a/0x420
[  144.892574][ T6769]  security_file_ioctl+0xc3/0x2a0
[  144.892600][ T6769]  __se_sys_ioctl+0x47/0x170
[  144.892623][ T6769]  do_syscall_64+0x14d/0xf80
[  144.892643][ T6769]  ? trace_irq_disable+0x3b/0x140
[  144.892702][ T6769]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.892721][ T6769]  ? clear_bhb_loop+0x40/0x90
[  144.892745][ T6769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.892764][ T6769] RIP: 0033:0x7f56a4d9c799
[  144.892783][ T6769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  144.892800][ T6769] RSP: 002b:00007f56a5d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  144.892820][ T6769] RAX: ffffffffffffffda RBX: 00007f56a5015fa0 RCX: 00007f56a4d9c799
[  144.892833][ T6769] RDX: 0000200000000040 RSI: 0000000080046f45 RDI: 0000000000000003
[  144.892846][ T6769] RBP: 00007f56a5d31090 R08: 0000000000000000 R09: 0000000000000000
[  144.892858][ T6769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.892886][ T6769] R13: 00007f56a5016038 R14: 00007f56a5015fa0 R15: 00007ffeedf41bb8
[  144.892918][ T6769]  </TASK>
[  144.892964][ T6769] ERROR: Out of memory at tomoyo_realpath_from_path.
[  144.936922][ T5889] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  145.158754][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  145.249335][ T6780] netlink: 'syz.1.234': attribute type 21 has an invalid length.
[  145.259069][ T6780] netlink: 164 bytes leftover after parsing attributes in process `syz.1.234'.
[  145.356649][ T5889] usb 4-1: Using ep0 maxpacket: 32
[  145.362367][   T24] usb 6-1: Using ep0 maxpacket: 32
[  145.371287][ T5889] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  145.382274][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.390931][   T24] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  145.399890][   T24] usb 6-1: config 0 has no interface number 0
[  145.409635][ T5889] usb 4-1: config 0 descriptor??
[  145.415029][   T24] usb 6-1: config 0 interface 184 has no altsetting 0
[  145.423016][ T5160] Bluetooth: hci2: command 0x0406 tx timeout
[  145.451096][   T24] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  145.464840][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.474982][   T24] usb 6-1: Product: syz
[  145.481834][   T24] usb 6-1: Manufacturer: syz
[  145.487019][   T24] usb 6-1: SerialNumber: syz
[  145.494558][   T24] usb 6-1: config 0 descriptor??
[  145.650984][ T6764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.665925][ T6764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.678400][ T5889] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  145.702423][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  145.712298][ T5889] dib0700: firmware download failed at 7 with -22
[  145.727075][ T5889] usb 4-1: USB disconnect, device number 18
[  145.866594][ T5841] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  145.923751][   T24] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  145.935282][   T24] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  145.947074][   T24] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  145.958974][   T24] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -61
[  146.024179][ T5841] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  146.052514][ T5841] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  146.073465][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.104485][ T5841] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[  146.317071][  T898] usb 2-1: USB disconnect, device number 14
[  146.613963][ T6808] FAULT_INJECTION: forcing a failure.
[  146.613963][ T6808] name failslab, interval 1, probability 0, space 0, times 0
[  146.631159][ T6808] CPU: 0 UID: 0 PID: 6808 Comm: syz.4.244 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  146.631189][ T6808] Tainted: [L]=SOFTLOCKUP
[  146.631196][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  146.631207][ T6808] Call Trace:
[  146.631214][ T6808]  <TASK>
[  146.631222][ T6808]  dump_stack_lvl+0xe8/0x150
[  146.631252][ T6808]  should_fail_ex+0x412/0x560
[  146.631280][ T6808]  should_failslab+0xa8/0x100
[  146.631300][ T6808]  ? alloc_pid+0x1a4/0x1310
[  146.631321][ T6808]  kmem_cache_alloc_noprof+0x87/0x650
[  146.631348][ T6808]  ? copy_process+0x1cf3/0x4430
[  146.631372][ T6808]  ? vhost_task_create+0x1f9/0x380
[  146.631413][ T6808]  alloc_pid+0x1a4/0x1310
[  146.631438][ T6808]  ? __lock_acquire+0x6b5/0x2cf0
[  146.631466][ T6808]  ? __pfx_alloc_pid+0x10/0x10
[  146.631503][ T6808]  ? fpu_clone+0x347/0xb90
[  146.631539][ T6808]  ? __asan_memcpy+0x40/0x70
[  146.631567][ T6808]  ? copy_thread+0x74b/0x9a0
[  146.631603][ T6808]  copy_process+0x21b2/0x4430
[  146.631648][ T6808]  ? copy_process+0xd68/0x4430
[  146.631689][ T6808]  ? __pfx_copy_process+0x10/0x10
[  146.631726][ T6808]  ? mutex_init_lockdep+0xdf/0x110
[  146.631749][ T6808]  vhost_task_create+0x1f9/0x380
[  146.631772][ T6808]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  146.631793][ T6808]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  146.631816][ T6808]  ? __pfx_vhost_task_create+0x10/0x10
[  146.631848][ T6808]  ? __pfx_vhost_task_fn+0x10/0x10
[  146.631877][ T6808]  ? __lock_acquire+0x6b5/0x2cf0
[  146.631908][ T6808]  ? kasan_save_track+0x4f/0x80
[  146.631933][ T6808]  ? kasan_save_track+0x3e/0x80
[  146.631958][ T6808]  ? kasan_save_free_info+0x46/0x50
[  146.631980][ T6808]  ? __kasan_slab_free+0x5c/0x80
[  146.632006][ T6808]  ? kfree+0x1c5/0x640
[  146.632034][ T6808]  kvm_mmu_post_init_vm+0x147/0x2d0
[  146.632059][ T6808]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  146.632092][ T6808]  ? __mutex_trylock_common+0x158/0x260
[  146.632113][ T6808]  ? look_up_lock_class+0x57/0x110
[  146.632135][ T6808]  ? register_lock_class+0x31/0x2e0
[  146.632161][ T6808]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  146.632186][ T6808]  ? __lock_acquire+0x6b5/0x2cf0
[  146.632216][ T6808]  ? __mutex_lock+0x320/0x1420
[  146.632244][ T6808]  ? kasan_quarantine_put+0xbb/0x1f0
[  146.632284][ T6808]  ? do_raw_write_lock+0x11d/0x260
[  146.632323][ T6808]  kvm_vcpu_ioctl+0xa62/0xfd0
[  146.632348][ T6808]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  146.632366][ T6808]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  146.632414][ T6808]  ? __fget_files+0x2a/0x420
[  146.632442][ T6808]  ? __fget_files+0x2a/0x420
[  146.632464][ T6808]  ? __fget_files+0x3a0/0x420
[  146.632486][ T6808]  ? __fget_files+0x2a/0x420
[  146.632514][ T6808]  ? bpf_lsm_file_ioctl+0x9/0x20
[  146.632532][ T6808]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  146.632552][ T6808]  __se_sys_ioctl+0xfc/0x170
[  146.632574][ T6808]  do_syscall_64+0x14d/0xf80
[  146.632593][ T6808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.632612][ T6808]  ? clear_bhb_loop+0x40/0x90
[  146.632641][ T6808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.632659][ T6808] RIP: 0033:0x7f82e8b9c799
[  146.632678][ T6808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  146.632694][ T6808] RSP: 002b:00007f82e9b1c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  146.632715][ T6808] RAX: ffffffffffffffda RBX: 00007f82e8e15fa0 RCX: 00007f82e8b9c799
[  146.632730][ T6808] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  146.632742][ T6808] RBP: 00007f82e9b1c090 R08: 0000000000000000 R09: 0000000000000000
[  146.632754][ T6808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.632765][ T6808] R13: 00007f82e8e16038 R14: 00007f82e8e15fa0 R15: 00007ffe3f66d778
[  146.632799][ T6808]  </TASK>
[  147.342407][  T898] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  147.415682][   T51] Bluetooth: Unknown BR/EDR signaling command 0x11
[  147.425295][   T51] Bluetooth: Wrong link type (-22)
[  147.436844][  T808] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  147.506986][  T898] usb 4-1: Using ep0 maxpacket: 8
[  147.513639][  T898] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  147.522701][  T898] usb 4-1: config 0 has no interface number 0
[  147.531235][  T898] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  147.540837][  T898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.549136][  T898] usb 4-1: Product: syz
[  147.553312][  T898] usb 4-1: Manufacturer: syz
[  147.557955][  T898] usb 4-1: SerialNumber: syz
[  147.565349][  T898] usb 4-1: config 0 descriptor??
[  147.589115][  T808] usb 2-1: unable to get BOS descriptor or descriptor too short
[  147.599654][  T808] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[  147.614218][  T808] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7
[  147.628068][  T808] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice= 0.40
[  147.637718][  T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.646575][  T808] usb 2-1: Product: syz
[  147.650954][  T808] usb 2-1: Manufacturer: syz
[  147.655627][  T808] usb 2-1: SerialNumber: syz
[  147.690506][ T5912] usb 6-1: USB disconnect, device number 2
[  147.729861][ T5889] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  147.778740][  T898] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  147.789286][  T898] uvcvideo 4-1:0.31: No valid video chain found.
[  147.800092][  T898] usb 4-1: USB disconnect, device number 19
[  147.880843][  T808] usb 2-1: Can't get UAC3 power state for id 10
[  147.890215][  T808] usb 2-1: 2:0: failed to get current value for ch 0 (-71)
[  147.901596][  T808] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2)
[  147.910656][  T808] usb 2-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  147.911474][ T5889] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.920829][  T808] usb 2-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1
[  147.931943][ T5889] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  147.950835][ T5889] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  147.961018][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  147.971653][ T5889] usb 5-1: SerialNumber: syz
[  148.057385][  T808] usb 2-1: USB disconnect, device number 15
[  148.098013][ T5912] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  148.230716][ T5889] usb 5-1: 0:2 : does not exist
[  148.239229][ T5889] usb 5-1: unit 1 not found!
[  148.257536][ T5912] usb 6-1: device descriptor read/64, error -71
[  148.296569][ T5889] usb 5-1: USB disconnect, device number 2
[  148.314727][ T6830] udevd[6830]: setting mode of /dev/mixer3 to 020660 failed: No such file or directory
[  148.335382][ T6830] udevd[6830]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory
[  148.507115][ T5912] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  148.656484][ T5912] usb 6-1: device descriptor read/64, error -71
[  148.712651][   T51] Bluetooth: Unknown BR/EDR signaling command 0x11
[  148.721508][   T51] Bluetooth: Wrong link type (-22)
[  148.727640][   T51] Bluetooth: hci3: link tx timeout
[  148.734411][   T51] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  148.768153][ T5912] usb usb6-port1: attempt power cycle
[  148.836817][ T5939] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  148.996598][ T5939] usb 4-1: Using ep0 maxpacket: 8
[  149.003708][ T5939] usb 4-1: config 129 has an invalid interface number: 164 but max is 0
[  149.012387][ T5939] usb 4-1: config 129 has no interface number 0
[  149.019203][ T5939] usb 4-1: config 129 interface 164 has no altsetting 0
[  149.028634][ T5939] usb 4-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=8b.16
[  149.038295][  T808] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  149.048022][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.060557][ T5939] usb 4-1: Product: syz
[  149.065072][ T5939] usb 4-1: Manufacturer: syz
[  149.070997][ T5939] usb 4-1: SerialNumber: syz
[  149.116519][ T5912] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  149.147470][ T5912] usb 6-1: device descriptor read/8, error -71
[  149.216689][  T808] usb 2-1: Using ep0 maxpacket: 32
[  149.223943][  T808] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  149.232564][  T808] usb 2-1: config 0 has no interface number 0
[  149.239482][  T808] usb 2-1: config 0 interface 184 has no altsetting 0
[  149.248613][  T808] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  149.258566][  T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.266833][  T808] usb 2-1: Product: syz
[  149.271407][  T808] usb 2-1: Manufacturer: syz
[  149.276123][  T808] usb 2-1: SerialNumber: syz
[  149.285299][  T808] usb 2-1: config 0 descriptor??
[  149.285963][ T6840] netlink: 28 bytes leftover after parsing attributes in process `syz.3.256'.
