last executing test programs:

2m32.307195822s ago: executing program 0 (id=2273):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0)
read$nci(r1, &(0x7f0000000100)=""/107, 0x6b)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0x7, &(0x7f0000000080)=0x4)
write$nci(r1, &(0x7f0000000100)=ANY=[], 0x4)
write$vga_arbiter(r1, &(0x7f0000000000)=ANY=[], 0xb)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
r4 = syz_io_uring_complete(0x0, 0x0)
connect$pppl2tp(r4, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(generic-gcm-aesni)\x00'}, 0x58)
mount(&(0x7f0000000380)=@nullb, &(0x7f0000000200)='./cgroup\x00', &(0x7f00000003c0)='qnx4\x00', 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)

2m31.946541811s ago: executing program 0 (id=2274):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, r1, 0xb738c13ce011d80b, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x762eb9afa10bcdeb)
cachestat(r2, &(0x7f0000000040), &(0x7f000009de80), 0x0)

2m31.594673122s ago: executing program 0 (id=2275):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000100)={0x2a, 0x3}, 0xc)
bind$qrtr(r0, &(0x7f0000000080)={0x2a, 0x1, 0xf4}, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14e90e778300dfe00000000000e4ff0000ffffffff"], 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r4 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000980)=""/4080, 0xff0}, {&(0x7f0000001ec0)=""/4083, 0xff3}, {&(0x7f00000002c0)=""/229, 0xe5}, {&(0x7f0000000180)=""/240, 0xf0}, {&(0x7f0000000080)=""/45, 0x2d}], 0x5}, 0x100)
syz_init_net_socket$ax25(0x3, 0x5, 0x3)
sendmsg$inet(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r5, &(0x7f00000004c0)=""/57, 0x39)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000740)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000c00060001000000000000000c00020000000000000000001c0007"], 0x48}}, 0x0)

2m31.072860783s ago: executing program 0 (id=2278):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0) (async)
r1 = syz_io_uring_setup(0x247b, &(0x7f0000000240)={0x0, 0x398a, 0x1, 0x3, 0x126}, 0x0, 0x0, &(0x7f0000000000))
syz_io_uring_setup(0x2734, &(0x7f0000000000)={0x0, 0xc5f8, 0x100, 0x1, 0xc4, 0x0, r1}, 0x0, 0x0, &(0x7f0000000000))
recvfrom(r0, &(0x7f0000000040)=""/60, 0x3c, 0x102, 0x0, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}], 0x28}, 0x0) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, 0x0, 0x0) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000480)=[{{&(0x7f0000000800)={0x2, 0xce24, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200), 0x1000810, &(0x7f0000000300)=ANY=[@ANYBLOB=',msize=0']) (async)
r4 = socket$packet(0x11, 0x3, 0x300)
recvmsg(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000005c0), 0x0, &(0x7f0000000640)=""/195, 0xc3}, 0x2161) (async)
r5 = socket(0x28, 0x1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x0, 0x1100, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @private}}}}) (async)
sendto$inet(r3, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002600)='gfs2\x00', 0x2888004, 0x0)

2m30.890951851s ago: executing program 0 (id=2279):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x304}, '\x00', "ec094e36a7e3970f8c35c47e5804000300", "c700", "fffffffffffffffd"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000b80), 0x82, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r4 = dup(r0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x0, 0x3)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000100)={0x7, 0x0, '\x00', {0x0, @bt={0x0, 0x3, 0x0, 0x3, 0x3, 0xd3e, 0x40000, 0x27a0, 0x3, 0x8, 0x0, 0x0, 0x9, 0x5, 0x8, 0x1, {0x1, 0x4001}, 0xf, 0x7f}}})
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)
syz_usb_connect$uac1(0x2, 0x0, 0x0, 0x0)

2m27.484277078s ago: executing program 0 (id=2288):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, &(0x7f0000000480)={&(0x7f0000000440)=[{0x3, 0x2, 0x3}], 0x1, 0x10, 0x3, 0x101})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000130a030000000000000000000200002e0900020073797a310000000008000340000000010900010073797a30"], 0x34}}, 0x20000000)
ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000080)={0x6, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x20, 0x0, &(0x7f0000000200)=[@increfs_done={0x40106308, 0x1}, @register_looper, @release={0x40046306, 0x3}], 0xd7, 0x0, &(0x7f0000000680)="d7098d01c083cff1f78c8618d30bd3803744a09a8794f7b12badb0905c875e4a7ac3535045440de7e92eb2b9463d37b1e73ff8370a513c7515117b587a05dcd2ef765ffff2d64aed21c65918958007b7256d6ad82fee96a736095eedecf673ba6c9fe57d185b9c9313f23fb4347955004317fcb342ad4b6fdf271da878011fb5c0a7419f32169ac2f169e25cd7d414b5a8b4669b00a5d714f63b0e15d5a69f5cb0dda5fd3044398d586a0e06aae8a2cde8cb162ed36adebf4fbb97bb59834879a3e9cc79687b99ac83db14911129ff33a67f49cfab0b26"})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x10000000000)
r4 = syz_open_dev$ndb(&(0x7f0000001900), 0x0, 0x0)
ioctl$BLKPBSZGET(r4, 0x80081280, &(0x7f0000000000))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c40)={0x3c, r6, 0x1, 0x0, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}}, 0x8040)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0})

2m12.381497967s ago: executing program 32 (id=2288):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, &(0x7f0000000480)={&(0x7f0000000440)=[{0x3, 0x2, 0x3}], 0x1, 0x10, 0x3, 0x101})
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000130a030000000000000000000200002e0900020073797a310000000008000340000000010900010073797a30"], 0x34}}, 0x20000000)
ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000080)={0x6, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x20, 0x0, &(0x7f0000000200)=[@increfs_done={0x40106308, 0x1}, @register_looper, @release={0x40046306, 0x3}], 0xd7, 0x0, &(0x7f0000000680)="d7098d01c083cff1f78c8618d30bd3803744a09a8794f7b12badb0905c875e4a7ac3535045440de7e92eb2b9463d37b1e73ff8370a513c7515117b587a05dcd2ef765ffff2d64aed21c65918958007b7256d6ad82fee96a736095eedecf673ba6c9fe57d185b9c9313f23fb4347955004317fcb342ad4b6fdf271da878011fb5c0a7419f32169ac2f169e25cd7d414b5a8b4669b00a5d714f63b0e15d5a69f5cb0dda5fd3044398d586a0e06aae8a2cde8cb162ed36adebf4fbb97bb59834879a3e9cc79687b99ac83db14911129ff33a67f49cfab0b26"})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x10000000000)
r4 = syz_open_dev$ndb(&(0x7f0000001900), 0x0, 0x0)
ioctl$BLKPBSZGET(r4, 0x80081280, &(0x7f0000000000))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c40)={0x3c, r6, 0x1, 0x0, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}}, 0x8040)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0})

8.853030781s ago: executing program 3 (id=2787):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\v/'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRESOCT=r0], 0xa3)

8.343721047s ago: executing program 4 (id=2796):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001b80), 0x0, 0x0)
ioctl$SOUND_PCM_READ_RATE(r1, 0x80045002, &(0x7f0000001bc0))
sendto(r0, &(0x7f0000001380)="ebb86bd6752156bf3272d176734af5cee9ca18e70b04889c38ea416a965924", 0x1f, 0xc805, &(0x7f0000001300)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x80)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOC_PR_RELEASE(r3, 0x401070ca, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea4, 0x20000, @local, 0x9}, 0x1c)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000000000)={0xc000003, 0xf, &(0x7f0000000180)=[0x1003, 0x9, 0xf909, 0x899d, 0x80, 0x98a, 0x7, 0x1010, 0xfffffe01, 0x1, 0x4, 0x2, 0x6, 0x4, 0x0], 0x1, 0x4000007})
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f00000013c0)=@srh={0x1d, 0x10, 0x4, 0x8, 0xdb, 0x68, 0x7, [@mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, @private2]}, 0x88)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000001c0)={0xda7, 0x0, 0x1, 0x0, 0x2})
ioctl$SNDCTL_TMR_STOP(r4, 0x5403)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000040)=<r5=>0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x2508, 0x3, 0x2}, 0x18, 0x2)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, &(0x7f00000002c0)={{r0}, r5, 0x0, @inherit={0x58, &(0x7f0000000240)={0x0, 0x2, 0x8000, 0x1000, {0x1, 0x6, 0x4, 0xfffffffffffffffa, 0x516}, [0xf, 0x1]}}, @subvolid=0xfe6})
syz_usbip_server_init(0x5)
open(&(0x7f0000000080)='./file0\x00', 0x200, 0x152)

7.245418166s ago: executing program 4 (id=2799):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000880)=ANY=[@ANYBLOB="fc00000000020103000000000000000007000002e00003802c000180140003000000000000000000000000000000000014000400a60942870000000000000000000000000c0002800500010001000000060003400004000006000340000001002c000180142003000000000000000000000000000000000000000000000000160001660c269900e0000001080002000000000014000180080001007f001c0108010200ac1414bb1400018008000100ac1414bb08000200ac1414aa2c000180140003002001000000000000000000000000000214000400fe88000000000000000000000000de00080005400001000100"/252], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x582, 0x25, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x3, 0x1, 0xf8, 0x10, 0x5, {0x8, 0xb, 0x2, 0x0, 0x1, 0x5, 0x20, 0x8}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffd, 0xa, 0x11, 0x47}, [@source_unit={0x8, 0x24, 0xa, 0x0, 0x0, 0xb, 0x7f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x4, 0xd8, {0x8, 0x25, 0x1, 0x2, 0x30, 0xcc}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xd, 0x7, 0x0, {0x8, 0x25, 0x1, 0x1, 0xf, 0x4, 0x10}}}}}}}}]}}, 0x0)
syz_usb_control_io$uac2(r2, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0x4, 0x0, &(0x7f0000000000)=0x41)
syz_usb_connect$cdc_ncm(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io$uac2(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x100, 0x0)
ioctl$COMEDI_SUBDINFO(r4, 0x80486402, &(0x7f0000000180))
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
capset(&(0x7f00000004c0)={0x20071026}, &(0x7f0000000100))
ioctl$SIOCAX25ADDFWD(r5, 0x89ea, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x85, 0x20200)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r9, 0x6, 0x13, &(0x7f0000000100)=0xf3e0e1d127bc7062, 0x4)
ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5387, &(0x7f00000000c0))
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x28, 0x0, 0x0, 0xfffff01c}, {0x6, 0x6, 0x3}]}, 0x10)
flock(r1, 0x2)
r10 = socket(0x10, 0x803, 0x0)
sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

6.97627615s ago: executing program 2 (id=2802):
syz_usb_connect$cdc_ecm(0x4, 0x5a, &(0x7f0000000240)=ANY=[@ANYRESOCT, @ANYBLOB="12010000020000102505a1a440000000010109024800010106000009040000ff02020000052406800005240002000d240f010000000000000000000424020009058103200000000a09058202200000000009050302"], 0x0)

6.354642613s ago: executing program 2 (id=2803):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000340)={'wpan0\x00'})
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x50}, 0x4, 0x700000000000000, 0x0, 0x4}, 0x4040084)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0902000000000000000001000000050002000a00000014000700ff00000000000000000000000000000108000b00", @ANYBLOB="5bea4481"], 0x38}}, 0x0)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000300)={[0xc45, 0x9, 0xfffffffffefffffd, 0x1, 0x10000, 0x7, 0x4002004c1, 0x7ff, 0x9, 0x6, 0x400, 0x83, 0x8c, 0x10, 0xf, 0x8d], 0x25000, 0x2c0846})
pwrite64(r9, &(0x7f0000000200)="6aa67f620416f7a610acfc9a1b3190fcea1e5d4e7db0f08247e83675383919b9ef1ac67fe268ca7e7a32e2e5d7d56ed6f4d7325f192c90c90bd2828ca926bd234e238ec4eba992bd2247ef88dfcdabfd23b8f52ddb2745f487b177827dcb2c72265e0fdc975c20624d22ed597411a4c4d5", 0x71, 0xcd74)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r12=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r13=>0xffffffffffffffff})
r14 = socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r14)
ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r16=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)={0x1, r15, 0x800, 0x0, 0x25dfdbff, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x0, 0xe4, 0x1}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x5}, @NL80211_ATTR_STA_WME={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x8854)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x5c, r11, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}]}]}, 0x5c}}, 0x0)

6.058029448s ago: executing program 2 (id=2805):
r0 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x20000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000040)={0x1, 0x8, 0x4, &(0x7f0000000000)={0x21, "45ae7ce051928a22916ce0126363cae4e92eef1c5dfdde53055142df3ad9662e27"}})
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="d80000001e0081054e81f782060000000000000006007c095dd2466518000e800a00142603600e1208000f0000000406a80016c00800094014000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791433a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad909d5e1cace81ed0bffece0b42a9eca0200e6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)

5.842622956s ago: executing program 2 (id=2806):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100006fb68440e11d02c1087d0102030109021b000100000000090474"], 0x0)
r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201410117512920570509201ec70102030109022400010200100009045807028ab53800090506020001000006090582020002"], 0x0)
syz_usb_control_io$uac3(r1, 0x0, 0x0)
syz_usb_control_io$lan78xx(r1, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000200)='dctcp', 0x5)
connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r2, &(0x7f0000000400)="02", 0x1, 0x0, 0x0, 0x0)
r3 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r3, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_create(0x0, &(0x7f00000001c0)={0x0, 0xd, 0x2, @tid=r4}, &(0x7f0000000240))
syz_usb_control_io$uac1(r1, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3d, &(0x7f0000000040)=0x10, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000280)=<r7=>0x0)
ptrace(0x11, r7)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r8, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x50)
r9 = semget$private(0x0, 0x4000, 0x0)
semctl$IPC_STAT(r9, 0x0, 0x2, &(0x7f0000000280)=""/237)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)}, 0x28000)
semctl$IPC_STAT(r9, 0x0, 0x2, &(0x7f0000000440)=""/4096)

5.553352623s ago: executing program 3 (id=2807):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
socket$alg(0x26, 0x5, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
syz_open_dev$swradio(&(0x7f0000000180), 0x0, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000aa2000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f01c4", 0x30}], 0x1, 0x0, 0x0, 0x0)
inotify_init()
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/rcu_normal', 0x202, 0x20)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$nl_audit(0x10, 0x3, 0x9)
connect$inet6(r3, &(0x7f0000000340)={0xa, 0x4e22, 0x7, @loopback, 0x8}, 0x1c)
sendmsg$AUDIT_SET_FEATURE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x3fa, 0x800, 0x70bd28, 0x25dfdbfb, {0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x20001001}, 0x24000000)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pipe(&(0x7f0000000240))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x3, 0xc, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c)
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd2a}, 0x14}, 0x1, 0x0, 0x0, 0x240280d0}, 0x2000c890)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x3, 0x2, 0x201, 0x0, 0x0, {0xd, 0x0, 0x9}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004040)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000000000)=0xccb, 0x4)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x0)

4.72989854s ago: executing program 4 (id=2811):
r0 = socket(0x28, 0x801, 0x0)
connect$vsock_stream(r0, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)
r1 = epoll_create(0x628)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x1016})
r2 = socket$key(0xf, 0x3, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)={0x50, r4, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x11}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x50}}, 0x40000)
sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x2, 0x5, 0x20, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @loopback}}, @sadb_sa={0x2, 0x1, 0x4000000, 0x0, 0x0, 0xeb, 0x0, 0x20000001}, @sadb_address={0x3, 0x5, 0x6c, 0x20, 0x0, @in={0x2, 0x4e21, @broadcast}}]}, 0x50}}, 0x0)

4.572465487s ago: executing program 3 (id=2812):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002580), 0x2, 0x0)
read$FUSE(r0, &(0x7f00000025c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
read$FUSE(r0, &(0x7f0000004600)={0x2020, 0x0, <r3=>0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f080, 0x1})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b0f, &(0x7f0000000000)={'wlan0\x00'})
write$FUSE_ENTRY(r0, &(0x7f0000002040)={0x90, 0xfffffffffffffffe, r1, {0x3, 0x0, 0x7, 0x7fffffffffffffff, 0x5, 0xff, {0x5, 0x4, 0x0, 0x100, 0x3, 0x3, 0x7, 0x0, 0x7, 0xc000, 0x7ff, r2, r4, 0xc91f, 0x2}}}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=r3, @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r8, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x0, 0x5, 0x0, 0x0, 0x4})
r9 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
dup3(r9, r8, 0x0)
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000ac0)="2100c4e3cf0a42002732795d447bbc1a60896c76241fe6f2728e2ac62de428c26617e85ceb695c6d0defd737be69ed1bd1d42b4b483a846230aa732e6b97f74adc37a7f22ae07521f8c25789865067f02b6c94c26a47ca2fbf5d5a2f74b75da602eb5a922002406d285fdc44c4546c9f5d72a38a9d0fdf61f6df71032ae6a6e1563d1512493568add08187d96e8175add6e9e7f832004e265fd951da0ebc550e3f0c59bbe4a364546bc03767ca69507f23214f5bf202a93d4d1864047b802de4e213a3cc660260b609deeb937308285d170ac90440e2f2706776be7f90619e4d6ff4d22230b3f9918f1ff11fe1c0b1b50a5e28005d8a39f1c339ff5cd7dddf2081d33e5dcb98f825bd2eed38ab69a94fb1e5f0fe31187e4d1c58a58a82154d635722e11f108956e43cc4908b31623c7e8d577a01190e8938d7b184795c5473b65e9397e92456af9c4c2cfd15b944043986e6822a672d223a955bd249d585e00a803c62b02a0e0e873686e4246d2f1cb5cb2cbe56af4d080c060ad09e704169ce560376bd556a9cb301d15f427ed63bd5e5f824951f16382ef992d971af6e973363", 0x1a1)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r10, 0xffffffffffffffff, 0x0)
setresuid(0x0, 0x0, 0xee01)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r11 = open(&(0x7f0000000240)='./bus\x00', 0x624082, 0x0)
mknodat$loop(r11, &(0x7f0000000200)='./file1\x00', 0x1000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x45)

