last executing test programs:

8m20.924555895s ago: executing program 32 (id=55):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000300)={0x0, 0x3}, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f00000000c0)={0x2, 0xfe}, 0x2)

7m46.916562179s ago: executing program 4 (id=681):
r0 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0xf3, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/169, 0xa9}], 0x1, 0x0, 0x25}, 0x0, 0x40000103})
io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0)

7m46.773940508s ago: executing program 4 (id=683):
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1, 0x10, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000}}]}, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7m46.610921793s ago: executing program 4 (id=684):
r0 = syz_io_uring_setup(0x37, &(0x7f0000000080)={0x0, 0x36c4, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0, 0x80002101})
io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0)

7m46.495377943s ago: executing program 4 (id=686):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn'])

7m46.367611824s ago: executing program 4 (id=688):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}]}}}]}, 0x3c}}, 0x0)

7m45.871498319s ago: executing program 4 (id=694):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r0, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)

7m45.583143256s ago: executing program 33 (id=694):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r0, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240)=[0x1], 0x0, 0x0)

6m19.936669166s ago: executing program 0 (id=2070):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)={0x90, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x72, 0x33, @beacon={{{}, {0xdde}, @broadcast, @device_a, @initial, {0x0, 0x8}}, 0x101, @default, 0x4502, @val, @val, @val={0x3, 0x1, 0xe}, @val={0x4, 0x6, {0xa, 0x97, 0x0, 0xffff}}, @val={0x6, 0x2, 0x1}, @val={0x5, 0x3, {0x5, 0x99}}, @void, @void, @val={0x3c, 0x4, {0x1, 0x80, 0x2c, 0x1c}}, @val={0x2d, 0x1a, {0x2, 0x0, 0x3, 0x0, {0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3}, 0x7, 0x3, 0x4}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x5, 0x5, 0x21, 0xb}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x880}, 0x0)

6m19.774564352s ago: executing program 0 (id=2073):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x4, 0x24, &(0x7f0000000540)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x40095505, 0x0)

6m18.848096291s ago: executing program 0 (id=2083):
io_setup(0x8, &(0x7f0000000000)=<r0=>0x0)
r1 = eventfd2(0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000340)="7e9adf65e9c6bafa", 0x8}], 0x1)

6m18.67919683s ago: executing program 0 (id=2089):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)

6m18.487737942s ago: executing program 0 (id=2094):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
faccessat2(0xffffffffffffff9c, 0x0, 0x2, 0x0)

6m18.196063861s ago: executing program 0 (id=2101):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448dd, &(0x7f0000000880))

6m17.907316685s ago: executing program 34 (id=2101):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448dd, &(0x7f0000000880))

4m57.076720108s ago: executing program 1 (id=3482):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)

4m56.966793748s ago: executing program 1 (id=3484):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r1, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, r1, 0x0)

4m56.593312002s ago: executing program 1 (id=3494):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0xb1, 0x9, 0x0, 0x7ffff020}, {0x6, 0x0, 0x0, 0x4}]}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}}, 0x0)

4m56.525706451s ago: executing program 1 (id=3496):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x205)

4m56.504778741s ago: executing program 1 (id=3498):
socket(0x23, 0x80805, 0x0)
r0 = syz_io_uring_setup(0x21cb, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)

4m56.414336406s ago: executing program 1 (id=3501):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

4m56.24694891s ago: executing program 35 (id=3501):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

2m43.571885404s ago: executing program 6 (id=5879):
r0 = io_uring_setup(0x177f, &(0x7f00000001c0)={0x0, 0xcce2, 0x800, 0x0, 0x175})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x2001, 0x8000000}, 0x8)
shutdown(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m42.729921645s ago: executing program 6 (id=5886):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
r0 = socket(0x840000000002, 0x3, 0xff)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd0060, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r1}}]})

2m42.645619675s ago: executing program 6 (id=5887):
r0 = epoll_create1(0x80000)
r1 = epoll_create1(0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0))

2m42.556125228s ago: executing program 6 (id=5888):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0xc)

2m42.555610622s ago: executing program 6 (id=5889):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {}, {0x3}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

2m42.346156457s ago: executing program 6 (id=5892):
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x8, 0x1})
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffb000/0x3000)=nil, 0x3000})

2m42.107945763s ago: executing program 36 (id=5892):
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x8, 0x1})
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffb000/0x3000)=nil, 0x3000})

1m35.011985648s ago: executing program 3 (id=6860):
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r2, @ANYBLOB="200001"], 0x38}}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

1m34.844029956s ago: executing program 3 (id=6863):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, 0x8, 0x7})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f0000000340)=[0x10000, 0x4], 0x0, 0x0, 0x2, 0x1}}, 0x40)
creat(&(0x7f0000000200)='./file0\x00', 0x0)

1m34.796100492s ago: executing program 3 (id=6865):
socket$inet6_sctp(0xa, 0x1, 0x84)
timerfd_create(0x0, 0x0)
r0 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000020c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000400)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1m34.714017398s ago: executing program 3 (id=6867):
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1a8584c, 0x0)

1m34.634580702s ago: executing program 3 (id=6868):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x38, 0x6d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'ip6_vti0\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

1m33.911910787s ago: executing program 3 (id=6876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x1, 0x0, 0x0, {[@window={0x3, 0x3, 0x6}]}}}}}}}, 0x0)

1m33.224790325s ago: executing program 37 (id=6876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x2c, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x1, 0x0, 0x0, {[@window={0x3, 0x3, 0x6}]}}}}}}}, 0x0)

2.406115234s ago: executing program 7 (id=8024):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xea}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x50}}, 0x0)

2.304224643s ago: executing program 7 (id=8027):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00)
ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffffe})
r1 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00)
ioctl$IOC_PR_PREEMPT(r1, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffffe})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2.24589798s ago: executing program 7 (id=8028):
creat(0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}}, 0x0)
mknod$loop(0x0, 0x0, 0x1)
r0 = syz_usb_connect$uac1(0x0, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a2401080000020102"], 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003040000000c03"], 0x0, 0x0, 0x0}, 0x0)

2.147437737s ago: executing program 8 (id=8030):
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x222, 0x2, 0x9, 0x1e, 0x602, 0x3})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

2.091780837s ago: executing program 8 (id=8031):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000023c0)='westwood\x00', 0x9)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

1.670437653s ago: executing program 9 (id=8033):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r1})

1.61230608s ago: executing program 9 (id=8034):
open(&(0x7f00000005c0)='./file0\x00', 0x2a4c0, 0x13)
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127, 0x0, 0x1, {0x1}})
io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)

1.611570797s ago: executing program 2 (id=8035):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x100000d, 0x9132, 0xffffffffffffffff, 0x212b2000)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000380)={0x1, 0x0, [{0x40000073, 0x0, 0x3}]})

1.431950127s ago: executing program 2 (id=8036):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
socket$inet6(0x10, 0x3, 0x0)
setuid(0xee01)
fchmodat(r1, &(0x7f0000000000)='.\x00', 0xe0)

1.292311267s ago: executing program 2 (id=8038):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x8, {{0x2, 0x4e21, @empty=0xe0009eff}}, {{0x2, 0x4e23, @broadcast}}}, 0x108)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000000)={0x8, {{0x2, 0x4e21, @empty=0xe0000000}}, {{0x2, 0x4e23, @local}}}, 0x108)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000540)={0x8, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x4e20, @multicast1}}}, 0x108)
close(0x3)

1.265739898s ago: executing program 8 (id=8039):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x56)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
fanotify_mark(r1, 0x1, 0x40000020, r0, &(0x7f0000000100)='./file0\x00')

1.145517243s ago: executing program 2 (id=8041):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12-generic\x00'}, 0x56)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f0000000cc0)=""/4084, 0x835)
sendmmsg$alg(r1, &(0x7f0000000c80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000600)="faab78d5e4201d43a65d20ccf9", 0xd}], 0x1, 0x0, 0x0, 0x20000850}], 0x1, 0x4000080)

1.063493993s ago: executing program 8 (id=8042):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db5093995763b41cbeebb37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d0250bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f56200009d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9333471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfab45c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898876e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02080000001def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300000000000000000000000000000000000000000000000000000000000000000000000000004000"})

827.855853ms ago: executing program 9 (id=8044):
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x8, &(0x7f0000002240)={0x2b, 0x1, 0x2})
r2 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8)
read(r2, &(0x7f0000000740)=""/384, 0x180)

827.591923ms ago: executing program 9 (id=8045):
ftruncate(0xffffffffffffffff, 0xc17a)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

782.822969ms ago: executing program 8 (id=8046):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0)

712.736217ms ago: executing program 7 (id=8047):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = inotify_init1(0x80000)
inotify_add_watch(r0, &(0x7f0000000300)='./file0\x00', 0x42000000)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240))

682.745602ms ago: executing program 5 (id=8048):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
socket$packet(0x11, 0x2, 0x300)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
socket$packet(0x11, 0x3, 0x300)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00)

645.812451ms ago: executing program 9 (id=8049):
gettid()
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0x6}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYBLOB="070000000000000007000000ffffffff"])

645.64696ms ago: executing program 8 (id=8050):
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
exit(0x0)

551.943714ms ago: executing program 7 (id=8051):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, 0x0, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
close(0x3)

551.401925ms ago: executing program 5 (id=8052):
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r2, 0x0, 0xf7}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000280)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x42}}, 0x80, 0x0}, 0x4000)

464.219359ms ago: executing program 5 (id=8053):
r0 = syz_io_uring_setup(0x507d, &(0x7f0000000480)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='net_prio.prioidx\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='6'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

447.436665ms ago: executing program 9 (id=8054):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1714, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x20, 0x1})
syz_usb_connect(0x6, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="120100030a242bff800410d0e50c01"], 0x0)
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)

318.635911ms ago: executing program 5 (id=8055):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x3d, &(0x7f0000000040), 0x8)

218.173855ms ago: executing program 5 (id=8056):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

214.427784ms ago: executing program 2 (id=8057):
mount(0x0, 0x0, &(0x7f0000000040)='ocfs2\x00', 0x800, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x80042, 0x50)
chdir(&(0x7f0000000540)='./cgroup\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

76.386139ms ago: executing program 5 (id=8058):
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x1000000, 0x0)

56.605571ms ago: executing program 2 (id=8059):
socket(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x5, 0x28)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7fd, 0x0, 0x1, 0x1, 0x3, 0x2}, 0x20)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0)

0s ago: executing program 7 (id=8060):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068)

kernel console output (not intermixed with test programs):