[  149.302298][ T6840] netlink: 28 bytes leftover after parsing attributes in process `syz.3.256'.
[  149.327672][ T5939] ums_eneub6250 4-1:129.164: USB Mass Storage device detected
[  149.394184][ T5939] usb 4-1: USB disconnect, device number 20
[  149.407570][ T5912] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  149.437364][ T5912] usb 6-1: device descriptor read/8, error -71
[  149.546952][ T5912] usb usb6-port1: unable to enumerate USB device
[  149.701957][  T808] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  149.734126][  T808] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  149.757682][  T808] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  149.786844][  T808] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -61
[  149.884248][ T6855] futex_wake_op: syz.4.262 tries to shift op by 144; fix this program
[  150.144538][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  150.151841][ T5160] Bluetooth: Wrong link type (-22)
[  150.158737][ T5160] Bluetooth: hci1: link tx timeout
[  150.165385][ T5160] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  150.262451][ T6878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.269'.
[  150.274684][ T6878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.269'.
[  150.603415][ T6891] syzkaller1: entered promiscuous mode
[  150.609405][ T6891] syzkaller1: entered allmulticast mode
[  150.778739][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  150.832988][ T6902] FAULT_INJECTION: forcing a failure.
[  150.832988][ T6902] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  150.861548][ T6902] CPU: 1 UID: 0 PID: 6902 Comm: syz.3.276 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  150.861580][ T6902] Tainted: [L]=SOFTLOCKUP
[  150.861597][ T6902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  150.861608][ T6902] Call Trace:
[  150.861616][ T6902]  <TASK>
[  150.861625][ T6902]  dump_stack_lvl+0xe8/0x150
[  150.861658][ T6902]  should_fail_ex+0x412/0x560
[  150.861687][ T6902]  _copy_from_user+0x2d/0xb0
[  150.861713][ T6902]  drm_mode_atomic_ioctl+0x77c/0xdd0
[  150.861754][ T6902]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  150.861801][ T6902]  ? do_raw_spin_unlock+0xf5/0x210
[  150.861827][ T6902]  ? _raw_spin_unlock+0x28/0x50
[  150.861855][ T6902]  ? drm_is_current_master+0x19f/0x200
[  150.861881][ T6902]  drm_ioctl_kernel+0x2df/0x3b0
[  150.861915][ T6902]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  150.861937][ T6902]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  150.861976][ T6902]  drm_ioctl+0x6ba/0xb80
[  150.862011][ T6902]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  150.862035][ T6902]  ? __pfx_drm_ioctl+0x10/0x10
[  150.862076][ T6902]  ? __fget_files+0x2a/0x420
[  150.862103][ T6902]  ? bpf_lsm_file_ioctl+0x9/0x20
[  150.862123][ T6902]  ? __pfx_drm_ioctl+0x10/0x10
[  150.862151][ T6902]  __se_sys_ioctl+0xfc/0x170
[  150.862173][ T6902]  do_syscall_64+0x14d/0xf80
[  150.862193][ T6902]  ? trace_irq_disable+0x3b/0x140
[  150.862213][ T6902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.862233][ T6902]  ? clear_bhb_loop+0x40/0x90
[  150.862256][ T6902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.862275][ T6902] RIP: 0033:0x7fd9ab79c799
[  150.862295][ T6902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  150.862311][ T6902] RSP: 002b:00007fd9ac5d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  150.862333][ T6902] RAX: ffffffffffffffda RBX: 00007fd9aba15fa0 RCX: 00007fd9ab79c799
[  150.862346][ T6902] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000012
[  150.862358][ T6902] RBP: 00007fd9ac5d1090 R08: 0000000000000000 R09: 0000000000000000
[  150.862369][ T6902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  150.862379][ T6902] R13: 00007fd9aba16038 R14: 00007fd9aba15fa0 R15: 00007ffee9be2bb8
[  150.862410][ T6902]  </TASK>
[  151.169509][   T51] Bluetooth: Unknown BR/EDR signaling command 0x11
[  151.180413][   T51] Bluetooth: Wrong link type (-22)
[  151.223801][ T6910] netlink: 256 bytes leftover after parsing attributes in process `syz.4.279'.
[  151.233662][ T6910] netlink: 24 bytes leftover after parsing attributes in process `syz.4.279'.
[  151.582631][ T6929] binder: 6928:6929 ioctl 4068aea3 200000000000 returned -22
[  151.626536][ T5912] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  151.636616][  T898] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  151.780101][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  151.788209][  T898] usb 6-1: Using ep0 maxpacket: 8
[  151.794871][ T5912] usb 5-1: not running at top speed; connect to a high speed hub
[  151.809679][ T5912] usb 5-1: too many configurations: 116, using maximum allowed: 8
[  151.821555][  T898] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 7
[  151.843059][ T5912] usb 5-1: unable to read config index 0 descriptor/start: -61
[  151.853318][  T898] usb 6-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40
[  151.865322][ T5912] usb 5-1: can't read configurations, error -61
[  151.875183][ T5889] usb 2-1: USB disconnect, device number 16
[  151.881316][  T898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.896925][  T898] usb 6-1: Product: syz
[  151.908221][  T898] usb 6-1: Manufacturer: syz
[  151.915473][  T898] usb 6-1: SerialNumber: syz
[  151.985428][ T6934] Scaler: =================  START STATUS  =================
[  151.993963][ T6934] Scaler: ==================  END STATUS  ==================
[  152.015209][   T30] audit: type=1800 audit(1774002887.929:9): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.288" name="file1" dev="overlay" ino=446 res=0 errno=0
[  152.016539][ T5912] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  152.138946][  T898] usb 6-1: selecting invalid altsetting 1
[  152.232214][ T5160] Bluetooth: hci1: command 0x0406 tx timeout
[  152.240965][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  152.249905][ T5912] usb 5-1: not running at top speed; connect to a high speed hub
[  152.258415][ T5912] usb 5-1: too many configurations: 116, using maximum allowed: 8
[  152.269426][ T5912] usb 5-1: unable to read config index 0 descriptor/start: -61
[  152.277702][ T5912] usb 5-1: can't read configurations, error -61
[  152.285977][ T5912] usb usb5-port1: attempt power cycle
[  152.340148][  T898] usb 6-1: cannot request logical cluster ID: 0 (err: -5)
[  152.347802][  T898] usb 6-1: invalid MIXER UNIT descriptor 6
[  152.355153][  T898] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -5
[  152.370660][  T898] usb 6-1: selecting invalid altsetting 1
[  152.540674][  T898] usb 6-1: cannot request logical cluster ID: 0 (err: -71)
[  152.548578][  T898] usb 6-1: invalid MIXER UNIT descriptor 6
[  152.555109][  T898] snd-usb-audio 6-1:1.1: probe with driver snd-usb-audio failed with error -71
[  152.570193][  T898] usb 6-1: selecting invalid altsetting 1
[  152.578715][  T898] usb 6-1: cannot request logical cluster ID: 0 (err: -71)
[  152.586004][  T898] usb 6-1: invalid MIXER UNIT descriptor 6
[  152.626012][  T898] snd-usb-audio 6-1:1.2: probe with driver snd-usb-audio failed with error -71
[  152.635492][ T5912] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  152.643508][ T5889] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  152.654537][  T898] usb 6-1: USB disconnect, device number 7
[  152.691639][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  152.695736][ T5988] udevd[5988]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  152.704863][ T5912] usb 5-1: not running at top speed; connect to a high speed hub
[  152.724904][ T5912] usb 5-1: too many configurations: 116, using maximum allowed: 8
[  152.740888][ T5912] usb 5-1: unable to read config index 0 descriptor/start: -61
[  152.752550][ T5912] usb 5-1: can't read configurations, error -61
[  152.816793][ T5889] usb 2-1: Using ep0 maxpacket: 32
[  152.824159][ T5889] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  152.836200][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.856310][ T5889] usb 2-1: config 0 descriptor??
[  152.886636][ T5912] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  152.910041][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  152.918520][ T5912] usb 5-1: not running at top speed; connect to a high speed hub
[  152.926317][ T5912] usb 5-1: too many configurations: 116, using maximum allowed: 8
[  152.936024][ T5912] usb 5-1: unable to read config index 0 descriptor/start: -61
[  152.944063][ T5912] usb 5-1: can't read configurations, error -61
[  152.953073][ T5912] usb usb5-port1: unable to enumerate USB device
[  153.074531][ T6947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.096854][  T808] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  153.109617][ T6947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.127591][ T5889] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  153.141979][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  153.151043][ T5889] dib0700: firmware download failed at 7 with -22
[  153.163233][ T5889] usb 2-1: USB disconnect, device number 17
[  153.256973][  T808] usb 4-1: Using ep0 maxpacket: 8
[  153.263758][  T808] usb 4-1: config index 0 descriptor too short (expected 74, got 45)
[  153.272469][  T808] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  153.283701][  T808] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  153.295484][  T808] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  153.307114][  T808] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  153.317570][  T808] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  153.331437][  T808] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  153.341671][  T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.356640][ T5912] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  153.526583][ T5912] usb 6-1: Using ep0 maxpacket: 32
[  153.533614][ T5912] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  153.542323][ T5912] usb 6-1: config 0 has no interface number 0
[  153.548710][ T5912] usb 6-1: config 0 interface 184 has no altsetting 0
[  153.560657][  T808] usb 4-1: GET_CAPABILITIES returned 0
[  153.566761][  T808] usbtmc 4-1:16.0: can't read capabilities
[  153.566831][ T5912] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  153.582476][ T5912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.591827][ T5912] usb 6-1: Product: syz
[  153.596341][ T5912] usb 6-1: Manufacturer: syz
[  153.602028][ T5912] usb 6-1: SerialNumber: syz
[  153.609531][ T5912] usb 6-1: config 0 descriptor??
[  153.729056][   T30] audit: type=1800 audit(1774002889.649:10): pid=6957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.297" name="file1" dev="overlay" ino=481 res=0 errno=0
[  153.782337][  T808] usb 4-1: USB disconnect, device number 21
[  153.930005][ T6963] binder: 6962:6963 ioctl 4068aea3 200000000000 returned -22
[  154.035205][ T5912] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  154.055881][ T5912] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  154.068137][ T5912] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  154.097866][ T5912] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -61
[  154.538170][ T6990] netlink: 'syz.4.304': attribute type 1 has an invalid length.
[  154.582924][ T6990] netlink: 'syz.4.304': attribute type 1 has an invalid length.
[  154.744111][   T30] audit: type=1800 audit(1774002890.659:11): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.306" name="file1" dev="overlay" ino=521 res=0 errno=0
[  154.856839][  T808] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  155.026493][  T808] usb 4-1: Using ep0 maxpacket: 32
[  155.046025][  T808] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  155.085405][  T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.129253][  T808] usb 4-1: config 0 descriptor??
[  155.359179][ T6997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.377041][ T6997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.389448][  T808] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  155.410626][  T808] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  155.419097][  T808] dib0700: firmware download failed at 7 with -22
[  155.454779][  T808] usb 4-1: USB disconnect, device number 22
[  155.775410][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  155.782299][ T5160] Bluetooth: Wrong link type (-22)
[  155.807803][ T5939] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  155.978614][ T5939] usb 5-1: Using ep0 maxpacket: 32
[  156.004704][ T5939] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  156.035446][ T5939] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  156.048273][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  156.066014][ T5939] usb 5-1: Product: syz
[  156.072349][ T7056] raw_sendmsg: syz.3.313 forgot to set AF_INET. Fix it!
[  156.079590][ T5939] usb 5-1: Manufacturer: syz
[  156.084515][ T5939] usb 5-1: SerialNumber: syz
[  156.100174][ T5939] usb 5-1: config 0 descriptor??
[  156.122854][ T7021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  156.212967][ T5904] usb 6-1: USB disconnect, device number 8
[  156.345869][   T30] audit: type=1800 audit(1774002892.259:12): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.316" name="file1" dev="overlay" ino=533 res=0 errno=0
[  156.381241][ T5939] usb 5-1: USB disconnect, device number 7
[  156.613952][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  156.621337][ T5160] Bluetooth: Wrong link type (-22)
[  156.946529][ T5939] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  157.116823][ T5939] usb 6-1: Using ep0 maxpacket: 32
[  157.132686][ T5939] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  157.159432][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.173438][ T5939] usb 6-1: config 0 descriptor??