4.494038304s ago: executing program 4 (id=2813):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x2c, 0xd, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r3 = syz_usb_connect$uac3(0x3, 0x97, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x103d, 0x100, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x85, 0x3, 0x1, 0xd8, 0x10, 0xc, {0x8, 0xb, 0x1, 0x2, 0x1, 0x1, 0x30, 0x2}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x10, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xe, 0x0, 0x3, {0xa, 0x25, 0x25, 0x7fffffff, 0xc, 0x180}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@as_header={0x17, 0x24, 0x1, 0x6, 0x8000, 0x7, 0x2, 0x6, 0x4a, 0x9, 0x10}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x7f, 0x4, 0x0, {0xa, 0x25, 0x25, 0x400, 0x8f, 0x2}}}}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_RANDOM_ADDR={{0x8}, 0xa}}}, 0x7)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x421, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000480)={0x14, &(0x7f0000000340)={0x40, 0x6, 0xa4, {0xa4, 0x23, "b4fbe7d96b7583e2acfc552d542eaa443b2857eb78210b9bbdf0af64c3bdf393a51eaf5c7977820302cf174920010dfb3bf836adaa6eaca5c3924d4c5a5ff6ccc0aad73efffc8da4b719ca33561d589cc1b02ce741663b9a77616a6a11946eaaaee191eb8e78b29c5f5d47b23f5f0a53172701fd733cb9f39b0ed028a40ad672a307d1a5ddca59810edd9d4f18f72c03cc14ce06d6c6ba3edd9bf963ebc1128ed2c6"}}, &(0x7f0000000440)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x200a}}}, &(0x7f0000000e40)={0x44, &(0x7f0000000b80)={0x20, 0x14, 0xd0, "8a6456f6d6dbf036f770b5eb6dab06dc7eb9780e42df7330729c456eb4fc1e0ab28c1ee555dd986f3b3de4438fca4eebf3c010a283c34f0199ba4aa93f3592130415883128b47d7cf057828ee5af4ce5e7ad79a873fb9d54cc72dd0274b73f08506aee534d3e6ca099757d808c47e61daec8c8eb4e5e1721df3073aa8bc3095f6bd18c477cec45652091885ceb936ac811077e583774954af444075cd7405ac87356c83cc181e4b15ee077f732a9e7c8b951ba4863870cbf835de1c9702f5463075a09da5c6b3ec93d1c48410137ad12"}, &(0x7f0000000c80)={0x0, 0xa, 0x1}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000d00)={0x20, 0x81, 0x1, "a6"}, &(0x7f0000000d40)={0x20, 0x82, 0x2, "c12a"}, &(0x7f0000000d80)={0x20, 0x83, 0x1, ' '}, &(0x7f0000000dc0)={0x20, 0x84, 0x2, "358b"}, &(0x7f0000000e00)={0x20, 0x85, 0x3, '|]L'}})
r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_TP_METER(r7, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010025bd7000fbdbdf25020000000a0009000180c2000002000008000300", @ANYRES32=r9], 0x5a}, 0x1, 0x0, 0x0, 0x20000050}, 0x4048080)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000580)={0x2c, &(0x7f0000000240)={0x40, 0xe, 0x2, {0x2, 0x8}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$uac1(0x4, 0x0, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xc07}}]})
syz_usb_control_io$uac3(r3, &(0x7f0000000100)={0x14, &(0x7f0000000300)={0x0, 0xe, 0x6, {0x6, 0xa, "c39aed3c"}}, 0x0}, 0x0)
syz_usb_control_io$uac3(r3, &(0x7f0000000140)={0x14, &(0x7f0000000240)=ANY=[], 0x0}, 0x0)

4.301100908s ago: executing program 3 (id=2814):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
mkdir(&(0x7f0000000140)='./file1\x00', 0x1a4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$pppl2tp(r2, &(0x7f0000001080)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x41, 0x0, @multicast2}, 0x20020003}}, 0x2e)
ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f0000000100)={'wlan1\x00', @random="0a00ff8d00"})
syz_clone(0x11c0400, 0x0, 0x0, 0x0, 0x0, 0x0)
setpriority(0x1, 0x0, 0x80000000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, r4}, 0x14)
setfsgid(0xee00)
setresgid(0x0, 0x0, 0x0)
syz_clone3(&(0x7f00000002c0)={0x801400, &(0x7f0000000040)=<r5=>0xffffffffffffffff, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58)
process_madvise(r5, 0x0, 0x0, 0x3, 0x0)
mount$nfs(&(0x7f0000000180)='\xfa\xf5~\xf5\xa6\x86\xa9\x80,\xf3\xebaRo\xf2\xe9\xc9~\xd9An8w\x1fvz\xec1\x05<\xc5\xae\xeb\xc2\xfb\xba\xc0Q$|1\xe9\xda\x8eA\xdc\xcdF\xd61\xac\xd1\x00\x84\xbf\xbc\xd9F\x16J\x90\xb34\xa7b[\xb8\xdf\xdaS\xf2\xcaf', &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000280)=0x15)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000180), 0x2000090, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
quotactl$Q_SYNC(0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

2.597511446s ago: executing program 2 (id=2821):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bdf7130870270c936a8d0102030109021a0001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="a5e27b963e7b936407e1dd85ce721ca502833fd62beecb76a9a12fe42274a6ba8b79321387a8ed54fa10ac3f316100"/57], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r5=>r3, {0x3}}, './file0/../file0\x00'})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x8008af83, &(0x7f0000000000)={0x1})
vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x4, 0x6)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect(r5, &(0x7f0000000100)=@un=@file={0x0, './file0/../file0\x00'}, 0x80)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000025c0)="ac86a661020cb74ae92faf86a87f0c39f2e98d1cc50b6fa9630a206698990710823861223d966556da8c0e36b5ad67f53ec019763b6e2d2220849d283b48e03a7eadafcef4616e1479f8d09fe0718e2880ef43af312b17055da81d7220468c9f500c6c81e1573cdc4812506dfd52824f0e6959e3baebae9e6dee00e4380058e5adf79905199894994d3b45ffff52e6ccf33311b1568d3f6d661d9ef18c74ccc8128065ed42d8ccc706653aa10cdf9218a6615b34d3e8fb860abfc3df7dccacf78f45b2f2a45b8cea5f014a4d77c645eff689eb70342d521e62dafd7316689380a2395e359bac", 0xfffffffffffffe73)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYRES16=r3, @ANYRES64=r1], 0x98}, 0x1, 0x0, 0x0, 0x20004080}, 0x40080)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1400000015000100fcffffff000000000d000000ba1fa16f56683702530d7619ad1533edd3cef14eed4f5b7d6382a71f58325bd96fb1e8801f1c3aea4b23e837cb2efc83e7"], 0x14}}, 0x0)
mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x3000005)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c080}, 0x4048010)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r4, 0xc038943b, &(0x7f0000000300)={0x0, 0x28, '\x00', 0x1, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0]})
syz_io_uring_setup(0x7669, 0xfffffffffffffffe, 0x0, 0x0, &(0x7f0000000000))
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
connect$unix(r9, &(0x7f0000000100)=@file={0x27, './file0/../file0\x00'}, 0x6e)
sendmsg$DEVLINK_CMD_PORT_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="7d42fd61b42582a6042dbd70edac48a21cc5530ff3aa356d34870000000000350700af6156b76e000e0001006e657464657673696d0000000f00020008000000657673e96d30000008007300020000000e0001006e657464657673696d0000000f00c7f001"], 0x64}, 0x1, 0x0, 0x0, 0x48041}, 0x24040095)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000000c0)={0xeeee0000, 0x50000, 0x4, 0x1, 0x4})

2.468876483s ago: executing program 3 (id=2822):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000100)={0x0, 0x0, 0xa}, 0x18)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x3, 0x0, 0x5}, 'syz0\x00', 0x42})
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee)
write$uinput_user_dev(r0, &(0x7f0000000500)={'syz0\x00', {0xa, 0x9b2, 0xe53f, 0x3}, 0x12, [0x9, 0x2, 0x1000, 0x5, 0x7, 0x1, 0x300, 0x4, 0x258, 0x4b, 0x451f4c30, 0x7, 0x7f, 0x3, 0x3, 0x7, 0xdc5f, 0x200, 0x4a, 0x4, 0x800, 0x81, 0x1, 0xfffffffb, 0x7, 0x1, 0x3, 0x4, 0x4, 0x7, 0x7, 0x6eb2, 0x3, 0x5, 0x8, 0x6, 0x7, 0xffff, 0xade5, 0x0, 0x6, 0x9, 0x4000, 0xffffffde, 0x3, 0x4, 0x40, 0x6, 0x6, 0x80000000, 0x8, 0x6005afcf, 0x1, 0x6, 0xfffffffe, 0x3, 0xb, 0x6, 0x5, 0x3, 0x600000, 0x87e, 0x4, 0x1000], [0x7, 0xff, 0x8, 0x5, 0x3, 0xd, 0x2, 0x2, 0x6, 0x8, 0x3, 0x702, 0x8, 0x2, 0x7f, 0xf, 0x1, 0x8, 0x0, 0x4, 0x81, 0x5, 0x5, 0xe, 0x8, 0x8, 0x9, 0xfffffff8, 0x6, 0x60, 0x5da4, 0x80000000, 0x42f, 0x2, 0x4, 0x0, 0x8, 0x7d8, 0x100, 0x6, 0x0, 0x5, 0x9, 0x5, 0xb, 0x0, 0xc, 0x6, 0x5, 0x46a, 0xd, 0x3, 0x1, 0x50, 0xffffffff, 0xb0c, 0x3, 0x7, 0x3, 0xf, 0x5, 0x6, 0x7ff, 0x101], [0x7e6, 0xd1, 0x2, 0x5, 0x80, 0x3f92, 0x9, 0x3, 0x4, 0x7, 0x9, 0x0, 0x1e, 0x100, 0x80, 0x5, 0xffff9524, 0x4, 0x2, 0x57, 0xe, 0x6, 0x3, 0xe, 0x10, 0x2, 0xf7, 0x4, 0x0, 0x3, 0x1c0a, 0x800, 0x2, 0xb, 0x8, 0x4, 0x1, 0x2, 0x6, 0x5, 0x6d31, 0x10001, 0x1, 0xffff, 0x5, 0x8, 0x1, 0xffffffff, 0x13fa2057, 0x40, 0x2, 0x1170, 0x80000000, 0xe, 0x1, 0x5, 0x1, 0x1, 0x3, 0x88, 0x7fffffff, 0x7, 0x0, 0x10001], [0x1, 0x3, 0x7, 0x7, 0xae3a, 0x5, 0x7, 0x3, 0x1, 0x7fffffff, 0x8, 0x5, 0xf9, 0x9, 0x10, 0x5, 0x0, 0x3, 0x8, 0x81, 0x7ff, 0x3, 0x8, 0xe, 0x8957, 0x40, 0x5, 0x10, 0x7f, 0x8, 0x0, 0x7, 0x9, 0x1, 0xffff8001, 0x401, 0xc, 0xc, 0x6, 0x80000000, 0x400, 0x6, 0x8, 0x5, 0x6, 0x3c96, 0x0, 0x9, 0xfb8, 0x5, 0x95, 0x1, 0x101, 0xfffffff7, 0x3a, 0x0, 0x2, 0x10001, 0x5, 0x8000, 0x2, 0xac, 0x7fffffff, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r3=>r1, {0x1}}, './cgroup/cgroup.procs\x00'})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000380)=0x1)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x9, &(0x7f0000000280))
io_setup(0x10000, &(0x7f00000001c0))
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NETID(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, r5, 0x100, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x4004)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xfffffffffffffd76, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r5, @ANYBLOB="00032bbd7000fedbdf250100000000000000014100000018001700000008000000007564703a73797a3000000000"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

2.119220859s ago: executing program 4 (id=2824):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x2000000)

1.9616067s ago: executing program 4 (id=2826):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)
r1 = socket(0x1, 0x80802, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'veth0_to_batadv\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r3, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x8)
semctl$IPC_RMID(0x0, 0x0, 0x0)
syz_usb_connect$uac3(0x5, 0x80, &(0x7f0000000240)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x582, 0x2b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0xf7, 0x60, 0x1c, {0x8, 0xb, 0x2, 0x1, 0x1, 0x24, 0x30, 0x7}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xff, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x40, 0xa, 0x7, {0xa, 0x25, 0x25, 0x800, 0xda, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x3, 0x1, 0xa, {0xa, 0x25, 0x25, 0x40, 0xc7, 0x101}}}}}}}}]}}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x419}}, {0x0, 0x0}, {0xc, &(0x7f0000000380)=@string={0xc, 0x3, "aa71a5235785bb643b00"}}]})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x8000000000000003}, 0x18)
sendmsg$GTP_CMD_DELPDP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x14008045)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x200448d0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})

1.467108902s ago: executing program 1 (id=2827):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000000040)={0x0, <r1=>0x0, 0x2})
ioctl$DRM_IOCTL_PANTHOR_VM_DESTROY(r0, 0xc0086442, &(0x7f0000000080)={r1}) (async)
ioctl$XFS_IOC_COMMIT_RANGE(r0, 0x40585883, &(0x7f00000000c0)={r0, 0x0, 0x1, 0x8, 0x2, 0x2, [0x1, 0x7, 0x2, 0x401, 0x6, 0x3]}) (async)
r2 = syz_open_dev$audion(&(0x7f0000000140), 0x8, 0x4040) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0xffffffff, 0x48080)
ioctl$DRM_IOCTL_ADD_BUFS(r3, 0xc0206416, &(0x7f00000001c0)={0xfd5a, 0x7ff, 0x1, 0x9, 0x1, 0xfffffffffffff001})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r4=>r3, {0x5}}, './file0\x00'})
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000240)={0x20000000, 0x6, 0xf3}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01864c2, &(0x7f0000000280)={0x0, 0x1, r4}) (async)
r5 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x1, 0x2)
ioctl$USBDEVFS_RELEASE_PORT(r5, 0x80045519, &(0x7f0000000300)) (async)
read$FUSE(r4, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
setregid(r6, 0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000023c0)={&(0x7f0000002380)=[0x0], 0x1, 0x0, <r7=>0x0}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000002440)={0x0, 0x0, <r8=>0x0}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000002580)={&(0x7f0000002480)=[0x0, 0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000024c0)=[0x0, 0x0, 0x0], &(0x7f0000002500)=[0x0, 0x0], &(0x7f0000002540)=[0x0, 0x0, 0x0, 0x0], 0x8, 0x3, 0x2, 0x4})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f00000026c0)={&(0x7f0000002640)=[<r10=>0x0, 0x0], &(0x7f0000002680)=[0x0], 0x2, 0x0, 0xc0c0c0c0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000002780)={&(0x7f0000002700)=[<r11=>0x0], &(0x7f0000002740)=[0x0, 0x0], 0x1, 0x0, 0xc0c0c0c0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000002840)={0x200, 0x5, &(0x7f00000025c0)=[r7, 0x0, 0x0, r8, r9], &(0x7f0000002600), &(0x7f00000027c0)=[0x0, r10, r11], &(0x7f0000002800)=[0x4, 0x80, 0xa, 0x1, 0x8], 0x0, 0x3}) (async)
ioctl$BLKSECDISCARD(r4, 0x127d, &(0x7f0000002880)=0x8)
ioctl$VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000028c0)={0x8, 0xe, 0x18e, "9776aa074a86660eb008e215f9cef3f6f069441c864a40a7bdc7ec707ccac424", 0x52424752})
syz_open_dev$dri(&(0x7f0000002900), 0x5, 0x32200) (async)
write$yama_ptrace_scope(r4, &(0x7f0000002940)='2\x00', 0x2) (async)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000002980)={0x2, 0x2, "b1ddb5b72e47c5da1ec51484551670b01a545362a1785930ee2621a870a561631463bd1aacf7f0da35889a408184a006f9ce11dbf6e1bd581c629784863e94f0cc51eaefa9ce408be635875fc3868e64159f33dd32f170b0a827b02e981c8468b2319ff91dd9589bfb356589621fac1b1a6866d5bc9d8e50efd9a1498d86a44dc488813d710a612784bd4390310d477f214010bd700664f82542e2a5686c9b1ebff7e7ac10e3eab479f31976d7e86c2e71758aad17a14bf02b872d4dcb1ba80f685744f32e23b03ee27df4e1096c2142df9c062409deb4c6176c83c081ee2cf1b49dd3857b8ffd4df408eca4126c809bf88068583b3438338e042ef575512aa3"}) (async)
r12 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000002ac0)={'wlan0\x00'}) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 64)
r13 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002b00), 0x2, 0x0) (rerun: 64)
ioctl$FUSE_DEV_IOC_BACKING_OPEN(r13, 0x4010e501, &(0x7f0000002b40)={r2})

1.252396682s ago: executing program 1 (id=2828):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000004000000000a20000000000a03000000000000000000010008000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020000087a32000000000900010073797a3000000000080005400000003d300011800b00010074617267657400002000028005000300c400000008000240000000000a00010041"], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0)