axpacket 9224, setting to 1024
[  488.912092][ T5902] usb 10-1: config 11 interface 158 altsetting 81 has an invalid descriptor for endpoint zero, skipping
[  488.923314][ T5902] usb 10-1: config 11 interface 158 altsetting 81 has 6 endpoint descriptors, different from the interface descriptor's value: 3
[  488.936908][ T5902] usb 10-1: config 11 interface 158 has no altsetting 0
[  488.947910][ T5902] usb 10-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice=3b.0d
[  488.958862][ T5902] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.969500][ T5902] usb 10-1: Product: syz
[  488.974896][ T5902] usb 10-1: Manufacturer: syz
[  488.992430][ T5902] usb 10-1: SerialNumber: syz
[  489.013597][T21460] netlink: 9280 bytes leftover after parsing attributes in process `syz.3.6799'.
[  489.093645][T21464] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.6801'.
[  489.196987][   T24] usb 9-1: USB disconnect, device number 40
[  489.216356][ T5902] usb 10-1: USB disconnect, device number 12
[  489.364903][T21476] syzkaller1: entered promiscuous mode
[  489.379536][T21476] syzkaller1: entered allmulticast mode
[  489.718453][T21493] batadv_slave_1: entered promiscuous mode
[  489.726286][T21493] batadv_slave_1: left promiscuous mode
[  489.761278][   T30] audit: type=1326 audit(489.728:5812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21494 comm="syz.3.6814" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff43818ebe9 code=0x0
[  490.675576][T21534] input: syz0 as /devices/virtual/input/input92
[  491.286753][T21549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6838'.
[  491.298090][   T30] audit: type=1400 audit(491.268:5813): avc:  denied  { wake_alarm } for  pid=21537 comm="syz.5.6833" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  491.318670][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.324974][T21549] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6838'.
[  491.442114][T21556] vcan0: entered allmulticast mode
[  491.451718][T21556] vcan0: left allmulticast mode
[  491.887116][   T30] audit: type=1326 audit(491.858:5814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21568 comm="syz.3.6847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43818ebe9 code=0x7fc00000
[  492.127917][T21576] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6848'.
[  492.218526][T20644] usb 9-1: new low-speed USB device number 41 using dummy_hcd
[  492.382578][T20644] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  492.403629][T20644] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.413992][T20644] usb 9-1: config 0 descriptor??
[  492.552886][   T30] audit: type=1326 audit(492.518:5815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21568 comm="syz.3.6847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff43818ebe9 code=0x7fc00000
[  492.666637][   T30] audit: type=1400 audit(492.628:5816): avc:  denied  { mounton } for  pid=21593 comm="syz.3.6855" path="/file0" dev="ramfs" ino=94406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  492.688014][    C1] vkms_vblank_simulate: vblank timer overrun
[  492.933400][   T30] audit: type=1400 audit(492.908:5817): avc:  denied  { bind } for  pid=21603 comm="syz.7.6859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  493.337124][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  493.337140][   T30] audit: type=1400 audit(493.308:5820): avc:  denied  { mounton } for  pid=21619 comm="syz.3.6867" path="/1353/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  493.432524][T20644] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  493.446112][T20644] asix 9-1:0.0: probe with driver asix failed with error -71
[  493.466091][T20644] usb 9-1: USB disconnect, device number 41
[  493.771284][T20646] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  493.934858][T20646] usb 8-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  493.946005][T20646] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.958476][T20646] usb 8-1: config 0 descriptor??
[  493.982758][T20646] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  494.844410][T20646] usb 8-1: USB disconnect, device number 54
[  495.010969][   T30] audit: type=1400 audit(494.978:5821): avc:  denied  { open } for  pid=21648 comm="syz.8.6882" path="/dev/ptyr5" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  495.034022][    C1] vkms_vblank_simulate: vblank timer overrun
[  495.160122][T21661] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6886'.
[  495.190820][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.200745][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.209801][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.212046][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  495.218874][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.232233][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  495.235281][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.243498][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  495.251234][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.259852][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  495.267124][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.267148][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.267169][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.267195][T21663] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  495.318496][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  495.403418][ T5902] usb 9-1: new full-speed USB device number 42 using dummy_hcd
[  495.565351][ T5902] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  495.577728][ T5902] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.602552][ T5902] usb 9-1: config 0 interface 0 has no altsetting 0
[  495.616924][ T5902] usb 9-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  495.636303][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.653646][ T5902] usb 9-1: config 0 descriptor??
[  495.798934][T21664] chnl_net:caif_netlink_parms(): no params data found
[  495.907098][T21664] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.914528][T21664] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.921839][T21664] bridge_slave_0: entered allmulticast mode
[  495.929322][T21664] bridge_slave_0: entered promiscuous mode
[  495.938159][T21664] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.945859][T21664] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.953311][T21664] bridge_slave_1: entered allmulticast mode
[  495.961349][T21664] bridge_slave_1: entered promiscuous mode
[  495.998284][T21664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  496.010318][T21664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  496.049681][T21664] team0: Port device team_slave_0 added
[  496.058189][T21664] team0: Port device team_slave_1 added
[  496.077135][ T5902] hid-steam 0003:28DE:1102.006D: unknown main item tag 0x0
[  496.094390][ T5902] hid-steam 0003:28DE:1102.006D: unknown main item tag 0x0
[  496.107886][ T5902] hid-steam 0003:28DE:1102.006D: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.8-1/input0
[  496.123414][T21664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  496.136963][T21664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.175555][ T5902] hid-steam 0003:28DE:1102.006D: Steam Controller 'XXXXXXXXXX' connected
[  496.186612][ T5902] input: Steam Controller as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:28DE:1102.006D/input/input93
[  496.202007][T21664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  496.225497][ T5902] hid-steam 0003:28DE:1102.006E: unknown main item tag 0x0
[  496.236859][T21664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  496.244828][ T5902] hid-steam 0003:28DE:1102.006E: unknown main item tag 0x0
[  496.253992][T21664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.283057][T21664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  496.294044][ T5902] hid-steam 0003:28DE:1102.006E: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.8-1/input0
[  496.308036][ T5902] usb 9-1: USB disconnect, device number 42
[  496.370463][ T5902] hid-steam 0003:28DE:1102.006D: Steam Controller 'XXXXXXXXXX' disconnected
[  496.393717][T21686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  496.421895][T21664] hsr_slave_0: entered promiscuous mode
[  496.428305][T21664] hsr_slave_1: entered promiscuous mode
[  496.441994][T21664] debugfs: 'hsr0' already exists in 'hsr'
[  496.449812][T21664] Cannot create hsr debugfs directory
[  496.832684][T20646] usb 6-1: new full-speed USB device number 55 using dummy_hcd
[  496.891470][   T30] audit: type=1400 audit(496.838:5822): avc:  denied  { name_connect } for  pid=21700 comm="syz.7.6900" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  497.027607][T20646] usb 6-1: too many configurations: 45, using maximum allowed: 8
[  497.043129][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.053783][T20646] usb 6-1: config 0 has no interfaces?
[  497.060331][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.089741][T20646] usb 6-1: config 0 has no interfaces?
[  497.137265][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.153256][T20646] usb 6-1: config 0 has no interfaces?
[  497.169039][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.186821][T20646] usb 6-1: config 0 has no interfaces?
[  497.202170][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.215149][T20646] usb 6-1: config 0 has no interfaces?
[  497.217686][T21664] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  497.221425][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.240842][T20646] usb 6-1: config 0 has no interfaces?
[  497.251406][T21664] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  497.260277][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.271704][T20646] usb 6-1: config 0 has no interfaces?
[  497.280315][T21664] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  497.299922][T20646] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.410803][ T5845] Bluetooth: hci3: command tx timeout
[  497.417568][T20646] usb 6-1: config 0 has no interfaces?
[  497.420412][T21664] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  497.434534][T20646] usb 6-1: New USB device found, idVendor=05d8, idProduct=a68e, bcdDevice= 9.f2
[  497.444408][T20646] usb 6-1: New USB device strings: Mfr=151, Product=201, SerialNumber=69
[  497.472351][T20646] usb 6-1: Product: syz
[  497.481951][T20646] usb 6-1: Manufacturer: syz
[  497.498786][T20646] usb 6-1: SerialNumber: syz
[  497.505328][T20646] usb 6-1: config 0 descriptor??
[  497.744567][   T24] usb 6-1: USB disconnect, device number 55
[  497.749099][T21664] 8021q: adding VLAN 0 to HW filter on device bond0
[  497.769759][T21664] 8021q: adding VLAN 0 to HW filter on device team0
[  497.805779][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.812924][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  497.845234][ T3530] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.852343][ T3530] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.990378][   T49] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0xf6
[  498.194666][T21664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  498.252562][T21664] veth0_vlan: entered promiscuous mode
[  498.276924][T21664] veth1_vlan: entered promiscuous mode
[  498.352969][T21664] veth0_macvtap: entered promiscuous mode
[  498.394481][T21664] veth1_macvtap: entered promiscuous mode
[  498.462150][T21664] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.536939][T21664] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.569283][ T3530] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.615719][ T3530] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.658698][   T70] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.704056][   T70] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  498.985452][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.006323][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.008168][   T24] hid-generic 0000:0003:0001.006F: unknown main item tag 0x0
[  499.037851][   T30] audit: type=1400 audit(498.988:5823): avc:  denied  { read } for  pid=21758 comm="syz.8.6917" lport=42727 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  499.064320][   T24] hid-generic 0000:0003:0001.006F: unknown main item tag 0x0
[  499.076274][   T24] hid-generic 0000:0003:0001.006F: hidraw0: <UNKNOWN> HID v0.03 Device [syz0] on syz1
[  499.090254][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.109098][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.471427][ T5845] Bluetooth: hci3: command tx timeout
[  499.590618][T21780] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6924'.
[  500.367437][T21819] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6940'.
[  500.401300][T14195] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  500.421930][T20645] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  500.501479][T21823] loop2: detected capacity change from 0 to 7
[  500.525359][T21823] Dev loop2: unable to read RDB block 7
[  500.541150][T21823]  loop2: unable to read partition table
[  500.572664][T14195] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  500.583260][T21823] loop2: partition table beyond EOD, truncated
[  500.591383][T20645] usb 6-1: Using ep0 maxpacket: 16
[  500.601097][T20645] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  500.618832][T14195] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  500.631230][T21823] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  500.648864][T14195] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  500.652186][T20645] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  500.688142][T20645] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  500.715133][T14195] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.733798][T20645] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  500.749685][T20645] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.791408][T20645] usb 6-1: Product: syz
[  500.795580][T20645] usb 6-1: Manufacturer: syz
[  500.839489][T20645] usb 6-1: SerialNumber: syz
[  500.925529][   T30] audit: type=1400 audit(500.898:5824): avc:  denied  { getopt } for  pid=21827 comm="syz.9.6944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  500.994737][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  500.995505][T14195] usb 3-1: usb_control_msg returned -32
[  501.022978][T14195] usbtmc 3-1:16.0: can't read capabilities
[  501.189161][T21841] netlink: 212376 bytes leftover after parsing attributes in process `syz.9.6950'.
[  501.228937][   T30] audit: type=1400 audit(501.198:5825): avc:  denied  { write } for  pid=21842 comm="syz.7.6951" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  501.255143][T20645] usb 6-1: 0:2 : does not exist
[  501.351349][T20642] usb 9-1: new full-speed USB device number 43 using dummy_hcd
[  501.513055][T20642] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  501.524263][T20642] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  501.534075][T20646] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[  501.541876][T20642] usb 9-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00
[  501.550989][T20642] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.559921][ T5845] Bluetooth: hci3: command tx timeout
[  501.567968][T20642] usb 9-1: config 0 descriptor??
[  501.711839][T20646] usb 8-1: Using ep0 maxpacket: 32
[  501.724977][T20646] usb 8-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  501.734148][T20646] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.745788][T20646] usb 8-1: Product: syz
[  501.750121][T20646] usb 8-1: Manufacturer: syz
[  501.754946][T20646] usb 8-1: SerialNumber: syz
[  501.762314][T20646] usb 8-1: config 0 descriptor??
[  501.770465][T20646] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  501.982230][T20642] hid-generic 0003:04F3:0754.0070: unknown main item tag 0x0
[  501.990159][T20642] hid-generic 0003:04F3:0754.0070: unknown main item tag 0x0
[  501.998283][T20642] hid-generic 0003:04F3:0754.0070: unknown main item tag 0x0
[  502.005770][T20642] hid-generic 0003:04F3:0754.0070: unknown main item tag 0x0
[  502.013268][T20642] hid-generic 0003:04F3:0754.0070: unknown main item tag 0x0
[  502.022383][T20642] hid-generic 0003:04F3:0754.0070: failed to start in urb: -90
[  502.036762][T20642] hid-generic 0003:04F3:0754.0070: hidraw0: USB HID v1.01 Device [HID 04f3:0754] on usb-dummy_hcd.8-1/input0
[  502.080936][T20645] usb 6-1: USB disconnect, device number 56
[  502.198561][T20642] usb 9-1: USB disconnect, device number 43
[  502.521719][T20647] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  502.681319][T20647] usb 10-1: Using ep0 maxpacket: 16
[  502.687941][T20647] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  502.699027][T20647] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  502.709679][T20647] usb 10-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  502.725605][T20647] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.737772][T20647] usb 10-1: config 0 descriptor??
[  502.984845][T20646] gspca_stk1135: reg_w 0xd err -71
[  502.991167][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.002052][T20646] gspca_stk1135: Sensor write failed
[  503.007423][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.014639][T20646] gspca_stk1135: Sensor write failed
[  503.020001][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.026614][T20646] gspca_stk1135: Sensor read failed
[  503.032007][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.038461][T20646] gspca_stk1135: Sensor read failed
[  503.045855][T20646] gspca_stk1135: Detected sensor type unknown (0x0)
[  503.051712][   T30] audit: type=1400 audit(503.018:5826): avc:  denied  { nosuid_transition } for  pid=21866 comm="syz.8.6962" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[  503.052744][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.085689][T20646] gspca_stk1135: Sensor read failed
[  503.091146][   T30] audit: type=1400 audit(503.018:5827): avc:  denied  { transition } for  pid=21866 comm="syz.8.6962" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  503.091913][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.120165][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.139005][T20646] gspca_stk1135: Sensor read failed
[  503.139832][   T30] audit: type=1400 audit(503.018:5828): avc:  denied  { entrypoint } for  pid=21866 comm="syz.8.6962" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1161 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  503.144947][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.173879][    C1] vkms_vblank_simulate: vblank timer overrun
[  503.179482][   T30] audit: type=1400 audit(503.048:5829): avc:  denied  { share } for  pid=21866 comm="syz.8.6962" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  503.184038][T20647] ntrig 0003:1B96:0008.0071: unknown main item tag 0x0