[  157.394466][ T7083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.420699][ T7083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.441973][ T5939] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  157.472389][ T5939] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  157.499899][ T5939] dib0700: firmware download failed at 7 with -22
[  157.532264][ T5939] usb 6-1: USB disconnect, device number 9
[  157.747676][   T30] audit: type=1800 audit(1774002893.659:13): pid=7118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.327" name="file1" dev="overlay" ino=185 res=0 errno=0
[  157.781665][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  157.789700][ T5160] Bluetooth: Wrong link type (-22)
[  157.926337][   T30] audit: type=1800 audit(1774002893.839:14): pid=7129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.333" name="file1" dev="overlay" ino=563 res=0 errno=0
[  158.389901][   T30] audit: type=1800 audit(1774002894.309:15): pid=7151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.339" name="file1" dev="overlay" ino=209 res=0 errno=0
[  158.463655][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  158.470705][ T5160] Bluetooth: Wrong link type (-22)
[  158.766664][ T5912] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  158.846721][ T5889] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  158.917651][ T5912] usb 2-1: device descriptor read/64, error -71
[  159.009516][ T5889] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  159.034031][ T5889] usb 5-1: config 0 interface 0 has no altsetting 0
[  159.057511][ T5889] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  159.076517][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.110150][ T5889] usb 5-1: config 0 descriptor??
[  159.121883][ T7167] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  159.158082][ T5912] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  159.216794][  T808] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  159.322560][ T5912] usb 2-1: device descriptor read/64, error -71
[  159.340751][ T7167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.371205][ T7167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.386761][  T808] usb 4-1: Using ep0 maxpacket: 32
[  159.413474][  T808] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  159.445886][  T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.457087][ T5912] usb usb2-port1: attempt power cycle
[  159.479778][  T808] usb 4-1: config 0 descriptor??
[  159.602878][ T7167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.614026][ T7167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.627084][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.635280][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.643781][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.653216][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.662354][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.670794][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.681208][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.695919][ T7180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.701502][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.714929][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.722382][ T7180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.731862][ T5889] hid-multitouch 0003:1FD2:6007.0007: unknown main item tag 0x0
[  159.742258][  T808] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  159.779122][  T808] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  159.780630][ T5889] hid-multitouch 0003:1FD2:6007.0007: hidraw0: USB HID v7f.fd Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  159.805085][  T808] dib0700: firmware download failed at 7 with -22
[  159.820842][ T5912] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  159.848325][ T5912] usb 2-1: device descriptor read/8, error -71
[  159.855995][ T5889] usb 5-1: USB disconnect, device number 8
[  159.917705][  T808] usb 4-1: USB disconnect, device number 23
[  159.965923][ T7199] fido_id[7199]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  160.203871][ T5912] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  160.237427][ T5912] usb 2-1: device descriptor read/8, error -71
[  160.360134][ T5912] usb usb2-port1: unable to enumerate USB device
[  160.546779][ T5160] Bluetooth: Unknown BR/EDR signaling command 0x11
[  160.554808][ T5160] Bluetooth: Wrong link type (-22)
[  160.744316][   T30] audit: type=1800 audit(1774002896.609:16): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.349" name="file1" dev="overlay" ino=229 res=0 errno=0
[  160.896571][ T5889] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  161.046506][ T5889] usb 4-1: Using ep0 maxpacket: 32
[  161.068009][ T5889] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  161.093865][ T5889] usb 4-1: config 0 has no interface number 0
[  161.105107][ T5889] usb 4-1: config 0 interface 184 has no altsetting 0
[  161.124938][ T5889] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  161.144840][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.161828][ T5889] usb 4-1: Product: syz
[  161.174073][ T5889] usb 4-1: Manufacturer: syz
[  161.191634][ T5889] usb 4-1: SerialNumber: syz
[  161.218437][ T5889] usb 4-1: config 0 descriptor??
[  161.599125][   T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  161.645434][ T5889] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  161.658204][ T5889] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  161.670117][ T5889] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  161.683576][ T5889] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  161.756950][   T24] usb 5-1: Using ep0 maxpacket: 32
[  161.764571][   T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  161.775562][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.789795][   T24] usb 5-1: config 0 descriptor??
[  162.027631][ T7217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.045052][ T7217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.055857][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  162.073766][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  162.083528][   T24] dib0700: firmware download failed at 7 with -22
[  162.104709][   T24] usb 5-1: USB disconnect, device number 9
[  162.879306][ T5889] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  162.973596][   T30] audit: type=1800 audit(1774002898.889:17): pid=7230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.360" name="file1" dev="overlay" ino=286 res=0 errno=0
[  163.076499][ T5889] usb 2-1: Using ep0 maxpacket: 32
[  163.087150][ T5889] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  163.097797][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.113631][ T5889] usb 2-1: config 0 descriptor??
[  163.334440][ T7221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.354972][ T7221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.371239][ T5889] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  163.387066][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  163.397528][ T5889] dib0700: firmware download failed at 7 with -22
[  163.412150][ T5889] usb 2-1: USB disconnect, device number 22
[  163.436684][ T5939] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  163.586570][ T5939] usb 5-1: Using ep0 maxpacket: 8
[  163.596820][ T5939] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  163.607541][ T5939] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  163.618222][ T5939] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  163.630030][ T5939] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  163.644871][ T5939] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  163.659012][ T5939] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  163.672315][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.731590][  T808] usb 4-1: USB disconnect, device number 24
[  163.915976][ T5939] usb 5-1: usb_control_msg returned -32
[  163.928408][ T5939] usbtmc 5-1:16.0: can't read capabilities
[  163.970073][ T5939] usb 5-1: USB disconnect, device number 10
[  164.021224][   T30] audit: type=1800 audit(1774002899.939:18): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.370" name="file1" dev="overlay" ino=145 res=0 errno=0
[  164.296061][ T7268] netlink: 'syz.5.375': attribute type 11 has an invalid length.
[  164.373451][ T7274] netlink: 20 bytes leftover after parsing attributes in process `syz.3.377'.
[  164.379525][ T7273] tap0: tun_chr_ioctl cmd 1074025672
[  164.408966][ T7273] tap0: ignored: set checksum enabled
[  164.564456][ T7278] binder: 7277:7278 ioctl c0306201 2000000001c0 returned -14
[  164.687950][   T30] audit: type=1800 audit(1774002900.609:19): pid=7284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.383" name="file1" dev="overlay" ino=627 res=0 errno=0
[  164.716803][ T5889] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  164.886537][ T5889] usb 6-1: Using ep0 maxpacket: 32
[  164.895088][ T5889] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  164.904725][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.914533][ T5912] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  164.925136][ T5889] usb 6-1: config 0 descriptor??
[  165.096664][ T5912] usb 4-1: Using ep0 maxpacket: 32
[  165.104564][ T5912] usb 4-1: config 0 has no interfaces?
[  165.112913][ T5912] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  165.122481][ T5912] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  165.131400][ T5912] usb 4-1: Product: syz
[  165.135747][ T5912] usb 4-1: Manufacturer: syz
[  165.136897][ T7276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  165.140945][ T5912] usb 4-1: SerialNumber: syz
[  165.155399][ T7276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  165.165177][ T5912] usb 4-1: config 0 descriptor??
[  165.178994][ T5889] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  165.191292][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  165.201758][ T5889] dib0700: firmware download failed at 7 with -22
[  165.212584][ T5889] usb 6-1: USB disconnect, device number 10
[  165.381716][ T7286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  165.391468][ T7286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  165.402104][ T7286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  165.411266][ T7286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  165.424736][ T5939] usb 4-1: USB disconnect, device number 25
[  165.660494][ T7296] macvlan1: entered promiscuous mode
[  165.666290][ T7296] macvlan1: entered allmulticast mode
[  165.672247][ T7296] veth1_vlan: entered allmulticast mode
[  165.798579][ T7299] befs: (nullb0): invalid magic header
[  165.888353][ T5889] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  165.938107][ T5939] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  166.054051][ T5889] usb 4-1: config index 0 descriptor too short (expected 36, got 27)
[  166.073150][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.099798][ T5889] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 8.00
[  166.111900][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.116742][ T5939] usb 5-1: Using ep0 maxpacket: 8
[  166.131319][ T5889] usb 4-1: config 0 descriptor??
[  166.143724][ T5939] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.155910][ T5889] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  166.168233][ T5939] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  166.192585][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.194066][ T5889] usb 4-1: Detected FT4232H
[  166.224139][ T5939] usb 5-1: config 0 descriptor??
[  166.244496][ T5939] iowarrior 5-1:0.0: no interrupt-in endpoint found
[  166.351750][ T5889] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  166.365485][ T5889] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  166.381133][ T5889] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  166.395025][ T5889] usb 4-1: USB disconnect, device number 26
[  166.434129][ T5889] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  166.444036][ T5919] usb 5-1: USB disconnect, device number 11
[  166.472993][ T5889] ftdi_sio 4-1:0.0: device disconnected
[  166.556507][ T5939] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  166.718425][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.726026][ T7326] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0)
[  166.746910][ T5939] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  166.763342][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.797791][ T5939] usb 2-1: config 0 descriptor??
[  166.863778][   T30] audit: type=1800 audit(1774002902.779:20): pid=7328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.393" name="file1" dev="overlay" ino=181 res=0 errno=0
[  167.229061][ T5939] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor
[  167.283544][ T5939] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0008/input/input10
[  167.571901][ T5939] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  167.716564][ T5841] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  167.774512][ T5939] usb 2-1: USB disconnect, device number 23
[  167.893784][ T5841] usb 6-1: Using ep0 maxpacket: 32
[  167.912207][ T5841] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  167.947936][ T5841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.984825][ T5841] usb 6-1: config 0 descriptor??
[  168.100396][   T30] audit: type=1800 audit(1774002904.019:21): pid=7361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.403" name="file1" dev="overlay" ino=651 res=0 errno=0
[  168.126618][ T5912] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  168.199942][ T7349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.209926][ T7349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  168.221702][ T5841] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  168.240109][ T5841] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  168.251684][ T5841] dib0700: firmware download failed at 7 with -22
[  168.263633][ T5841] usb 6-1: USB disconnect, device number 11
[  168.280622][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.293298][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.305492][ T5912] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  168.316083][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.328395][ T5912] usb 5-1: config 0 descriptor??
[  168.426551][   T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  168.576598][   T24] usb 4-1: Using ep0 maxpacket: 16
[  168.589220][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.600949][   T24] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 96
[  168.612970][   T24] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  168.623432][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  168.640264][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  168.657952][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  168.667949][   T24] usb 4-1: SerialNumber: syz
[  168.676840][ T7363] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  168.684568][ T7363] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  168.695080][   T24] hub 4-1:1.0: bad descriptor, ignoring hub
[  168.701342][   T24] hub 4-1:1.0: probe with driver hub failed with error -5
[  168.754813][   T30] audit: type=1326 audit(1774002904.669:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7356 comm="syz.4.401" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f82e8b9c799 code=0x0
[  168.895581][ T7363] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  168.904011][ T7363] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  169.332720][   T24] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  169.521594][ T7363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.532830][ T7363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.543982][ T7363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.553982][ T7363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.852869][   T30] audit: type=1800 audit(1774002905.769:23): pid=7389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.412" name="file1" dev="overlay" ino=225 res=0 errno=0
[  170.130172][ T5160] Bluetooth: hci2: unexpected event for opcode 0x0c56
[  170.897395][ T5912] usbhid 5-1:0.0: can't add hid device: -71
[  170.905771][ T5912] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  170.919316][ T5912] usb 5-1: USB disconnect, device number 12
[  171.231400][ T7407] syzkaller1: entered promiscuous mode
[  171.238134][ T7407] syzkaller1: entered allmulticast mode
[  171.302151][   T24] usb 4-1: USB disconnect, device number 27
[  171.308351][ T5912] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  171.320500][   T24] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  171.443650][   T30] audit: type=1800 audit(1774002907.359:24): pid=7409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.421" name="file1" dev="overlay" ino=676 res=0 errno=0
[  171.496567][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  171.507596][ T5912] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  171.517183][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.544848][ T5912] usb 5-1: config 0 descriptor??