999.035679ms ago: executing program 1 (id=2829):
r0 = socket$netlink(0x10, 0x3, 0xc) (async)
r1 = semget$private(0x0, 0x2, 0x61)
semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000100)={{0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x90, 0xfffd}, 0x0, 0xf, 0x0, 0x0, 0x2, 0x0, 0x53}) (async, rerun: 64)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async, rerun: 64)
r2 = syz_usb_connect(0x4, 0x24, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0], 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000040)={0x2c, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x61}, 0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000030900010073797a3100000000ec000000030a01040000000000000000010000040900030073797a3100000000bf000c00c618f03400f09419583ff7685919f0568119d9d14430cd4cf58c1dfd7388628bf5f3de6a380f8d8125bd18f3fc2da65ca40a2e034f2effc6760206b9fa54c9a3bb56d2de7b0e1f812b220dbbf2f19e5b8cda6b41301252936b3cfb63639324267c6755e81c6c85de1f625f5c68ac073ecc7689e762b96ba9e9bdf03192cb04a68b01dd12ceadde690d698e276d9df2338382acb1645661d568c7cd968849149f88a064133899c1b91ade7186461131748ba7b73bbfa3ded72096e0000900010073797a310000000014000000110001"], 0x134}}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFT_BATCH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2067efaae676a83407cc04f12900dcdc0e779461f560730c2768fad51fda4688ded5f051d3035c97fa05fe38f84c7f147c8ce3c5e9f688d2c32b826fc2d394d97ce23e3516241f3adb315e69f8db300367979a23e22a18e1a1ddc4940161eb83a7ddec76097292c6707485c47815f4d6553b9d8ccb5a62f26c5f1ddae25f89bf2f00de133613cbe17244843948f8a91bb677a9f99a9e0a37de0aeecc8f1f4b571803863888d814be418c1d66c362233cec9d87b0648247a3f9d1800185e31cd0d0b952f8b555ddb82de60a76836235434c57429854865c526a8501ee4cc46bb726bed92e3035b4e480898e4aae3dc1306f85fbe82408db16da09c86730f8ca423be03114d99ae12923ac0a4fab4b863d68b74e1ec0abd698dbfb361711e14c961fef299bbda060c1fd927fa5e650ccc6081d7cef5e7c929c15d4e421112d698e75bee86e43f308b8e385592429665693ea160dc4d4a001a46f876ff8aa2a5cb734c2ced6dda3fa2f1fc3b102626652a695825d94285df508cfc483685fef23a77e41f235d1ff515b148df39f2b52a93b9d6a2f002cd903f69e903056fbfd2294be6fa91a57e9232b01da4219d690d5625e47fbc242d8beb76649e3866bb712509b400c17c2e8a3fde39f11d756e95170d6eb5e9143f9bb36c4ed55dbffd0572605b6a6534e01ee878ea5a3171e1dfe76c29329c9c097e866c8fe2939684c351a88bc4ad1dfa3b5aa9617db3db48c6ff59a7977f905ea12546ea51b6a67aeb060747bfdbc5f08ca07cba3a67a44067e658edaa7f7eb961e9355328afbd008e9e85552aa6515d3ab6ce49507566d67bb19fcdeb934e333af68198d045925e42376fbdac1f33b7cd40970747898f987076b2ec924c33650af21971a99d1dca8ee307c85d4319885f5ef0ecefc7bb5de04a0346107db2c59d2158697fdb572bf2c251ddca046244b13de28fdf929312b00892b58938c446fcbc508c66e437bc2147d404bbe0534d49f2e2ceb0d5b9c5f8e688b38ccd87125db0f5c0179f336dfa88170b5ff94a50fdb2d7a48269dd4a9ec0e9daeaf41f25938cc927c7132376a74177a48ccb2a2d55529f2e565ec9c8b8822b80f6daf542646af7b16196020d15c40aeed712c4ee2a3403b791b9fcd9cf2fcb7b7145243bc5b348dcc92f33fb0bea5246709d72c9f7b9f1de37d38399238596e513ace6df1ea8676acfc374e37a9f7fa2df293cec45dd21424dcb0a5ac218b2e49f8819f1215b004a78b8a7a451d265b5865e1639711acb417c07f21a86ff74ef87532ad2a220ac4f3f00da91e6d795e1cd04acf3412b69adfbc271cc853173c2aa174e626f0836597f5a4538ee3354cfa2f702f3f9eeb88bac8d0a9cd69aa009ddfe6632add6ff3af546c4abf070caa7d6e9ed8c380f09c50a0a546e01a46eba0b52b6ea8067abeab9e229af63daa7d47c8062a168439a6d49648c30ccdd35e760b0e8b608cbb72d56cd0a4aedb2462c4262f98f7242a4e8cee6f497241332c0c7eb5260a19672d90551a6f25c3f7b25e0a62533144e9d930e4b0103d2780394e31c96e1506439d461de5856eadc115b8231971239b809e51e9b1c4bd2c44707126f87ee119cb77308f435e550c95072b05588a6919e054aa22d090f8abac0003505078822b67df3f1290870b91c449f85d8b06599706a0cb495d7564376a571851b37d7e9c2b439e39e10b403f4ef1fd1edcf1bb2f60f7dd30ee2b5bf912fe70bd66c1de613605218ba47998fde52fd4cf776c5819eb3ef02b094b4f5f3b6eb1599af8aad806879a061365720638238ce6da7781862e77b7d4cf4d9b80690211d30d76f5db8dff1518110ad78a0d1e1c7b40e32a8eb9a77f3008303217675c2f9c98547306802bc880244ff2f3b2e82ba123c4013794af542d29c45c3360a6629ffdbc8bfed6664b631b1a8555a1c80501d39ec43ef8280232b9710d9065d083687740b8d21797b8b1098320fedb31e29d75db2121544493cf5ce05151c44c1b7e4814e59da6ace69d61804e9ecf1309da7df0f321484a5c784b23c065ff1684c6ca7cf0e00db39c0297941f5b32984aab2078db50b1501f4ede8d2dcb6d98e97fbdee066b34078368aa344982556b635221fdd38b164dc5a1ad4de88f4bdda5067ca28e63ddde2efed428b9c8be573efb28ce0a6072e644c122dcb9894263c401cc006704ebc66d5c285e31d0cc633282024d15e06447c8e5c1de74828aaafe02df6ac09a8269fcec7bc8373fc1e4cbcd745bd464a3d0cc6ec6056a39de529d560fccca7cf53f4e76c8200106b1a86f68ca1341c5a4aafc932727e858b318d4138c332b80b1cd95d3d7684d31f32af7b2006f64e221a48527fb7cc5542ae7b098c37ff4894ee599ae3f81a3480322577ed17a58ce77d79197ae9fa7cfd71e44d34992f737bf8f6742fdbad0817bb8399d37ee18707e5e9c4ec655c163cba3be432a0191a6c8e1df63ad339ac3d3999e42092708e7bfdf2953f9a3dff58358bbb4cba4283a6a55605629b9dfadd8443b300cd6399403a8288c73385f2420d6a9f279a76b36a3101f25cd621b087a4082a1f28730c8fcc9f65c87845743cf3d219843e1ae4ce686d36c5f59dc59b15e79766f3783acd872940538ca2872ad723e66c51f33dbec3ed6dfd3390ba25c6b3977ce9152f9f3ad141dc363a06b09c27b7cdfbfeecec5b9c20d9efeb1f577cf9414f6b7c2e52731fe9d03097fb48e22c78f077476e50eea24aa76ee6f773c5589d45cc5b78838a212c3729bb404ef66c2543a5d782e35c23bacb233f44998dc1f18720ed1ef60c1c221b40b4a3652fe20b1def0c02f083610a6d2e7539c95ae41341e4c23e6eb5cb03b43fe845e10ee17e757eec4af93a67d8bd44841af088d3338a5bfc57184c7cdab79e91edec35c0a06adfdb64648a0abbf20929492bc6b82c96a54f81d86c35ffeb2fb2e89a064c03f90f9f364d07f32a190d106adae32904295166cc499ab2780ba47e828375765f618fd9b608b0670692df193e6caec6d6734d07fa5c130fff9bb8dc24e06216c057835953ec061093d7bf5346dcf3b457dc9f5a053168d9f84ec13803ca075d2737eb651444e231d7a663a4940995aef3ceadbd819b6da58ebafe1274dcadaac99a02741adc88619dbe374a165ac5ecf8c677b221dd9315662d49a8ba7616cefac4b9d8e83bdf5949989013c3d6049b1212043d2e2d38d5e0b22973b7e84454605b413d572cb850aefbde7478881686ce961afbd3c86243d2b2a7c1718ce4d607dca9cf68500ec0aca664a6b9997fdfa42f4c56d35a5e4ef7215e1f660357baeaccbfcfbc1ff66260d324cbf02233ea7c96698e0b344fad32b4470c6890669e75be6be50d719f902503999f5c16c728772cc51929e09b392e3a28d15b3bc73dee70ea00623b6e155cd5cd7953d8f88c35f8da8fd9208b7bd91c2d33803aaf0d3895f784186d9e9fafedec86c329a1aeb41ab016229b7e22955448eacf6b3d7c0b55b1eb7c4588cb92c24bb8384b904527a2af221355bdda4dd3e83dfaa2827dbae4c564ae8d69c3ff561868f0377f680e6630e82b5b4bc9397a308b5cb6027d9b8959628e0ccf738d5f9910f78d40d19a3ca6c9c0e15de487c8b72eb36ee43bca746dadef2ffc1d1ef5e1ec5aff4ed66d28b9c8c5647c20dbed5b180be98b8aed932b5f4766cb58bc15a697d8b0e77afcdf8eee2e71db0a26a0cb7abcff03a25feb82b477459c185a773851fcf1639a18c1bac30d59ee7a57c3a5878b81e7678356f8398da3eb573b376361fd21f3f3d483b07be8de615df08c88a6036a24fc85358810dce113a584e62c881e6363b3369a0cc3cda32006ab546c7f0a489ff10043f4662ed30274b5747d87477e3203ff485dbc378f5578675b9e7098aa62509cab0c031e196651a20d273f0aee56ea5a5a3eda9607576202c08e2c22f794969fe9db453d0d9d236f9d2ec494e254f63c4946eb0deba25e2e7b621dfda5280a6b9cb0c1a64952eb92cf02cd79895bdd0242269f7b8245523a589eac6271ce499b170191f494bdb5b97bf12efe1084ad9cf1c0497c704cac1ae5896e701d1557c64e1ce60ae6c27a05f51533f2c375d2387ad7568ce9997edaf238b9eed1d77b66c29113130c2a9b20cc6a6f210b618b86cfaddb83dbf2d2788956c96554dcdeb084437c8bdf30d231255878c837449192fec393452c8e4669dbe295287501d971a27f1a356d43551a34e3c885c161172dd55d2e46ca1c30beee45d8b31eac1074e958cfe7a5a4a25e24c4f24991269849773ae52399954f6dcf40a769b9fb8f7051de474824a7075fef575145c49648b150000de0ab303287b877ee3fc26e505bfe24b32086b745207a33aa599dea4fbd0acec4175423a0bf8afcfd600bf706c1c7b6c51ce54644b842b18ee3d1e9ccbfdbff3cfd306df73ffa075de4f08e1026f6545e564bf3ca0ba40670ebb0febf846d07ddc768cb5a32bd13d8a2e6ff4046a618c68678f6a864ccee93b92db834a4208b56878f3d06788bd46648ac964f2eb22ee5325f24bee81f113f8a5ccfd9be4f6271ee56d95782fc900577dbe9a47d15a34ad8e134d8bda23def869c1f2aab2c757c6423d7ab18cfbc7f5a6d38f46e160eeac232114778124042faa70270a4355531ae5903a53ee6cac85c7e8dabddd18817c6373f2a359a576f1acd7d32198d15abfa683b425bcc5e5199e5c5a69cb5b63ee0f31ff5a6f53fcf6c61d65da8a9aa6c42860f1e90ceeadc44bbee76fac90ddced8da5c5bde6ba07ebc6f65150f0924cdc74474915366ed486787879b68b113c4a8a53cd846ebe9c3049f6ca697dd1623a08aa22457dc1f41603cb5a5c353eae271a446e19357a9d51fec3f1827d359448dbdb30f1037941157777534ba5b27ffb3544f67269bac276cd4a3330ef0b9b657f0b3f94717d915cafa49617db257d68b0c0df5c982092c8fdbe222f547c302472601fdaf65c1cc15e1785fd4c3f98889ebf0867733edd7abbf8cfc41be192b6c51499c0ceebb5a7d785c304f7b1d100ef2b34ca876f930fa110109aa164dd34448da8f6282f8fe41c96eee498975b094dcd55874f84e4230b0ce37be9d40cf8fd33ded3fcdde2ee18825b3701798201e7385d4355b1346d6b5437fe35ae317682dd1394fe8e13c1e75676a33f47ea71837b97386c87b4a91cc129c9b68901d77abcdb760c5cee6eae9a42c88e3101e8f14dca9c79181b91f05388651b0946024abb03e91632eaa9590595c9394242799f108383b2925d22ff44272f4ae2afb0593c84e079b79fb304ed7129953d51e7694906e39ae269424b5f39032fb8ecd6241b038c6070d389c83df4c8482af2a92b1ac4dcc99a154a7982bba67892c727c59527843bd9778a010b1771e30123e1eb740cb8e1fe761277a144026779a027ea36be215a9cd77ee9559d364dec4dce792d4b4b2417a61bf347420b5a150b7ee0e8d62543bedf515bff7b098ac4a64f1a34abf1243fd899e08926909c3317eb158c67341e2e1da2fb173209864d6478b5ad12adfc6da8e13f197ff3c8db3242bcd5c76386be21aa6eb35ddf8fe579f4f77063d0b5dbb95034fc42fc62fa7387f81fee8987456cd770775e4172f7f6d3a81068ea932e2ea19faa66866b862eb6c0d825c9f28718c59b790ab240772d3a1426b0f39f15f7d9a9df46ef0af7776a818b8e74a59f087d1da5ab7e31dde0072a922449070dc2c24dc9c071fddc73ce846c1bd8460aaf9cb1ccde6168f89dfc7cbc17913f0e5044d43", @ANYRES32=r3, @ANYBLOB="2ed2b087e26734b15c70dc91f37e4d250f8b9934651ed55c52d0b74f1a27e00b02e98f8319740d9042389348e4af2ad9a3de950495421398b4a1bb396fb1d8b6b53a4057adcd9d7a02fb38e2e426d43f7064a46fe93a12dbec30ba1d37e6381a8f65e933acd7c41b5882"], 0xf4}, 0x1, 0x0, 0x0, 0x84}, 0x0)

630.929974ms ago: executing program 1 (id=2830):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000100001fffffffffffffff5000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000028000480240001800b00010072656a6563740000140002800800014000000000050002000000000008000b40000000000900010073797a300000000014000000110001"], 0xd8}}, 0x0)

461.353901ms ago: executing program 1 (id=2831):
r0 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c00)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x40, 0x2)
read$FUSE(r1, 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0xfffffffffffffffe)

265.47292ms ago: executing program 1 (id=2832):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x2c, 0xd, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r3 = syz_usb_connect$uac3(0x3, 0x97, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x103d, 0x100, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x85, 0x3, 0x1, 0xd8, 0x10, 0xc, {0x8, 0xb, 0x1, 0x2, 0x1, 0x1, 0x30, 0x2}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x10, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xe, 0x0, 0x3, {0xa, 0x25, 0x25, 0x7fffffff, 0xc, 0x180}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@as_header={0x17, 0x24, 0x1, 0x6, 0x8000, 0x7, 0x2, 0x6, 0x4a, 0x9, 0x10}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x7f, 0x4, 0x0, {0xa, 0x25, 0x25, 0x400, 0x8f, 0x2}}}}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_RANDOM_ADDR={{0x8}, 0xa}}}, 0x7)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x421, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000480)={0x14, &(0x7f0000000340)={0x40, 0x6, 0xa4, {0xa4, 0x23, "b4fbe7d96b7583e2acfc552d542eaa443b2857eb78210b9bbdf0af64c3bdf393a51eaf5c7977820302cf174920010dfb3bf836adaa6eaca5c3924d4c5a5ff6ccc0aad73efffc8da4b719ca33561d589cc1b02ce741663b9a77616a6a11946eaaaee191eb8e78b29c5f5d47b23f5f0a53172701fd733cb9f39b0ed028a40ad672a307d1a5ddca59810edd9d4f18f72c03cc14ce06d6c6ba3edd9bf963ebc1128ed2c6"}}, &(0x7f0000000440)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x200a}}}, &(0x7f0000000e40)={0x44, &(0x7f0000000b80)={0x20, 0x14, 0xd0, "8a6456f6d6dbf036f770b5eb6dab06dc7eb9780e42df7330729c456eb4fc1e0ab28c1ee555dd986f3b3de4438fca4eebf3c010a283c34f0199ba4aa93f3592130415883128b47d7cf057828ee5af4ce5e7ad79a873fb9d54cc72dd0274b73f08506aee534d3e6ca099757d808c47e61daec8c8eb4e5e1721df3073aa8bc3095f6bd18c477cec45652091885ceb936ac811077e583774954af444075cd7405ac87356c83cc181e4b15ee077f732a9e7c8b951ba4863870cbf835de1c9702f5463075a09da5c6b3ec93d1c48410137ad12"}, &(0x7f0000000c80)={0x0, 0xa, 0x1}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000d00)={0x20, 0x81, 0x1, "a6"}, &(0x7f0000000d40)={0x20, 0x82, 0x2, "c12a"}, &(0x7f0000000d80)={0x20, 0x83, 0x1, ' '}, &(0x7f0000000dc0)={0x20, 0x84, 0x2, "358b"}, &(0x7f0000000e00)={0x20, 0x85, 0x3, '|]L'}})
r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_TP_METER(r7, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010025bd7000fbdbdf25020000000a0009000180c2000002000008000300", @ANYRES32=r9], 0x5a}, 0x1, 0x0, 0x0, 0x20000050}, 0x4048080)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000580)={0x2c, &(0x7f0000000240)={0x40, 0xe, 0x2, {0x2, 0x8}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$uac1(0x4, 0x0, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xc07}}]})
syz_usb_control_io$uac3(r3, &(0x7f0000000100)={0x14, &(0x7f0000000300)={0x0, 0xe, 0x6, {0x6, 0xa, "c39aed3c"}}, 0x0}, 0x0)
syz_usb_control_io$uac3(r3, &(0x7f0000000140)={0x14, &(0x7f0000000240)=ANY=[], 0x0}, 0x0)