[  503.201004][   T30] audit: type=1400 audit(503.048:5830): avc:  denied  { noatsecure } for  pid=21866 comm="syz.8.6962" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  503.243427][T14195] usb 3-1: USB disconnect, device number 2
[  503.253247][T20646] gspca_stk1135: Sensor write failed
[  503.258640][T20647] ntrig 0003:1B96:0008.0071: unknown main item tag 0x0
[  503.269748][T20646] gspca_stk1135: serial bus timeout: status=0x00
[  503.288614][T20647] ntrig 0003:1B96:0008.0071: unknown main item tag 0x0
[  503.297214][T20646] gspca_stk1135: Sensor write failed
[  503.302979][T20647] ntrig 0003:1B96:0008.0071: unknown main item tag 0x0
[  503.309944][T20646] stk1135 8-1:0.0: probe with driver stk1135 failed with error -71
[  503.318200][T20647] ntrig 0003:1B96:0008.0071: unknown main item tag 0x0
[  503.327620][T20646] usb 8-1: USB disconnect, device number 55
[  503.335455][T20647] ntrig 0003:1B96:0008.0071: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.9-1/input0
[  503.386390][T21878] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  503.430481][T20647] usb 10-1: USB disconnect, device number 13
[  503.496822][T21884] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6969'.
[  503.634943][ T5845] Bluetooth: hci3: command tx timeout
[  503.653741][   T30] audit: type=1400 audit(503.628:5831): avc:  denied  { name_bind } for  pid=21891 comm="syz.7.6972" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  503.680579][T21892] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6973'.
[  503.802418][T20646] usb 9-1: new high-speed USB device number 44 using dummy_hcd
[  503.984160][T20646] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.001342][T20646] usb 9-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  504.010362][T20646] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.033809][T20646] usb 9-1: config 0 descriptor??
[  504.125577][T21911] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6979'.
[  504.466356][T20646] lenovo 0003:17EF:6047.0072: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.8-1/input0
[  504.540698][T21920] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6983'.
[  504.902121][T14195] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  505.061271][T14195] usb 6-1: Using ep0 maxpacket: 8
[  505.142491][T20647] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  505.151823][T14195] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 19, changing to 8
[  505.170266][T14195] usb 6-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  505.214656][T14195] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.226148][T14195] usb 6-1: config 0 descriptor??
[  505.264150][T20646] lenovo 0003:17EF:6047.0072: Sensitivity setting failed: -71
[  505.275399][T20646] usb 9-1: USB disconnect, device number 44
[  505.294190][T20647] usb 3-1: Using ep0 maxpacket: 16
[  505.300636][T20647] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  505.311912][T20647] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  505.334274][T20647] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  505.343516][T20647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.404048][T20647] usb 3-1: config 0 descriptor??
[  505.669838][T14195] asus 0003:0B05:17E0.0073: item fetching failed at offset 3/11
[  505.688554][T14195] asus 0003:0B05:17E0.0073: Asus hid parse failed: -22
[  505.699861][T14195] asus 0003:0B05:17E0.0073: probe with driver asus failed with error -22
[  505.825656][T20647] ntrig 0003:1B96:0008.0074: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.2-1/input0
[  505.959577][T14195] usb 6-1: USB disconnect, device number 57
[  506.040014][T20647] usb 3-1: USB disconnect, device number 3
[  506.461403][ T5902] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  506.624441][ T5902] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  506.651853][ T5902] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  506.688460][ T5902] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  506.703535][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  506.714207][ T5902] usb 8-1: SerialNumber: syz
[  506.755314][   T30] audit: type=1400 audit(506.728:5832): avc:  denied  { read } for  pid=21977 comm="syz.9.7008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  506.930597][ T5902] usb 8-1: 0:2 : does not exist
[  507.033543][ T5902] usb 8-1: USB disconnect, device number 56
[  507.745718][T21999] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7015'.
[  508.212842][T22008] input: syz0 as /devices/virtual/input/input94
[  508.410711][T22016] Bluetooth: hci0: service_discovery: too big uuid_count value 30195
[  508.495493][T22021] Bluetooth: hci0: unsupported parameter 10704
[  508.505909][T22021] Bluetooth: hci0: unsupported parameter 262
[  508.520609][T22021] Bluetooth: hci0: unsupported parameter 10704
[  508.535401][T22021] Bluetooth: hci0: unsupported parameter 262
[  508.884222][T22030] input: syz0 as /devices/virtual/input/input95
[  509.311331][T14195] usb 8-1: new high-speed USB device number 57 using dummy_hcd
[  509.821325][T14195] usb 8-1: Using ep0 maxpacket: 8
[  509.863540][T14195] usb 8-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  509.872981][T14195] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.884817][T14195] usb 8-1: Product: syz
[  509.889003][T14195] usb 8-1: Manufacturer: syz
[  509.901114][T14195] usb 8-1: SerialNumber: syz
[  509.972477][T14195] usb 8-1: config 0 descriptor??
[  509.994661][T14195] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  510.121489][T20647] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  510.250032][T22056] syz.8.7038: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  510.281080][T22056] CPU: 0 UID: 0 PID: 22056 Comm: syz.8.7038 Not tainted syzkaller #0 PREEMPT(full) 
[  510.281109][T22056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  510.281121][T22056] Call Trace:
[  510.281129][T22056]  <TASK>
[  510.281137][T22056]  dump_stack_lvl+0x16c/0x1f0
[  510.281164][T22056]  warn_alloc+0x248/0x3a0
[  510.281190][T22056]  ? __pfx_warn_alloc+0x10/0x10
[  510.281209][T22056]  ? __pfx_stack_trace_save+0x10/0x10
[  510.281246][T22056]  ? kasan_save_stack+0x42/0x60
[  510.281264][T22056]  ? kasan_save_stack+0x33/0x60
[  510.281281][T22056]  ? kasan_save_track+0x14/0x30
[  510.281301][T22056]  ? xskq_create+0x52/0x1d0
[  510.281317][T22056]  ? xsk_setsockopt+0x792/0x9a0
[  510.281343][T22056]  ? do_sock_setsockopt+0xf0/0x1d0
[  510.281368][T22056]  ? xskq_create+0xfb/0x1d0
[  510.281385][T22056]  __vmalloc_node_range_noprof+0xff5/0x14b0
[  510.281421][T22056]  ? xskq_create+0xfb/0x1d0
[  510.281445][T22056]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  510.281483][T22056]  ? xskq_create+0xfb/0x1d0
[  510.281502][T22056]  vmalloc_user_noprof+0x9e/0xe0
[  510.281528][T22056]  ? xskq_create+0xfb/0x1d0
[  510.281546][T22056]  xskq_create+0xfb/0x1d0
[  510.281565][T22056]  xsk_setsockopt+0x792/0x9a0
[  510.281593][T22056]  ? __pfx_xsk_setsockopt+0x10/0x10
[  510.281621][T22056]  ? find_held_lock+0x2b/0x80
[  510.281648][T22056]  ? selinux_socket_setsockopt+0x6a/0x80
[  510.281673][T22056]  ? __pfx_xsk_setsockopt+0x10/0x10
[  510.281700][T22056]  do_sock_setsockopt+0xf0/0x1d0
[  510.281728][T22056]  __sys_setsockopt+0x1a0/0x230
[  510.281752][T22056]  __x64_sys_setsockopt+0xbd/0x160
[  510.281769][T22056]  ? do_syscall_64+0x91/0x4c0
[  510.281791][T22056]  ? lockdep_hardirqs_on+0x7c/0x110
[  510.281810][T22056]  do_syscall_64+0xcd/0x4c0
[  510.281834][T22056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.281857][T22056] RIP: 0033:0x7f7f2b38ebe9
[  510.281875][T22056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.281894][T22056] RSP: 002b:00007f7f2c1a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  510.281914][T22056] RAX: ffffffffffffffda RBX: 00007f7f2b5c5fa0 RCX: 00007f7f2b38ebe9
[  510.281926][T22056] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004
[  510.281937][T22056] RBP: 00007f7f2b411e19 R08: 0000000000000004 R09: 0000000000000000
[  510.281948][T22056] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  510.281960][T22056] R13: 00007f7f2b5c6038 R14: 00007f7f2b5c5fa0 R15: 00007ffcd5686d38
[  510.281985][T22056]  </TASK>
[  510.537228][T20647] usb 6-1: Using ep0 maxpacket: 32
[  510.548694][   T30] audit: type=1400 audit(510.518:5833): avc:  denied  { bind } for  pid=22057 comm="syz.2.7040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  510.549199][T22056] Mem-Info:
[  510.568476][    C1] vkms_vblank_simulate: vblank timer overrun
[  510.576370][T22060] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7040'.
[  510.579035][T22056] active_anon:22623 inactive_anon:1 isolated_anon:0
[  510.579035][T22056]  active_file:11013 inactive_file:51565 isolated_file:0
[  510.579035][T22056]  unevictable:770 dirty:474 writeback:0
[  510.579035][T22056]  slab_reclaimable:13882 slab_unreclaimable:124431
[  510.579035][T22056]  mapped:29326 shmem:18244 pagetables:1559
[  510.579035][T22056]  sec_pagetables:0 bounce:0
[  510.579035][T22056]  kernel_misc_reclaimable:0
[  510.579035][T22056]  free:1239278 free_pcp:23851 free_cma:0
[  510.591164][T22060] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7040'.
[  510.632685][    C1] vkms_vblank_simulate: vblank timer overrun
[  510.634796][T22056] Node 0 active_anon:90492kB inactive_anon:4kB active_file:44052kB inactive_file:206056kB unevictable:1544kB isolated(anon):0kB isolated(file):0kB mapped:117304kB dirty:1892kB writeback:0kB shmem:71440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13036kB pagetables:6024kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  510.683563][T22056] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:80kB pagetables:112kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  510.683993][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.724996][T22056] Node 0 DMA free:15344kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB
[  510.725074][T22056] lowmem_reserve[]: 0 2479 2481 2481 2481
[  510.725113][T22056] Node 0 DMA32 free:1050924kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:90480kB inactive_anon:4kB active_file:44052kB inactive_file:204732kB unevictable:1544kB writepending:1892kB present:3129332kB managed:2539368kB mlocked:8kB bounce:0kB free_pcp:73760kB local_pcp:26316kB free_cma:0kB
[  510.725166][T22056] lowmem_reserve[]: 0 0 1 1 1
[  510.725219][T22056] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB
[  510.725268][T22056] lowmem_reserve[]: 0 0 0 0 0
[  510.725303][T22056] Node 1 Normal free:3891028kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21504kB local_pcp:12544kB free_cma:0kB
[  510.725379][T22056] lowmem_reserve[]: 0 0 0 0 0
[  510.725416][T22056] Node 0 DMA: 0*4kB 
[  510.754311][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  510.754352][T20647] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  510.754372][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.879479][T20647] usb 6-1: config 0 descriptor??
[  510.907539][T22056] 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  510.930135][T20647] hub 6-1:0.0: USB hub found
[  510.935824][T22056] Node 0 DMA32: 52*4kB (UME) 58*8kB (UME) 49*16kB (UE) 116*32kB (UME) 200*64kB (UME) 225*128kB (UME) 211*256kB (UME) 127*512kB (UME) 71*1024kB (UME) 13*2048kB (UME) 192*4096kB (UM) = 1051568kB
[  510.960729][T22056] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  510.978262][T22056] Node 1 Normal: 195*4kB (UME) 61*8kB (UME) 38*16kB (UME) 198*32kB (UME) 83*64kB (UME) 17*128kB (UME) 4*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 944*4096kB (M) = 3891028kB
[  510.996997][T22056] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  511.010039][T22056] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  511.020107][T22056] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  511.030470][T22056] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  511.039883][T22056] 80820 total pagecache pages
[  511.044626][T22056] 1 pages in swap cache
[  511.048789][T22056] Free swap  = 124992kB
[  511.053060][T22056] Total swap = 124996kB
[  511.057219][T22056] 2097051 pages RAM
[  511.061024][T22056] 0 pages HighMem/MovableOnly
[  511.066869][T22056] 430247 pages reserved
[  511.071038][T22056] 0 pages cma reserved
[  511.131131][T20647] hub 6-1:0.0: 1 port detected
[  511.504646][T14195] gspca_sonixj: reg_w1 err -71
[  511.509783][T14195] sonixj 8-1:0.0: probe with driver sonixj failed with error -71
[  511.565400][T14195] usb 8-1: USB disconnect, device number 57
[  511.758987][T20647] hub 6-1:0.0: activate --> -90
[  511.958697][ T2971] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x7d
[  512.160669][T20644] usb 6-1: USB disconnect, device number 58
[  513.028826][   T30] audit: type=1400 audit(512.998:5834): avc:  denied  { accept } for  pid=22137 comm="syz.8.7069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  513.083180][   T30] audit: type=1400 audit(513.058:5835): avc:  denied  { listen } for  pid=22137 comm="syz.8.7069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  513.112562][T14195] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  513.307215][T14195] usb 6-1: Using ep0 maxpacket: 16
[  513.336067][T14195] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  513.365650][T14195] usb 6-1: config 0 has no interface number 0
[  513.389185][T14195] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  513.437009][T14195] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  513.478266][T14195] usb 6-1: config 0 interface 41 has no altsetting 0
[  513.501173][T14195] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  513.523047][T14195] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.546396][T14195] usb 6-1: Product: syz
[  513.571177][T14195] usb 6-1: Manufacturer: syz
[  513.597511][   T30] audit: type=1400 audit(513.568:5836): avc:  denied  { read write } for  pid=22156 comm="syz.8.7076" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  513.623009][T14195] usb 6-1: SerialNumber: syz
[  513.640332][T14195] usb 6-1: config 0 descriptor??
[  513.648743][   T30] audit: type=1400 audit(513.568:5837): avc:  denied  { open } for  pid=22156 comm="syz.8.7076" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  513.678077][T22126] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  513.685542][T22126] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  513.753358][T22161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7077'.
[  513.911349][T22126] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  513.918595][T22126] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  514.041313][   T24] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  514.191930][   T24] usb 8-1: Using ep0 maxpacket: 32
[  514.206387][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 81, changing to 10
[  514.235212][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.259402][   T24] usb 8-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  514.287433][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.301794][   T24] usb 8-1: config 0 descriptor??
[  514.529573][T22178] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3158390087 (12633560348 ns) > initial count (8550536452 ns). Using initial count to start timer.
[  514.543307][T14195] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  514.579469][T22178] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=973695338 (124633003264 ns) > initial count (92511176448 ns). Using initial count to start timer.
[  514.781086][T14195] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  514.806324][T14195] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[  514.827321][T14195] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71
[  514.841672][T14195] usb 6-1: USB disconnect, device number 59
[  514.852679][T22185] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7087'.
[  514.936213][   T24] usb 8-1: USB disconnect, device number 58
[  515.837855][T22201] netlink: 216 bytes leftover after parsing attributes in process `syz.8.7095'.
[  516.006434][   T30] audit: type=1400 audit(515.978:5838): avc:  denied  { ioctl } for  pid=22193 comm="syz.7.7092" path="socket:[99561]" dev="sockfs" ino=99561 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  516.197001][T22214] overlayfs: failed to set uuid (1425/file1, err=-1); falling back to uuid=null.
[  516.224579][T22214] overlayfs: failed to verify upper root origin
[  517.713340][T22273] netlink: 40 bytes leftover after parsing attributes in process `syz.8.7122'.
[  517.768983][   T30] audit: type=1400 audit(517.738:5839): avc:  denied  { mount } for  pid=22274 comm="syz.5.7125" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  517.800142][   T30] audit: type=1400 audit(517.768:5840): avc:  denied  { search } for  pid=22274 comm="syz.5.7125" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  517.827311][   T30] audit: type=1400 audit(517.798:5841): avc:  denied  { search } for  pid=22274 comm="syz.5.7125" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  517.892651][   T30] audit: type=1400 audit(517.798:5842): avc:  denied  { read open } for  pid=22274 comm="syz.5.7125" path="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  517.990658][   T30] audit: type=1400 audit(517.818:5843): avc:  denied  { search } for  pid=22274 comm="syz.5.7125" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  518.044884][   T30] audit: type=1400 audit(517.818:5844): avc:  denied  { search } for  pid=22274 comm="syz.5.7125" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  518.261750][T22292] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  519.082014][T22304] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7138'.
[  519.100862][T22304] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7138'.
[  519.525005][T22319] loop2: detected capacity change from 0 to 7
[  519.547954][T22319] Dev loop2: unable to read RDB block 7
[  519.556375][T22319]  loop2: AHDI p1 p2 p3
[  519.560581][T22319] loop2: partition table partially beyond EOD, truncated
[  519.569028][T22319] loop2: p1 start 1601398130 is beyond EOD, truncated
[  519.576430][T22319] loop2: p2 start 1702059890 is beyond EOD, truncated
[  519.621241][   T24] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  519.771829][   T24] usb 10-1: Using ep0 maxpacket: 8
[  519.786468][   T24] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  519.798752][   T24] usb 10-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  519.815387][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.858587][   T24] usb 10-1: config 0 descriptor??
[  519.872105][   T24] gspca_main: vc032x-2.14.0 probing 046d:0892
[  520.121579][T14195] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  520.312572][T22338] loop8: detected capacity change from 0 to 16384