[  171.634216][ T7374] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  171.762284][ T7400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.781368][ T7400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.815386][ T5912] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  171.842029][ T5912] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  171.852694][ T5912] dib0700: firmware download failed at 7 with -22
[  171.876045][ T5912] usb 5-1: USB disconnect, device number 13
[  171.890355][ T7420] netlink: get zone limit has 8 unknown bytes
[  173.119896][   T30] audit: type=1800 audit(1774002909.039:25): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.430" name="file1" dev="overlay" ino=688 res=0 errno=0
[  173.292378][ T7447] syzkaller1: entered promiscuous mode
[  173.300235][ T7447] syzkaller1: entered allmulticast mode
[  173.616528][ T5912] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  173.792523][ T5912] usb 4-1: Using ep0 maxpacket: 8
[  173.804617][ T5912] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  173.827937][   T36] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.835604][ T5912] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  173.866583][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  173.887795][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  173.910271][ T5912] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.943956][ T5912] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  173.973849][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.037602][ T5841] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  174.070291][   T36] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.214564][ T5912] usb 4-1: usb_control_msg returned -32
[  174.216786][ T5841] usb 5-1: Using ep0 maxpacket: 8
[  174.221752][ T5912] usbtmc 4-1:16.0: can't read capabilities
[  174.239520][ T5841] usb 5-1: unable to get BOS descriptor or descriptor too short
[  174.250919][   T36] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.272841][ T5841] usb 5-1: config 2 has an invalid interface number: 204 but max is 1
[  174.294390][ T5841] usb 5-1: config 2 has an invalid interface number: 31 but max is 1
[  174.334441][ T5841] usb 5-1: config 2 has no interface number 0
[  174.357346][ T5841] usb 5-1: config 2 has no interface number 1
[  174.379897][ T5841] usb 5-1: config 2 interface 31 altsetting 7 bulk endpoint 0xB has invalid maxpacket 32
[  174.413994][ T5841] usb 5-1: config 2 interface 31 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  174.453398][   T36] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.465317][ T5841] usb 5-1: config 2 interface 204 has no altsetting 0
[  174.477187][ T5841] usb 5-1: config 2 interface 31 has no altsetting 0
[  174.499717][ T5841] usb 5-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ce.7a
[  174.511965][ T5841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.514408][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  174.524179][ T5841] usb 5-1: Product: syz
[  174.534571][ T5841] usb 5-1: Manufacturer: syz
[  174.535836][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  174.539381][ T5841] usb 5-1: SerialNumber: syz
[  174.551954][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  174.566670][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  174.578402][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  174.584614][ T7482] usbtmc 4-1:16.0: INITIATE_CLEAR returned 0
[  174.696633][ T5912] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  174.778128][   T24] usb 4-1: USB disconnect, device number 28
[  174.821484][ T7465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.835477][ T7465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.854661][ T5841] hdpvr 5-1:2.204: Could not find bulk-in endpoint
[  174.873865][ T5841] hdpvr 5-1:2.204: probe with driver hdpvr failed with error -12
[  174.897523][ T5912] usb 2-1: Using ep0 maxpacket: 32
[  174.909653][ T5841] hdpvr 5-1:2.31: Could not find bulk-in endpoint
[  174.911871][ T5912] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  174.917825][ T5841] hdpvr 5-1:2.31: probe with driver hdpvr failed with error -12
[  174.926848][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.947568][ T5841] usb 5-1: USB disconnect, device number 14
[  174.978542][ T5912] usb 2-1: config 0 descriptor??
[  175.060629][   T36] bridge_slave_1: left allmulticast mode
[  175.066630][   T36] bridge_slave_1: left promiscuous mode
[  175.072551][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.083536][   T36] bridge_slave_0: left allmulticast mode
[  175.090177][   T36] bridge_slave_0: left promiscuous mode
[  175.096122][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.214972][ T7477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.227809][ T7477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.245987][ T5912] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  175.262156][ T5912] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  175.275994][ T5912] dib0700: firmware download failed at 7 with -22
[  175.295624][ T5912] usb 2-1: USB disconnect, device number 24
[  175.382543][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  175.413064][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  175.439161][   T36] bond0 (unregistering): Released all slaves
[  175.694063][   T30] audit: type=1800 audit(1774002911.609:26): pid=7494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.443" name="file1" dev="overlay" ino=386 res=0 errno=0
[  176.057665][   T36] hsr_slave_0: left promiscuous mode
[  176.064706][   T36] hsr_slave_1: left promiscuous mode
[  176.077446][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  176.085467][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.094808][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  176.103081][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.125638][   T36] veth1_macvtap: left promiscuous mode
[  176.132216][   T36] veth0_macvtap: left promiscuous mode
[  176.140366][   T36] veth1_vlan: left promiscuous mode
[  176.146246][   T36] veth0_vlan: left promiscuous mode
[  176.196960][ T5919] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  176.374347][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.394679][ T5919] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  176.404197][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  176.423908][ T5919] usb 2-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  176.447921][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.456155][ T5919] usb 2-1: Product: syz
[  176.468757][ T5919] usb 2-1: Manufacturer: syz
[  176.482776][ T5919] usb 2-1: SerialNumber: syz
[  176.498996][ T5919] usb 2-1: config 0 descriptor??
[  176.616695][   T51] Bluetooth: hci2: command tx timeout
[  176.714699][ T5919] uvcvideo 2-1:0.0: Found UVC 34.00 device syz (8086:0b5b)
[  176.723564][   T36] team0 (unregistering): Port device team_slave_1 removed
[  176.736140][ T5919] uvcvideo 2-1:0.0: No valid video chain found.
[  176.759621][   T36] team0 (unregistering): Port device team_slave_0 removed
[  177.160370][ T7480] chnl_net:caif_netlink_parms(): no params data found
[  177.345096][  T808] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  177.480406][ T7480] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.497879][ T7480] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.510071][  T808] usb 5-1: Using ep0 maxpacket: 32
[  177.528098][  T808] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  177.536533][ T7480] bridge_slave_0: entered allmulticast mode
[  177.544382][  T808] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.566481][ T7480] bridge_slave_0: entered promiscuous mode
[  177.572624][  T808] usb 5-1: config 0 has no interface number 0
[  177.583445][ T7480] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.590999][  T808] usb 5-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  177.602876][ T7480] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.610263][  T808] usb 5-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  177.624583][ T7480] bridge_slave_1: entered allmulticast mode
[  177.642501][ T7480] bridge_slave_1: entered promiscuous mode
[  177.664416][  T808] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  177.680767][  T808] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.706494][  T808] usb 5-1: Product: syz
[  177.718163][  T808] usb 5-1: Manufacturer: syz
[  177.732235][  T808] usb 5-1: SerialNumber: syz
[  177.758470][  T808] usb 5-1: config 0 descriptor??
[  177.781463][  T808] asix 5-1:0.188: probe with driver asix failed with error -22
[  177.799667][ T7480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.842256][ T7480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.913038][   T30] audit: type=1800 audit(1774002913.829:27): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.451" name="file1" dev="overlay" ino=737 res=0 errno=0
[  177.993912][ T7480] team0: Port device team_slave_0 added
[  178.016273][ T7480] team0: Port device team_slave_1 added
[  178.110568][ T7480] batman_adv: batadv0: Adding interface: batadv_slave_0
[  178.118771][ T7480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  178.148500][ T7480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.164246][ T7480] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.172036][ T7480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  178.204214][ T7480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.290499][ T7480] hsr_slave_0: entered promiscuous mode
[  178.297057][   T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  178.299766][ T7480] hsr_slave_1: entered promiscuous mode
[  178.466478][   T24] usb 4-1: Using ep0 maxpacket: 32
[  178.481319][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  178.491294][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.517847][   T24] usb 4-1: config 0 descriptor??
[  178.633632][ T7480] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  178.652730][ T7480] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  178.677643][ T7480] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  178.696772][   T51] Bluetooth: hci2: command tx timeout
[  178.704639][ T7480] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  178.736312][ T7542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.759110][ T7542] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.769595][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  178.789753][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  178.800718][   T24] dib0700: firmware download failed at 7 with -22
[  178.823537][   T24] usb 4-1: USB disconnect, device number 29
[  178.906120][ T5889] usb 2-1: USB disconnect, device number 25
[  179.015435][ T7480] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.060505][ T7480] 8021q: adding VLAN 0 to HW filter on device team0
[  179.081142][  T140] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.088413][  T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.122522][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.130131][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.326513][ T5889] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  179.499768][ T5889] usb 2-1: unable to get BOS descriptor or descriptor too short
[  179.532554][ T5889] usb 2-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40
[  179.552070][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.561849][ T5889] usb 2-1: Product: syz
[  179.576909][ T5889] usb 2-1: Manufacturer: syz
[  179.585373][ T7480] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.593792][ T5889] usb 2-1: SerialNumber: syz
[  180.149717][  T808] usb 5-1: USB disconnect, device number 15
[  180.165964][ T7480] veth0_vlan: entered promiscuous mode
[  180.235461][ T7480] veth1_vlan: entered promiscuous mode
[  180.376127][ T7480] veth0_macvtap: entered promiscuous mode
[  180.411990][ T7480] veth1_macvtap: entered promiscuous mode
[  180.431815][ T5889] usb 2-1: 1:1: cannot get freq at ep 0x1
[  180.465520][ T7480] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.499451][ T7480] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.529413][ T1096] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.569104][ T1096] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.578335][ T1096] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.603949][ T5889] usb 2-1: USB disconnect, device number 26
[  180.604970][ T1096] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.620032][  T808] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  180.774052][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  180.790560][  T808] usb 4-1: Using ep0 maxpacket: 32
[  180.794214][   T51] Bluetooth: hci2: command tx timeout
[  180.804734][  T808] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  180.818563][  T808] usb 4-1: config 0 has no interface number 0
[  180.825487][  T808] usb 4-1: config 0 interface 184 has no altsetting 0
[  180.874168][  T808] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  180.902169][  T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.926275][  T808] usb 4-1: Product: syz
[  180.933436][  T808] usb 4-1: Manufacturer: syz
[  180.949984][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.952137][  T808] usb 4-1: SerialNumber: syz
[  180.974485][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.990266][  T808] usb 4-1: config 0 descriptor??
[  181.059589][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  181.067853][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.276522][ T5912] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  181.318317][   T30] audit: type=1800 audit(1774002917.239:28): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.459" name="file1" dev="overlay" ino=33 res=0 errno=0
[  181.447138][ T5912] usb 2-1: Using ep0 maxpacket: 16
[  181.480702][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  181.496124][ T5912] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  181.508419][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.508450][ T5912] usb 2-1: Product: syz
[  181.508466][ T5912] usb 2-1: Manufacturer: syz
[  181.508482][ T5912] usb 2-1: SerialNumber: syz
[  181.517694][ T5912] usb 2-1: config 0 descriptor??
[  181.547082][ T5912] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  181.558737][ T5912] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  181.618888][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  181.633862][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  181.647811][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  181.662628][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  181.673121][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  181.684247][  T808] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  181.694480][ T5841] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  181.706091][  T808] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[  181.847106][ T5841] usb 7-1: Using ep0 maxpacket: 32
[  181.854889][ T5841] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  181.865574][ T5841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.876529][   T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  181.885716][ T5841] usb 7-1: config 0 descriptor??
[  182.026589][   T24] usb 5-1: Using ep0 maxpacket: 32
[  182.034187][   T24] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  182.042701][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.053398][   T24] usb 5-1: config 0 has no interface number 0
[  182.060559][   T24] usb 5-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  182.073192][   T24] usb 5-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  182.091944][   T24] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  182.107942][ T7627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.113104][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.122168][ T7627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.125146][   T24] usb 5-1: Product: syz
[  182.135822][ T5841] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  182.147903][   T24] usb 5-1: Manufacturer: syz
[  182.154411][   T24] usb 5-1: SerialNumber: syz
[  182.159362][ T5841] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  182.159435][ T5841] dib0700: firmware download failed at 7 with -22
[  182.171029][ T5841] usb 7-1: USB disconnect, device number 2
[  182.175369][ T5912] em28xx 2-1:0.0: chip ID is em2882/3
[  182.196250][   T24] usb 5-1: config 0 descriptor??