142.536843ms ago: executing program 3 (id=2833):
r0 = socket$inet(0x2, 0x80000, 0x20005)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r4, &(0x7f0000000100)='=', 0x1, 0x4fed3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=ANY=[@ANYBLOB="380100000002010300000000000000000700000204000a8000010a800800014000000001780002800c00028005000100210000002c00018014000300fc020000000000000000000000000000140004000000000000000000000000000000000106000340000300001400018008000100ac1414bb08000200e00000010c00028005000100210000001400018008000100ac1e010108000200ac14142c0800014000000000640002801400018008000100ac1414bb080002000a0101002c00018014000300ff02000000000000000000000000000114000400ff0100000000000000000000000000010c000280050001008800000006000340000400000c000280050001000100000008000140004a000008000140000000010e0006007369702d32303030300000000800054000000000080004400000000c"], 0x138}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r6 = socket(0x10, 0x803, 0x0)
sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r5, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)=ANY=[@ANYBLOB="e00000027f0000010000bba025000000a6d06c080f0eac2f12eca0ba0f09fa0c04bc47899a3ee4391aaa63831ba7a355e44aec9bee7f6d7070de30e6aa58766b3f7a4a093be6e72e142f9fdf040c5777c6276b2b4dc94bf9045dd283e02c8c0b512afadb8e19583fe6f579ca926237e77de94d192959794c7e6342d23228220f09b7e4d8b34869babcfe"], 0x10)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c35"], 0xf0}}, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1)
ioctl$KVM_HYPERV_EVENTFD(r8, 0x4018aebd, &(0x7f00000002c0)={0x400002})
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f0000000000)={'filter\x00', 0x0, 0x0, 0x0, [0x1, 0x3, 0x2, 0xffffffffffffffff, 0x9, 0x1]}, &(0x7f0000000080)=0x78)

0s ago: executing program 2 (id=2834):
mkdir(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x2d)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0xfffffff7)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000800)={0x0, 0x0, 0xf, 0x3fa})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$pidfd(0xffffff9c, &(0x7f0000000740), 0x400001, 0x0)
clock_gettime(0x0, &(0x7f0000000700)={<r4=>0x0, <r5=>0x0})
timer_settime(r3, 0x1, &(0x7f0000000780)={{0x77359400}, {r4, r5+10000000}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x0, &(0x7f0000000500)={0x0, 0x12, 0x4, @thr={&(0x7f0000000240)="7fbaa76b3b2f1cabc5a8527e10f3e75b9b44a6bef26c5205c0abe1041c582ce093ddfcacfd6111", &(0x7f0000000340)="63dddb51bb3f14dca4c49ee1fc4356784a77f192e7541b2ddcfaf22ca93bd4c273c9c1fb13c37448c0e1877ce859f1ca938c790f2bf37176533d51ee3f862847209f6172be220f82f55bfb1f2b288c01c7ddb245d54b0009502c21a0c082a78a2e35e15888de5d9df88828ca95df1473d71a243aa6364c2747a1e1490c"}}, &(0x7f0000000680)=<r7=>0x0)
timer_gettime(r7, &(0x7f00000006c0))
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="030020000000030000001200000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r11, 0x84, 0x25, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0xffe2)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="01000000000000000000030000005800007564703a7379cd03edd8d4973a099b8d507a3100002400000044fee6008040ecffff0100000001000000200002000a000000fffffffcff0200000100420f2ab00000000000017254717e00"/112], 0x6c}}, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r9, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRESOCT=r9, @ANYBLOB="0103000000000000000005"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x20048040)
pread64(r2, &(0x7f0000000100)=""/222, 0xde, 0x200000000013)
r13 = syz_open_dev$I2C(&(0x7f0000003840), 0x0, 0x0)
ioctl$I2C_RDWR(r13, 0x707, &(0x7f0000001280)={&(0x7f0000000000)=[{0x0, 0x4c11, 0x1, &(0x7f0000001300)="e2"}], 0x1})

kernel console output (not intermixed with test programs):