[  520.313165][T14195] usb 3-1: config 0 has no interfaces?
[  520.350428][T14195] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  520.381249][T14195] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.413789][T14195] usb 3-1: Product: syz
[  520.417988][T14195] usb 3-1: Manufacturer: syz
[  520.452770][T14195] usb 3-1: SerialNumber: syz
[  520.476406][T14195] usb 3-1: config 0 descriptor??
[  520.580643][T22339] loop8: detected capacity change from 16384 to 16383
[  520.785728][T22325] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.843694][T20647] usb 3-1: USB disconnect, device number 4
[  520.936517][T20644] hid_parser_main: 9 callbacks suppressed
[  520.936535][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.951549][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.958978][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.967239][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.975691][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.983266][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.990692][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  520.998318][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  521.007539][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  521.016882][T20644] hid-generic 0006:0004:0009.0076: unknown main item tag 0x0
[  521.029117][T20644] hid-generic 0006:0004:0009.0076: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  521.084439][   T24] gspca_vc032x: reg_w err -71
[  521.089145][   T24] vc032x 10-1:0.0: probe with driver vc032x failed with error -71
[  521.099357][   T24] usb 10-1: USB disconnect, device number 14
[  521.902980][T22368] net_ratelimit: 3319 callbacks suppressed
[  521.902991][T22368] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  522.275699][T22372] 9pnet: p9_errstr2errno: server reported unknown error ��n
[  522.394834][T22376] overlayfs: upper fs does not support file handles, falling back to index=off.
[  522.438649][T22376] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  522.737739][T22404] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7179'.
[  522.898481][T22417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7182'.
[  523.052274][   T24] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  523.060715][ T5902] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  523.221604][ T5902] usb 6-1: Using ep0 maxpacket: 32
[  523.226819][   T24] usb 8-1: Using ep0 maxpacket: 16
[  523.235102][ T5902] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  523.243484][ T5902] usb 6-1: config 0 has no interface number 0
[  523.251417][   T24] usb 8-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  523.260570][ T5902] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  523.269617][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.277638][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.286068][ T5902] usb 6-1: Product: syz
[  523.290217][ T5902] usb 6-1: Manufacturer: syz
[  523.294844][   T24] usb 8-1: Product: syz
[  523.298991][   T24] usb 8-1: Manufacturer: syz
[  523.303706][ T5902] usb 6-1: SerialNumber: syz
[  523.308977][   T24] usb 8-1: SerialNumber: syz
[  523.315630][ T5902] usb 6-1: config 0 descriptor??
[  523.321433][   T24] usb 8-1: config 0 descriptor??
[  523.327606][ T5902] smsc95xx v2.0.0
[  523.332208][   T24] ssu100 8-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  523.738529][T22408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.747564][T22408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.151613][ T5902] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  524.283408][T22438] input: syz1 as /devices/virtual/input/input96
[  524.363939][   T24] ssu100 8-1:0.0: probe with driver ssu100 failed with error -71
[  524.373172][ T5902] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  524.394043][   T24] usb 8-1: USB disconnect, device number 59
[  524.401760][ T5902] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  524.414859][ T5902] usb 6-1: USB disconnect, device number 60
[  524.975165][T22464] netlink: 51 bytes leftover after parsing attributes in process `syz.5.7204'.
[  525.258369][   T30] audit: type=1400 audit(525.228:5845): avc:  denied  { write } for  pid=22471 comm="syz.5.7208" path="socket:[101086]" dev="sockfs" ino=101086 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  525.323482][T22474] io-wq is not configured for unbound workers
[  525.376967][   T30] audit: type=1326 audit(525.348:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.431583][T20645] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  525.449685][   T30] audit: type=1326 audit(525.388:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.500463][   T30] audit: type=1326 audit(525.388:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.529623][   T30] audit: type=1326 audit(525.388:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.554947][   T30] audit: type=1326 audit(525.388:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.566738][T22481] openvswitch: netlink: Multiple metadata blocks provided
[  525.577780][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.588657][   T30] audit: type=1326 audit(525.388:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.614964][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.628069][T20645] usb 3-1: Using ep0 maxpacket: 16
[  525.634630][   T30] audit: type=1326 audit(525.388:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.663390][   T30] audit: type=1326 audit(525.388:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.691262][T20645] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  525.710879][T20645] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  525.722441][   T30] audit: type=1326 audit(525.388:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22475 comm="syz.9.7210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7ffc0000
[  525.745262][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.753741][T20645] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  525.763033][T20645] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.771012][T20645] usb 3-1: Product: syz
[  525.779650][T20645] usb 3-1: Manufacturer: syz
[  525.785232][T20645] usb 3-1: SerialNumber: syz
[  525.791836][ T5855] Bluetooth: hci4: command 0x1003 tx timeout
[  525.799834][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  525.828415][T20645] usb 3-1: config 0 descriptor??
[  525.855782][T20645] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  525.886074][T20645] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  526.045215][T22502] input: syz1 as /devices/virtual/input/input97
[  526.464805][T20645] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  526.474513][T20645] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  526.687731][T20645] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  526.705425][T20645] em28xx 3-1:0.0: No AC97 audio processor
[  526.739280][T20645] usb 3-1: USB disconnect, device number 5
[  526.758528][T20645] em28xx 3-1:0.0: Disconnecting em28xx
[  526.762897][T22527] netlink: 'syz.8.7232': attribute type 1 has an invalid length.
[  526.772265][T22527] netlink: 168864 bytes leftover after parsing attributes in process `syz.8.7232'.
[  526.776717][T20645] em28xx 3-1:0.0: Freeing device
[  527.181280][T20644] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  527.281272][T20647] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  527.343471][T20644] usb 10-1: config 0 interface 0 has no altsetting 0
[  527.350450][T20644] usb 10-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00
[  527.372936][T20644] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.393425][T20644] usb 10-1: config 0 descriptor??
[  527.451720][T20647] usb 6-1: Using ep0 maxpacket: 32
[  527.463231][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  527.474528][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  527.484906][T20647] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  527.494012][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.501338][   T24] usb 8-1: new low-speed USB device number 60 using dummy_hcd
[  527.504042][T20647] usb 6-1: config 0 descriptor??
[  527.571435][T20645] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  527.672935][   T24] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  527.682105][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.692660][   T24] usb 8-1: config 0 descriptor??
[  527.721278][T20645] usb 3-1: Using ep0 maxpacket: 32
[  527.728039][T20645] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  527.736258][T20645] usb 3-1: config 0 has no interface number 0
[  527.742529][T20645] usb 3-1: config 0 interface 12 has no altsetting 0
[  527.752196][T20645] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40
[  527.761497][T20645] usb 3-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3
[  527.769789][T20645] usb 3-1: Product: syz
[  527.774253][T20645] usb 3-1: Manufacturer: syz
[  527.778867][T20645] usb 3-1: SerialNumber: syz
[  527.786260][T20645] usb 3-1: config 0 descriptor??
[  527.812746][T20644] pantherlord 0003:0E8F:0003.0077: item fetching failed at offset 0/3
[  527.827207][T20644] pantherlord 0003:0E8F:0003.0077: parse failed
[  527.833700][T20644] pantherlord 0003:0E8F:0003.0077: probe with driver pantherlord failed with error -22
[  527.930303][T20647] savu 0003:1E7D:2D5A.0078: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  528.045847][T20647] usb 10-1: USB disconnect, device number 15
[  528.130500][T20644] usb 6-1: USB disconnect, device number 61
[  528.246698][T22574] netlink: 'syz.8.7252': attribute type 1 has an invalid length.
[  528.255898][T22574] netlink: 'syz.8.7252': attribute type 4 has an invalid length.
[  528.263745][T22574] netlink: 15334 bytes leftover after parsing attributes in process `syz.8.7252'.
[  528.615267][T20645] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  528.623897][T20645] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  528.631235][T20645] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  528.641395][T20645] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  528.666166][T20645] usb 3-1: USB disconnect, device number 6
[  528.909768][   T24] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  528.942784][   T24] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  528.960942][   T24] asix 8-1:0.0: probe with driver asix failed with error -71
[  528.973091][   T24] usb 8-1: USB disconnect, device number 60
[  529.332401][T14195] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  529.497190][T14195] usb 10-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.17
[  529.514532][T14195] usb 10-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[  529.546041][T14195] usb 10-1: Product: syz
[  529.550296][T14195] usb 10-1: Manufacturer: syz
[  529.570245][T14195] usb 10-1: SerialNumber: syz
[  529.580508][T14195] usb 10-1: config 0 descriptor??
[  529.591896][T14195] ch341 10-1:0.0: ch341-uart converter detected
[  529.631527][   T24] usb 9-1: new high-speed USB device number 45 using dummy_hcd
[  529.689120][T22623] loop3: detected capacity change from 0 to 1
[  529.701613][T22623] Dev loop3: unable to read RDB block 1
[  529.712024][T22623]  loop3: unable to read partition table
[  529.721462][T22623] loop3: partition table beyond EOD, truncated
[  529.731281][T22623] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  529.794284][   T24] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  529.815262][   T24] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  529.834174][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.851259][   T24] usb 9-1: Product: syz
[  529.855528][   T24] usb 9-1: Manufacturer: syz
[  529.860142][   T24] usb 9-1: SerialNumber: syz
[  529.967382][T22632] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  530.186592][T22636] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7277'.
[  530.229690][T22636] 8021q: adding VLAN 0 to HW filter on device bond1
[  530.317279][T22636] 8021q: adding VLAN 0 to HW filter on device bond1
[  530.328905][T22636] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address
[  530.342408][T22636] bond1: (slave vxcan1): Error -95 calling set_mac_address
[  530.625257][T14195] ch341-uart ttyUSB0: break control not supported, using simulated break
[  530.654237][T14195] usb 10-1: ch341-uart converter now attached to ttyUSB0
[  530.673318][T14195] usb 10-1: USB disconnect, device number 16
[  530.731630][T14195] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  530.740361][T14195] ch341 10-1:0.0: device disconnected
[  530.805055][T22659] loop2: detected capacity change from 0 to 7
[  530.826846][T22659] Dev loop2: unable to read RDB block 7
[  530.835918][T22659]  loop2: unable to read partition table
[  530.841826][T22659] loop2: partition table beyond EOD, truncated
[  530.848055][T22659] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  530.889384][   T24] cdc_ncm 9-1:1.0: bind() failure
[  530.906164][   T24] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  530.919578][   T24] cdc_ncm 9-1:1.1: bind() failure
[  531.099757][T14195] usb 9-1: USB disconnect, device number 45
[  531.310855][T22682] netlink: 'syz.9.7297': attribute type 1 has an invalid length.
[  531.319252][T22682] netlink: 56 bytes leftover after parsing attributes in process `syz.9.7297'.
[  531.531356][T22697] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7304'.
[  531.973998][T22711] binder: 22709:22711 ioctl c0306201 200000000640 returned -22
[  532.131890][T22725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  532.201552][   T24] usb 9-1: new high-speed USB device number 46 using dummy_hcd
[  532.352672][   T24] usb 9-1: Using ep0 maxpacket: 8
[  532.360910][   T24] usb 9-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  532.370032][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.378106][   T24] usb 9-1: Product: syz
[  532.382417][   T24] usb 9-1: Manufacturer: syz
[  532.387005][   T24] usb 9-1: SerialNumber: syz
[  532.392995][   T24] usb 9-1: config 0 descriptor??
[  532.400162][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  533.185063][T22747] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  533.401466][T14195] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  533.555855][T22762] netlink: 'syz.5.7330': attribute type 1 has an invalid length.
[  533.564069][T22762] netlink: 128 bytes leftover after parsing attributes in process `syz.5.7330'.
[  533.576076][T22762] netlink: 'syz.5.7330': attribute type 2 has an invalid length.
[  533.586601][T14195] usb 10-1: Using ep0 maxpacket: 8
[  533.595193][T22762] netlink: 'syz.5.7330': attribute type 1 has an invalid length.
[  533.609862][T14195] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  533.619364][   T24] gspca_sonixj: reg_w1 err -71
[  533.624485][T14195] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  533.645607][T14195] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  533.661385][   T24] sonixj 9-1:0.0: probe with driver sonixj failed with error -71
[  533.670851][   T24] usb 9-1: USB disconnect, device number 46
[  533.682314][T14195] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  533.703623][T14195] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  533.726720][T14195] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  533.738137][T14195] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.819700][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  533.819715][   T30] audit: type=1400 audit(533.788:5861): avc:  denied  { name_bind } for  pid=22773 comm="syz.5.7335" path="socket:[103044]" dev="sockfs" ino=103044 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  533.959676][T14195] usb 10-1: GET_CAPABILITIES returned 0
[  533.971380][T14195] usbtmc 10-1:16.0: can't read capabilities
[  534.214385][   T30] audit: type=1400 audit(534.188:5862): avc:  denied  { write } for  pid=22788 comm="syz.5.7341" path="socket:[102371]" dev="sockfs" ino=102371 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  534.274855][   T30] audit: type=1400 audit(534.208:5863): avc:  denied  { name_bind } for  pid=22790 comm="syz.8.7342" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  534.667255][   T30] audit: type=1400 audit(534.638:5864): avc:  denied  { mounton } for  pid=22803 comm="syz.8.7347" path="/756/file0" dev="tmpfs" ino=3902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  534.751447][T20647] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  534.905684][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.916920][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.940914][T20647] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  534.985719][T20647] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  535.012402][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.034464][T20647] usb 6-1: config 0 descriptor??
[  535.458069][T20647] plantronics 0003:047F:FFFF.0079: reserved main item tag 0xe
[  535.478157][T20647] hid_parser_main: 7 callbacks suppressed
[  535.478176][T20647] plantronics 0003:047F:FFFF.0079: unknown main item tag 0x0
[  535.529038][T20647] plantronics 0003:047F:FFFF.0079: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  535.613209][   T30] audit: type=1400 audit(535.588:5865): avc:  denied  { listen } for  pid=22819 comm="syz.7.7352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  535.633027][   T30] audit: type=1400 audit(535.588:5866): avc:  denied  { accept } for  pid=22819 comm="syz.7.7352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  535.663634][T20647] usb 6-1: USB disconnect, device number 62
[  536.208434][T14195] usb 10-1: USB disconnect, device number 17
[  536.247882][T22832] 9pnet: p9_errstr2errno: server reported unknown error ��n$Ž[
[  536.247882][T22832] Q&|xùXºX<?ÂA¥ªN(óˆu;×éRöªU?ïS’
[  536.669314][T20661] libceph: connect (1)[c::]:6789 error -22
[  536.682289][T20661] libceph: mon0 (1)[c::]:6789 connect error
[  536.720488][T20647] libceph: connect (1)[b::]:6789 error -22
[  536.739837][T20647] libceph: mon0 (1)[b::]:6789 connect error
[  536.854961][T22871] SELinux: failed to load policy
[  536.909254][T22876] input: syz1 as /devices/virtual/input/input98
[  536.961568][T20661] libceph: connect (1)[c::]:6789 error -22
[  536.981016][T20661] libceph: mon0 (1)[c::]:6789 connect error
[  537.001962][T20647] libceph: connect (1)[b::]:6789 error -22
[  537.020618][T20647] libceph: mon0 (1)[b::]:6789 connect error
[  537.113833][T22887] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  537.478690][T22853] ceph: No mds server is up or the cluster is laggy
[  537.478785][T22860] ceph: No mds server is up or the cluster is laggy
[  537.903780][T22925] netlink: 63503 bytes leftover after parsing attributes in process `syz.7.7399'.