[  182.213458][   T24] asix 5-1:0.188: probe with driver asix failed with error -22
[  182.452372][ T5912] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  182.468153][ T5912] em28xx 2-1:0.0: board has no eeprom
[  182.536580][ T5912] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  182.544882][ T5912] em28xx 2-1:0.0: dvb set to bulk mode.
[  182.551495][   T24] em28xx 2-1:0.0: Binding DVB extension
[  182.568999][ T5912] usb 2-1: USB disconnect, device number 27
[  182.582905][ T5912] em28xx 2-1:0.0: Disconnecting em28xx
[  182.630187][   T24] em28xx 2-1:0.0: Registering input extension
[  182.697290][   T24] rc_core: IR keymap rc-pinnacle-pctv-hd not found
[  182.716331][   T24] Registered IR keymap rc-empty
[  182.725815][   T24] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  182.739498][   T24] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input11
[  182.758107][   T24] em28xx 2-1:0.0: Input extension successfully initialized
[  182.767579][ T5912] em28xx 2-1:0.0: Closing input extension
[  182.798021][ T5912] em28xx 2-1:0.0: Freeing device
[  182.857267][   T51] Bluetooth: hci2: command tx timeout
[  182.934389][ T7645] FAULT_INJECTION: forcing a failure.
[  182.934389][ T7645] name failslab, interval 1, probability 0, space 0, times 0
[  182.951596][ T7645] CPU: 1 UID: 0 PID: 7645 Comm: syz.1.465 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  182.951635][ T7645] Tainted: [L]=SOFTLOCKUP
[  182.951641][ T7645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  182.951652][ T7645] Call Trace:
[  182.951659][ T7645]  <TASK>
[  182.951668][ T7645]  dump_stack_lvl+0xe8/0x150
[  182.951700][ T7645]  should_fail_ex+0x412/0x560
[  182.951723][ T7645]  should_failslab+0xa8/0x100
[  182.951736][ T7645]  ? __kernfs_new_node+0xea/0x970
[  182.951753][ T7645]  kmem_cache_alloc_noprof+0x87/0x650
[  182.951769][ T7645]  ? kasan_save_track+0x3e/0x80
[  182.951783][ T7645]  ? __kasan_slab_alloc+0x6c/0x80
[  182.951794][ T7645]  ? __kernfs_new_node+0xea/0x970
[  182.951811][ T7645]  __kernfs_new_node+0xea/0x970
[  182.951830][ T7645]  ? __pfx___kernfs_new_node+0x10/0x10
[  182.951845][ T7645]  ? kernfs_root+0x1c/0x230
[  182.951862][ T7645]  ? kernfs_root+0x1c/0x230
[  182.951876][ T7645]  ? kernfs_root+0x1c/0x230
[  182.951889][ T7645]  ? kernfs_root+0x1c/0x230
[  182.951905][ T7645]  kernfs_new_node+0x102/0x210
[  182.951923][ T7645]  __kernfs_create_file+0x4b/0x2e0
[  182.951937][ T7645]  sysfs_add_file_mode_ns+0x238/0x300
[  182.951963][ T7645]  internal_create_group+0x673/0x1180
[  182.951987][ T7645]  ? __pfx_internal_create_group+0x10/0x10
[  182.952001][ T7645]  ? kernfs_add_one+0x477/0x5c0
[  182.952018][ T7645]  ? up_write+0x1ab/0x410
[  182.952033][ T7645]  sysfs_create_groups+0x59/0x120
[  182.952050][ T7645]  device_add_attrs+0x13b/0x5b0
[  182.952068][ T7645]  ? __pfx_device_add_attrs+0x10/0x10
[  182.952083][ T7645]  ? kobject_put+0x516/0x560
[  182.952100][ T7645]  ? device_add_class_symlinks+0x21f/0x240
[  182.952118][ T7645]  device_add+0x496/0xb70
[  182.952137][ T7645]  input_register_device+0x9b3/0x1140
[  182.952155][ T7645]  ? input_ff_create+0x235/0x300
[  182.952170][ T7645]  uinput_create_device+0x422/0x670
[  182.952188][ T7645]  uinput_ioctl_handler+0x417/0x14a0
[  182.952207][ T7645]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[  182.952227][ T7645]  ? __fget_files+0x2a/0x420
[  182.952241][ T7645]  ? __fget_files+0x3a0/0x420
[  182.952258][ T7645]  ? bpf_lsm_file_ioctl+0x9/0x20
[  182.952270][ T7645]  ? __pfx_uinput_ioctl+0x10/0x10
[  182.952282][ T7645]  __se_sys_ioctl+0xfc/0x170
[  182.952295][ T7645]  do_syscall_64+0x14d/0xf80
[  182.952307][ T7645]  ? trace_irq_disable+0x3b/0x140
[  182.952320][ T7645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.952332][ T7645]  ? clear_bhb_loop+0x40/0x90
[  182.952346][ T7645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.952358][ T7645] RIP: 0033:0x7f56a4d9c799
[  182.952370][ T7645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  182.952380][ T7645] RSP: 002b:00007f56a5d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  182.952394][ T7645] RAX: ffffffffffffffda RBX: 00007f56a5015fa0 RCX: 00007f56a4d9c799
[  182.952402][ T7645] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  182.952409][ T7645] RBP: 00007f56a5d31090 R08: 0000000000000000 R09: 0000000000000000
[  182.952416][ T7645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  182.952423][ T7645] R13: 00007f56a5016038 R14: 00007f56a5015fa0 R15: 00007ffeedf41bb8
[  182.952441][ T7645]  </TASK>
[  182.958215][  T808] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  183.389546][ T5912] usb 4-1: USB disconnect, device number 30
[  183.427634][  T808] usb 7-1: device descriptor read/64, error -71
[  183.666589][  T808] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  183.778865][ T5912] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  183.796659][  T808] usb 7-1: device descriptor read/64, error -71
[  183.908233][  T808] usb usb7-port1: attempt power cycle
[  183.956645][ T5912] usb 4-1: Using ep0 maxpacket: 32
[  183.965482][ T5912] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  183.979086][ T5912] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  183.988939][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  183.999267][ T5912] usb 4-1: Product: syz
[  184.003583][ T5912] usb 4-1: Manufacturer: syz
[  184.008594][ T5912] usb 4-1: SerialNumber: syz
[  184.022203][ T5912] usb 4-1: config 0 descriptor??
[  184.038479][ T7652] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  184.050581][ T5912] hub 4-1:0.0: bad descriptor, ignoring hub
[  184.055675][ T7660] overlayfs: failed to resolve './file0': -2
[  184.056614][ T5912] hub 4-1:0.0: probe with driver hub failed with error -5
[  184.246535][  T808] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[  184.267197][  T808] usb 7-1: device descriptor read/8, error -71
[  184.366548][ T5912] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  184.496564][ T5912] usb 2-1: device descriptor read/64, error -71
[  184.506726][  T808] usb 7-1: new low-speed USB device number 6 using dummy_hcd
[  184.531244][  T808] usb 7-1: device descriptor read/8, error -71
[  184.640975][ T5841] usb 5-1: USB disconnect, device number 16
[  184.663237][  T808] usb usb7-port1: unable to enumerate USB device
[  184.703996][ T7652] usb 4-1: reset high-speed USB device number 31 using dummy_hcd
[  184.746571][ T5912] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  184.871568][ T7664] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  184.879343][ T5912] usb 2-1: device descriptor read/64, error -71
[  184.987329][ T5912] usb usb2-port1: attempt power cycle
[  185.016773][ T5841] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  185.167791][ T5841] usb 5-1: Using ep0 maxpacket: 32
[  185.174900][ T5841] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  185.184384][ T5841] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.194453][ T5841] usb 5-1: config 0 descriptor??
[  185.326520][ T5912] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  185.359004][ T5912] usb 2-1: device descriptor read/8, error -71
[  185.405106][ T7667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.414600][ T7667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.425138][ T5841] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  185.438374][ T5841] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  185.448437][ T5841] dib0700: firmware download failed at 7 with -22
[  185.459578][ T5841] usb 5-1: USB disconnect, device number 17
[  185.596686][ T5912] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  185.637642][ T5912] usb 2-1: device descriptor read/8, error -71
[  185.689729][ T7664] raw-gadget.1 gadget.3: failed to queue suspend event
[  185.697331][ T7664] raw-gadget.1 gadget.3: failed to queue disconnect event
[  185.748376][ T5912] usb usb2-port1: unable to enumerate USB device
[  186.065922][   T49] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.194243][   T49] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.217268][ T5919] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  186.288748][   T49] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.374750][ T5160] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  186.386866][ T5919] usb 5-1: Using ep0 maxpacket: 32
[  186.392580][ T5160] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  186.394674][ T5919] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  186.408885][ T5160] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  186.411184][ T5919] usb 5-1: config 0 has no interface number 0
[  186.423412][ T5919] usb 5-1: config 0 interface 184 has no altsetting 0
[  186.435258][ T5919] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  186.444895][ T5160] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  186.444930][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.464320][ T5160] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  186.465711][ T5919] usb 5-1: Product: syz
[  186.482290][ T5919] usb 5-1: Manufacturer: syz
[  186.482533][   T49] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.494792][ T5841] usb 4-1: USB disconnect, device number 31
[  186.527626][ T5919] usb 5-1: SerialNumber: syz
[  186.547348][ T5919] usb 5-1: config 0 descriptor??
[  186.774723][   T49] bridge_slave_1: left allmulticast mode
[  186.781869][   T49] bridge_slave_1: left promiscuous mode
[  186.789233][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.800453][   T49] bridge_slave_0: left allmulticast mode
[  186.806137][   T49] bridge_slave_0: left promiscuous mode
[  186.813435][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.046207][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.069963][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.083617][   T49] bond0 (unregistering): Released all slaves
[  187.171370][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  187.206201][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  187.247212][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  187.310695][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  187.332319][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  187.354143][ T7691] overlayfs: failed to resolve './file0': -2
[  187.368403][ T5919] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  187.408702][ T5919] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -32
[  187.526262][ T7699] netlink: 164 bytes leftover after parsing attributes in process `syz.3.481'.
[  187.621908][ T7678] chnl_net:caif_netlink_parms(): no params data found
[  187.872418][   T49] hsr_slave_0: left promiscuous mode
[  187.881372][   T49] hsr_slave_1: left promiscuous mode
[  187.888665][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.898499][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.910530][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.921070][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.936503][ T5841] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  187.951207][   T49] veth1_macvtap: left promiscuous mode
[  187.960415][   T49] veth0_macvtap: left promiscuous mode
[  187.967046][ T5919] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  187.977191][   T49] veth1_vlan: left promiscuous mode
[  187.983112][   T49] veth0_vlan: left promiscuous mode
[  188.106548][ T5841] usb 2-1: Using ep0 maxpacket: 32
[  188.119258][ T5841] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  188.133178][ T5841] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  188.144682][ T5919] usb 4-1: Using ep0 maxpacket: 32
[  188.151145][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  188.161722][ T5841] usb 2-1: Product: syz
[  188.166200][ T5841] usb 2-1: Manufacturer: syz
[  188.171317][ T5841] usb 2-1: SerialNumber: syz
[  188.177754][ T5919] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  188.188679][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.200566][ T5841] usb 2-1: config 0 descriptor??
[  188.209305][ T7705] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  188.224664][ T5841] hub 2-1:0.0: bad descriptor, ignoring hub
[  188.232578][ T5841] hub 2-1:0.0: probe with driver hub failed with error -5
[  188.247378][ T5919] usb 4-1: config 0 descriptor??
[  188.405088][   T49] team0 (unregistering): Port device team_slave_1 removed
[  188.425265][   T49] team0 (unregistering): Port device team_slave_0 removed
[  188.465944][ T7707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.479426][ T7707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.489941][ T5919] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  188.514264][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  188.525569][ T5919] dib0700: firmware download failed at 7 with -22
[  188.536755][ T5160] Bluetooth: hci2: command tx timeout
[  188.542904][ T5919] usb 4-1: USB disconnect, device number 32
[  188.734283][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.745216][ T7678] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.753328][ T7678] bridge_slave_0: entered allmulticast mode
[  188.764345][ T7678] bridge_slave_0: entered promiscuous mode
[  188.774479][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.783883][ T7678] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.791747][ T7678] bridge_slave_1: entered allmulticast mode
[  188.800560][ T7678] bridge_slave_1: entered promiscuous mode
[  188.878198][ T7678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.911491][ T7678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.036807][ T5919] usb 2-1: USB disconnect, device number 32
[  189.043897][   T29] usb 5-1: USB disconnect, device number 18
[  189.093194][ T7678] team0: Port device team_slave_0 added
[  189.129736][ T7678] team0: Port device team_slave_1 added
[  189.161721][ T7729] netlink: 'syz.3.484': attribute type 10 has an invalid length.