2.2410': attribute type 10 has an invalid length.
[  495.211547][ T5897] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  495.255468][T12444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2411'.
[  495.378971][ T5897] usb 4-1: Using ep0 maxpacket: 32
[  495.398202][ T5897] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  495.398233][ T5897] usb 4-1: config 0 has no interface number 0
[  495.423366][ T5897] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  495.423399][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.423422][ T5897] usb 4-1: Product: syz
[  495.423439][ T5897] usb 4-1: Manufacturer: syz
[  495.423456][ T5897] usb 4-1: SerialNumber: syz
[  495.475893][ T5897] usb 4-1: config 0 descriptor??
[  495.498317][ T5897] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  495.783902][ T5897] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  495.914459][ T5897] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  496.401875][ T5831] Bluetooth: hci5: command tx timeout
[  496.999357][T12450] wireguard: wg0: Could not create IPv4 socket
[  497.249298][T12455] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2416'.
[  497.301486][ T5897] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  497.492502][ T5897] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  497.492574][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.523648][ T5897] usb 5-1: config 0 descriptor??
[  497.543017][ T5897] cp210x 5-1:0.0: cp210x converter detected
[  497.679799][T12460] netlink: 'syz.2.2417': attribute type 10 has an invalid length.
[  497.698754][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  497.702642][ T5912] usb 4-1: USB disconnect, device number 102
[  497.751653][ T5912] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  497.823455][ T5912] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  497.858072][ T5912] quatech2 4-1:0.51: device disconnected
[  497.936080][ T5897] cp210x 5-1:0.0: failed to get vendor val 0x370c size 13: -121
[  497.936103][ T5897] cp210x 5-1:0.0: GPIO initialisation failed: -121
[  497.939838][T11832] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.947591][ T5897] usb 5-1: cp210x converter now attached to ttyUSB0
[  498.175561][ T5912] usb 5-1: USB disconnect, device number 2
[  498.213562][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  498.214075][ T5912] cp210x 5-1:0.0: device disconnected
[  498.280587][T12464] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  498.496732][ T5831] Bluetooth: hci5: command tx timeout
[  498.786544][T11832] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.262052][ T5896] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  499.431951][ T5896] usb 4-1: device descriptor read/64, error -71
[  499.681686][ T5896] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  499.694213][T11832] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.822461][ T5896] usb 4-1: device descriptor read/64, error -71
[  499.876195][T12493] binder: 12492:12493 ioctl c0306201 200000000080 returned -14
[  499.878339][T12493] binder: 12492:12493 ioctl c0306201 2000000003c0 returned -14
[  499.962215][ T5896] usb usb4-port1: attempt power cycle
[  500.351626][ T5896] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  500.361112][T11832] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.375504][ T5896] usb 4-1: device descriptor read/8, error -71
[  500.426146][T12503] netlink: 42496 bytes leftover after parsing attributes in process `syz.4.2434'.
[  500.562112][ T5831] Bluetooth: hci5: command tx timeout
[  500.594593][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  500.621778][ T5896] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  500.669223][ T5896] usb 4-1: device descriptor read/8, error -71
[  500.771588][   T10] usb 5-1: device descriptor read/64, error -71
[  500.773197][ T5896] usb usb4-port1: unable to enumerate USB device
[  500.934114][T12424] chnl_net:caif_netlink_parms(): no params data found
[  500.959756][ T5831] Bluetooth: min 0 < 6
[  501.031486][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  501.175321][   T10] usb 5-1: device descriptor read/64, error -71
[  501.241254][T12424] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.254453][T12424] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.254767][T12424] bridge_slave_0: entered allmulticast mode
[  501.258147][T12424] bridge_slave_0: entered promiscuous mode
[  501.294205][T12424] bridge0: port 2(bridge_slave_1) entered blocking state
[  501.294615][T12424] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.294952][T12424] bridge_slave_1: entered allmulticast mode
[  501.298863][T12424] bridge_slave_1: entered promiscuous mode
[  501.306948][   T10] usb usb5-port1: attempt power cycle
[  501.521272][T12424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  501.541589][ T5897] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  501.570291][T12424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  501.691098][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  501.691215][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  501.691460][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  501.711464][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  501.727317][   T10] usb 5-1: device descriptor read/8, error -71
[  501.728557][ T5897] usb 3-1: config 127 has an invalid interface number: 124 but max is 0
[  501.728584][ T5897] usb 3-1: config 127 has no interface number 0
[  501.728614][ T5897] usb 3-1: config 127 interface 124 has no altsetting 0
[  501.765970][ T5897] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87
[  501.766004][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.766028][ T5897] usb 3-1: Product: syz
[  501.766046][ T5897] usb 3-1: Manufacturer: syz
[  501.766063][ T5897] usb 3-1: SerialNumber: syz
[  501.844551][T12424] team0: Port device team_slave_0 added
[  501.850039][T12424] team0: Port device team_slave_1 added
[  501.983069][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  502.002914][   T10] usb 5-1: device descriptor read/8, error -71
[  502.095162][T12424] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.095181][T12424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.095213][T12424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.145352][   T10] usb usb5-port1: unable to enumerate USB device
[  502.202133][T12521] FAULT_INJECTION: forcing a failure.
[  502.202133][T12521] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  502.202174][T12521] CPU: 0 UID: 0 PID: 12521 Comm: syz.3.2439 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  502.202207][T12521] Tainted: [L]=SOFTLOCKUP
[  502.202216][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  502.202232][T12521] Call Trace:
[  502.202242][T12521]  <TASK>
[  502.202252][T12521]  dump_stack_lvl+0xe8/0x150
[  502.202286][T12521]  should_fail_ex+0x46b/0x600
[  502.202328][T12521]  prepare_alloc_pages+0x22a/0x6b0
[  502.202375][T12521]  __alloc_frozen_pages_noprof+0x12f/0x380
[  502.202418][T12521]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  502.202462][T12521]  ? __pfx_policy_nodemask+0x10/0x10
[  502.202509][T12521]  alloc_pages_mpol+0xd1/0x380
[  502.202550][T12521]  alloc_pages_noprof+0xd2/0x2f0
[  502.202594][T12521]  pte_alloc_one+0x22/0x380
[  502.202628][T12521]  __pte_alloc+0x25/0x1a0
[  502.202658][T12521]  get_locked_pte+0x37f/0x490
[  502.202690][T12521]  insert_page+0x22c/0x3b0
[  502.202721][T12521]  ? __pfx_insert_page+0x10/0x10
[  502.202749][T12521]  ? vm_insert_page+0x210/0x370
[  502.202783][T12521]  binder_alloc_new_buf+0x1ffa/0x3030
[  502.202842][T12521]  ? __pfx_binder_alloc_new_buf+0x10/0x10
[  502.202883][T12521]  ? __kmalloc_cache_noprof+0x3a6/0x690
[  502.202925][T12521]  binder_transaction+0x284c/0x6fa0
[  502.203011][T12521]  ? __pfx_binder_transaction+0x10/0x10
[  502.203036][T12521]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  502.203067][T12521]  ? __lock_acquire+0x6b5/0x2cf0
[  502.203095][T12521]  ? __lock_acquire+0x6b5/0x2cf0
[  502.203146][T12521]  ? __lock_acquire+0x6b5/0x2cf0
[  502.203180][T12521]  ? __lock_acquire+0x6b5/0x2cf0
[  502.203217][T12521]  ? __might_fault+0xaf/0x130
[  502.203242][T12521]  ? __might_fault+0xaf/0x130
[  502.203281][T12521]  binder_ioctl_write_read+0xb37/0xa490
[  502.203306][T12521]  ? is_bpf_text_address+0x26/0x2b0
[  502.203338][T12521]  ? __kernel_text_address+0xd/0x30
[  502.203379][T12521]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  502.203405][T12521]  ? stack_depot_save_flags+0x33/0x810
[  502.203437][T12521]  ? do_raw_spin_lock+0x12b/0x2f0
[  502.203469][T12521]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  502.203488][T12521]  ? reacquire_held_locks+0x104/0x190
[  502.203512][T12521]  ? rt_spin_lock+0x1e0/0x400
[  502.203530][T12521]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  502.203550][T12521]  ? rt_spin_unlock+0x14f/0x200
[  502.203574][T12521]  ? binder_get_thread+0x177/0x6d0
[  502.203600][T12521]  binder_ioctl+0x426/0x1b10
[  502.203624][T12521]  ? tomoyo_path_number_perm+0x219/0x630
[  502.203647][T12521]  ? tomoyo_path_number_perm+0x219/0x630
[  502.203671][T12521]  ? do_vfs_ioctl+0x117b/0x1540
[  502.203697][T12521]  ? __pfx_binder_ioctl+0x10/0x10
[  502.203719][T12521]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  502.203770][T12521]  ? __fget_files+0x2a/0x420
[  502.203792][T12521]  ? __fget_files+0x2a/0x420
[  502.203811][T12521]  ? __fget_files+0x3a6/0x420
[  502.203830][T12521]  ? __fget_files+0x2a/0x420
[  502.203858][T12521]  ? bpf_lsm_file_ioctl+0x9/0x20
[  502.203878][T12521]  ? __pfx_binder_ioctl+0x10/0x10
[  502.203901][T12521]  __se_sys_ioctl+0xff/0x170
[  502.203925][T12521]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.203944][T12521]  do_syscall_64+0x15f/0xf80
[  502.203965][T12521]  ? trace_irq_disable+0x3b/0x140
[  502.203984][T12521]  ? clear_bhb_loop+0x40/0x90
[  502.204005][T12521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.204022][T12521] RIP: 0033:0x7fd2186dcdd9
[  502.204037][T12521] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  502.204052][T12521] RSP: 002b:00007fd21692e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  502.204070][T12521] RAX: ffffffffffffffda RBX: 00007fd218955fa0 RCX: 00007fd2186dcdd9
[  502.204082][T12521] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  502.204093][T12521] RBP: 00007fd21692e090 R08: 0000000000000000 R09: 0000000000000000
[  502.204104][T12521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  502.204114][T12521] R13: 00007fd218956038 R14: 00007fd218955fa0 R15: 00007ffd1bcdd948
[  502.204139][T12521]  </TASK>
[  502.204191][T12521] binder_alloc: 12520: binder_install_single_page failed to insert page at offset 0 with -12
[  502.643094][ T5831] Bluetooth: hci5: command tx timeout
[  502.666074][T12523] blktrace: Concurrent blktraces are not allowed on nbd3
[  502.670345][T12523] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2440'.
[  502.712095][T12524] blktrace: Concurrent blktraces are not allowed on nbd3
[  502.722293][T12523] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2440'.
[  502.843250][T11832] bridge_slave_1: left allmulticast mode
[  502.843288][T11832] bridge_slave_1: left promiscuous mode
[  502.843594][T11832] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.958256][T11832] bridge_slave_0: left allmulticast mode
[  502.958314][T11832] bridge_slave_0: left promiscuous mode
[  502.958603][T11832] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.981139][ T5831] Bluetooth: hci4: command tx timeout
[  503.021787][T12531] binder: 12530:12531 ioctl c0306201 200000000080 returned -14
[  503.046493][T12531] binder: 12530:12531 ioctl c0306201 2000000003c0 returned -14
[  503.143998][ T5897] usb 3-1: reset high-speed USB device number 86 using dummy_hcd
[  503.346343][ T5897] usb 3-1: device firmware changed
[  503.441557][ T5912] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  503.531109][T12541] tmpfs: Unknown parameter 'usrquota
[  503.531109][T12541] LÆ›jqNP†ÙªM€<¨¢¡«µúÇ?ï{£«†àPùõ.WƒQvöÿØÔmWYÐsBT:6Êyɨî×NùZVeNN&?6¬ƒçœÃÓ
çÜe—S>ï*Ê0p«ç|Âêñ#€Úq�üŒ—òÊÔºæ9Š@5`nß54V£IÿQF(U'
[  503.564306][ T5897] usb 3-1: USB disconnect, device number 86
[  503.639598][ T5912] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  503.639637][ T5912] usb 4-1: config 0 interface 0 has no altsetting 0
[  503.639671][ T5912] usb 4-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  503.639696][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.700895][ T5912] usb 4-1: config 0 descriptor??
[  503.701814][T12534] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  503.837973][T12544] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2447'.
[  503.842257][ T5897] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  504.006433][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  504.024736][ T5897] usb 3-1: config 127 has an invalid interface number: 124 but max is 0
[  504.024775][ T5897] usb 3-1: config 127 has no interface number 0
[  504.024854][ T5897] usb 3-1: config 127 interface 124 has no altsetting 0
[  504.064977][ T5897] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87
[  504.065087][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.065106][ T5897] usb 3-1: Product: syz
[  504.065119][ T5897] usb 3-1: Manufacturer: syz
[  504.065132][ T5897] usb 3-1: SerialNumber: syz
[  504.253174][ T5912] hid_parser_main: 5 callbacks suppressed
[  504.253263][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253318][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253435][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253467][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253496][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253588][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253621][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253649][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253747][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.253779][ T5912] mcp2200 0003:04D8:00DF.000C: unknown main item tag 0x0
[  504.367262][ T5912] mcp2200 0003:04D8:00DF.000C: USB HID v0.01 Device [HID 04d8:00df] on usb-dummy_hcd.3-1/input0
[  504.947573][T11832] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  505.002625][T11832] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  505.032919][T11832] bond0 (unregistering): Released all slaves
[  505.083408][T12424] batman_adv: batadv0: Adding interface: batadv_slave_1
[  505.083428][T12424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  505.083461][T12424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  505.233934][ T1453] tipc: Resetting bearer <ib:veth1_to_bond>
[  505.241114][T12533] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2444'.
[  505.264260][ T5912] usb 4-1: USB disconnect, device number 107
[  505.474007][ T5897] usb 3-1: USB disconnect, device number 87
[  505.747890][T11832] tipc: Disabling bearer <udp:syz2>
[  505.813759][T11832] tipc: Disabling bearer <ib:veth1_to_bond>
[  505.841811][ T5885] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  506.017296][ T5885] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  506.017331][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.017357][ T5885] usb 5-1: Product: syz
[  506.017373][ T5885] usb 5-1: Manufacturer: syz
[  506.017390][ T5885] usb 5-1: SerialNumber: syz
[  506.080551][ T5885] usb 5-1: config 0 descriptor??
[  506.100678][ T5885] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  506.321656][T11832] tipc: Left network mode
[  506.448517][T12424] hsr_slave_0: entered promiscuous mode
[  506.569561][T12424] hsr_slave_1: entered promiscuous mode
[  506.579086][T12424] debugfs: 'hsr0' already exists in 'hsr'
[  506.579116][T12424] Cannot create hsr debugfs directory
[  506.633359][T12572] syzkaller1: entered promiscuous mode
[  506.633390][T12572] syzkaller1: entered allmulticast mode
[  507.789520][ T5490] 8021q: adding VLAN 0 to HW filter on device eth1
[  507.961501][ T5897] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  508.053637][T12593] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2456'.
[  508.117378][ T5897] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  508.117413][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.117437][ T5897] usb 4-1: Product: syz
[  508.117453][ T5897] usb 4-1: Manufacturer: syz
[  508.117470][ T5897] usb 4-1: SerialNumber: syz
[  508.165606][ T5897] usb 4-1: config 0 descriptor??
[  508.188702][ T5897] ch341 4-1:0.0: ch341-uart converter detected
[  508.448038][ T5896] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  508.592474][ T5896] usb 3-1: Using ep0 maxpacket: 32
[  508.794801][ T5896] usb 3-1: unable to get BOS descriptor or descriptor too short
[  508.796100][ T5896] usb 3-1: unable to read config index 0 descriptor/start: -71
[  508.796140][ T5896] usb 3-1: can't read configurations, error -71
[  509.030474][ T5897] usb 4-1: failed to send control message: -71
[  509.030529][ T5897] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  509.057973][ T5897] usb 4-1: USB disconnect, device number 108
[  509.076763][ T5897] ch341 4-1:0.0: device disconnected
[  509.880640][T12598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2458'.
[  510.125047][ T5885] gspca_stk1135: reg_w 0x1b err -71
[  510.126094][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126120][ T5885] gspca_stk1135: Sensor write failed
[  510.126157][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126168][ T5885] gspca_stk1135: Sensor write failed
[  510.126199][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126208][ T5885] gspca_stk1135: Sensor read failed
[  510.126238][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126248][ T5885] gspca_stk1135: Sensor read failed
[  510.126256][ T5885] gspca_stk1135: Detected sensor type unknown (0x0)
[  510.126290][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126300][ T5885] gspca_stk1135: Sensor read failed
[  510.126329][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126340][ T5885] gspca_stk1135: Sensor read failed
[  510.126368][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126378][ T5885] gspca_stk1135: Sensor write failed
[  510.126408][ T5885] gspca_stk1135: serial bus timeout: status=0x00
[  510.126418][ T5885] gspca_stk1135: Sensor write failed
[  510.126495][ T5885] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  510.263316][ T5885] usb 5-1: USB disconnect, device number 7
[  510.961753][ T5896] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  510.981622][ T5885] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  511.126636][T11832] hsr_slave_0: left promiscuous mode
[  511.141539][ T5896] usb 4-1: device descriptor read/64, error -71
[  511.164881][T11832] hsr_slave_1: left promiscuous mode
[  511.166080][T11832] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  511.166109][T11832] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.196258][ T5885] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  511.196289][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.196310][ T5885] usb 5-1: Product: syz
[  511.196325][ T5885] usb 5-1: Manufacturer: syz
[  511.196340][ T5885] usb 5-1: SerialNumber: syz
[  511.323376][T11832] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  511.323411][T11832] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.382038][ T5896] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  511.521622][ T5896] usb 4-1: device descriptor read/64, error -71
[  511.614024][T11832] veth1_vlan: left promiscuous mode
[  511.625222][T11832] veth0_vlan: left promiscuous mode
[  511.631910][ T5896] usb usb4-port1: attempt power cycle
[  511.700036][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  511.700120][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  512.001807][ T5896] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  512.032249][ T5896] usb 4-1: device descriptor read/8, error -71
[  512.314732][ T5896] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  512.372266][ T5896] usb 4-1: device descriptor read/8, error -71
[  512.450803][T12625] binder: 12624:12625 unknown command 0
[  512.450826][T12625] binder: 12624:12625 ioctl c0306201 200000000080 returned -22
[  512.482169][ T5896] usb usb4-port1: unable to enumerate USB device
[  512.735512][T12614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.736270][T12614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  512.948460][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  513.205533][T11832] team0 (unregistering): Port device team_slave_1 removed
[  513.235043][T12614] netlink: 'syz.4.2463': attribute type 64 has an invalid length.
[  513.235071][T12614] netlink: 'syz.4.2463': attribute type 4 has an invalid length.
[  513.235087][T12614] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2463'.
[  513.292980][T11832] team0 (unregistering): Port device team_slave_0 removed
[  513.868709][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001000. ret = -EPROTO
[  513.869343][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  513.869475][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  513.870480][ T5885] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  513.948052][ T5885] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  514.011067][ T5885] usb 5-1: USB disconnect, device number 8
[  514.327855][T12642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2472'.
[  514.557015][  T835] usb 3-1: new full-speed USB device number 90 using dummy_hcd
[  514.560225][  T137] block nbd0: Possible stuck request ffff888027ea5080: control (read@0,1024B). Runtime 90 seconds
[  514.709358][T12655] usb usb9: usbfs: process 12655 (syz.4.2474) did not claim interface 0 before use
[  514.798794][  T835] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  514.798829][  T835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  514.798852][  T835] usb 3-1: Product: syz
[  514.798868][  T835] usb 3-1: Manufacturer: syz
[  514.798885][  T835] usb 3-1: SerialNumber: syz
[  514.872845][  T835] usb 3-1: config 0 descriptor??
[  514.895370][  T835] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  515.198752][T12662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2475'.
[  515.231128][T12664] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2476'.
[  515.664269][T12666] dummy0: entered allmulticast mode
[  515.676681][T12665] dummy0: left allmulticast mode
[  516.045407][T12676] /dev/nullb0: Can't open blockdev
[  516.732954][    T9] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[  516.888065][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.888103][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  516.888146][    T9] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  516.888171][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.945575][    T9] usb 4-1: config 0 descriptor??
[  517.432034][    T9] hid_parser_main: 464 callbacks suppressed
[  517.432065][    T9] playstation 0003:054C:0DF2.000D: unknown main item tag 0x0
[  517.432103][    T9] playstation 0003:054C:0DF2.000D: unknown main item tag 0x0
[  517.432138][    T9] playstation 0003:054C:0DF2.000D: unknown main item tag 0x0
[  517.432170][    T9] playstation 0003:054C:0DF2.000D: unknown main item tag 0x0
[  517.432203][    T9] playstation 0003:054C:0DF2.000D: unknown main item tag 0x0
[  517.523580][    T9] playstation 0003:054C:0DF2.000D: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[  518.223599][    T9] playstation 0003:054C:0DF2.000D: Failed to retrieve feature with reportID 5: -71
[  518.223712][    T9] playstation 0003:054C:0DF2.000D: Failed to retrieve DualSense calibration info: -71
[  518.223772][    T9] playstation 0003:054C:0DF2.000D: Failed to get calibration data from DualSense
[  518.223794][    T9] playstation 0003:054C:0DF2.000D: Failed to create dualsense.
[  518.297406][    T9] playstation 0003:054C:0DF2.000D: probe with driver playstation failed with error -71
[  518.313666][    T9] usb 4-1: USB disconnect, device number 113
[  518.722182][ T5885] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  518.793981][  T835] gspca_stk1135: reg_w 0x1b err -71
[  518.795044][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795060][  T835] gspca_stk1135: Sensor write failed
[  518.795100][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795112][  T835] gspca_stk1135: Sensor write failed
[  518.795150][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795163][  T835] gspca_stk1135: Sensor read failed
[  518.795199][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795210][  T835] gspca_stk1135: Sensor read failed
[  518.795218][  T835] gspca_stk1135: Detected sensor type unknown (0x0)
[  518.795259][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795271][  T835] gspca_stk1135: Sensor read failed