[  537.953195][   T30] audit: type=1400 audit(537.928:5867): avc:  denied  { listen } for  pid=22928 comm="syz.9.7401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  538.017322][   T30] audit: type=1400 audit(537.978:5868): avc:  denied  { getopt } for  pid=22932 comm="syz.7.7403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  538.131409][   T30] audit: type=1400 audit(538.098:5869): avc:  denied  { bind } for  pid=22938 comm="syz.7.7406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  538.378434][T22953] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7411'.
[  538.406231][   T30] audit: type=1400 audit(538.378:5870): avc:  denied  { read } for  pid=22954 comm="syz.2.7412" lport=58043 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  538.501546][T14195] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  538.689005][T14195] usb 10-1: config 0 has an invalid interface number: 48 but max is 0
[  538.701815][T14195] usb 10-1: config 0 has no interface number 0
[  538.718506][T14195] usb 10-1: too many endpoints for config 0 interface 48 altsetting 32: 32, using maximum allowed: 30
[  538.752314][T14195] usb 10-1: config 0 interface 48 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  538.765609][T14195] usb 10-1: config 0 interface 48 has no altsetting 0
[  538.774480][T14195] usb 10-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  538.793016][T14195] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.801680][T14195] usb 10-1: Product: syz
[  538.806267][T14195] usb 10-1: Manufacturer: syz
[  538.810962][T14195] usb 10-1: SerialNumber: syz
[  538.822336][T14195] usb 10-1: config 0 descriptor??
[  538.850534][   T30] audit: type=1400 audit(538.818:5871): avc:  denied  { mount } for  pid=22970 comm="syz.7.7418" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  538.882188][T20661] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  538.910450][   T30] audit: type=1400 audit(538.858:5872): avc:  denied  { watch } for  pid=22970 comm="syz.7.7418" path="/956/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  538.995769][   T30] audit: type=1400 audit(538.968:5873): avc:  denied  { unmount } for  pid=10850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  539.055509][T14195] usb 10-1: USB disconnect, device number 18
[  539.069230][T20661] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  539.090715][T20661] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  539.111039][T20661] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  539.131741][T20661] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.143181][T22963] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  539.154105][T20661] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  539.213222][T22980] ªªªªªª: renamed from wg2 (while UP)
[  539.434165][T14195] usb 3-1: USB disconnect, device number 7
[  539.511312][T20661] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  539.690587][T20661] usb 6-1: Using ep0 maxpacket: 8
[  539.703643][T20661] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  539.727458][T20661] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.741264][T20661] usb 6-1: Product: syz
[  539.761274][T20661] usb 6-1: Manufacturer: syz
[  539.771224][T20661] usb 6-1: SerialNumber: syz
[  539.783214][T20661] usb 6-1: config 0 descriptor??
[  539.811457][T20645] usb 9-1: new high-speed USB device number 47 using dummy_hcd
[  539.829973][T20661] gspca_main: se401-2.14.0 probing 047d:5003
[  539.850811][T22994] netlink: 'syz.9.7428': attribute type 10 has an invalid length.
[  539.869131][T22995] netlink: 'syz.7.7429': attribute type 4 has an invalid length.
[  539.920802][T22996] netlink: 'syz.7.7429': attribute type 4 has an invalid length.
[  539.985324][T20645] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.016928][T20645] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  540.048894][T20645] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.099104][T20645] usb 9-1: config 0 descriptor??
[  540.099348][T14195] kernel write not supported for file [eventfd] (pid: 14195 comm: kworker/1:7)
[  540.233558][T23002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  540.246240][T20661] gspca_se401: write req failed req 0x57 val 0x00 error -71
[  540.265305][T20661] se401 6-1:0.0: probe with driver se401 failed with error -71
[  540.308344][T20661] usb 6-1: USB disconnect, device number 63
[  540.371954][T20645] usbhid 9-1:0.0: can't add hid device: -71
[  540.377938][T20645] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  540.408594][T20645] usb 9-1: USB disconnect, device number 47
[  540.469861][   T30] audit: type=1326 audit(540.438:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  540.504851][T23010] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4243739199 (8487478398 ns) > initial count (2409167910 ns). Using initial count to start timer.
[  540.520423][   T30] audit: type=1326 audit(540.468:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  540.547642][   T30] audit: type=1326 audit(540.468:5876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  540.591938][   T30] audit: type=1326 audit(540.468:5877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  540.618539][   T30] audit: type=1326 audit(540.468:5878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f9dd90b07 code=0x7ffc0000
[  540.659639][   T30] audit: type=1326 audit(540.468:5879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8f9dd90a7c code=0x7ffc0000
[  540.682831][   T30] audit: type=1326 audit(540.468:5880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23011 comm="syz.7.7437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f8f9dd909b4 code=0x7ffc0000
[  540.881699][T20645] usb 9-1: new high-speed USB device number 48 using dummy_hcd
[  541.041386][T20645] usb 9-1: Using ep0 maxpacket: 16
[  541.047968][T20645] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  541.069354][T20645] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  541.083227][T23032] loop2: detected capacity change from 0 to 6
[  541.097182][T23032] Dev loop2: unable to read RDB block 6
[  541.115953][T20645] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.124218][T23032]  loop2: unable to read partition table
[  541.129998][T23032] loop2: partition table beyond EOD, truncated
[  541.151235][T23032] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  541.165612][T20645] usb 9-1: config 0 descriptor??
[  541.511265][T20661] usb 10-1: new full-speed USB device number 19 using dummy_hcd
[  541.588257][T20645] mcp2221 0003:04D8:00DD.007A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.8-1/input0
[  541.683210][T20661] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  541.705470][T20661] usb 10-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  541.715086][T20661] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.733857][T20661] usb 10-1: config 0 descriptor??
[  542.037460][T20647] usb 9-1: USB disconnect, device number 48
[  542.061440][T20645] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  542.074881][T23065] loop8: detected capacity change from 0 to 16384
[  542.147105][T20661] petalynx 0003:18B1:0037.007B: item fetching failed at offset 0/2
[  542.163253][T20661] petalynx 0003:18B1:0037.007B: parse failed
[  542.179427][T20661] petalynx 0003:18B1:0037.007B: probe with driver petalynx failed with error -22
[  542.214320][T20645] usb 3-1: Using ep0 maxpacket: 32
[  542.239949][T20645] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  542.255094][T20645] usb 3-1: config 0 has no interface number 0
[  542.267653][T20645] usb 3-1: config 0 interface 184 has no altsetting 0
[  542.278261][T20645] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  542.287603][T20645] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.295777][T20645] usb 3-1: Product: syz
[  542.300052][T20645] usb 3-1: Manufacturer: syz
[  542.304863][T20645] usb 3-1: SerialNumber: syz
[  542.327302][T20645] usb 3-1: config 0 descriptor??
[  542.335047][T20645] smsc75xx v1.0.0
[  542.355621][T20647] usb 10-1: USB disconnect, device number 19
[  542.401359][T23065] loop8: detected capacity change from 16384 to 16383
[  542.938065][T23083] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23083 comm=syz.9.7466
[  543.368955][T23096] netlink: 'syz.9.7472': attribute type 29 has an invalid length.
[  543.381032][T23096] netlink: 'syz.9.7472': attribute type 29 has an invalid length.
[  543.555977][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71
[  543.576296][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  543.591902][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  543.603002][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  543.612871][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  543.623239][T20645] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  543.632694][T20647] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  543.641022][T20645] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  543.652710][T20645] usb 3-1: USB disconnect, device number 8
[  543.791587][T20647] usb 6-1: Using ep0 maxpacket: 8
[  543.798539][T20647] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  543.820675][T20647] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  543.831052][T20647] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  543.846739][T20647] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  543.860767][T20647] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  543.870514][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.087205][T20647] usb 6-1: usb_control_msg returned -32
[  544.107236][T20647] usbtmc 6-1:16.0: can't read capabilities
[  544.118034][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  544.118048][   T30] audit: type=1400 audit(544.088:5892): avc:  denied  { validate_trans } for  pid=23124 comm="syz.8.7485" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  544.120346][T20647] usb 6-1: USB disconnect, device number 64
[  544.256397][T23131] netlink: 'syz.8.7487': attribute type 10 has an invalid length.
[  544.275805][T23131] netlink: 40 bytes leftover after parsing attributes in process `syz.8.7487'.
[  544.346684][T23131] team0: Port device geneve0 added
[  544.366129][   T13] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  544.397191][ T2971] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  544.428090][ T2971] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  544.463652][ T2971] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  545.131036][T23152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7496'.
[  545.640467][T23169] SELinux: failed to load policy
[  545.707637][   T30] audit: type=1400 audit(545.678:5893): avc:  denied  { connect } for  pid=23172 comm="syz.8.7505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  545.760659][   T30] audit: type=1400 audit(545.728:5894): avc:  denied  { bind } for  pid=23172 comm="syz.8.7505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  546.856740][T23227] netlink: 96 bytes leftover after parsing attributes in process `syz.7.7527'.
[  547.191269][T14195] usb 8-1: new full-speed USB device number 61 using dummy_hcd
[  547.431568][T14195] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  547.444271][T14195] usb 8-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  547.454847][T14195] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.514593][T14195] usb 8-1: config 0 descriptor??
[  547.528699][T23231] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  547.944734][T14195] elan 0003:04F3:0755.007C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.7-1/input0
[  548.305163][   T30] audit: type=1400 audit(548.278:5895): avc:  denied  { map } for  pid=23257 comm="syz.5.7539" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  548.450078][   T30] audit: type=1326 audit(548.418:5896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23262 comm="syz.5.7541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485598ebe9 code=0x7ffc0000
[  548.511270][   T30] audit: type=1326 audit(548.418:5897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23262 comm="syz.5.7541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f485598ebe9 code=0x7ffc0000
[  548.585255][   T30] audit: type=1326 audit(548.418:5898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23262 comm="syz.5.7541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485598ebe9 code=0x7ffc0000
[  548.646537][   T30] audit: type=1326 audit(548.458:5899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23262 comm="syz.5.7541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f485598ebe9 code=0x7ffc0000
[  548.701334][   T30] audit: type=1326 audit(548.458:5900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23262 comm="syz.5.7541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485598ebe9 code=0x7ffc0000
[  548.813809][T23272] veth3: entered allmulticast mode
[  548.901284][T20647] usb 9-1: new high-speed USB device number 49 using dummy_hcd
[  549.051424][T20647] usb 9-1: Using ep0 maxpacket: 32
[  549.061141][T20647] usb 9-1: config 0 has an invalid interface number: 247 but max is 0
[  549.069517][T20647] usb 9-1: config 0 has no interface number 0
[  549.097771][T20647] usb 9-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  549.107692][T20647] usb 9-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  549.127896][T20647] usb 9-1: Product: syz
[  549.141670][T20647] usb 9-1: Manufacturer: syz
[  549.157365][T20647] usb 9-1: config 0 descriptor??
[  549.259075][   T30] audit: type=1400 audit(549.228:5901): avc:  denied  { append } for  pid=23287 comm="syz.9.7553" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  549.346193][   T24] kernel read not supported for file /admmidi2 (pid: 24 comm: kworker/1:0)
[  549.395745][T20647] usb 9-1: USB disconnect, device number 49
[  549.589916][T23313] netlink: 'syz.9.7562': attribute type 19 has an invalid length.
[  549.598632][T23313] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7562'.
[  549.612094][T23313] netlink: 'syz.9.7562': attribute type 19 has an invalid length.
[  549.612985][   T70] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  549.619952][T23313] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7562'.
[  549.630647][   T70] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  549.657077][   T70] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  549.672027][   T70] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  549.709398][   T49] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x1
[  549.761025][ T5902] usb 8-1: USB disconnect, device number 61
[  549.837042][T23325] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4243739199 (8487478398 ns) > initial count (2409167910 ns). Using initial count to start timer.
[  550.007405][   T30] audit: type=1400 audit(549.978:5902): avc:  denied  { read write } for  pid=23335 comm="syz.5.7571" name="vim2m" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  550.033714][   T30] audit: type=1400 audit(549.978:5903): avc:  denied  { open } for  pid=23335 comm="syz.5.7571" path="/dev/vim2m" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  550.060024][T14195] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[  550.222480][T14195] usb 10-1: Using ep0 maxpacket: 16
[  550.229135][T14195] usb 10-1: config 0 has an invalid interface number: 128 but max is 0
[  550.237501][T14195] usb 10-1: config 0 has no interface number 0
[  550.244166][T14195] usb 10-1: config 0 interface 128 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[  550.255530][T14195] usb 10-1: New USB device found, idVendor=1b3d, idProduct=01d3, bcdDevice= 1.16
[  550.264674][T14195] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  550.272838][T14195] usb 10-1: Product: syz
[  550.277072][T14195] usb 10-1: Manufacturer: syz
[  550.281835][T14195] usb 10-1: SerialNumber: syz
[  550.288403][T14195] usb 10-1: config 0 descriptor??
[  550.294289][T23322] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  550.306027][T14195] ftdi_sio 10-1:0.128: FTDI USB Serial Device converter detected
[  550.319668][T14195] usb 10-1: Detected SIO
[  550.332246][T14195] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  550.526573][T20647] usb 10-1: USB disconnect, device number 20
[  550.537856][T20647] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  550.550646][T20647] ftdi_sio 10-1:0.128: device disconnected
[  551.133771][T23376] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7586'.
[  551.250024][T23381] loop8: detected capacity change from 0 to 16384
[  551.431952][T23386] loop8: detected capacity change from 16384 to 16383
[  551.543025][T20647] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[  551.592751][T23396] netlink: 'syz.5.7594': attribute type 10 has an invalid length.
[  551.617496][T23396] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7594'.
[  551.661060][T23396] team0: Port device geneve0 added
[  551.684570][ T3556] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  551.705034][ T3556] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  551.719934][ T3556] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  551.732102][T20647] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.768247][ T3556] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  551.780122][T20647] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  551.813692][T20647] usb 8-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  551.841805][T20647] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.859324][T20647] usb 8-1: config 0 descriptor??
[  552.000630][T23408] veth0_to_bridge: entered promiscuous mode
[  552.029234][T23405] veth0_to_bridge: left promiscuous mode
[  552.137250][T23416] netlink: 96 bytes leftover after parsing attributes in process `syz.9.7603'.
[  552.359347][T23431] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7609'.
[  552.492559][T20647] hid-led 0003:27B8:01ED.007D: probe with driver hid-led failed with error -71
[  552.522545][T20647] usb 8-1: USB disconnect, device number 62
[  552.627887][T20661] libceph: connect (1)[c::]:6789 error -101
[  552.634338][T20661] libceph: mon0 (1)[c::]:6789 connect error
[  552.701155][T14195] libceph: connect (1)[c::]:6789 error -101
[  552.707251][T14195] libceph: mon0 (1)[c::]:6789 connect error
[  552.901721][T20661] libceph: connect (1)[c::]:6789 error -101
[  552.908114][T20661] libceph: mon0 (1)[c::]:6789 connect error
[  552.984006][T20661] libceph: connect (1)[c::]:6789 error -101
[  552.990023][T20661] libceph: mon0 (1)[c::]:6789 connect error
[  553.151962][T14195] usb 6-1: new full-speed USB device number 65 using dummy_hcd
[  553.243313][T23473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7626'.
[  553.261875][T23473] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7626'.