[  189.317245][ T7729] team0: Port device dummy0 added
[  189.347114][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.366479][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.423994][ T7678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.440583][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.447938][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.474958][ T7678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.822554][ T7678] hsr_slave_0: entered promiscuous mode
[  189.829113][ T7743] overlayfs: failed to resolve './file0': -2
[  189.839261][ T7678] hsr_slave_1: entered promiscuous mode
[  189.956522][ T5841] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  190.131074][ T5841] usb 2-1: Using ep0 maxpacket: 32
[  190.149912][ T5841] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  190.184002][ T5841] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  190.208099][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  190.242278][ T5841] usb 2-1: Product: syz
[  190.260344][ T5841] usb 2-1: Manufacturer: syz
[  190.276481][ T5841] usb 2-1: SerialNumber: syz
[  190.306613][ T5919] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  190.318712][ T5841] usb 2-1: config 0 descriptor??
[  190.343274][ T7740] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  190.370069][ T5841] hub 2-1:0.0: bad descriptor, ignoring hub
[  190.396593][ T5841] hub 2-1:0.0: probe with driver hub failed with error -5
[  190.509325][ T5919] usb 4-1: Using ep0 maxpacket: 8
[  190.529353][ T5919] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  190.546106][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.571589][ T5919] usb 4-1: Product: syz
[  190.584229][ T5919] usb 4-1: Manufacturer: syz
[  190.597349][ T5919] usb 4-1: SerialNumber: syz
[  190.616651][ T5160] Bluetooth: hci2: command tx timeout
[  190.617710][ T5919] usb 4-1: config 0 descriptor??
[  190.722534][ T7678] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  190.752005][ T7678] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  190.775623][ T7678] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  190.804757][ T7678] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  190.833931][ T7755] dvmrp1: entered allmulticast mode
[  190.850366][ T7754] dvmrp1: left allmulticast mode
[  190.857214][ T5919] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  191.087328][ T7740] usb 2-1: reset high-speed USB device number 33 using dummy_hcd
[  191.177226][ T7678] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.214899][ T7678] 8021q: adding VLAN 0 to HW filter on device team0
[  191.235907][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.243408][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.272035][ T7753] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  191.278599][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.286583][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.294563][ T5912] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  191.457868][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  191.466481][ T5912] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  191.490152][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.505496][ T5912] usb 5-1: config 0 descriptor??
[  191.735629][ T7765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.755784][ T7678] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.767875][ T7765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.778906][ T5912] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  191.825528][ T5912] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  191.835391][ T5912] dib0700: firmware download failed at 7 with -22
[  191.858942][ T5912] usb 5-1: USB disconnect, device number 19
[  191.872647][ T7749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.902497][ T7749] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.924862][ T7749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.936060][ T7749] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.049889][  T140] raw-gadget.0 gadget.1: failed to queue suspend event
[  192.113531][ T7753] raw-gadget.0 gadget.1: failed to queue disconnect event
[  192.154245][ T5919] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  192.186035][ T5919] usb 4-1: USB disconnect, device number 33
[  192.338311][ T7678] veth0_vlan: entered promiscuous mode
[  192.389725][ T7678] veth1_vlan: entered promiscuous mode
[  192.504177][ T7678] veth0_macvtap: entered promiscuous mode
[  192.540663][ T7678] veth1_macvtap: entered promiscuous mode
[  192.621187][ T7678] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.659402][ T7678] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.691533][   T36] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.707086][ T5160] Bluetooth: hci2: command tx timeout
[  192.737909][   T36] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.774481][   T36] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.793379][   T36] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.815154][ T7806] netlink: 20 bytes leftover after parsing attributes in process `syz.3.494'.
[  192.861494][ T5919] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  192.998953][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.025871][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.067981][ T5919] usb 5-1: Using ep0 maxpacket: 32
[  193.078566][ T5919] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  193.085961][ T7812] overlayfs: failed to resolve './file1': -2
[  193.091390][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.116138][ T5919] usb 5-1: config 0 has no interface number 0
[  193.130295][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.132175][ T5919] usb 5-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  193.155776][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.160492][ T5919] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  193.207257][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.222207][ T5919] usb 5-1: Product: syz
[  193.233087][ T5919] usb 5-1: Manufacturer: syz
[  193.253178][ T5919] usb 5-1: SerialNumber: syz
[  193.281931][ T5919] usb 5-1: config 0 descriptor??
[  193.304569][ T5919] asix 5-1:0.188: probe with driver asix failed with error -22
[  193.435476][   T30] audit: type=1326 audit(1774002929.349:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7817 comm="syz.3.497" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9ab79c799 code=0x0
[  193.987819][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  194.172888][   T24] usb 8-1: Using ep0 maxpacket: 32
[  194.180815][   T24] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  194.190733][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.204021][   T24] usb 8-1: config 0 descriptor??
[  194.430165][ T7834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.443727][ T7834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.502172][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  194.515973][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  194.560583][   T24] dib0700: firmware download failed at 7 with -22
[  194.573567][   T24] usb 8-1: USB disconnect, device number 2
[  194.636623][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  194.776604][ T5160] Bluetooth: hci2: command tx timeout
[  195.467890][ T5841] usb 2-1: USB disconnect, device number 33
[  195.630701][ T7888] overlayfs: failed to resolve './file1': -2
[  195.679468][   T24] usb 5-1: USB disconnect, device number 20
[  196.159837][ T7897] netlink: 'syz.4.507': attribute type 6 has an invalid length.
[  196.191207][ T7897] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns
[  196.202984][ T7897] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  196.377357][ T5937] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  196.416479][   T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  196.501483][ T7920] overlayfs: failed to resolve './file1': -2
[  196.546504][ T5937] usb 4-1: Using ep0 maxpacket: 8
[  196.569890][ T5937] usb 4-1: config index 0 descriptor too short (expected 14385, got 18)
[  196.579139][   T24] usb 2-1: Using ep0 maxpacket: 32
[  196.594729][   T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  196.610175][ T5937] usb 4-1: config 52 has too many interfaces: 52, using maximum allowed: 32
[  196.624479][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.639113][ T5937] usb 4-1: config 52 has an invalid descriptor of length 52, skipping remainder of the config
[  196.674826][ T5937] usb 4-1: config 52 has 0 interfaces, different from the descriptor's value: 52
[  196.685947][   T24] usb 2-1: config 0 descriptor??
[  196.711080][ T5937] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  196.725540][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.736222][ T5937] usb 4-1: Product: syz
[  196.742592][ T5937] usb 4-1: Manufacturer: syz
[  196.747784][ T5937] usb 4-1: SerialNumber: syz
[  196.905221][ T7906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.916060][ T7906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.925186][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  196.938335][   T29] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  196.948128][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  196.956259][   T24] dib0700: firmware download failed at 7 with -22
[  196.968903][   T24] usb 2-1: USB disconnect, device number 34
[  197.106517][   T29] usb 8-1: Using ep0 maxpacket: 32
[  197.113282][   T29] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  197.129334][   T29] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  197.139604][   T29] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  197.148348][   T29] usb 8-1: Product: syz
[  197.152557][   T29] usb 8-1: Manufacturer: syz
[  197.157423][   T29] usb 8-1: SerialNumber: syz
[  197.164202][   T29] usb 8-1: config 0 descriptor??
[  197.171381][ T7923] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22
[  197.180857][   T29] hub 8-1:0.0: bad descriptor, ignoring hub
[  197.187387][   T29] hub 8-1:0.0: probe with driver hub failed with error -5
[  197.203835][ T5937] usb 4-1: USB disconnect, device number 34
[  197.500225][ T7931] 9pnet_fd: Insufficient options for proto=fd
[  197.856570][ T7923] usb 8-1: reset high-speed USB device number 3 using dummy_hcd
[  197.909254][ T7942] CIFS: iocharset name too long
[  198.051179][ T7929] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  198.103146][ T7944] netlink: 'syz.3.521': attribute type 6 has an invalid length.
[  198.123913][ T7944] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  198.797205][   T24] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  198.858954][ T5939] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  198.946497][   T24] usb 4-1: Using ep0 maxpacket: 32
[  198.953499][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  198.963543][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.974914][   T24] usb 4-1: config 0 descriptor??
[  198.996584][ T5940] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  199.004801][ T5939] usb 2-1: device descriptor read/64, error -71
[  199.136988][ T5940] usb 5-1: device descriptor read/64, error -71
[  199.193149][ T7951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.205638][ T7951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  199.217714][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  199.230801][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  199.239693][   T24] dib0700: firmware download failed at 7 with -22
[  199.247057][ T5939] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  199.261658][   T24] usb 4-1: USB disconnect, device number 35
[  199.386552][ T5939] usb 2-1: device descriptor read/64, error -71
[  199.392970][ T5940] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  199.506961][ T5939] usb usb2-port1: attempt power cycle
[  199.526507][ T5940] usb 5-1: device descriptor read/64, error -71
[  199.637132][ T5940] usb usb5-port1: attempt power cycle
[  199.846534][ T5939] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  199.867382][ T5939] usb 2-1: device descriptor read/8, error -71
[  199.976673][ T5940] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  200.007222][ T5940] usb 5-1: device descriptor read/8, error -71
[  200.106647][ T5939] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  200.127062][ T5939] usb 2-1: device descriptor read/8, error -71
[  200.236779][ T5939] usb usb2-port1: unable to enumerate USB device
[  200.246723][ T5940] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  200.267125][ T5940] usb 5-1: device descriptor read/8, error -71
[  200.377459][ T5940] usb usb5-port1: unable to enumerate USB device
[  201.196555][ T5937] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  201.346535][ T5937] usb 4-1: Using ep0 maxpacket: 32
[  201.353465][ T5937] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  201.364169][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.374756][ T5937] usb 4-1: config 0 descriptor??
[  201.585873][ T7980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.595231][ T7980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.605126][ T5937] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware
[  201.616266][ T5937] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  201.626551][ T5937] dib0700: firmware download failed at 7 with -22
[  201.638521][ T5937] usb 4-1: USB disconnect, device number 36
[  202.050254][ T7994] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3642988519 (466302530432 ns) > initial count (459226025088 ns). Using initial count to start timer.
[  202.121805][  T898] usb 8-1: USB disconnect, device number 3
[  202.280636][ T7997] FAULT_INJECTION: forcing a failure.