[  518.795308][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795318][  T835] gspca_stk1135: Sensor read failed
[  518.795355][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795366][  T835] gspca_stk1135: Sensor write failed
[  518.795403][  T835] gspca_stk1135: serial bus timeout: status=0x00
[  518.795413][  T835] gspca_stk1135: Sensor write failed
[  518.795502][  T835] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  518.892329][  T835] usb 3-1: USB disconnect, device number 90
[  518.953928][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  518.957026][ T5885] usb 5-1: unable to get BOS descriptor or descriptor too short
[  518.959575][ T5885] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  518.959633][ T5885] usb 5-1: too many endpoints for config 1 interface 1 altsetting 0: 251, using maximum allowed: 30
[  518.959673][ T5885] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 251
[  518.959716][ T5885] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[  518.959754][ T5885] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  518.959781][ T5885] usb 5-1: config 1 interface 2 has no altsetting 0
[  519.041781][ T5885] usb 5-1: New USB device found, idVendor=1235, idProduct=8215, bcdDevice= 0.40
[  519.041814][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.041852][ T5885] usb 5-1: Product: syz
[  519.041870][ T5885] usb 5-1: Manufacturer: syz
[  519.041886][ T5885] usb 5-1: SerialNumber: syz
[  519.222230][T12723] netlink: 822 bytes leftover after parsing attributes in process `syz.3.2486'.
[  519.307293][T12424] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  519.325028][T12711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.338998][T12711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.366230][ T5885] usb 5-1: 2:0: failed to get current value for ch 0 (-71)
[  519.379617][ T5885] usb 5-1: 2:0: cannot get min/max values for control 2 (id 2)
[  519.379652][ T5885] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  519.379674][ T5885] usb 5-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1
[  519.411106][ T5885] usb 5-1: Focusrite Scarlett Gen 3 Mixer Driver enabled (pid=0x8215); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues
[  519.411187][ T5885] usb 5-1: Error initialising Scarlett Gen 3 Mixer Driver: -22
[  519.521586][ T5885] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  519.536331][T12424] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  519.554198][T12424] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  519.579237][ T5885] usb 5-1: USB disconnect, device number 9
[  519.663707][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  519.828087][T12424] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  519.832113][T12424] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  519.894952][T12424] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  519.897276][ T5831] Bluetooth: hci2: unexpected Set CIG Parameters response data
[  519.897308][ T5831] Bluetooth: hci2: unexpected event for opcode 0x2062
[  519.898799][T12424] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  519.941788][ T5912] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  519.974765][T12424] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  520.283729][ T5912] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  520.283763][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.283787][ T5912] usb 3-1: Product: syz
[  520.283804][ T5912] usb 3-1: Manufacturer: syz
[  520.283820][ T5912] usb 3-1: SerialNumber: syz
[  520.302324][ T5912] usb 3-1: config 0 descriptor??
[  520.351540][ T5896] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  520.354445][ T5912] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  520.438684][T12424] 8021q: adding VLAN 0 to HW filter on device bond0
[  520.511586][ T5896] usb 5-1: Using ep0 maxpacket: 16
[  520.517026][ T5896] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  520.517065][ T5896] usb 5-1: config 0 interface 0 has no altsetting 0
[  520.517102][ T5896] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  520.517130][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.563781][ T5912] gspca_sunplus: reg_r err -71
[  520.593591][ T5896] usb 5-1: config 0 descriptor??
[  520.598775][ T5912] usb 3-1: USB disconnect, device number 91
[  520.705095][T12424] 8021q: adding VLAN 0 to HW filter on device team0
[  520.724160][T12756] vxfs: unable to read disk superblock at 1
[  520.724427][T12756] vxfs: unable to read disk superblock at 8
[  520.724445][T12756] vxfs: can't find superblock.
[  520.864640][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.864993][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state
[  521.120923][ T5896] nzxt-smart2 0003:1E71:2009.000E: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  521.139296][ T3576] bridge0: port 2(bridge_slave_1) entered blocking state
[  521.139471][ T3576] bridge0: port 2(bridge_slave_1) entered forwarding state
[  521.731712][ T5896] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  521.893280][ T5896] usb 3-1: device descriptor read/64, error -71
[  522.091521][ T5912] usb 4-1: new full-speed USB device number 114 using dummy_hcd
[  522.131695][ T5896] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  522.131864][  T835] usb 5-1: USB disconnect, device number 10
[  522.250966][ T5912] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  522.251002][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.251026][ T5912] usb 4-1: Product: syz
[  522.251042][ T5912] usb 4-1: Manufacturer: syz
[  522.251059][ T5912] usb 4-1: SerialNumber: syz
[  522.282412][ T5896] usb 3-1: device descriptor read/64, error -71
[  522.332935][ T5912] usb 4-1: config 0 descriptor??
[  522.389876][ T5912] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  522.398195][ T5896] usb usb3-port1: attempt power cycle
[  522.696268][T12424] 8021q: adding VLAN 0 to HW filter on device batadv0
[  522.741595][ T5896] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  522.772538][ T5896] usb 3-1: device descriptor read/8, error -71
[  522.955629][T12424] veth0_vlan: entered promiscuous mode
[  523.006636][T12424] veth1_vlan: entered promiscuous mode
[  523.051940][ T5896] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  523.085284][ T5896] usb 3-1: device descriptor read/8, error -71
[  523.106209][T12424] veth0_macvtap: entered promiscuous mode
[  523.126732][T12424] veth1_macvtap: entered promiscuous mode
[  523.195112][ T5896] usb usb3-port1: unable to enumerate USB device
[  523.205908][T12424] batman_adv: batadv0: Interface activated: batadv_slave_0
[  523.237703][T12424] batman_adv: batadv0: Interface activated: batadv_slave_1
[  523.316049][ T3576] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  523.317773][ T3576] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  523.359368][ T3576] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  523.359430][ T3576] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  523.587893][T12780] FAULT_INJECTION: forcing a failure.
[  523.587893][T12780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  523.587937][T12780] CPU: 0 UID: 0 PID: 12780 Comm: syz.4.2495 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  523.587981][T12780] Tainted: [L]=SOFTLOCKUP
[  523.587990][T12780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  523.588004][T12780] Call Trace:
[  523.588014][T12780]  <TASK>
[  523.588025][T12780]  dump_stack_lvl+0xe8/0x150
[  523.588053][T12780]  should_fail_ex+0x46b/0x600
[  523.588089][T12780]  _copy_to_iter+0x589/0x17d0
[  523.588131][T12780]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  523.588155][T12780]  ? __pfx__copy_to_iter+0x10/0x10
[  523.588183][T12780]  ? rt_spin_lock+0x1e0/0x400
[  523.588207][T12780]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  523.588239][T12780]  __skb_datagram_iter+0xf8/0x980
[  523.588274][T12780]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  523.588314][T12780]  skb_copy_datagram_iter+0xb5/0x240
[  523.588351][T12780]  netlink_recvmsg+0x2c3/0xa50
[  523.588388][T12780]  ? __pfx_netlink_recvmsg+0x10/0x10
[  523.588421][T12780]  ? __pfx_aa_sk_perm+0x10/0x10
[  523.588459][T12780]  ? aa_sock_msg_perm+0x122/0x200
[  523.588491][T12780]  ? __pfx_netlink_recvmsg+0x10/0x10
[  523.588523][T12780]  sock_recvmsg_nosec+0x10c/0x140
[  523.588555][T12780]  ____sys_recvmsg+0x23d/0x4f0
[  523.588595][T12780]  ? __pfx_____sys_recvmsg+0x10/0x10
[  523.588641][T12780]  ? import_iovec+0x73/0xa0
[  523.588664][T12780]  ___sys_recvmsg+0x215/0x590
[  523.588701][T12780]  ? __pfx____sys_recvmsg+0x10/0x10
[  523.588739][T12780]  ? __fget_files+0x2a/0x420
[  523.588781][T12780]  ? __fget_files+0x3a6/0x420
[  523.588815][T12780]  do_recvmmsg+0x33a/0x800
[  523.588855][T12780]  ? __pfx_do_recvmmsg+0x10/0x10
[  523.588900][T12780]  ? _copy_from_user+0x94/0xb0
[  523.588937][T12780]  __x64_sys_recvmmsg+0x1b7/0x250
[  523.588986][T12780]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  523.589030][T12780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.589057][T12780]  do_syscall_64+0x15f/0xf80
[  523.589089][T12780]  ? trace_irq_disable+0x3b/0x140
[  523.589115][T12780]  ? clear_bhb_loop+0x40/0x90
[  523.589141][T12780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.589162][T12780] RIP: 0033:0x7f922c38cdd9
[  523.589182][T12780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  523.589201][T12780] RSP: 002b:00007f922a5de028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  523.589223][T12780] RAX: ffffffffffffffda RBX: 00007f922c605fa0 RCX: 00007f922c38cdd9
[  523.589238][T12780] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  523.589253][T12780] RBP: 00007f922a5de090 R08: 0000200000003700 R09: 0000000000000000
[  523.589267][T12780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  523.589279][T12780] R13: 00007f922c606038 R14: 00007f922c605fa0 R15: 00007ffe504d31a8
[  523.589310][T12780]  </TASK>
[  524.979814][   T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  524.979836][   T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  525.510549][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  525.510643][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  526.060550][ T5912] gspca_stk1135: reg_w 0x19 err -71
[  526.061688][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.061746][ T5912] gspca_stk1135: Sensor write failed
[  526.061830][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.061862][ T5912] gspca_stk1135: Sensor write failed
[  526.061958][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.061991][ T5912] gspca_stk1135: Sensor read failed
[  526.062095][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.062128][ T5912] gspca_stk1135: Sensor read failed
[  526.062150][ T5912] gspca_stk1135: Detected sensor type unknown (0x0)
[  526.062240][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.062307][ T5912] gspca_stk1135: Sensor read failed
[  526.065435][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.065478][ T5912] gspca_stk1135: Sensor read failed
[  526.065575][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.065607][ T5912] gspca_stk1135: Sensor write failed
[  526.065696][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  526.065728][ T5912] gspca_stk1135: Sensor write failed
[  526.066004][ T5912] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  526.203610][ T5912] usb 4-1: USB disconnect, device number 114
[  526.506170][T12803] netlink: 'syz.2.2501': attribute type 10 has an invalid length.
[  526.620581][T12808] syzkaller1: entered promiscuous mode
[  526.620609][T12808] syzkaller1: entered allmulticast mode
[  526.999278][T12816] xt_bpf: check failed: parse error
[  527.179328][  T820] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  527.214098][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  527.219297][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  527.241443][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  527.292353][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  527.350123][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  527.365566][  T820] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7
[  527.365614][  T820] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7
[  527.404893][  T820] usb 5-1: New USB device found, idVendor=0582, idProduct=08ae, bcdDevice= 0.40
[  527.404927][  T820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.404951][  T820] usb 5-1: Product: syz
[  527.404968][  T820] usb 5-1: Manufacturer: syz
[  527.404984][  T820] usb 5-1: SerialNumber: syz
[  527.505716][T12826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2510'.
[  527.505740][T12826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2510'.
[  527.731573][   T32] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  527.793860][  T820] usb 5-1: Can't get UAC3 power state for id 10
[  527.814861][  T820] usb 5-1: 2:0: failed to get current value for ch 0 (-71)
[  527.835849][  T820] usb 5-1: 2:0: cannot get min/max values for control 2 (id 2)
[  527.835876][  T820] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  527.835892][  T820] usb 5-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1
[  527.881556][   T32] usb 2-1: Using ep0 maxpacket: 16
[  527.892658][   T32] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  527.892701][   T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.892725][   T32] usb 2-1: Product: syz
[  527.892742][   T32] usb 2-1: Manufacturer: syz
[  527.892760][   T32] usb 2-1: SerialNumber: syz
[  528.372448][  T820] usb 5-1: USB disconnect, device number 11
[  528.562809][ T6504] udevd[6504]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  528.562842][T12833] futex_wake_op: syz.4.2513 tries to shift op by -1; fix this program
[  528.694999][   T32] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71
[  528.753961][   T32] usb 2-1: USB disconnect, device number 90
[  529.240500][   T32] usb 2-1: new full-speed USB device number 91 using dummy_hcd
[  529.406528][   T32] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  529.406571][   T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.406595][   T32] usb 2-1: Product: syz
[  529.406612][   T32] usb 2-1: Manufacturer: syz
[  529.406629][   T32] usb 2-1: SerialNumber: syz
[  529.421656][  T820] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  529.458483][   T32] usb 2-1: config 0 descriptor??
[  529.495549][   T32] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  529.522581][ T5831] Bluetooth: hci0: command tx timeout
[  529.587301][  T820] usb 5-1: Using ep0 maxpacket: 16
[  529.589940][  T820] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  529.589981][  T820] usb 5-1: config 0 interface 0 has no altsetting 0
[  529.590023][  T820] usb 5-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[  529.590051][  T820] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.722119][  T820] usb 5-1: config 0 descriptor??
[  530.159931][  T820] uclogic 0003:28BD:0055.000F: interface is invalid, ignoring
[  530.302203][T12836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.304639][T12836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.311003][T12836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.312938][T12836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.444045][  T835] usb 5-1: USB disconnect, device number 12
[  530.622434][T12845] syzkaller1: entered promiscuous mode
[  530.622456][T12845] syzkaller1: entered allmulticast mode
[  530.946723][ T3508] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.601494][ T5831] Bluetooth: hci0: command tx timeout
[  532.064019][ T3508] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.171153][T12855] bond0: (slave bridge_slave_1): Error: Device is in use and cannot be enslaved
[  532.568423][ T3508] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.611606][  T820] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  532.746132][   T32] gspca_stk1135: reg_w 0x353 err -71
[  532.747185][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747202][   T32] gspca_stk1135: Sensor write failed
[  532.747242][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747254][   T32] gspca_stk1135: Sensor write failed
[  532.747292][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747304][   T32] gspca_stk1135: Sensor read failed
[  532.747342][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747354][   T32] gspca_stk1135: Sensor read failed
[  532.747363][   T32] gspca_stk1135: Detected sensor type unknown (0x0)
[  532.747405][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747417][   T32] gspca_stk1135: Sensor read failed
[  532.747455][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747466][   T32] gspca_stk1135: Sensor read failed
[  532.747504][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.747515][   T32] gspca_stk1135: Sensor write failed
[  532.747553][   T32] gspca_stk1135: serial bus timeout: status=0x00
[  532.749172][   T32] gspca_stk1135: Sensor write failed
[  532.749271][   T32] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  532.783440][  T820] usb 3-1: Using ep0 maxpacket: 16
[  532.878012][   T32] usb 2-1: USB disconnect, device number 91
[  532.894704][  T820] usb 3-1: unable to get BOS descriptor or descriptor too short
[  532.909133][  T820] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  532.909342][ T5875] udevd[5875]: setting mode of /dev/bus/usb/002/091 to 020664 failed: No such file or directory
[  532.909640][ T5875] udevd[5875]: setting owner of /dev/bus/usb/002/091 to uid=0, gid=0 failed: No such file or directory
[  532.949636][  T820] usb 3-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  532.949668][  T820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.949697][  T820] usb 3-1: Product: syz
[  532.949710][  T820] usb 3-1: Manufacturer: syz
[  532.949721][  T820] usb 3-1: SerialNumber: syz
[  533.264322][ T3508] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.311581][T12872] binder: 12871:12872 unknown command 0
[  533.311602][T12872] binder: 12871:12872 ioctl c0306201 200000000080 returned -22
[  533.358285][T12873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2523'.
[  533.412669][  T820] usb 3-1: Audio class v2/v3 interfaces need an interface association
[  533.417657][  T820] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  533.551035][T12819] chnl_net:caif_netlink_parms(): no params data found
[  533.692643][ T5831] Bluetooth: hci0: command tx timeout
[  533.822398][  T820] usb 3-1: 2:1 : bogus bTerminalLink 6
[  534.028189][T12866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  534.029171][T12866] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  534.170483][T12819] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.170875][T12819] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.171179][T12819] bridge_slave_0: entered allmulticast mode
[  534.187277][T12819] bridge_slave_0: entered promiscuous mode
[  534.333436][T12819] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.333724][T12819] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.334002][T12819] bridge_slave_1: entered allmulticast mode
[  534.408125][  T820] usb 3-1: USB disconnect, device number 96
[  534.410174][T12819] bridge_slave_1: entered promiscuous mode
[  534.702803][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  534.743279][T12819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  534.797247][T12819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.141846][T12819] team0: Port device team_slave_0 added
[  535.178504][T12819] team0: Port device team_slave_1 added
[  535.614302][T12819] batman_adv: batadv0: Adding interface: batadv_slave_0
[  535.614332][T12819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  535.614408][T12819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  535.751527][  T835] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  535.764909][ T5831] Bluetooth: hci0: command tx timeout
[  535.825149][T12902] netlink: 'syz.2.2532': attribute type 10 has an invalid length.
[  535.908858][  T835] usb 5-1: config 6 has an invalid interface number: 44 but max is 0
[  535.908887][  T835] usb 5-1: config 6 has no interface number 0
[  535.908928][  T835] usb 5-1: config 6 interface 44 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  535.908959][  T835] usb 5-1: config 6 interface 44 has no altsetting 0
[  535.963477][  T835] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0006, bcdDevice=d9.b1
[  535.963523][  T835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.963547][  T835] usb 5-1: Product: syz
[  535.963564][  T835] usb 5-1: Manufacturer: syz
[  535.963581][  T835] usb 5-1: SerialNumber: syz
[  536.006400][T12895] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  536.033778][T12819] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.033853][T12819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.033888][T12819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.609345][  T835] ati_remote 5-1:6.44: ati_remote_probe: Unexpected endpoint_in
[  536.647587][  T835] usb 5-1: USB disconnect, device number 13
[  536.862964][T12819] hsr_slave_0: entered promiscuous mode
[  536.865597][T12819] hsr_slave_1: entered promiscuous mode
[  536.867713][T12819] debugfs: 'hsr0' already exists in 'hsr'
[  536.867741][T12819] Cannot create hsr debugfs directory
[  537.322121][ T3508] bridge_slave_1: left allmulticast mode
[  537.322163][ T3508] bridge_slave_1: left promiscuous mode
[  537.322502][ T3508] bridge0: port 2(bridge_slave_1) entered disabled state
[  537.422962][  T820] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  537.433297][ T3508] bridge_slave_0: left allmulticast mode
[  537.433333][ T3508] bridge_slave_0: left promiscuous mode
[  537.433645][ T3508] bridge0: port 1(bridge_slave_0) entered disabled state
[  537.563695][ T3508] dvmrp0: left allmulticast mode
[  537.575236][  T820] usb 3-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  537.575279][  T820] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 253
[  537.578665][  T820] usb 3-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  537.578754][  T820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.578806][  T820] usb 3-1: Product: syz
[  537.578843][  T820] usb 3-1: Manufacturer: syz
[  537.578887][  T820] usb 3-1: SerialNumber: syz
[  537.628355][  T820] usb 3-1: config 0 descriptor??
[  537.648112][  T820] gspca_main: sunplus-2.14.0 probing 055f:c630
[  537.731561][ T5912] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  537.891482][ T5912] usb 5-1: Using ep0 maxpacket: 16
[  537.894728][ T5912] usb 5-1: config 8 has an invalid interface number: 234 but max is 0
[  537.894758][ T5912] usb 5-1: config 8 has an invalid descriptor of length 13, skipping remainder of the config
[  537.894781][ T5912] usb 5-1: config 8 has no interface number 0
[  537.894828][ T5912] usb 5-1: config 8 interface 234 altsetting 1 endpoint 0x6 has invalid maxpacket 2080, setting to 64
[  537.894860][ T5912] usb 5-1: config 8 interface 234 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  537.894892][ T5912] usb 5-1: config 8 interface 234 has no altsetting 0
[  537.899170][ T5912] usb 5-1: New USB device found, idVendor=1608, idProduct=021c, bcdDevice= 6.42
[  537.899203][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.899226][ T5912] usb 5-1: Product: syz
[  537.899243][ T5912] usb 5-1: Manufacturer: syz
[  537.899261][ T5912] usb 5-1: SerialNumber: syz
[  538.292446][T12913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  538.293291][T12913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.546509][ T5912] io_ti 5-1:8.234: required endpoints missing
[  538.583287][ T5912] usb 5-1: USB disconnect, device number 14
[  539.322804][  T820] gspca_sunplus: reg_r err -110
[  539.322888][  T820] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  539.866783][T12876] syz.1.2527 (12876): drop_caches: 3
[  539.992636][ T3508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  540.072282][ T3508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  540.114692][ T3508] bond0 (unregistering): Released all slaves
[  540.141751][T12937] netlink: 'syz.1.2541': attribute type 10 has an invalid length.
[  540.254934][  T835] usb 3-1: USB disconnect, device number 97
[  541.035924][T12948] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2546'.
[  541.187139][T12952] binder: 12951:12952 unknown command 0
[  541.187164][T12952] binder: 12951:12952 ioctl c0306201 200000000080 returned -22
[  541.524339][    T9] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  541.682520][    T9] usb 3-1: Using ep0 maxpacket: 16