[  553.302722][T14195] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  553.352209][T14195] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  553.365186][T14195] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  553.377095][T14195] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  553.390040][T14195] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  553.400585][T14195] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.408614][T14195] usb 6-1: Product: syz
[  553.413641][T14195] usb 6-1: Manufacturer: syz
[  553.421654][T23476] netlink: 'syz.2.7627': attribute type 10 has an invalid length.
[  553.429713][T23476] netlink: 40 bytes leftover after parsing attributes in process `syz.2.7627'.
[  553.439005][ T5902] libceph: connect (1)[c::]:6789 error -101
[  553.444991][T14195] usb 6-1: SerialNumber: syz
[  553.451605][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  553.452911][T23447] ceph: No mds server is up or the cluster is laggy
[  553.457628][T23452] ceph: No mds server is up or the cluster is laggy
[  553.475342][T23458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  553.497722][T14195] cdc_mbim 6-1:1.0: skipping garbage
[  553.503548][ T5902] libceph: connect (1)[c::]:6789 error -101
[  553.509270][T23476] team0: Port device geneve0 added
[  553.509777][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  553.713851][T23458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  553.725357][T23458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  554.141421][T20644] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  554.301315][T20644] usb 3-1: Using ep0 maxpacket: 8
[  554.315816][T20644] usb 3-1: config 127 has an invalid interface number: 171 but max is 1
[  554.325709][T20644] usb 3-1: config 127 has no interface number 1
[  554.335043][T20644] usb 3-1: config 127 interface 0 altsetting 10 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  554.346791][T23458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  554.346901][T23458] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  554.347252][T14195] cdc_mbim 6-1:1.0: setting rx_max = 16384
[  554.379544][T20644] usb 3-1: config 127 interface 0 altsetting 10 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  554.402019][T20644] usb 3-1: config 127 interface 0 altsetting 10 endpoint 0x8F has invalid wMaxPacketSize 0
[  554.417107][T20644] usb 3-1: config 127 interface 171 has no altsetting 0
[  554.486210][T20644] usb 3-1: config 127 interface 0 has no altsetting 0
[  554.495450][T20644] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  554.505758][T20644] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.514464][T20644] usb 3-1: Product: syz
[  554.519546][T20644] usb 3-1: Manufacturer: syz
[  554.524282][T20644] usb 3-1: SerialNumber: syz
[  554.548213][T14195] cdc_mbim 6-1:1.0: setting tx_max = 184
[  554.558389][T14195] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  554.573361][T14195] wwan wwan0: port wwan0mbim0 attached
[  554.594477][T14195] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 26:28:e8:37:00:d3
[  554.635331][T14195] usb 6-1: USB disconnect, device number 65
[  554.643820][T14195] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[  554.715258][T14195] wwan wwan0: port wwan0mbim0 disconnected
[  554.754384][T20644] xr_serial 3-1:127.171: xr_serial converter detected
[  554.766745][T20644] xr_serial ttyUSB0: Failed to set reg 0x1a: -71
[  554.773711][T20644] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  554.794728][T20644] usb 3-1: USB disconnect, device number 9
[  554.809057][T20644] xr_serial 3-1:127.171: device disconnected
[  555.177972][T23541] bridge0: entered allmulticast mode
[  555.809668][T23570] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7670'.
[  555.818808][T23568] unknown channel width for channel at 909000KHz?
[  555.842144][T23568] unknown channel width for channel at 909000KHz?
[  556.158325][   T30] audit: type=1400 audit(556.128:5904): avc:  denied  { mounton } for  pid=23582 comm="syz.7.7677" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  556.346547][T23596] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  556.460727][T23603] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7686'.
[  556.781379][T20644] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  556.792794][T23625] netlink: 'syz.7.7693': attribute type 4 has an invalid length.
[  556.828679][T23625] netlink: 'syz.7.7693': attribute type 4 has an invalid length.
[  556.898163][   T30] audit: type=1400 audit(556.868:5905): avc:  denied  { mounton } for  pid=23626 comm="syz.7.7694" path="/1029/file0" dev="proc" ino=92903 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=dir permissive=1
[  556.946614][T20644] usb 3-1: config 0 has an invalid interface number: 134 but max is 0
[  556.957130][   T30] audit: type=1400 audit(556.928:5906): avc:  denied  { mounton } for  pid=23626 comm="syz.7.7694" path="/1029/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  556.978585][    C0] vkms_vblank_simulate: vblank timer overrun
[  557.001414][T20644] usb 3-1: config 0 has no interface number 0
[  557.011279][T20644] usb 3-1: New USB device found, idVendor=1c04, idProduct=0015, bcdDevice=e2.1e
[  557.031551][T20644] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.062581][   T30] audit: type=1400 audit(557.038:5907): avc:  denied  { unmount } for  pid=10850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  557.087239][T20644] usb 3-1: config 0 descriptor??
[  557.239100][   T49] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  557.305294][T20644] usb 3-1: USB disconnect, device number 10
[  557.581486][T20647] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  557.735424][T20647] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  557.744756][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.754011][T20647] usb 6-1: config 0 descriptor??
[  557.760096][T20647] cp210x 6-1:0.0: cp210x converter detected
[  558.168780][T20647] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  558.204120][T20647] usb 6-1: cp210x converter now attached to ttyUSB0
[  558.262674][T23666] tipc: Started in network mode
[  558.267814][T23666] tipc: Node identity 42958785106a, cluster identity 4711
[  558.275916][T23666] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  558.284616][T23666] tipc: Disabling bearer <eth:syzkaller0>
[  558.377134][   T30] audit: type=1400 audit(558.348:5908): avc:  denied  { read } for  pid=23667 comm="syz.8.7709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  558.396007][    C0] vkms_vblank_simulate: vblank timer overrun
[  558.415914][T20647] usb 6-1: USB disconnect, device number 66
[  558.424678][T20647] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  558.434555][T20647] cp210x 6-1:0.0: device disconnected
[  559.135290][ T3556] nci: nci_ntf_packet: unknown ntf opcode 0x125
[  559.169366][   T30] audit: type=1400 audit(559.138:5909): avc:  denied  { create } for  pid=23680 comm="syz.7.7713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  559.211663][   T30] audit: type=1400 audit(559.158:5910): avc:  denied  { read } for  pid=23680 comm="syz.7.7713" path="socket:[110131]" dev="sockfs" ino=110131 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  559.271321][T20647] usb 10-1: new full-speed USB device number 21 using dummy_hcd
[  559.423112][T20647] usb 10-1: config 0 has no interfaces?
[  559.428875][T20647] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  559.445563][T20647] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.468846][T20647] usb 10-1: config 0 descriptor??
[  559.573896][T20644] delete_channel: no stack
[  559.697284][T20644] usb 10-1: USB disconnect, device number 21
[  560.261232][ T5902] usb 9-1: new high-speed USB device number 50 using dummy_hcd
[  560.414343][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.436159][ T5902] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  560.456313][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.499652][ T5902] usb 9-1: config 0 descriptor??
[  560.788949][ T5902] usbhid 9-1:0.0: can't add hid device: -71
[  560.795079][ T5902] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  560.831843][ T5902] usb 9-1: USB disconnect, device number 50
[  561.273714][T23729] netlink: 'syz.9.7732': attribute type 10 has an invalid length.
[  561.297961][T23729] netlink: 40 bytes leftover after parsing attributes in process `syz.9.7732'.
[  561.336152][T23729] dummy0: entered promiscuous mode
[  561.343778][T23729] bridge0: port 1(dummy0) entered blocking state
[  561.372552][T23729] bridge0: port 1(dummy0) entered disabled state
[  561.389913][T23729] dummy0: entered allmulticast mode
[  561.472565][T23744] block nbd7: shutting down sockets
[  561.586929][T23748] netlink: 'syz.9.7739': attribute type 4 has an invalid length.
[  562.444908][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  562.851738][T20644] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  563.041284][T20644] usb 6-1: Using ep0 maxpacket: 16
[  563.066408][T20644] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  563.079962][T20644] usb 6-1: config 0 has no interface number 0
[  563.093733][T20644] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  563.114142][T20644] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  563.145427][T20644] usb 6-1: config 0 interface 41 has no altsetting 0
[  563.169568][T20644] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  563.178737][T20644] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.191590][T14195] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  563.204387][T20644] usb 6-1: Product: syz
[  563.228217][T20644] usb 6-1: Manufacturer: syz
[  563.243152][T20644] usb 6-1: SerialNumber: syz
[  563.274787][T20644] usb 6-1: config 0 descriptor??
[  563.295605][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.303090][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.393195][T14195] usb 10-1: Using ep0 maxpacket: 32
[  563.407131][T14195] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  563.419211][T14195] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.473781][T14195] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  563.506037][T14195] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.535704][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.537555][T14195] usb 10-1: config 0 descriptor??
[  563.543059][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.549761][T14195] hub 10-1:0.0: USB hub found
[  563.752033][T14195] hub 10-1:0.0: 1 port detected
[  563.970850][T20644] Error reading MAC address
[  563.978206][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.985494][T23771] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  564.223057][T20644] sr9700 6-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  564.250100][T20644] usb 6-1: USB disconnect, device number 67
[  564.384983][T14195] hub 10-1:0.0: activate --> -90
[  564.443160][   T30] audit: type=1400 audit(564.418:5911): avc:  denied  { view } for  pid=23808 comm="syz.2.7765" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  564.604443][T14195] usb 10-1-port1: config error
[  564.806125][T14195] usb 10-1: Failed to suspend device, error -71
[  564.806180][T20647] usb 10-1: USB disconnect, device number 22
[  564.921374][T20644] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[  565.072717][T20644] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  565.091754][T20644] usb 8-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  565.115574][T20644] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.135780][T20644] usb 8-1: config 0 descriptor??
[  565.551071][T20644] holtek 0003:1241:5015.007E: item fetching failed at offset 1/5
[  565.572570][T20644] holtek 0003:1241:5015.007E: parse failed
[  565.588988][T20644] holtek 0003:1241:5015.007E: probe with driver holtek failed with error -22
[  565.763806][T20661] usb 8-1: USB disconnect, device number 63
[  566.201397][T20645] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  566.359238][T20645] usb 3-1: Using ep0 maxpacket: 8
[  566.370773][T20645] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.403327][T20645] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  566.451386][T20645] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  566.466060][T20645] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  566.477481][T20645] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  566.489988][T20645] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  566.550632][T20645] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  566.593140][T20645] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  566.613132][T20645] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.633314][T20645] usb 3-1: Product: syz
[  566.641381][T20645] usb 3-1: Manufacturer: syz
[  566.656132][T20645] usb 3-1: SerialNumber: syz
[  566.676991][T20645] usb 3-1: config 0 descriptor??
[  566.686996][T23827] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  566.698683][T20645] ati_remote 3-1:0.0: Initializing ati_remote hardware failed.
[  566.720582][T20645] ati_remote 3-1:0.0: probe with driver ati_remote failed with error -5
[  566.748385][   T30] audit: type=1400 audit(566.718:5912): avc:  denied  { connect } for  pid=23841 comm="syz.8.7778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  566.922839][T20645] usb 3-1: USB disconnect, device number 11
[  568.929810][T23907] input: syz1 as /devices/virtual/input/input102
[  569.889435][T23956] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7822'.
[  570.881317][T20647] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  570.942673][T24000] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7839'.
[  571.131261][T20647] usb 6-1: Using ep0 maxpacket: 32
[  571.145534][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  571.165395][T20647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  571.184953][T20647] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  571.203131][T20647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.229881][T20647] usb 6-1: config 0 descriptor??
[  571.252279][T20647] hub 6-1:0.0: USB hub found
[  571.457479][T20647] hub 6-1:0.0: 1 port detected
[  571.546070][T24017] sctp: [Deprecated]: syz.2.7846 (pid 24017) Use of int in max_burst socket option.
[  571.546070][T24017] Use struct sctp_assoc_value instead
[  571.721576][T20661] usb 10-1: new full-speed USB device number 23 using dummy_hcd
[  571.854509][T24030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7853'.
[  571.882677][T20661] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  571.898670][T20661] usb 10-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  571.909307][T20661] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.941396][T20661] usb 10-1: config 0 descriptor??
[  571.970187][T24015] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  572.019125][   T30] audit: type=1326 audit(571.988:5913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24035 comm="syz.7.7856" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x0
[  572.085467][T20647] hub 6-1:0.0: activate --> -90
[  572.101467][T20644] usb 9-1: new high-speed USB device number 51 using dummy_hcd
[  572.255537][T20644] usb 9-1: config index 0 descriptor too short (expected 23569, got 27)
[  572.264776][T20644] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.276189][T20644] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  572.285405][T20644] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  572.296199][T20644] usb 9-1: Manufacturer: syz
[  572.305158][T20644] usb 9-1: config 0 descriptor??
[  572.362982][T20644] rc_core: IR keymap rc-hauppauge not found
[  572.369607][T20644] Registered IR keymap rc-empty
[  572.375347][T20644] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  572.387131][T20644] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input103
[  572.391102][T20661] elan 0003:04F3:0755.007F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.9-1/input0
[  572.494784][T20647] usb 6-1-port1: cannot reset (err = -71)
[  572.495233][T20661] usb 6-1: USB disconnect, device number 68
[  572.505326][T20647] usb 6-1-port1: attempt power cycle
[  572.516608][T20644] usb 9-1: USB disconnect, device number 51
[  573.036582][T24057] netlink: set zone limit has 4 unknown bytes
[  573.185711][T24068] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7866'.
[  573.228304][   T13] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2
[  573.452678][T24079] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7872'.
[  573.837642][T24096] netlink: 'syz.2.7878': attribute type 1 has an invalid length.
[  573.977041][T24101] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7879'.
[  573.986425][T24101] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7879'.
[  574.191012][T20644] libceph: connect (1)[c::]:6789 error -101
[  574.192366][T20661] usb 10-1: USB disconnect, device number 23
[  574.197308][T20644] libceph: mon0 (1)[c::]:6789 connect error
[  574.258194][   T30] audit: type=1400 audit(574.228:5914): avc:  denied  { map } for  pid=24122 comm="syz.7.7888" path="socket:[112248]" dev="sockfs" ino=112248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  574.484995][T20646] libceph: connect (1)[c::]:6789 error -101
[  574.493183][T20646] libceph: mon0 (1)[c::]:6789 connect error
[  574.711304][T20644] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  574.861228][T20644] usb 10-1: Using ep0 maxpacket: 32
[  574.868399][T20644] usb 10-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  574.892933][T20644] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.916669][T20644] usb 10-1: config 0 descriptor??
[  574.931839][T20644] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  574.997889][T24114] ceph: No mds server is up or the cluster is laggy
[  575.001617][T20646] libceph: connect (1)[c::]:6789 error -101
[  575.010604][T20646] libceph: mon0 (1)[c::]:6789 connect error
[  575.106574][T24147] netlink: 'syz.5.7898': attribute type 4 has an invalid length.
[  575.121016][T24147] netlink: 'syz.5.7898': attribute type 4 has an invalid length.
[  575.387473][T24159] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7903'.
[  575.611488][   T30] audit: type=1326 audit(575.558:5915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24165 comm="syz.7.7906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  575.651589][   T30] audit: type=1326 audit(575.558:5916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24165 comm="syz.7.7906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  575.699295][   T30] audit: type=1326 audit(575.558:5917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24165 comm="syz.7.7906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  575.771005][   T30] audit: type=1326 audit(575.558:5918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24165 comm="syz.7.7906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9dd8ebe9 code=0x7ffc0000