[  202.280636][ T7997] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  202.295133][ T7997] CPU: 1 UID: 0 PID: 7997 Comm: syz.4.543 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  202.295164][ T7997] Tainted: [L]=SOFTLOCKUP
[  202.295171][ T7997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  202.295183][ T7997] Call Trace:
[  202.295191][ T7997]  <TASK>
[  202.295198][ T7997]  dump_stack_lvl+0xe8/0x150
[  202.295233][ T7997]  should_fail_ex+0x412/0x560
[  202.295262][ T7997]  prepare_alloc_pages+0x22a/0x650
[  202.295292][ T7997]  __alloc_frozen_pages_noprof+0x119/0x3d0
[  202.295318][ T7997]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  202.295338][ T7997]  ? __alloc_frozen_pages_noprof+0x284/0x3d0
[  202.295362][ T7997]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  202.295387][ T7997]  ? __pfx_policy_nodemask+0x10/0x10
[  202.295406][ T7997]  ? kasan_save_track+0x4f/0x80
[  202.295431][ T7997]  ? kasan_save_track+0x3e/0x80
[  202.295455][ T7997]  ? __kasan_kmalloc+0x93/0xb0
[  202.295475][ T7997]  __alloc_pages_noprof+0x10/0x100
[  202.295496][ T7997]  alloc_pages_bulk_noprof+0x5ff/0x7c0
[  202.295518][ T7997]  ? alloc_pages_mpol+0x3c0/0x490
[  202.295544][ T7997]  ? alloc_pages_noprof+0x13b/0x2a0
[  202.295568][ T7997]  __kasan_populate_vmalloc+0xc1/0x1d0
[  202.295601][ T7997]  alloc_vmap_area+0xd47/0x1480
[  202.295645][ T7997]  ? __pfx_alloc_vmap_area+0x10/0x10
[  202.295669][ T7997]  ? __kasan_kmalloc+0x93/0xb0
[  202.295704][ T7997]  ? __get_vm_area_node+0x13f/0x300
[  202.295726][ T7997]  ? __kmalloc_cache_node_noprof+0x248/0x6b0
[  202.295753][ T7997]  ? copy_process+0x89b/0x4430
[  202.295782][ T7997]  __get_vm_area_node+0x1f8/0x300
[  202.295815][ T7997]  __vmalloc_node_range_noprof+0x36a/0x1750
[  202.295844][ T7997]  ? copy_process+0x89b/0x4430
[  202.295891][ T7997]  ? __memcg_slab_post_alloc_hook+0x493/0xe80
[  202.295927][ T7997]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  202.295956][ T7997]  ? rcu_is_watching+0x15/0xb0
[  202.295976][ T7997]  ? memcpy_and_pad+0x48/0x80
[  202.296008][ T7997]  __vmalloc_node_noprof+0xc2/0x100
[  202.296042][ T7997]  ? copy_process+0x89b/0x4430
[  202.296067][ T7997]  ? copy_process+0x89b/0x4430
[  202.296098][ T7997]  dup_task_struct+0x298/0x840
[  202.296132][ T7997]  copy_process+0x89b/0x4430
[  202.296195][ T7997]  ? __pfx_copy_process+0x10/0x10
[  202.296233][ T7997]  ? mutex_init_lockdep+0xdf/0x110
[  202.296257][ T7997]  vhost_task_create+0x1f9/0x380
[  202.296281][ T7997]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  202.296302][ T7997]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  202.296326][ T7997]  ? __pfx_vhost_task_create+0x10/0x10
[  202.296356][ T7997]  ? __pfx_vhost_task_fn+0x10/0x10
[  202.296383][ T7997]  ? __lock_acquire+0x6b5/0x2cf0
[  202.296413][ T7997]  ? kasan_save_track+0x4f/0x80
[  202.296437][ T7997]  ? kasan_save_track+0x3e/0x80
[  202.296461][ T7997]  ? kasan_save_free_info+0x46/0x50
[  202.296482][ T7997]  ? __kasan_slab_free+0x5c/0x80
[  202.296506][ T7997]  ? kfree+0x1c5/0x640
[  202.296533][ T7997]  kvm_mmu_post_init_vm+0x147/0x2d0
[  202.296562][ T7997]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  202.296597][ T7997]  ? __mutex_trylock_common+0x158/0x260
[  202.296619][ T7997]  ? look_up_lock_class+0x57/0x110
[  202.296640][ T7997]  ? register_lock_class+0x31/0x2e0
[  202.296667][ T7997]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  202.296705][ T7997]  ? __lock_acquire+0x6b5/0x2cf0
[  202.296736][ T7997]  ? __mutex_lock+0x320/0x1420
[  202.296764][ T7997]  ? kasan_quarantine_put+0xbb/0x1f0
[  202.296805][ T7997]  ? do_raw_write_lock+0x11d/0x260
[  202.296846][ T7997]  kvm_vcpu_ioctl+0xa62/0xfd0
[  202.296874][ T7997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  202.296893][ T7997]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  202.296934][ T7997]  ? __fget_files+0x2a/0x420
[  202.296961][ T7997]  ? __fget_files+0x2a/0x420
[  202.296981][ T7997]  ? __fget_files+0x3a0/0x420
[  202.297003][ T7997]  ? __fget_files+0x2a/0x420
[  202.297031][ T7997]  ? bpf_lsm_file_ioctl+0x9/0x20
[  202.297049][ T7997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  202.297070][ T7997]  __se_sys_ioctl+0xfc/0x170
[  202.297093][ T7997]  do_syscall_64+0x14d/0xf80
[  202.297113][ T7997]  ? trace_irq_disable+0x3b/0x140
[  202.297135][ T7997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.297154][ T7997]  ? clear_bhb_loop+0x40/0x90
[  202.297177][ T7997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.297197][ T7997] RIP: 0033:0x7f82e8b9c799
[  202.297217][ T7997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  202.297232][ T7997] RSP: 002b:00007f82e9b1c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.297254][ T7997] RAX: ffffffffffffffda RBX: 00007f82e8e15fa0 RCX: 00007f82e8b9c799
[  202.297268][ T7997] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  202.297279][ T7997] RBP: 00007f82e9b1c090 R08: 0000000000000000 R09: 0000000000000000
[  202.297292][ T7997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.297303][ T7997] R13: 00007f82e8e16038 R14: 00007f82e8e15fa0 R15: 00007ffe3f66d778
[  202.297335][ T7997]  </TASK>
[  202.367229][ T7998] 
[  202.398358][ T7997] syz.4.543: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  202.399553][ T7998] ======================================================
[  202.399565][ T7998] WARNING: possible circular locking dependency detected
[  202.399577][ T7998] syzkaller #0 Tainted: G             L     
[  202.404642][ T7997] ,cpuset=
[  202.410134][ T7998] ------------------------------------------------------
[  202.410145][ T7998] syz.3.542/7998 is trying to acquire lock:
[  202.410156][ T7998] ffff888036f6cfb8 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130
[  202.417224][ T7997] /
[  202.421211][ T7998] 
[  202.421211][ T7998] but task is already holding lock:
[  202.427030][ T7997] ,mems_allowed=0-1
[  202.431918][ T7998] ffff888073acbe70 (&ctx->map_changing_lock){++++}-{4:4}, at: mfill_get_vma+0x162/0x660
[  202.437303][ T7997] 
[  202.443279][ T7998] 
[  202.443279][ T7998] which lock already depends on the new lock.
[  202.443279][ T7998] 
[  202.443287][ T7998] 
[  202.443287][ T7998] the existing dependency chain (in reverse order) is:
[  202.443295][ T7998] 
[  202.443295][ T7998] -> #1 (&ctx->map_changing_lock){++++}-{4:4}
[  202.449358][ T7997] CPU: 1 UID: 0 PID: 7997 Comm: syz.4.543 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  202.449384][ T7997] Tainted: [L]=SOFTLOCKUP
[  202.449391][ T7997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  202.449400][ T7997] Call Trace:
[  202.449406][ T7997]  <TASK>
[  202.449413][ T7997]  dump_stack_lvl+0xe8/0x150
[  202.449439][ T7997]  warn_alloc+0x249/0x340
[  202.449455][ T7997]  ? trace_irq_enable+0x3b/0x140
[  202.449476][ T7997]  ? __pfx_warn_alloc+0x10/0x10
[  202.449492][ T7997]  ? __get_vm_area_node+0x211/0x300
[  202.449513][ T7997]  ? __kmalloc_cache_node_noprof+0x248/0x6b0
[  202.449543][ T7997]  ? copy_process+0x89b/0x4430
[  202.449567][ T7997]  ? __get_vm_area_node+0x211/0x300
[  202.449591][ T7997]  __vmalloc_node_range_noprof+0x38f/0x1750
[  202.449621][ T7997]  ? __memcg_slab_post_alloc_hook+0x493/0xe80
[  202.449647][ T7997]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  202.449671][ T7997]  ? rcu_is_watching+0x15/0xb0
[  202.449687][ T7997]  ? memcpy_and_pad+0x48/0x80
[  202.449713][ T7997]  __vmalloc_node_noprof+0xc2/0x100
[  202.449735][ T7997]  ? copy_process+0x89b/0x4430
[  202.449765][ T7997]  ? copy_process+0x89b/0x4430
[  202.449789][ T7997]  dup_task_struct+0x298/0x840
[  202.449813][ T7997]  copy_process+0x89b/0x4430
[  202.449845][ T7997]  ? __pfx_copy_process+0x10/0x10
[  202.449870][ T7997]  ? mutex_init_lockdep+0xdf/0x110
[  202.449888][ T7997]  vhost_task_create+0x1f9/0x380
[  202.449908][ T7997]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  202.449927][ T7997]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  202.449945][ T7997]  ? __pfx_vhost_task_create+0x10/0x10
[  202.449967][ T7997]  ? __pfx_vhost_task_fn+0x10/0x10
[  202.449986][ T7997]  ? __lock_acquire+0x6b5/0x2cf0
[  202.450010][ T7997]  ? kasan_save_track+0x4f/0x80
[  202.450031][ T7997]  ? kasan_save_track+0x3e/0x80
[  202.450052][ T7997]  ? kasan_save_free_info+0x46/0x50
[  202.450071][ T7997]  ? __kasan_slab_free+0x5c/0x80
[  202.450093][ T7997]  ? kfree+0x1c5/0x640
[  202.450114][ T7997]  kvm_mmu_post_init_vm+0x147/0x2d0
[  202.450134][ T7997]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  202.450158][ T7997]  ? __mutex_trylock_common+0x158/0x260
[  202.450175][ T7997]  ? look_up_lock_class+0x57/0x110
[  202.450192][ T7997]  ? register_lock_class+0x31/0x2e0
[  202.450214][ T7997]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  202.450236][ T7997]  ? __lock_acquire+0x6b5/0x2cf0
[  202.450258][ T7997]  ? __mutex_lock+0x320/0x1420
[  202.450278][ T7997]  ? kasan_quarantine_put+0xbb/0x1f0
[  202.450304][ T7997]  ? do_raw_write_lock+0x11d/0x260
[  202.450328][ T7997]  kvm_vcpu_ioctl+0xa62/0xfd0
[  202.450347][ T7997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  202.450364][ T7997]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  202.450388][ T7997]  ? __fget_files+0x2a/0x420
[  202.450408][ T7997]  ? __fget_files+0x2a/0x420
[  202.450428][ T7997]  ? __fget_files+0x3a0/0x420
[  202.450447][ T7997]  ? __fget_files+0x2a/0x420
[  202.450468][ T7997]  ? bpf_lsm_file_ioctl+0x9/0x20
[  202.450484][ T7997]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  202.450501][ T7997]  __se_sys_ioctl+0xfc/0x170
[  202.450518][ T7997]  do_syscall_64+0x14d/0xf80
[  202.450535][ T7997]  ? trace_irq_disable+0x3b/0x140
[  202.450553][ T7997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.450570][ T7997]  ? clear_bhb_loop+0x40/0x90
[  202.450587][ T7997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.450603][ T7997] RIP: 0033:0x7f82e8b9c799
[  202.450618][ T7997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  202.450632][ T7997] RSP: 002b:00007f82e9b1c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.450650][ T7997] RAX: ffffffffffffffda RBX: 00007f82e8e15fa0 RCX: 00007f82e8b9c799
[  202.450662][ T7997] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  202.450672][ T7997] RBP: 00007f82e9b1c090 R08: 0000000000000000 R09: 0000000000000000
[  202.450682][ T7997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.450693][ T7997] R13: 00007f82e8e16038 R14: 00007f82e8e15fa0 R15: 00007ffe3f66d778
[  202.450710][ T7997]  </TASK>
[  202.454175][ T7997] Mem-Info:
[  202.459760][ T7998] :
[  202.459770][ T7998]        down_write+0x96/0x200
[  202.459792][ T7998]        userfaultfd_unmap_prep+0x24b/0x3e0
[  202.459816][ T7998]        vms_gather_munmap_vmas+0x9c6/0x1370
[  202.468845][ T7997] active_anon:7490 inactive_anon:0 isolated_anon:0
[  202.468845][ T7997]  active_file:2962 inactive_file:40020 isolated_file:0
[  202.468845][ T7997]  unevictable:768 dirty:168 writeback:0
[  202.468845][ T7997]  slab_reclaimable:10648 slab_unreclaimable:97050
[  202.468845][ T7997]  mapped:25165 shmem:1375 pagetables:1647
[  202.468845][ T7997]  sec_pagetables:0 bounce:0
[  202.468845][ T7997]  kernel_misc_reclaimable:0
[  202.468845][ T7997]  free:1337037 free_pcp:6787 free_cma:0
[  202.470753][ T7998]        mmap_region+0x85b/0x2240
[  202.470779][ T7998]        do_mmap+0xc39/0x10c0
[  202.478060][ T7997] Node 0 active_anon:29960kB inactive_anon:0kB active_file:11848kB inactive_file:159876kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100660kB dirty:668kB writeback:0kB shmem:3964kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12904kB pagetables:6456kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  202.481964][ T7998]        vm_mmap_pgoff+0x2c9/0x4f0
[  202.481987][ T7998]        do_syscall_64+0x14d/0xf80
[  202.487190][ T7997] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  202.491902][ T7998]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.491932][ T7998] 