[  541.689992][    T9] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  541.690027][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.690051][    T9] usb 3-1: Product: syz
[  541.690068][    T9] usb 3-1: Manufacturer: syz
[  541.690085][    T9] usb 3-1: SerialNumber: syz
[  541.777716][    T9] usb 3-1: config 0 descriptor??
[  541.790790][    T9] visor 3-1:0.0: Sony Clie 3.5 converter detected
[  542.007445][    T9] usb 3-1: clie_3_5_startup: get config number bad return length: 0
[  542.007583][    T9] visor 3-1:0.0: probe with driver visor failed with error -5
[  542.095570][T12954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2549'.
[  542.332702][ T5831] Bluetooth: to_multiplier 0 < 10
[  542.781611][ T6000] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  543.014634][ T6000] usb 2-1: unable to get BOS descriptor or descriptor too short
[  543.035967][ T6000] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[  543.073973][ T6000] usb 2-1: New USB device found, idVendor=0e41, idProduct=5050, bcdDevice= 0.40
[  543.073998][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.074013][ T6000] usb 2-1: Product: syz
[  543.074025][ T6000] usb 2-1: Manufacturer: syz
[  543.074036][ T6000] usb 2-1: SerialNumber: syz
[  543.536995][ T6000] usb 2-1: unit 4 not found!
[  543.849440][ T6000] snd_usb_pod 2-1:1.1: Line 6 PODxt Pro found
[  543.849469][ T6000] usb 2-1: selecting invalid altsetting 5
[  543.849488][ T6000] snd_usb_pod 2-1:1.1: set_interface failed
[  543.849953][ T6000] snd_usb_pod 2-1:1.1: Line 6 PODxt Pro now disconnected
[  543.850161][ T6000] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[  543.891889][ T6000] snd_usb_pod 2-1:1.2: Line 6 PODxt Pro found
[  543.891914][ T6000] usb 2-1: selecting invalid altsetting 5
[  543.891929][ T6000] snd_usb_pod 2-1:1.2: set_interface failed
[  543.892151][ T6000] snd_usb_pod 2-1:1.2: Line 6 PODxt Pro now disconnected
[  543.892316][ T6000] snd_usb_pod 2-1:1.2: probe with driver snd_usb_pod failed with error -22
[  543.920349][ T6000] usb 2-1: USB disconnect, device number 92
[  544.148714][    T9] usb 3-1: USB disconnect, device number 98
[  544.272516][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  544.403273][ T5831] Bluetooth: hci5: command tx timeout
[  544.542791][ T5490] 8021q: adding VLAN 0 to HW filter on device eth1
[  544.611492][  T137] block nbd0: Possible stuck request ffff888027ea5080: control (read@0,1024B). Runtime 120 seconds
[  544.617346][T12993] 8021q: VLANs not supported on sit0
[  545.167048][T13006] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2563'.
[  545.167076][T13006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2563'.
[  545.259289][T13011] program syz.4.2564 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  545.471505][  T835] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[  545.601826][  T835] usb 3-1: device descriptor read/64, error -71
[  545.647815][T13027] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2566'.
[  545.720816][T13030] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2567'.
[  545.843947][  T835] usb 3-1: new full-speed USB device number 100 using dummy_hcd
[  545.971439][  T835] usb 3-1: device descriptor read/64, error -71
[  546.082028][  T835] usb usb3-port1: attempt power cycle
[  546.196198][ T3508] hsr_slave_0: left promiscuous mode
[  546.284857][ T3508] hsr_slave_1: left promiscuous mode
[  546.484083][  T835] usb 3-1: new full-speed USB device number 101 using dummy_hcd
[  546.502323][  T835] usb 3-1: device descriptor read/8, error -71
[  546.506889][ T3508] veth1_vlan: left promiscuous mode
[  546.507252][ T3508] veth0_vlan: left promiscuous mode
[  546.757212][  T835] usb 3-1: new full-speed USB device number 102 using dummy_hcd
[  546.773796][  T835] usb 3-1: device descriptor read/8, error -71
[  546.887191][  T835] usb usb3-port1: unable to enumerate USB device
[  546.960824][   T68] smc: removing ib device syz0
[  547.083230][T13047] netlink: 'syz.4.2572': attribute type 10 has an invalid length.
[  547.692164][ T3508] team0 (unregistering): Port device team_slave_1 removed
[  547.752155][ T3508] team0 (unregistering): Port device team_slave_0 removed
[  548.534217][   T68] smbdirect: ib_dev[syz0] removed
[  548.637406][T13067] binder: 13064:13067 ioctl c0306201 200000000080 returned -14
[  548.639935][T13067] binder: 13064:13067 ioctl c0306201 2000000003c0 returned -14
[  549.848474][T13086] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2584'.
[  550.203475][T13091] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2586'.
[  550.923802][ T6000] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  551.144114][ T6000] usb 5-1: Using ep0 maxpacket: 16
[  551.146960][ T6000] usb 5-1: unable to get BOS descriptor or descriptor too short
[  551.148271][ T6000] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  551.150641][ T6000] usb 5-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  551.150670][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.150694][ T6000] usb 5-1: Product: syz
[  551.150718][ T6000] usb 5-1: Manufacturer: syz
[  551.150735][ T6000] usb 5-1: SerialNumber: syz
[  551.520368][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2588'.
[  551.562319][ T6000] usb 5-1: Audio class v2/v3 interfaces need an interface association
[  551.562843][ T6000] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  553.266651][T12819] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  553.478470][T12819] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  553.480232][T12819] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  553.649182][ T6000] usb 5-1: USB disconnect, device number 15
[  553.649470][T12819] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  553.665357][T13134] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  553.816665][T12819] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  554.601217][T12819] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  554.608704][T12819] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  554.742381][T12819] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  555.317744][T12819] 8021q: adding VLAN 0 to HW filter on device bond0
[  555.375063][T12819] 8021q: adding VLAN 0 to HW filter on device team0
[  555.408423][ T3576] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.408783][ T3576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  555.492052][  T150] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.492338][  T150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.647407][   T37] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  555.806122][   T37] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  555.806157][   T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.806180][   T37] usb 3-1: Product: syz
[  555.806197][   T37] usb 3-1: Manufacturer: syz
[  555.806214][   T37] usb 3-1: SerialNumber: syz
[  556.388243][   T37] rtl8150 3-1:1.0: couldn't reset the device
[  556.388632][   T37] rtl8150 3-1:1.0: probe with driver rtl8150 failed with error -5
[  556.429142][T13191] binder_alloc: 13190: pid 13190 spamming oneway? 1 buffers allocated for a total size of 4096
[  556.515710][   T37] usb 3-1: USB disconnect, device number 103
[  556.698159][T12819] 8021q: adding VLAN 0 to HW filter on device batadv0
[  556.771721][   T32] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  556.855900][T12819] veth0_vlan: entered promiscuous mode
[  556.905123][T12819] veth1_vlan: entered promiscuous mode
[  556.927837][   T32] usb 5-1: Using ep0 maxpacket: 8
[  556.946341][   T32] usb 5-1: unable to get BOS descriptor or descriptor too short
[  556.949387][   T32] usb 5-1: config 47 has an invalid interface number: 47 but max is 0
[  556.949418][   T32] usb 5-1: config 47 has no interface number 0
[  556.949454][   T32] usb 5-1: config 47 interface 47 has no altsetting 0
[  556.951705][ T6000] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  556.998520][   T32] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=e0.a0
[  556.998554][   T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.998576][   T32] usb 5-1: Product: syz
[  556.998590][   T32] usb 5-1: Manufacturer: syz
[  556.998606][   T32] usb 5-1: SerialNumber: syz
[  557.151700][ T6000] usb 2-1: Using ep0 maxpacket: 16
[  557.158574][ T6000] usb 2-1: unable to get BOS descriptor or descriptor too short
[  557.174305][ T6000] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  557.186785][ T6000] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  557.186828][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.186895][ T6000] usb 2-1: Product: syz
[  557.186949][ T6000] usb 2-1: Manufacturer: syz
[  557.186967][ T6000] usb 2-1: SerialNumber: syz
[  557.247754][T13194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  557.250528][T13194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  557.285402][   T32] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  557.318067][   T32] dvb-usb: bulk message failed: -22 (2/0)
[  557.318096][   T32] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  557.320043][   T32] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  557.320118][   T32] usb 5-1: media controller created
[  557.416065][   T32] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  557.513706][T12819] veth0_macvtap: entered promiscuous mode
[  557.537060][   T32] dvb-usb: bulk message failed: -22 (1/0)
[  557.537275][   T32] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  557.558648][   T32] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input19
[  557.613475][   T32] dvb-usb: schedule remote query interval to 50 msecs.
[  557.613505][   T32] dvb-usb: bulk message failed: -22 (2/0)
[  557.613520][   T32] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  557.627355][   T32] usb 5-1: USB disconnect, device number 16
[  557.776569][T13204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2605'.
[  557.862361][ T6000] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  557.862717][ T6000] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  557.984308][T12819] veth1_macvtap: entered promiscuous mode
[  558.084361][   T32] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  558.217986][ T6000] usb 2-1: 2:1 : bogus bTerminalLink 6
[  558.340978][T12819] batman_adv: batadv0: Interface activated: batadv_slave_0
[  558.397415][T12819] batman_adv: batadv0: Interface activated: batadv_slave_1
[  558.459362][ T1470] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  558.459651][ T1470] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  558.459694][ T1470] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  558.459733][ T1470] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  558.587509][ T6000] usb 2-1: USB disconnect, device number 93
[  558.795848][    T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  559.039252][    T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  559.089152][    T9] usb 5-1: New USB device found, idVendor=0499, idProduct=103f, bcdDevice= 0.40
[  559.089185][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.089209][    T9] usb 5-1: Product: ࡃ
[  559.089225][    T9] usb 5-1: Manufacturer: אָ뉙춢ꡲㆱ뽃Ⱳ䈖뀸逞�穿퓀䔩ឪᩫ瘃຾�稓䢲쫶웰颇闬ᗣᬢ쒡륞�⺉矇ὕ൮Ἰ頞�皔밸잜勠ꘫ柫휗쉽묧棙솓⌼࡟.껉Ꜳ鿮ᮮ晿ೂ�ᡌ�織췫�䱫㩼�ዮᑉᅘ綆䵿약쓰며焆휦ꆊ볃粑鸯�꼜𼚲쥜朸淙
[  559.089261][    T9] usb 5-1: SerialNumber: М
[  559.456895][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  559.504791][    T9] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -2
[  559.567450][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  559.574884][    T9] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -2
[  559.637062][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  559.810710][    T9] snd-usb-audio 5-1:1.2: probe with driver snd-usb-audio failed with error -2
[  559.836283][    T9] usb 5-1: USB disconnect, device number 17
[  559.862601][ T3508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.862625][ T3508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.922961][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  560.186127][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.186151][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.283270][T13233] binder: 13232:13233 unknown command 0
[  560.283307][T13233] binder: 13232:13233 ioctl c0306201 200000000080 returned -22
[  560.353943][T13235] binder: 13234:13235 ioctl c080661a 200000000200 returned -22
[  560.450205][T13237] FAULT_INJECTION: forcing a failure.
[  560.450205][T13237] name failslab, interval 1, probability 0, space 0, times 0
[  560.450242][T13237] CPU: 0 UID: 0 PID: 13237 Comm: syz.2.2618 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  560.450271][T13237] Tainted: [L]=SOFTLOCKUP
[  560.450280][T13237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  560.450292][T13237] Call Trace:
[  560.450300][T13237]  <TASK>
[  560.450310][T13237]  dump_stack_lvl+0xe8/0x150
[  560.450340][T13237]  should_fail_ex+0x46b/0x600
[  560.450372][T13237]  should_failslab+0xa8/0x100
[  560.450402][T13237]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  560.450429][T13237]  ? __alloc_skb+0x1d0/0x7d0
[  560.450463][T13237]  ? lockdep_hardirqs_on+0x7a/0x110
[  560.450494][T13237]  __alloc_skb+0x1d0/0x7d0
[  560.450522][T13237]  __ip6_append_data+0x2c7c/0x3e90
[  560.450557][T13237]  ? __pfx_raw6_getfrag+0x10/0x10
[  560.450596][T13237]  ? __pfx___ip6_append_data+0x10/0x10
[  560.450617][T13237]  ? ip6_setup_cork+0x544/0xf30
[  560.450637][T13237]  ? ip6_append_data+0x1c7/0x2a0
[  560.450659][T13237]  ip6_append_data+0x10f/0x2a0
[  560.450682][T13237]  ? __pfx_raw6_getfrag+0x10/0x10
[  560.450707][T13237]  rawv6_sendmsg+0x12d3/0x18e0
[  560.450740][T13237]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  560.450785][T13237]  ? __pfx_aa_sk_perm+0x10/0x10
[  560.450810][T13237]  ? sock_rps_record_flow+0x19/0x350
[  560.450842][T13237]  ? inet_sendmsg+0x2f4/0x370
[  560.450870][T13237]  ? aa_sock_msg_perm+0x122/0x200
[  560.450898][T13237]  ? __pfx_inet_sendmsg+0x10/0x10
[  560.450926][T13237]  sock_sendmsg_nosec+0xf9/0x150
[  560.450954][T13237]  ____sys_sendmsg+0x55c/0x870
[  560.450986][T13237]  ? __pfx_____sys_sendmsg+0x10/0x10
[  560.451021][T13237]  ? import_iovec+0x73/0xa0
[  560.451048][T13237]  ___sys_sendmsg+0x2a5/0x360
[  560.451081][T13237]  ? __lock_acquire+0x6b5/0x2cf0
[  560.451117][T13237]  ? __pfx____sys_sendmsg+0x10/0x10
[  560.451189][T13237]  ? __fget_files+0x2a/0x420
[  560.451216][T13237]  ? __fget_files+0x3a6/0x420
[  560.451255][T13237]  __x64_sys_sendmsg+0x1c3/0x2a0
[  560.451292][T13237]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  560.451336][T13237]  ? __pfx_ksys_write+0x10/0x10
[  560.451378][T13237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.451403][T13237]  do_syscall_64+0x15f/0xf80
[  560.451431][T13237]  ? trace_irq_disable+0x3b/0x140
[  560.451469][T13237]  ? clear_bhb_loop+0x40/0x90
[  560.451498][T13237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.451522][T13237] RIP: 0033:0x7f870860cdd9
[  560.451546][T13237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  560.451567][T13237] RSP: 002b:00007f870685e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  560.451591][T13237] RAX: ffffffffffffffda RBX: 00007f8708885fa0 RCX: 00007f870860cdd9
[  560.451608][T13237] RDX: 0000000000044004 RSI: 00002000000000c0 RDI: 0000000000000003
[  560.451623][T13237] RBP: 00007f870685e090 R08: 0000000000000000 R09: 0000000000000000
[  560.451636][T13237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  560.451649][T13237] R13: 00007f8708886038 R14: 00007f8708885fa0 R15: 00007ffe0ffa3338
[  560.451680][T13237]  </TASK>
[  561.101504][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  561.251487][    T9] usb 5-1: Using ep0 maxpacket: 16
[  561.255121][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  561.256462][    T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  561.258922][    T9] usb 5-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  561.258952][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.258978][    T9] usb 5-1: Product: syz
[  561.258990][    T9] usb 5-1: Manufacturer: syz
[  561.259002][    T9] usb 5-1: SerialNumber: syz
[  561.326088][T13263] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2626'.
[  561.378386][T13263] gretap0: entered promiscuous mode
[  561.422439][T13263] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2626'.
[  561.427793][T13263] 0ªî{X¹¦: renamed from gretap0
[  561.464259][T13263] 0ªî{X¹¦: left promiscuous mode
[  561.464281][T13263] 0ªî{X¹¦: entered allmulticast mode
[  561.492674][T13263] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  561.617576][T13239] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2619'.
[  561.635222][    T9] usb 5-1: Audio class v2/v3 interfaces need an interface association
[  561.635646][    T9] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  562.181517][    T9] usb 5-1: USB disconnect, device number 18
[  562.278588][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  562.527718][T13278] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2632'.
[  562.527738][T13278] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2632'.
[  562.527754][T13278] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2632'.
[  562.572343][ T5885] usb 4-1: new full-speed USB device number 115 using dummy_hcd
[  562.674638][T13280] netlink: 'syz.4.2633': attribute type 10 has an invalid length.
[  562.755366][ T5885] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  562.755402][ T5885] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  562.755448][ T5885] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  562.755476][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.009688][ T5885] usb 4-1: usb_control_msg returned -32
[  563.009738][ T5885] usbtmc 4-1:16.0: can't read capabilities
[  563.127951][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  563.128051][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  563.667094][ T6000] usb 4-1: USB disconnect, device number 115
[  563.853132][T13298] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2638'.
[  564.124889][T13305] netlink: 'syz.2.2641': attribute type 10 has an invalid length.
[  564.124914][T13305] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2641'.
[  564.130092][T13305] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  564.246001][T13309] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2643'.
[  564.430021][T13316] FAULT_INJECTION: forcing a failure.
[  564.430021][T13316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.430055][T13316] CPU: 1 UID: 0 PID: 13316 Comm: syz.3.2646 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  564.430078][T13316] Tainted: [L]=SOFTLOCKUP
[  564.430084][T13316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  564.430095][T13316] Call Trace:
[  564.430102][T13316]  <TASK>
[  564.430110][T13316]  dump_stack_lvl+0xe8/0x150
[  564.430133][T13316]  should_fail_ex+0x46b/0x600
[  564.430162][T13316]  _copy_to_user+0x31/0xb0
[  564.430181][T13316]  binder_ioctl_write_read+0x9985/0xa490
[  564.430206][T13316]  ? is_bpf_text_address+0x26/0x2b0
[  564.430240][T13316]  ? __kernel_text_address+0xd/0x30
[  564.430277][T13316]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  564.430303][T13316]  ? stack_depot_save_flags+0x33/0x810
[  564.430335][T13316]  ? do_raw_spin_lock+0x12b/0x2f0
[  564.430363][T13316]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  564.430386][T13316]  ? lockdep_hardirqs_on+0x7a/0x110
[  564.430413][T13316]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  564.430436][T13316]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  564.430458][T13316]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  564.430479][T13316]  ? rt_spin_unlock+0x14f/0x200
[  564.430503][T13316]  ? binder_get_thread+0x177/0x6d0
[  564.430532][T13316]  binder_ioctl+0x426/0x1b10
[  564.430556][T13316]  ? tomoyo_path_number_perm+0x219/0x630
[  564.430580][T13316]  ? tomoyo_path_number_perm+0x219/0x630
[  564.430604][T13316]  ? do_vfs_ioctl+0x117b/0x1540
[  564.430630][T13316]  ? __pfx_binder_ioctl+0x10/0x10
[  564.430653][T13316]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  564.430702][T13316]  ? __fget_files+0x2a/0x420
[  564.430725][T13316]  ? __fget_files+0x2a/0x420
[  564.430744][T13316]  ? __fget_files+0x3a6/0x420
[  564.430763][T13316]  ? __fget_files+0x2a/0x420
[  564.430785][T13316]  ? bpf_lsm_file_ioctl+0x9/0x20
[  564.430805][T13316]  ? __pfx_binder_ioctl+0x10/0x10
[  564.430828][T13316]  __se_sys_ioctl+0xff/0x170
[  564.430853][T13316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.430871][T13316]  do_syscall_64+0x15f/0xf80
[  564.430894][T13316]  ? trace_irq_disable+0x3b/0x140
[  564.430913][T13316]  ? clear_bhb_loop+0x40/0x90
[  564.430933][T13316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.430950][T13316] RIP: 0033:0x7f216497cdd9
[  564.430965][T13316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  564.431003][T13316] RSP: 002b:00007f2162bd6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  564.431035][T13316] RAX: ffffffffffffffda RBX: 00007f2164bf5fa0 RCX: 00007f216497cdd9
[  564.431052][T13316] RDX: 0000200000004a40 RSI: 00000000c0306201 RDI: 0000000000000005
[  564.431075][T13316] RBP: 00007f2162bd6090 R08: 0000000000000000 R09: 0000000000000000
[  564.431090][T13316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  564.431110][T13316] R13: 00007f2164bf6038 R14: 00007f2164bf5fa0 R15: 00007fff8c7ea238
[  564.431135][T13316]  </TASK>
[  564.431254][T13316] binder: 13315:13316 ioctl c0306201 200000004a40 returned -14
[  564.801781][ T6000] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  564.940530][T13320] binder: 13319:13320 unknown command 0
[  564.940548][T13320] binder: 13319:13320 ioctl c0306201 200000000080 returned -22
[  564.944554][ T6000] usb 3-1: device descriptor read/64, error -71
[  565.131534][   T37] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  565.212858][ T6000] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  565.238664][T13326] fuse: Bad value for 'user_id'
[  565.238685][T13326] fuse: Bad value for 'user_id'
[  565.281544][   T37] usb 4-1: Using ep0 maxpacket: 8
[  565.289087][   T37] usb 4-1: config 0 has an invalid interface number: 32 but max is 0
[  565.289117][   T37] usb 4-1: config 0 has no interface number 0
[  565.315913][   T37] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  565.315954][   T37] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  565.315970][   T37] usb 4-1: Product: syz
[  565.315982][   T37] usb 4-1: Manufacturer: syz
[  565.315993][   T37] usb 4-1: SerialNumber: syz
[  565.349278][ T6000] usb 3-1: device descriptor read/64, error -71
[  565.360879][   T37] usb 4-1: config 0 descriptor??
[  565.380997][   T37] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  565.388850][T13330] sg_write: data in/out 491487/136 bytes for SCSI command 0xe0-- guessing data in;
[  565.388850][T13330]    program syz.4.2653 not setting count and/or reply_len properly
[  565.461871][ T6000] usb usb3-port1: attempt power cycle
[  565.545364][T13335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2655'.
[  565.759144][T13344] tipc: Started in network mode
[  565.759167][T13344] tipc: Node identity 9, cluster identity 2
[  565.759181][T13344] tipc: Node number set to 9
[  565.772368][T13318] netlink: 'syz.3.2647': attribute type 29 has an invalid length.
[  565.772422][T13318] netlink: 'syz.3.2647': attribute type 3 has an invalid length.
[  565.772439][T13318] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2647'.
[  565.777581][   T37] gspca_zc3xx: reg_r err -71
[  565.777682][   T37] gspca_zc3xx 4-1:0.32: probe with driver gspca_zc3xx failed with error -71
[  565.801409][ T6000] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  565.836143][   T37] usb 4-1: USB disconnect, device number 116
[  565.837061][ T6000] usb 3-1: device descriptor read/8, error -71
[  566.084594][ T6000] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  566.103428][ T6000] usb 3-1: device descriptor read/8, error -71
[  566.211786][ T6000] usb usb3-port1: unable to enumerate USB device
[  566.808769][T13368] binder: BINDER_SET_CONTEXT_MGR already set
[  566.808787][T13368] binder: 13367:13368 ioctl 4018620d 200000004a80 returned -16
[  566.809946][T13368] binder: 13367:13368 ioctl 80049363 200000000480 returned -22
[  566.951495][ T6000] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  567.111530][ T6000] usb 4-1: Using ep0 maxpacket: 8
[  567.114588][ T6000] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  567.114621][ T6000] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  567.114648][ T6000] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  567.114675][ T6000] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  567.114722][ T6000] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  567.114748][ T6000] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.120233][T13380] binder: 13379:13380 ioctl c0306201 200000000080 returned -14