[  576.152348][T20644] gspca_vc032x: reg_w err -71
[  576.157871][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.164135][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.169678][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.185579][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.196046][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.202748][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.208120][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.251012][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.257434][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.266596][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.272365][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.278133][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.295094][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.300393][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.309933][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.315493][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.320878][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.335410][T20644] gspca_vc032x: I2c Bus Busy Wait 00
[  576.340798][T20644] gspca_vc032x: Unknown sensor...
[  576.349011][T20644] vc032x 10-1:0.0: probe with driver vc032x failed with error -22
[  576.510546][T20644] usb 10-1: USB disconnect, device number 24
[  576.928072][T24199] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7921'.
[  576.937089][T24199] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7921'.
[  576.950182][T24199] netlink: 'syz.5.7921': attribute type 6 has an invalid length.
[  576.969703][   T36] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  576.979102][T24199] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7921'.
[  576.993635][   T36] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  577.003991][T24199] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7921'.
[  577.014747][   T36] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  577.025510][T24199] netlink: 'syz.5.7921': attribute type 6 has an invalid length.
[  577.036176][   T36] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  577.051582][T20644] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  577.221228][T20644] usb 10-1: Using ep0 maxpacket: 16
[  577.239343][T20644] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  577.252926][T20644] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.276819][T20644] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.325857][T20644] usb 10-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  577.351314][T20644] usb 10-1: config 7 interface 0 has no altsetting 0
[  577.358351][T20644] usb 10-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  577.374822][T20644] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.536251][T24222] netlink: 'syz.2.7931': attribute type 3 has an invalid length.
[  577.544282][T24222] netlink: 'syz.2.7931': attribute type 1 has an invalid length.
[  577.555076][T24222] netlink: 'syz.2.7931': attribute type 2 has an invalid length.
[  577.563725][T24222] netlink: 'syz.2.7931': attribute type 8 has an invalid length.
[  577.571530][T24222] netlink: 'syz.2.7931': attribute type 10 has an invalid length.
[  577.579369][T24222] netlink: 198236 bytes leftover after parsing attributes in process `syz.2.7931'.
[  577.827615][T20644] input: HID 0458:5010 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:7.0/0003:0458:5010.0080/input/input104
[  577.851490][ T3556] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  577.875691][T20644] kye 0003:0458:5010.0080: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.9-1/input0
[  578.030263][T20644] usb 10-1: USB disconnect, device number 25
[  578.115269][T24246] 8021q: adding VLAN 0 to HW filter on device bond2
[  578.130075][T24246] bond1: (slave bond2): making interface the new active one
[  578.140066][T24246] bond1: (slave bond2): Enslaving as an active interface with an up link
[  578.691246][T14195] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  578.888339][T14195] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.17
[  579.018777][T24277] binder: 24275:24277 ioctl c0306201 200000000640 returned -22
[  579.061637][T14195] usb 6-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[  579.061730][   T30] audit: type=1326 audit(579.038:5919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24272 comm="syz.9.7951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02a338ebe9 code=0x7fc00000
[  579.069797][T14195] usb 6-1: Product: syz
[  579.069829][T14195] usb 6-1: Manufacturer: syz
[  579.069845][T14195] usb 6-1: SerialNumber: syz
[  579.146983][T14195] usb 6-1: config 0 descriptor??
[  579.302380][T14195] ch341 6-1:0.0: ch341-uart converter detected
[  579.623821][   T30] audit: type=1326 audit(579.598:5920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24272 comm="syz.9.7951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f02a338ebe9 code=0x7fc00000
[  579.689039][   T30] audit: type=1400 audit(579.648:5921): avc:  denied  { getopt } for  pid=24287 comm="syz.7.7957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  580.081257][T20644] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  580.111684][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  580.236321][T20644] usb 10-1: Using ep0 maxpacket: 16
[  580.262742][T20644] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  580.270836][T20644] usb 10-1: config 0 has no interface number 0
[  580.283245][T20644] usb 10-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  580.292648][T20644] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.300781][T20644] usb 10-1: Product: syz
[  580.304937][T14195] usb 6-1: ch341-uart converter now attached to ttyUSB0
[  580.305153][T20644] usb 10-1: Manufacturer: syz
[  580.315608][   T24] usb 3-1: Using ep0 maxpacket: 32
[  580.316749][T20644] usb 10-1: SerialNumber: syz
[  580.333100][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  580.348635][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  580.369783][   T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  580.388809][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.408365][T20644] usb 10-1: config 0 descriptor??
[  580.417558][T20644] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  580.422050][   T24] usb 3-1: config 0 descriptor??
[  580.452529][   T24] hub 3-1:0.0: USB hub found
[  580.580395][T20644] snd-usb-audio 10-1:0.1: probe with driver snd-usb-audio failed with error -2
[  580.641340][T14195] usb 6-1: USB disconnect, device number 73
[  580.650081][T14195] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  580.653431][T20644] usb 10-1: USB disconnect, device number 26
[  580.668356][   T24] hub 3-1:0.0: 1 port detected
[  580.674767][T14195] ch341 6-1:0.0: device disconnected
[  580.765680][   T30] audit: type=1400 audit(580.728:5922): avc:  denied  { ioctl } for  pid=24309 comm="syz.8.7968" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  581.044103][T24324] netlink: 28 bytes leftover after parsing attributes in process `syz.8.7974'.
[  581.231642][T20647] usb 8-1: new high-speed USB device number 64 using dummy_hcd
[  581.293871][   T24] hub 3-1:0.0: activate --> -90
[  581.393759][T20647] usb 8-1: config 220 has an invalid interface number: 76 but max is 2
[  581.404552][T20647] usb 8-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  581.415700][T20647] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  581.435411][T20647] usb 8-1: config 220 has no interface number 2
[  581.442808][T20647] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  581.456836][T20647] usb 8-1: config 220 interface 0 has no altsetting 0
[  581.477418][T20647] usb 8-1: config 220 interface 76 has no altsetting 0
[  581.498294][T20647] usb 8-1: config 220 interface 1 has no altsetting 0
[  581.517877][T20647] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  581.530465][T20647] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.539768][T20647] usb 8-1: Product: syz
[  581.544207][T20647] usb 8-1: Manufacturer: syz
[  581.548801][T20647] usb 8-1: SerialNumber: syz
[  581.703161][T20661] usb 3-1: USB disconnect, device number 12
[  581.774569][T20647] usb 8-1: selecting invalid altsetting 0
[  581.789361][T20647] usb 8-1: Found UVC 7.01 device syz (8086:0b07)
[  581.797280][T20647] usb 8-1: No valid video chain found.
[  581.803893][T20646] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  581.816701][T20647] usb 8-1: selecting invalid altsetting 0
[  581.823689][T20647] usbtest 8-1:220.1: probe with driver usbtest failed with error -22
[  581.838030][T20647] usb 8-1: USB disconnect, device number 64
[  582.773483][T20646] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  582.791383][T20646] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  582.803845][T20646] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  582.814069][T20646] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  582.827105][T20646] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  582.846727][T20646] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.869325][T24374] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7993'.
[  582.889210][T20646] usb 6-1: config 0 descriptor??
[  583.087653][T24381] kvm: Disabled LAPIC found during irq injection
[  583.233259][T24391] netdevsim netdevsim9: Direct firmware load for lookup_extent_enter failed with error -2
[  583.244776][T24391] netdevsim netdevsim9: Falling back to sysfs fallback for: lookup_extent_enter
[  583.247854][   T30] audit: type=1400 audit(583.218:5923): avc:  denied  { firmware_load } for  pid=24390 comm="syz.9.8001" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  583.319398][T20646] plantronics 0003:047F:FFFF.0081: ignoring exceeding usage max
[  583.330674][T20646] plantronics 0003:047F:FFFF.0081: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  583.371384][T14195] usb 8-1: new high-speed USB device number 65 using dummy_hcd
[  583.441297][T20647] usb 9-1: new high-speed USB device number 52 using dummy_hcd
[  583.532005][T14195] usb 8-1: Using ep0 maxpacket: 16
[  583.537005][T20646] usb 6-1: USB disconnect, device number 74
[  583.549329][T14195] usb 8-1: unable to get BOS descriptor or descriptor too short
[  583.557725][T14195] usb 8-1: too many configurations: 233, using maximum allowed: 8
[  583.566513][T14195] usb 8-1: unable to read config index 0 descriptor/start: -71
[  583.574121][T14195] usb 8-1: can't read configurations, error -71
[  583.614807][T20647] usb 9-1: Using ep0 maxpacket: 32
[  583.622951][T20647] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  583.635102][T20647] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  583.645163][T20647] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  583.654757][T20647] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.663953][T20647] usb 9-1: config 0 descriptor??
[  583.670231][T20647] hub 9-1:0.0: USB hub found
[  583.873057][T20647] hub 9-1:0.0: 1 port detected
[  584.506463][T20645] hub 9-1:0.0: activate --> -90
[  584.591584][T20647] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  584.613562][T24411] block nbd2: server does not support multiple connections per device.
[  584.623627][T24411] block nbd2: shutting down sockets
[  584.741431][T20647] usb 6-1: Using ep0 maxpacket: 32
[  584.747976][T20647] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  584.757312][T20647] usb 6-1: config 0 has no interface number 0
[  584.765246][T20647] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  584.774416][T20647] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.782510][T20647] usb 6-1: Product: syz
[  584.786721][T20647] usb 6-1: Manufacturer: syz
[  584.791863][T20647] usb 6-1: SerialNumber: syz
[  584.797814][T20647] usb 6-1: config 0 descriptor??
[  584.804415][T20647] smsc95xx v2.0.0
[  584.908171][T20646] usb 9-1: USB disconnect, device number 52
[  585.739051][T24449] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(3)
[  585.745578][T24449] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  585.757092][T24449] vhci_hcd vhci_hcd.0: Device attached
[  585.768882][T24450] vhci_hcd: cannot find the pending unlink 1025
[  585.787473][T24450] vhci_hcd: connection closed
[  585.787582][ T3556] vhci_hcd: stop threads
[  585.804145][ T3556] vhci_hcd: release socket
[  585.808920][ T3556] vhci_hcd: disconnect device
[  586.010238][T20647] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  586.021144][T20647] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  586.030440][T20647] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  586.044059][T20646] usb 8-1: new high-speed USB device number 67 using dummy_hcd
[  586.052197][T20647] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  586.063108][T20647] usb 6-1: USB disconnect, device number 75
[  586.211546][T20646] usb 8-1: Using ep0 maxpacket: 16
[  586.218065][T20646] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  586.228234][T20646] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  586.238958][T20646] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  586.248146][T20646] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.256748][T20646] usb 8-1: Product: syz
[  586.260887][T20646] usb 8-1: Manufacturer: syz
[  586.265843][T20646] usb 8-1: SerialNumber: syz
[  586.605710][   T30] audit: type=1400 audit(586.578:5924): avc:  denied  { setattr } for  pid=24471 comm="syz.2.8036" name="/" dev="configfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  586.634108][   T30] audit: type=1400 audit(586.608:5925): avc:  denied  { relabelfrom } for  pid=24473 comm="syz.5.8037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  586.654256][   T30] audit: type=1400 audit(586.608:5926): avc:  denied  { relabelto } for  pid=24473 comm="syz.5.8037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  586.675995][   T30] audit: type=1400 audit(586.648:5927): avc:  denied  { attach_queue } for  pid=24473 comm="syz.5.8037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  586.703499][T20646] usb 8-1: 0:2 : does not exist
[  586.771896][T20646] usb 8-1: USB disconnect, device number 67
[  586.871412][   T30] audit: type=1400 audit(586.838:5928): avc:  denied  { watch } for  pid=24477 comm="syz.8.8039" path="/895/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  587.094172][T24484] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3238003414 (6476006828 ns) > initial count (129750006 ns). Using initial count to start timer.
[  587.493331][T20646] hid-generic 0000:0000:0000.0082: unknown main item tag 0x0
[  587.525632][T20646] hid-generic 0000:0000:0000.0082: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  587.875089][T24519] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  588.018030][T24526] 
[  588.020363][T24526] =====================================================
[  588.027351][T24526] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  588.034773][T24526] syzkaller #0 Not tainted
[  588.039160][T24526] -----------------------------------------------------
[  588.046062][T24526] syz.7.8060/24526 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  588.053756][T24526] ffff88807bc029f0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[  588.062439][T24526] 
[  588.062439][T24526] and this task is already holding:
[  588.069774][T24526] ffff888079413028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  588.079581][T24526] which would create a new lock dependency:
[  588.085440][T24526]  (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
[  588.093507][T24526] 
[  588.093507][T24526] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  588.102928][T24526]  (&client->buffer_lock){..-.}-{3:3}
[  588.102948][T24526] 
[  588.102948][T24526] ... which became SOFTIRQ-irq-safe at:
[  588.115968][T24526]   lock_acquire+0x179/0x350
[  588.120546][T24526]   _raw_spin_lock+0x2e/0x40
[  588.125124][T24526]   evdev_pass_values+0x10e/0x9b0
[  588.130143][T24526]   evdev_events+0x1bb/0x390
[  588.134715][T24526]   input_pass_values+0x74b/0x880
[  588.139727][T24526]   input_handle_event+0xb29/0x14d0
[  588.144904][T24526]   input_inject_event+0x1e8/0x3b0
[  588.149995][T24526]   kd_sound_helper+0x20f/0x280
[  588.154830][T24526]   input_handler_for_each_handle+0xd4/0x250
[  588.160789][T24526]   call_timer_fn+0x197/0x620
[  588.165449][T24526]   __run_timers+0x6ef/0x960
[  588.170022][T24526]   run_timer_base+0x114/0x190
[  588.174769][T24526]   run_timer_softirq+0x1a/0x40
[  588.179603][T24526]   handle_softirqs+0x216/0x8e0
[  588.184432][T24526]   __irq_exit_rcu+0x109/0x170
[  588.189172][T24526]   irq_exit_rcu+0x9/0x30
[  588.193479][T24526]   sysvec_apic_timer_interrupt+0xa4/0xc0
[  588.199172][T24526]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  588.205215][T24526]   console_flush_all+0x9a2/0xc60
[  588.210219][T24526]   console_unlock+0xd8/0x210
[  588.214878][T24526]   vprintk_emit+0x418/0x6d0
[  588.219446][T24526]   dev_printk_emit+0xfa/0x140
[  588.224187][T24526]   __dev_printk+0xf5/0x270
[  588.228666][T24526]   _dev_info+0xe4/0x120
[  588.232884][T24526]   usb_disconnect+0xec/0x9c0
[  588.237537][T24526]   hub_event+0x1c81/0x4fe0
[  588.242017][T24526]   process_one_work+0x9cf/0x1b70
[  588.247018][T24526]   worker_thread+0x6c8/0xf10
[  588.251670][T24526]   kthread+0x3c5/0x780
[  588.255799][T24526]   ret_from_fork+0x5d4/0x6f0
[  588.260450][T24526]   ret_from_fork_asm+0x1a/0x30
[  588.265280][T24526] 
[  588.265280][T24526] to a SOFTIRQ-irq-unsafe lock:
[  588.272267][T24526]  (tasklist_lock){.+.+}-{3:3}
[  588.272287][T24526] 
[  588.272287][T24526] ... which became SOFTIRQ-irq-unsafe at:
[  588.284864][T24526] ...
[  588.284869][T24526]   lock_acquire+0x179/0x350
[  588.291994][T24526]   _raw_read_lock+0x5f/0x70
[  588.296560][T24526]   __do_wait+0x105/0x890
[  588.300869][T24526]   do_wait+0x21e/0x5a0
[  588.305004][T24526]   kernel_wait+0x9f/0x160
[  588.309396][T24526]   call_usermodehelper_exec_work+0xf1/0x170
[  588.315354][T24526]   process_one_work+0x9cf/0x1b70
[  588.320352][T24526]   worker_thread+0x6c8/0xf10
[  588.325003][T24526]   kthread+0x3c5/0x780
[  588.329134][T24526]   ret_from_fork+0x5d4/0x6f0
[  588.333785][T24526]   ret_from_fork_asm+0x1a/0x30
[  588.338614][T24526] 
[  588.338614][T24526] other info that might help us debug this:
[  588.338614][T24526] 
[  588.348813][T24526] Chain exists of:
[  588.348813][T24526]   &client->buffer_lock --> &new->fa_lock --> tasklist_lock
[  588.348813][T24526] 
[  588.361903][T24526]  Possible interrupt unsafe locking scenario:
[  588.361903][T24526] 
[  588.370192][T24526]        CPU0                    CPU1
[  588.375529][T24526]        ----                    ----
[  588.380866][T24526]   lock(tasklist_lock);
[  588.385083][T24526]                                local_irq_disable();