[  202.491932][ T7998] -> #0 (&mm->mmap_lock
[  202.497364][ T7997] Node 0 
[  202.501811][ T7998] ){++++}-{4:4}:
[  202.501832][ T7998]        __lock_acquire+0x15a5/0x2cf0
[  202.507086][ T7997] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  202.511181][ T7998]        lock_acquire+0x106/0x350
[  202.511209][ T7998]        __might_fault+0xcb/0x130
[  202.517069][ T7997] lowmem_reserve[]:
[  202.521458][ T7998]        userfaultfd_ioctl+0x2c01/0x4c70
[  202.521489][ T7998]        __se_sys_ioctl+0xfc/0x170
[  202.526920][ T7997]  0
[  202.533348][ T7998]        do_syscall_64+0x14d/0xf80
[  202.533373][ T7998]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.540934][ T7997]  2480
[  202.546019][ T7998] 
[  202.546019][ T7998] other info that might help us debug this:
[  202.546019][ T7998] 
[  202.546031][ T7998]  Possible unsafe locking scenario:
[  202.546031][ T7998] 
[  202.546037][ T7998]        CPU0                    CPU1
[  202.546043][ T7998]        ----                    ----
[  202.546050][ T7998]   rlock(
[  202.552300][ T7997]  2482
[  202.556250][ T7998] &ctx->map_changing_lock);
[  202.556267][ T7998]                                lock(&mm->mmap_lock);
[  202.561602][ T7997]  2482
[  202.566215][ T7998]                                lock(&ctx->map_changing_lock);
[  202.566237][ T7998]   rlock(&mm->mmap_lock);
[  203.617138][ T7998] 
[  203.617138][ T7998]  *** DEADLOCK ***
[  203.617138][ T7998] 
[  203.625346][ T7998] 2 locks held by syz.3.542/7998:
[  203.630546][ T7998]  #0: ffff888077bb3948 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500
[  203.640144][ T7998]  #1: ffff888073acbe70 (&ctx->map_changing_lock){++++}-{4:4}, at: mfill_get_vma+0x162/0x660
[  203.650945][ T7998] 
[  203.650945][ T7998] stack backtrace:
[  203.657119][ T7998] CPU: 0 UID: 0 PID: 7998 Comm: syz.3.542 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  203.657141][ T7998] Tainted: [L]=SOFTLOCKUP
[  203.657147][ T7998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  203.657156][ T7998] Call Trace:
[  203.657163][ T7998]  <TASK>
[  203.657170][ T7998]  dump_stack_lvl+0xe8/0x150
[  203.657193][ T7998]  print_circular_bug+0x2e1/0x300
[  203.657211][ T7998]  check_noncircular+0x12e/0x150
[  203.657228][ T7998]  __lock_acquire+0x15a5/0x2cf0
[  203.657249][ T7998]  ? mfill_get_vma+0x392/0x660
[  203.657265][ T7998]  ? mfill_atomic_copy+0x125b/0x1580
[  203.657280][ T7998]  ? __kernel_text_address+0xd/0x30
[  203.657298][ T7998]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  203.657318][ T7998]  ? __might_fault+0xaf/0x130
[  203.657336][ T7998]  lock_acquire+0x106/0x350
[  203.657356][ T7998]  ? __might_fault+0xaf/0x130
[  203.657377][ T7998]  ? __might_fault+0xaf/0x130
[  203.657396][ T7998]  __might_fault+0xcb/0x130
[  203.657413][ T7998]  ? __might_fault+0xaf/0x130
[  203.657432][ T7998]  userfaultfd_ioctl+0x2c01/0x4c70
[  203.657452][ T7998]  ? __kasan_slab_free+0x5c/0x80
[  203.657472][ T7998]  ? kfree+0x1c5/0x640
[  203.657494][ T7998]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  203.657520][ T7998]  ? kasan_quarantine_put+0xbb/0x1f0
[  203.657543][ T7998]  ? tomoyo_path_number_perm+0x219/0x630
[  203.657562][ T7998]  ? tomoyo_path_number_perm+0x219/0x630
[  203.657580][ T7998]  ? do_vfs_ioctl+0x1166/0x1530
[  203.657595][ T7998]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  203.657609][ T7998]  ? __pfx_vfs_readv+0x10/0x10
[  203.657627][ T7998]  ? do_futex+0x333/0x420
[  203.657654][ T7998]  ? __fget_files+0x2a/0x420
[  203.657672][ T7998]  ? __fget_files+0x2a/0x420
[  203.657689][ T7998]  ? __fget_files+0x3a0/0x420
[  203.657706][ T7998]  ? __fget_files+0x2a/0x420
[  203.657724][ T7998]  ? bpf_lsm_file_ioctl+0x9/0x20
[  203.657738][ T7998]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  203.657756][ T7998]  __se_sys_ioctl+0xfc/0x170
[  203.657772][ T7998]  do_syscall_64+0x14d/0xf80
[  203.657787][ T7998]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.657802][ T7998]  ? clear_bhb_loop+0x40/0x90
[  203.657818][ T7998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.657832][ T7998] RIP: 0033:0x7fd9ab79c799
[  203.657847][ T7998] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.657859][ T7998] RSP: 002b:00007fd9ac5d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  203.657876][ T7998] RAX: ffffffffffffffda RBX: 00007fd9aba15fa0 RCX: 00007fd9ab79c799
[  203.657886][ T7998] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 0000000000000003
[  203.657896][ T7998] RBP: 00007fd9ab832c99 R08: 0000000000000000 R09: 0000000000000000
[  203.657905][ T7998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  203.657914][ T7998] R13: 00007fd9aba16038 R14: 00007fd9aba15fa0 R15: 00007ffee9be2bb8
[  203.657929][ T7998]  </TASK>
[  203.961568][ T7997]  2482
[  203.964467][ T7997] Node 0 DMA32 free:1385000kB boost:0kB min:34096kB low:42620kB high:51144kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29964kB inactive_anon:0kB active_file:11848kB inactive_file:159876kB unevictable:1536kB writepending:672kB zspages:0kB present:3129332kB managed:2540380kB mlocked:0kB bounce:0kB free_pcp:27184kB local_pcp:15720kB free_cma:0kB
[  204.001279][ T7997] lowmem_reserve[]: 0 0 1 1 1
[  204.006218][ T7997] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1700kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  204.036658][ T7997] lowmem_reserve[]: 0 0 0 0 0
[  204.041411][ T7997] Node 1 Normal free:3947788kB boost:0kB min:55780kB low:69724kB high:83668kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  204.073723][ T7997] lowmem_reserve[]: 0 0 0 0 0
[  204.078633][ T7997] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  204.092176][ T7997] Node 0 DMA32: 1658*4kB (UM) 1104*8kB (UME) 252*16kB (UE) 64*32kB (UM) 42*64kB (UM) 33*128kB (UM) 7*256kB (U) 18*512kB (UME) 16*1024kB (UM) 11*2048kB (UM) 319*4096kB (M) = 1385000kB
[  204.111260][ T7997] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  204.123231][ T7997] Node 1 Normal: 5*4kB (U) 9*8kB (UM) 9*16kB (UM) 3*32kB (UM) 5*64kB (UM) 5*128kB (UM) 6*256kB (UM) 5*512kB (UM) 2*1024kB (UM) 2*2048kB (U) 961*4096kB (M) = 3947788kB
[  204.140792][ T7997] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  204.146500][  T898] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  204.152011][ T7997] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  204.168637][ T7997] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  204.178302][ T7997] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  204.189032][ T7997] 44355 total pagecache pages
[  204.194727][ T7997] 0 pages in swap cache
[  204.198991][ T7997] Free swap  = 124996kB
[  204.203318][ T7997] Total swap = 124996kB
[  204.207732][ T7997] 2097051 pages RAM
[  204.211569][ T7997] 0 pages HighMem/MovableOnly
[  204.218436][ T7997] 429916 pages reserved
[  204.222914][ T7997] 0 pages cma reserved
[  204.778853][  T898] usb 8-1: device descriptor read/all, error -71
[  204.794136][  T140] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.830486][  T140] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.902009][  T140] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.961192][  T140] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.048888][  T140] bridge_slave_1: left allmulticast mode
[  205.055035][  T140] bridge_slave_1: left promiscuous mode
[  205.061259][  T140] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.070537][  T140] bridge_slave_0: left allmulticast mode
[  205.076745][  T140] bridge_slave_0: left promiscuous mode
[  205.082609][  T140] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.175081][  T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.185449][  T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.195121][  T140] bond0 (unregistering): Released all slaves
[  205.437442][  T140] hsr_slave_0: left promiscuous mode
[  205.446439][  T140] hsr_slave_1: left promiscuous mode
[  205.454400][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.463818][  T140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.473969][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.481524][  T140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.494673][  T140] veth1_macvtap: left promiscuous mode
[  205.501834][  T140] veth0_macvtap: left promiscuous mode
[  205.507825][  T140] veth1_vlan: left promiscuous mode
[  205.513235][  T140] veth0_vlan: left promiscuous mode
[  205.638232][  T140] team0 (unregistering): Port device team_slave_1 removed
[  205.657340][  T140] team0 (unregistering): Port device team_slave_0 removed
[  206.042808][  T140] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.092495][  T140] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.145315][  T140] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.187189][  T140] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.299897][  T140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.332860][  T140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.415446][  T140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.445317][  T140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.569935][  T140] bridge_slave_1: left allmulticast mode
[  206.578318][  T140] bridge_slave_1: left promiscuous mode
[  206.584536][  T140] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.594626][  T140] bridge_slave_0: left allmulticast mode
[  206.601076][  T140] bridge_slave_0: left promiscuous mode
[  206.607145][  T140] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.616031][  T140] bridge_slave_1: left allmulticast mode
[  206.622271][  T140] bridge_slave_1: left promiscuous mode
[  206.628661][  T140] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.637237][  T140] bridge_slave_0: left allmulticast mode
[  206.643006][  T140] bridge_slave_0: left promiscuous mode
[  206.649270][  T140] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.754892][  T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.765442][  T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.775537][  T140] bond0 (unregistering): Released all slaves
[  206.854547][  T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.866506][  T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.876044][  T140] bond0 (unregistering): Released all slaves
[  207.231278][  T140] hsr_slave_0: left promiscuous mode
[  207.237347][  T140] hsr_slave_1: left promiscuous mode
[  207.243740][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.251567][  T140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.262001][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.272296][  T140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.285044][  T140] hsr_slave_0: left promiscuous mode
[  207.291536][  T140] hsr_slave_1: left promiscuous mode
[  207.297950][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.305371][  T140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.314344][  T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.322087][  T140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.341392][  T140] veth1_macvtap: left promiscuous mode
[  207.346961][  T140] veth0_macvtap: left promiscuous mode
[  207.352529][  T140] veth1_vlan: left allmulticast mode
[  207.358214][  T140] veth1_vlan: left promiscuous mode
[  207.363553][  T140] veth0_vlan: left promiscuous mode
[  207.371474][  T140] veth1_macvtap: left promiscuous mode
[  207.380124][  T140] veth0_macvtap: left promiscuous mode
[  207.385827][  T140] veth1_vlan: left promiscuous mode
[  207.391644][  T140] veth0_vlan: left promiscuous mode
[  207.569398][  T140] team0 (unregistering): Port device team_slave_1 removed
[  207.584261][  T140] team0 (unregistering): Port device team_slave_0 removed
[  207.703788][  T140] team0 (unregistering): Port device team_slave_1 removed
[  207.720598][  T140] team0 (unregistering): Port device team_slave_0 removed
[  212.057671][   T51] Bluetooth: hci1: command 0x0406 tx timeout