[  588.391812][T24526]                                lock(&client->buffer_lock);
[  588.399154][T24526]                                lock(&new->fa_lock);
[  588.405889][T24526]   <Interrupt>
[  588.409313][T24526]     lock(&client->buffer_lock);
[  588.414310][T24526] 
[  588.414310][T24526]  *** DEADLOCK ***
[  588.414310][T24526] 
[  588.422426][T24526] 7 locks held by syz.7.8060/24526:
[  588.427594][T24526]  #0: ffff88802b024118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750
[  588.436708][T24526]  #1: ffff88801f7db230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0
[  588.446781][T24526]  #2: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0
[  588.456413][T24526]  #3: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880
[  588.465960][T24526]  #4: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390
[  588.475073][T24526]  #5: ffff888079413028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  588.485487][T24526]  #6: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[  588.494513][T24526] 
[  588.494513][T24526] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  588.504889][T24526] -> (&client->buffer_lock){..-.}-{3:3} {
[  588.510596][T24526]    IN-SOFTIRQ-W at:
[  588.514548][T24526]                     lock_acquire+0x179/0x350
[  588.520684][T24526]                     _raw_spin_lock+0x2e/0x40
[  588.526819][T24526]                     evdev_pass_values+0x10e/0x9b0
[  588.533385][T24526]                     evdev_events+0x1bb/0x390
[  588.539516][T24526]                     input_pass_values+0x74b/0x880
[  588.546083][T24526]                     input_handle_event+0xb29/0x14d0
[  588.552822][T24526]                     input_inject_event+0x1e8/0x3b0
[  588.559476][T24526]                     kd_sound_helper+0x20f/0x280
[  588.565874][T24526]                     input_handler_for_each_handle+0xd4/0x250
[  588.573397][T24526]                     call_timer_fn+0x197/0x620
[  588.579623][T24526]                     __run_timers+0x6ef/0x960
[  588.585757][T24526]                     run_timer_base+0x114/0x190
[  588.592066][T24526]                     run_timer_softirq+0x1a/0x40
[  588.598463][T24526]                     handle_softirqs+0x216/0x8e0
[  588.604854][T24526]                     __irq_exit_rcu+0x109/0x170
[  588.611159][T24526]                     irq_exit_rcu+0x9/0x30
[  588.617039][T24526]                     sysvec_apic_timer_interrupt+0xa4/0xc0
[  588.624299][T24526]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  588.631904][T24526]                     console_flush_all+0x9a2/0xc60
[  588.638480][T24526]                     console_unlock+0xd8/0x210
[  588.644722][T24526]                     vprintk_emit+0x418/0x6d0
[  588.650859][T24526]                     dev_printk_emit+0xfa/0x140
[  588.657166][T24526]                     __dev_printk+0xf5/0x270
[  588.663209][T24526]                     _dev_info+0xe4/0x120
[  588.668995][T24526]                     usb_disconnect+0xec/0x9c0
[  588.675214][T24526]                     hub_event+0x1c81/0x4fe0
[  588.681264][T24526]                     process_one_work+0x9cf/0x1b70
[  588.687834][T24526]                     worker_thread+0x6c8/0xf10
[  588.694052][T24526]                     kthread+0x3c5/0x780
[  588.699889][T24526]                     ret_from_fork+0x5d4/0x6f0
[  588.706115][T24526]                     ret_from_fork_asm+0x1a/0x30
[  588.712509][T24526]    INITIAL USE at:
[  588.716383][T24526]                    lock_acquire+0x179/0x350
[  588.722440][T24526]                    _raw_spin_lock+0x2e/0x40
[  588.728494][T24526]                    evdev_pass_values+0x10e/0x9b0
[  588.734977][T24526]                    evdev_events+0x1bb/0x390
[  588.741025][T24526]                    input_pass_values+0x74b/0x880
[  588.747507][T24526]                    input_handle_event+0xb29/0x14d0
[  588.754167][T24526]                    input_inject_event+0x1e8/0x3b0
[  588.760741][T24526]                    kd_sound_helper+0x20f/0x280
[  588.767057][T24526]                    input_handler_for_each_handle+0xd4/0x250
[  588.774497][T24526]                    call_timer_fn+0x197/0x620
[  588.780640][T24526]                    __run_timers+0x6ef/0x960
[  588.786690][T24526]                    run_timer_base+0x114/0x190
[  588.792915][T24526]                    run_timer_softirq+0x1a/0x40
[  588.799228][T24526]                    handle_softirqs+0x216/0x8e0
[  588.805534][T24526]                    __irq_exit_rcu+0x109/0x170
[  588.811752][T24526]                    irq_exit_rcu+0x9/0x30
[  588.817533][T24526]                    sysvec_apic_timer_interrupt+0xa4/0xc0
[  588.824708][T24526]                    asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  588.832230][T24526]                    console_flush_all+0x9a2/0xc60
[  588.838719][T24526]                    console_unlock+0xd8/0x210
[  588.844849][T24526]                    vprintk_emit+0x418/0x6d0
[  588.850906][T24526]                    dev_printk_emit+0xfa/0x140
[  588.857129][T24526]                    __dev_printk+0xf5/0x270
[  588.863086][T24526]                    _dev_info+0xe4/0x120
[  588.868790][T24526]                    usb_disconnect+0xec/0x9c0
[  588.874923][T24526]                    hub_event+0x1c81/0x4fe0
[  588.880880][T24526]                    process_one_work+0x9cf/0x1b70
[  588.887358][T24526]                    worker_thread+0x6c8/0xf10
[  588.893490][T24526]                    kthread+0x3c5/0x780
[  588.899108][T24526]                    ret_from_fork+0x5d4/0x6f0
[  588.905242][T24526]                    ret_from_fork_asm+0x1a/0x30
[  588.911551][T24526]  }
[  588.914024][T24526]  ... key      at: [<ffffffff9b1603e0>] __key.1+0x0/0x40
[  588.921117][T24526] 
[  588.921117][T24526] the dependencies between the lock to be acquired
[  588.921126][T24526]  and SOFTIRQ-irq-unsafe lock:
[  588.934596][T24526]   -> (tasklist_lock){.+.+}-{3:3} {
[  588.939874][T24526]      HARDIRQ-ON-R at:
[  588.944006][T24526]                         lock_acquire+0x179/0x350
[  588.950492][T24526]                         _raw_read_lock+0x5f/0x70
[  588.956971][T24526]                         __do_wait+0x105/0x890
[  588.963194][T24526]                         do_wait+0x21e/0x5a0
[  588.969241][T24526]                         kernel_wait+0x9f/0x160
[  588.975550][T24526]                         call_usermodehelper_exec_work+0xf1/0x170
[  588.983434][T24526]                         process_one_work+0x9cf/0x1b70
[  588.990357][T24526]                         worker_thread+0x6c8/0xf10
[  588.996924][T24526]                         kthread+0x3c5/0x780
[  589.002982][T24526]                         ret_from_fork+0x5d4/0x6f0
[  589.009557][T24526]                         ret_from_fork_asm+0x1a/0x30
[  589.016306][T24526]      SOFTIRQ-ON-R at:
[  589.020440][T24526]                         lock_acquire+0x179/0x350
[  589.026929][T24526]                         _raw_read_lock+0x5f/0x70
[  589.033411][T24526]                         __do_wait+0x105/0x890
[  589.039635][T24526]                         do_wait+0x21e/0x5a0
[  589.045683][T24526]                         kernel_wait+0x9f/0x160
[  589.051985][T24526]                         call_usermodehelper_exec_work+0xf1/0x170
[  589.059859][T24526]                         process_one_work+0x9cf/0x1b70
[  589.066768][T24526]                         worker_thread+0x6c8/0xf10
[  589.073331][T24526]                         kthread+0x3c5/0x780
[  589.079371][T24526]                         ret_from_fork+0x5d4/0x6f0
[  589.085933][T24526]                         ret_from_fork_asm+0x1a/0x30
[  589.092678][T24526]      INITIAL USE at:
[  589.096721][T24526]                        lock_acquire+0x179/0x350
[  589.103116][T24526]                        _raw_write_lock_irq+0x36/0x50
[  589.109938][T24526]                        copy_process+0x4caf/0x7690
[  589.116508][T24526]                        kernel_clone+0xfc/0x930
[  589.122814][T24526]                        user_mode_thread+0xc7/0x110
[  589.129466][T24526]                        rest_init+0x23/0x2b0
[  589.135513][T24526]                        start_kernel+0x3ee/0x4d0
[  589.141903][T24526]                        x86_64_start_reservations+0x18/0x30
[  589.149269][T24526]                        x86_64_start_kernel+0x130/0x190
[  589.156267][T24526]                        common_startup_64+0x13e/0x148
[  589.163091][T24526]      INITIAL READ USE at:
[  589.167565][T24526]                             lock_acquire+0x179/0x350
[  589.174396][T24526]                             _raw_read_lock+0x5f/0x70
[  589.181217][T24526]                             __do_wait+0x105/0x890
[  589.187960][T24526]                             do_wait+0x21e/0x5a0
[  589.194356][T24526]                             kernel_wait+0x9f/0x160
[  589.201006][T24526]                             call_usermodehelper_exec_work+0xf1/0x170
[  589.209222][T24526]                             process_one_work+0x9cf/0x1b70
[  589.216480][T24526]                             worker_thread+0x6c8/0xf10
[  589.223389][T24526]                             kthread+0x3c5/0x780
[  589.229777][T24526]                             ret_from_fork+0x5d4/0x6f0
[  589.236686][T24526]                             ret_from_fork_asm+0x1a/0x30
[  589.243773][T24526]    }
[  589.246425][T24526]    ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[  589.254296][T24526]    ... acquired at:
[  589.258244][T24526]    _raw_read_lock+0x5f/0x70
[  589.262894][T24526]    send_sigio+0xb8/0x3e0
[  589.267290][T24526]    dnotify_handle_event+0x15e/0x2b0
[  589.272641][T24526]    fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0
[  589.279204][T24526]    fsnotify+0x13d6/0x1dc0
[  589.283679][T24526]    vfs_mkdir+0x71d/0x8c0
[  589.288067][T24526]    do_mkdirat+0x304/0x3e0
[  589.292544][T24526]    __x64_sys_mkdirat+0x83/0xb0
[  589.297456][T24526]    do_syscall_64+0xcd/0x4c0
[  589.302108][T24526]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.308149][T24526] 
[  589.310444][T24526]  -> (&f_owner->lock){....}-{3:3} {
[  589.315719][T24526]     INITIAL USE at:
[  589.319671][T24526]                      lock_acquire+0x179/0x350
[  589.325892][T24526]                      _raw_write_lock_irq+0x36/0x50
[  589.332541][T24526]                      __f_setown+0x61/0x3c0
[  589.338499][T24526]                      generic_setlease+0xeef/0x1300
[  589.345150][T24526]                      kernel_setlease+0x106/0x140
[  589.351626][T24526]                      vfs_setlease+0x258/0x2d0
[  589.357839][T24526]                      fcntl_setlease+0x3ed/0x5a0
[  589.364225][T24526]                      do_fcntl+0x751/0x15a0
[  589.370181][T24526]                      __x64_sys_fcntl+0x163/0x200
[  589.376660][T24526]                      do_syscall_64+0xcd/0x4c0
[  589.382877][T24526]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.390479][T24526]     INITIAL READ USE at:
[  589.394867][T24526]                           lock_acquire+0x179/0x350
[  589.401534][T24526]                           _raw_read_lock_irqsave+0x74/0x90
[  589.408877][T24526]                           send_sigio+0x31/0x3e0
[  589.415269][T24526]                           kill_fasync+0x214/0x510
[  589.421840][T24526]                           lease_break_callback+0x23/0x30
[  589.429014][T24526]                           __break_lease+0x674/0x1810
[  589.435836][T24526]                           do_dentry_open+0x91f/0x1530
[  589.442748][T24526]                           vfs_open+0x82/0x3f0
[  589.448968][T24526]                           path_openat+0x1de4/0x2cb0
[  589.455705][T24526]                           do_filp_open+0x20b/0x470
[  589.462358][T24526]                           do_sys_openat2+0x11b/0x1d0
[  589.469183][T24526]                           __x64_sys_open+0x153/0x1e0
[  589.476010][T24526]                           do_syscall_64+0xcd/0x4c0
[  589.482676][T24526]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.490720][T24526]   }
[  589.493280][T24526]   ... key      at: [<ffffffff9ae90360>] __key.1+0x0/0x40
[  589.500453][T24526]   ... acquired at:
[  589.504313][T24526]    _raw_read_lock_irqsave+0x74/0x90
[  589.509659][T24526]    send_sigio+0x31/0x3e0
[  589.514062][T24526]    kill_fasync+0x214/0x510
[  589.518632][T24526]    lease_break_callback+0x23/0x30
[  589.523811][T24526]    __break_lease+0x674/0x1810
[  589.528636][T24526]    do_dentry_open+0x91f/0x1530
[  589.533550][T24526]    vfs_open+0x82/0x3f0
[  589.537769][T24526]    path_openat+0x1de4/0x2cb0
[  589.542509][T24526]    do_filp_open+0x20b/0x470
[  589.547160][T24526]    do_sys_openat2+0x11b/0x1d0
[  589.551988][T24526]    __x64_sys_open+0x153/0x1e0
[  589.556819][T24526]    do_syscall_64+0xcd/0x4c0
[  589.561472][T24526]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.567511][T24526] 
[  589.569807][T24526] -> (&new->fa_lock){....}-{3:3} {
[  589.574904][T24526]    INITIAL USE at:
[  589.578771][T24526]                    lock_acquire+0x179/0x350
[  589.584818][T24526]                    _raw_write_lock_irq+0x36/0x50
[  589.591294][T24526]                    fasync_remove_entry+0xb2/0x1e0
[  589.597860][T24526]                    fasync_helper+0xaf/0xd0
[  589.603817][T24526]                    lease_modify+0x232/0x500
[  589.609857][T24526]                    locks_remove_file+0x29e/0x5c0
[  589.616333][T24526]                    __fput+0x351/0xb70
[  589.621857][T24526]                    task_work_run+0x14d/0x240
[  589.627985][T24526]                    exit_to_user_mode_loop+0xeb/0x110
[  589.634806][T24526]                    do_syscall_64+0x3f6/0x4c0
[  589.640943][T24526]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.648380][T24526]    INITIAL READ USE at:
[  589.652681][T24526]                         lock_acquire+0x179/0x350
[  589.659170][T24526]                         _raw_read_lock_irqsave+0x74/0x90
[  589.666338][T24526]                         kill_fasync+0x138/0x510
[  589.672732][T24526]                         lease_break_callback+0x23/0x30
[  589.679733][T24526]                         __break_lease+0x674/0x1810
[  589.686382][T24526]                         do_dentry_open+0x91f/0x1530
[  589.693118][T24526]                         vfs_open+0x82/0x3f0
[  589.699162][T24526]                         path_openat+0x1de4/0x2cb0
[  589.705734][T24526]                         do_filp_open+0x20b/0x470
[  589.712209][T24526]                         do_sys_openat2+0x11b/0x1d0
[  589.718863][T24526]                         __x64_sys_open+0x153/0x1e0
[  589.725515][T24526]                         do_syscall_64+0xcd/0x4c0
[  589.731995][T24526]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.739858][T24526]  }
[  589.742329][T24526]  ... key      at: [<ffffffff9ae90320>] __key.0+0x0/0x40
[  589.749429][T24526]  ... acquired at:
[  589.753204][T24526]    lock_acquire+0x179/0x350
[  589.757862][T24526]    _raw_read_lock_irqsave+0x74/0x90
[  589.763210][T24526]    kill_fasync+0x138/0x510
[  589.767779][T24526]    evdev_pass_values+0x619/0x9b0
[  589.772872][T24526]    evdev_events+0x1bb/0x390
[  589.777529][T24526]    input_pass_values+0x74b/0x880
[  589.782621][T24526]    input_handle_event+0xf00/0x14d0
[  589.787887][T24526]    input_inject_event+0x1e8/0x3b0
[  589.793063][T24526]    evdev_write+0x457/0x750
[  589.797631][T24526]    vfs_write+0x29d/0x11d0
[  589.802107][T24526]    ksys_write+0x1f8/0x250
[  589.806587][T24526]    do_syscall_64+0xcd/0x4c0
[  589.811241][T24526]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.817281][T24526] 
[  589.819576][T24526] 
[  589.819576][T24526] stack backtrace:
[  589.825438][T24526] CPU: 0 UID: 0 PID: 24526 Comm: syz.7.8060 Not tainted syzkaller #0 PREEMPT(full) 
[  589.825457][T24526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  589.825466][T24526] Call Trace:
[  589.825472][T24526]  <TASK>
[  589.825478][T24526]  dump_stack_lvl+0x116/0x1f0
[  589.825494][T24526]  check_irq_usage+0x7dc/0x920
[  589.825515][T24526]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  589.825536][T24526]  ? check_path.constprop.0+0x24/0x50
[  589.825558][T24526]  ? __lock_acquire+0x12bc/0x1ce0
[  589.825579][T24526]  __lock_acquire+0x12bc/0x1ce0
[  589.825604][T24526]  lock_acquire+0x179/0x350
[  589.825625][T24526]  ? kill_fasync+0x138/0x510
[  589.825646][T24526]  _raw_read_lock_irqsave+0x74/0x90
[  589.825660][T24526]  ? kill_fasync+0x138/0x510
[  589.825679][T24526]  kill_fasync+0x138/0x510
[  589.825699][T24526]  evdev_pass_values+0x619/0x9b0
[  589.825721][T24526]  evdev_events+0x1bb/0x390
[  589.825741][T24526]  input_pass_values+0x74b/0x880
[  589.825761][T24526]  input_handle_event+0xf00/0x14d0
[  589.825780][T24526]  ? _copy_from_user+0x59/0xd0
[  589.825800][T24526]  input_inject_event+0x1e8/0x3b0
[  589.825821][T24526]  evdev_write+0x457/0x750
[  589.825842][T24526]  ? __pfx_evdev_write+0x10/0x10
[  589.825862][T24526]  ? bpf_lsm_file_permission+0x9/0x10
[  589.825880][T24526]  ? security_file_permission+0x71/0x210
[  589.825902][T24526]  ? rw_verify_area+0xcf/0x6c0
[  589.825923][T24526]  ? __pfx_evdev_write+0x10/0x10
[  589.825942][T24526]  vfs_write+0x29d/0x11d0
[  589.825962][T24526]  ? __pfx_vfs_write+0x10/0x10
[  589.825975][T24526]  ? find_held_lock+0x2b/0x80
[  589.825991][T24526]  ? __fget_files+0x204/0x3c0
[  589.826008][T24526]  ? __fget_files+0x20e/0x3c0
[  589.826025][T24526]  ksys_write+0x1f8/0x250
[  589.826039][T24526]  ? __pfx_ksys_write+0x10/0x10
[  589.826056][T24526]  do_syscall_64+0xcd/0x4c0
[  589.826072][T24526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.826086][T24526] RIP: 0033:0x7f8f9dd8ebe9
[  589.826098][T24526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.826112][T24526] RSP: 002b:00007f8f9ecae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  589.826126][T24526] RAX: ffffffffffffffda RBX: 00007f8f9dfc5fa0 RCX: 00007f8f9dd8ebe9
[  589.826135][T24526] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004
[  589.826144][T24526] RBP: 00007f8f9de11e19 R08: 0000000000000000 R09: 0000000000000000
[  589.826153][T24526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  589.826161][T24526] R13: 00007f8f9dfc6038 R14: 00007f8f9dfc5fa0 R15: 00007ffe5e65c208
[  589.826175][T24526]  </TASK>
[  590.291248][T20647] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  590.452926][T20647] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  590.463508][T20647] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  590.473223][T20647] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  590.482278][T20647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  590.490474][T20647] usb 3-1: SerialNumber: syz
[  590.700955][T20647] usb 3-1: 0:2 : does not exist
[  590.705871][T20647] usb 3-1: usbmixer: too many channels (61) in unit 5
[  590.715816][T20647] usb 3-1: USB disconnect, device number 13