[  567.156908][T13380] binder: BINDER_SET_CONTEXT_MGR already set
[  567.156927][T13380] binder: 13379:13380 ioctl 4018620d 200000000040 returned -16
[  567.159324][T13380] binder: 13379:13380 ioctl c0306201 2000000003c0 returned -14
[  567.297628][T13382] netlink: 164 bytes leftover after parsing attributes in process `syz.4.2675'.
[  567.297658][T13382] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2675'.
[  567.297903][T13382] tipc: Failed to obtain node identity
[  567.297923][T13382] tipc: Enabling of bearer <ib:veth1_to_bond> rejected, failed to enable media
[  567.429148][ T6000] usb 4-1: GET_CAPABILITIES returned 0
[  567.429201][ T6000] usbtmc 4-1:16.0: can't read capabilities
[  567.598094][   T38] audit: type=1326 audit(1777068127.599:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13388 comm="syz.2.2678" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f870860cdd9 code=0x0
[  567.638548][T13364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  567.640394][T13364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  567.663852][ T6000] usb 4-1: USB disconnect, device number 117
[  567.961495][ T5897] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  568.115841][ T5897] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  568.115867][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.120788][ T5897] usb 3-1: config 0 descriptor??
[  568.154877][ T5897] cp210x 3-1:0.0: cp210x converter detected
[  568.321532][ T6000] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  568.358453][ T5897] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121
[  568.358487][ T5897] cp210x 3-1:0.0: querying part number failed
[  568.378621][ T5897] usb 3-1: cp210x converter now attached to ttyUSB0
[  568.434485][T13407] fuse: Bad value for 'fd'
[  568.471486][ T6000] usb 2-1: Using ep0 maxpacket: 8
[  568.499978][ T6000] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  568.500015][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.500038][ T6000] usb 2-1: Product: syz
[  568.500055][ T6000] usb 2-1: Manufacturer: syz
[  568.500072][ T6000] usb 2-1: SerialNumber: syz
[  568.686937][T13413] netlink: 'syz.4.2687': attribute type 10 has an invalid length.
[  568.933078][T13391] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2678'.
[  568.976436][ T6000] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  568.976616][ T6000] mxuport 2-1:254.0: probe with driver mxuport failed with error -5
[  569.032101][ T6000] usb 2-1: USB disconnect, device number 94
[  569.259159][T13427] binder: 13426:13427 unknown command 0
[  569.259178][T13427] binder: 13426:13427 ioctl c0306201 200000000080 returned -22
[  569.324573][T13429] fuse: Bad value for 'fd'
[  569.402442][  T820] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  569.561741][  T820] usb 4-1: Using ep0 maxpacket: 8
[  569.569458][  T820] usb 4-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config
[  569.569499][  T820] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  569.569519][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  569.569539][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  569.569561][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 97, changing to 10
[  569.569580][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 25072, setting to 1024
[  569.569607][  T820] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  569.577123][  T820] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  569.577159][  T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.577182][  T820] usb 4-1: Product: syz
[  569.577199][  T820] usb 4-1: Manufacturer: syz
[  569.577216][  T820] usb 4-1: SerialNumber: syz
[  569.633046][ T6000] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  569.707746][  T820] usb 4-1: config 0 descriptor??
[  569.710277][T13425] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  569.859461][ T6000] usb 5-1: unable to get BOS descriptor or descriptor too short
[  569.871176][ T6000] usb 5-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40
[  569.871253][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.877026][ T6000] usb 5-1: Product: syz
[  569.877703][ T6000] usb 5-1: Manufacturer: syz
[  569.877749][ T6000] usb 5-1: SerialNumber: syz
[  569.981465][T13222] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[  570.148179][T13222] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  570.148258][T13222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.148275][T13222] usb 2-1: Product: syz
[  570.148286][T13222] usb 2-1: Manufacturer: syz
[  570.148297][T13222] usb 2-1: SerialNumber: syz
[  570.205556][T13222] usb 2-1: config 0 descriptor??
[  570.248511][T13222] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  570.357298][ T6000] usb 5-1: failed waiting for Axe-Fx III to boot: -71
[  570.357376][ T6000] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71
[  570.391263][ T6000] usb 5-1: USB disconnect, device number 19
[  570.624440][ T5912] usb 3-1: USB disconnect, device number 108
[  570.649215][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  570.680143][ T5912] cp210x 3-1:0.0: device disconnected
[  571.131649][  T820] rc_core: IR keymap rc-snapstream-firefly not found
[  571.131672][  T820] Registered IR keymap rc-empty
[  571.176630][  T820] rc rc0: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  571.180684][  T820] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input20
[  571.250257][  T820] input: syz syz mouse as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input21
[  571.339191][  T820] usb 4-1: USB disconnect, device number 118
[  571.339278][    C0] ati_remote 4-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  571.473646][ T5180] ati_remote 4-1:0.0: ati_remote_open: usb_submit_urb failed!
[  571.850042][T13454] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2705'.
[  572.002400][   T37] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  572.155561][   T37] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  572.155596][   T37] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.185245][   T37] usb 3-1: config 0 descriptor??
[  572.311662][  T820] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  572.501512][  T820] usb 4-1: Using ep0 maxpacket: 16
[  572.510319][  T820] usb 4-1: unable to get BOS descriptor or descriptor too short
[  572.536548][  T820] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  572.578474][  T820] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  572.578568][  T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.578599][  T820] usb 4-1: Product: syz
[  572.578611][  T820] usb 4-1: Manufacturer: syz
[  572.578643][  T820] usb 4-1: SerialNumber: syz
[  572.939397][T13441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2700'.
[  572.964347][  T820] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  572.967680][  T820] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  573.071573][ T5885] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  573.210229][   T37] usb 3-1: Cannot set autoneg
[  573.210537][   T37] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32
[  573.231531][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  573.236220][ T5885] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  573.236252][ T5885] usb 5-1: config 0 has no interface number 0
[  573.236376][ T5885] usb 5-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  573.236404][ T5885] usb 5-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  573.236432][ T5885] usb 5-1: config 0 interface 12 has no altsetting 0
[  573.240703][ T5885] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  573.240804][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.240829][ T5885] usb 5-1: Product: syz
[  573.240846][ T5885] usb 5-1: Manufacturer: syz
[  573.240862][ T5885] usb 5-1: SerialNumber: syz
[  573.372991][ T5885] usb 5-1: config 0 descriptor??
[  573.396188][  T820] usb 4-1: 2:1 : can't get Cluster Descriptor
[  573.430888][ T5885] f81534 5-1:0.12: unsupported endpoint max packet size
[  573.636567][ T5885] usb 4-1: USB disconnect, device number 119
[  573.653871][   T37] usb 5-1: USB disconnect, device number 20
[  573.961713][T13222] gspca_stk1135: reg_w 0x19 err -71
[  573.962769][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.962784][T13222] gspca_stk1135: Sensor write failed
[  573.962820][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.962833][T13222] gspca_stk1135: Sensor write failed
[  573.962870][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.962881][T13222] gspca_stk1135: Sensor read failed
[  573.962913][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.962922][T13222] gspca_stk1135: Sensor read failed
[  573.962931][T13222] gspca_stk1135: Detected sensor type unknown (0x0)
[  573.962972][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.962983][T13222] gspca_stk1135: Sensor read failed
[  573.963018][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.963030][T13222] gspca_stk1135: Sensor read failed
[  573.963068][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.963079][T13222] gspca_stk1135: Sensor write failed
[  573.963114][T13222] gspca_stk1135: serial bus timeout: status=0x00
[  573.963125][T13222] gspca_stk1135: Sensor write failed
[  573.963213][T13222] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  573.973664][T13222] usb 2-1: USB disconnect, device number 95
[  574.691523][  T137] block nbd0: Possible stuck request ffff888027ea5080: control (read@0,1024B). Runtime 150 seconds
[  574.764671][T13486] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2717'.
[  574.824239][T13222] usb 3-1: USB disconnect, device number 109
[  576.222517][T13222] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  576.393160][T13222] usb 4-1: Using ep0 maxpacket: 16
[  576.396414][T13222] usb 4-1: unable to get BOS descriptor or descriptor too short
[  576.414369][T13222] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  576.435451][T13222] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  576.435482][T13222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.435505][T13222] usb 4-1: Product: syz
[  576.435521][T13222] usb 4-1: Manufacturer: syz
[  576.435537][T13222] usb 4-1: SerialNumber: syz
[  576.584354][ T5885] usb 2-1: new full-speed USB device number 96 using dummy_hcd
[  576.757172][ T5885] usb 2-1: unable to get BOS descriptor or descriptor too short
[  576.757844][ T5885] usb 2-1: not running at top speed; connect to a high speed hub
[  576.759870][ T5885] usb 2-1: config 2 has an invalid interface number: 187 but max is 0
[  576.759899][ T5885] usb 2-1: config 2 has no interface number 0
[  576.760105][ T5885] usb 2-1: config 2 interface 187 altsetting 0 endpoint 0xA has invalid maxpacket 1028, setting to 64
[  576.786118][ T5885] usb 2-1: New USB device found, idVendor=04b4, idProduct=5500, bcdDevice=2a.7c
[  576.786650][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.787073][ T5885] usb 2-1: Product: syz
[  576.787119][ T5885] usb 2-1: Manufacturer: syz
[  576.787513][ T5885] usb 2-1: SerialNumber: syz
[  576.887388][T13522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2719'.
[  576.920448][T13526] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  576.932830][T13222] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  576.996384][T13222] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  577.270377][T13526] netlink: 'syz.1.2721': attribute type 10 has an invalid length.
[  577.321572][T13222] usb 4-1: 2:1 : can't get Cluster Descriptor
[  577.541702][ T5912] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  577.698393][ T5912] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  577.698426][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.698450][ T5912] usb 5-1: Product: syz
[  577.698467][ T5912] usb 5-1: Manufacturer: syz
[  577.698622][ T5912] usb 5-1: SerialNumber: syz
[  577.746240][ T5912] usb 5-1: config 0 descriptor??
[  577.764801][ T5912] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  578.365373][T13526] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  578.422469][  T820] usb 4-1: USB disconnect, device number 120
[  578.741233][ T5885] cypress_m8 2-1:2.187: HID->COM RS232 Adapter converter detected
[  578.750056][ T5885] cyphidcom ttyUSB0: required endpoint is missing
[  578.762789][ T5885] usb 2-1: USB disconnect, device number 96
[  578.792423][ T5885] cypress_m8 2-1:2.187: device disconnected
[  578.807233][ T5831] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  578.807565][ T5831] Bluetooth: hci5: Injecting HCI hardware error event
[  578.826320][ T5831] Bluetooth: hci5: hardware error 0x00
[  579.239334][T13539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2724'.
[  579.239363][T13539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2724'.
[  580.002054][ T5897] usb 3-1: new full-speed USB device number 110 using dummy_hcd
[  580.154989][ T5897] usb 3-1: config 8 has an invalid interface number: 177 but max is 0
[  580.155015][ T5897] usb 3-1: config 8 has no interface number 0
[  580.155050][ T5897] usb 3-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xE8, changing to 0x88
[  580.155120][ T5897] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x88 has invalid maxpacket 1023, setting to 64
[  580.155145][ T5897] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  580.155164][ T5897] usb 3-1: config 8 interface 177 has no altsetting 0
[  580.155192][ T5897] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  580.155212][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.237179][T13547] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  580.281968][ T5885] usb 2-1: new full-speed USB device number 97 using dummy_hcd
[  580.444620][ T5885] usb 2-1: unable to get BOS descriptor or descriptor too short
[  580.445753][ T5885] usb 2-1: not running at top speed; connect to a high speed hub
[  580.448233][ T5885] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  580.448261][ T5885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  580.498152][ T5885] usb 2-1: string descriptor 0 read error: -22
[  580.498318][ T5885] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  580.498347][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.526013][T13557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.547108][T13556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.554714][T13557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.574382][T13556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.593326][ T5885] usb 2-1: 0:2 : does not exist
[  580.641565][T13540] Bluetooth: hci4: command 0x0406 tx timeout
[  581.153201][ T5897] usb 3-1: string descriptor 0 read error: -71
[  581.190447][ T5897] ir_toy 3-1:8.177: required endpoints not found
[  581.216338][ T5897] usb 3-1: USB disconnect, device number 110
[  581.441636][ T5831] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  581.481735][ T5912] gspca_stk1135: reg_w 0x19 err -71
[  581.482785][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.482803][ T5912] gspca_stk1135: Sensor write failed
[  581.482843][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.482855][ T5912] gspca_stk1135: Sensor write failed
[  581.482894][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.482906][ T5912] gspca_stk1135: Sensor read failed
[  581.482941][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.482953][ T5912] gspca_stk1135: Sensor read failed
[  581.482961][ T5912] gspca_stk1135: Detected sensor type unknown (0x0)
[  581.483003][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.483016][ T5912] gspca_stk1135: Sensor read failed
[  581.483053][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.483063][ T5912] gspca_stk1135: Sensor read failed
[  581.483091][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.483100][ T5912] gspca_stk1135: Sensor write failed
[  581.483129][ T5912] gspca_stk1135: serial bus timeout: status=0x00
[  581.483159][ T5912] gspca_stk1135: Sensor write failed
[  581.483246][ T5912] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  581.492328][T13549] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2728'.
[  581.624610][ T5912] usb 5-1: USB disconnect, device number 21
[  582.122619][ T5897] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  582.145177][T13569] sg_write: data in/out 404444/42 bytes for SCSI command 0x0-- guessing data in;
[  582.145177][T13569]    program syz.2.2735 not setting count and/or reply_len properly
[  582.194501][T13569] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2735'.
[  582.281454][ T5897] usb 4-1: Using ep0 maxpacket: 16
[  582.284956][ T5897] usb 4-1: unable to get BOS descriptor or descriptor too short
[  582.286565][ T5897] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  582.289985][ T5897] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  582.290017][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.290040][ T5897] usb 4-1: Product: syz
[  582.290057][ T5897] usb 4-1: Manufacturer: syz
[  582.290074][ T5897] usb 4-1: SerialNumber: syz
[  582.696859][T13577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2733'.
[  583.071516][ T5885] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  583.098706][ T5885] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  583.128618][ T5885] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  583.148965][T13583] binder: BINDER_SET_CONTEXT_MGR already set
[  583.148979][T13583] binder: 13582:13583 ioctl 4018620d 2000000002c0 returned -16
[  583.365296][ T5885] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  583.408485][ T5897] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  583.409017][ T5897] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  583.434806][ T5885] usb 2-1: USB disconnect, device number 97
[  583.457412][ T5912] usb 3-1: new full-speed USB device number 111 using dummy_hcd
[  583.516563][ T5897] usb 4-1: 2:1 : can't get Cluster Descriptor
[  583.591524][   T32] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  583.619430][ T5912] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  583.619516][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  583.619546][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  583.619577][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  583.619602][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  583.716568][ T5912] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  583.716604][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  583.716628][ T5912] usb 3-1: Product: syz
[  583.716645][ T5912] usb 3-1: Manufacturer: syz
[  583.716662][ T5912] usb 3-1: SerialNumber: syz
[  583.771541][   T32] usb 5-1: Using ep0 maxpacket: 8
[  583.773622][   T32] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  583.774957][   T32] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  583.776338][   T32] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  583.776395][   T32] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  583.776423][   T32] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.778339][T13222] usb 4-1: USB disconnect, device number 121
[  583.910004][ T5912] usb 3-1: config 0 descriptor??
[  584.026881][   T32] hub 5-1:32.0: Invalid hub with more than one config or interface
[  584.026925][   T32] hub 5-1:32.0: probe with driver hub failed with error -22
[  584.059640][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  584.336896][   T32] usb 5-1: USB disconnect, device number 22
[  584.495999][ T5912] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110
[  584.496449][ T5912] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[  584.644895][T13599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2746'.
[  584.791540][  T820] usb 4-1: new full-speed USB device number 122 using dummy_hcd
[  584.938433][T13606] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2749'.
[  584.967119][  T820] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  584.967155][  T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.967179][  T820] usb 4-1: Product: syz
[  584.967196][  T820] usb 4-1: Manufacturer: syz
[  584.967212][  T820] usb 4-1: SerialNumber: syz
[  585.010310][  T820] usb 4-1: config 0 descriptor??
[  585.028764][  T820] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  585.200077][T13614] netlink: 'syz.4.2752': attribute type 10 has an invalid length.
[  585.200103][T13614] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2752'.
[  585.219343][T13614] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  585.318543][   T32] usb 3-1: USB disconnect, device number 111
[  585.610972][T13627] netlink: 'syz.4.2756': attribute type 10 has an invalid length.
[  585.686113][T13630] FAULT_INJECTION: forcing a failure.
[  585.686113][T13630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  585.686155][T13630] CPU: 1 UID: 0 PID: 13630 Comm: syz.4.2757 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  585.686185][T13630] Tainted: [L]=SOFTLOCKUP
[  585.686193][T13630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  585.686208][T13630] Call Trace:
[  585.686221][T13630]  <TASK>
[  585.686229][T13630]  dump_stack_lvl+0xe8/0x150
[  585.686252][T13630]  should_fail_ex+0x46b/0x600
[  585.686302][T13630]  _copy_to_user+0x31/0xb0
[  585.686331][T13630]  simple_read_from_buffer+0xe1/0x170
[  585.686366][T13630]  proc_fail_nth_read+0x1be/0x230
[  585.686402][T13630]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.686426][T13630]  ? rw_verify_area+0x2ac/0x4e0
[  585.686462][T13630]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  585.686495][T13630]  vfs_read+0x212/0xa80
[  585.686537][T13630]  ? __pfx_vfs_read+0x10/0x10
[  585.686575][T13630]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  585.686599][T13630]  ? lockdep_hardirqs_on+0x7a/0x110
[  585.686635][T13630]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  585.686669][T13630]  ? mutex_lock_nested+0x152/0x1d0
[  585.686692][T13630]  ? fdget_pos+0x252/0x320
[  585.686730][T13630]  ksys_read+0x156/0x270
[  585.686765][T13630]  ? __pfx_ksys_read+0x10/0x10
[  585.686812][T13630]  ? __pfx_binder_ioctl+0x10/0x10
[  585.686854][T13630]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.686880][T13630]  do_syscall_64+0x15f/0xf80
[  585.686912][T13630]  ? clear_bhb_loop+0x40/0x90
[  585.686939][T13630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.686956][T13630] RIP: 0033:0x7f922c34d60e
[  585.686984][T13630] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  585.687006][T13630] RSP: 002b:00007f922a5ddfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  585.687032][T13630] RAX: ffffffffffffffda RBX: 00007f922a5de6c0 RCX: 00007f922c34d60e
[  585.687048][T13630] RDX: 000000000000000f RSI: 00007f922a5de0a0 RDI: 0000000000000006
[  585.687063][T13630] RBP: 00007f922a5de090 R08: 0000000000000000 R09: 0000000000000000
[  585.687077][T13630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  585.687095][T13630] R13: 00007f922c606038 R14: 00007f922c605fa0 R15: 00007ffe504d31a8
[  585.687120][T13630]  </TASK>
[  585.721658][ T5912] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  585.871531][ T5912] usb 2-1: Using ep0 maxpacket: 16
[  585.879793][ T5912] usb 2-1: unable to get BOS descriptor or descriptor too short
[  585.890314][ T5912] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  585.928724][ T5912] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  585.928796][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.928855][ T5912] usb 2-1: Product: syz
[  585.928872][ T5912] usb 2-1: Manufacturer: syz
[  585.928890][ T5912] usb 2-1: SerialNumber: syz
[  586.092148][T13632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2758'.
[  586.288879][T13635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2753'.
[  586.317255][T13634] binder: BINDER_SET_CONTEXT_MGR already set
[  586.317272][T13634] binder: 13633:13634 ioctl 4018620d 200000000040 returned -16
[  586.321128][ T5912] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  586.324397][ T5912] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  586.551771][T13637] mmap: syz.4.2760 (13637) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  586.625435][T13637] overlayfs: failed to resolve './file0': -2
[  586.704613][T13637] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2760'.
[  586.720440][ T5912] usb 2-1: 2:1 : can't get Cluster Descriptor
[  586.730380][   T38] audit: type=1326 audit(1777068146.729:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13636 comm="syz.4.2760" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f922c38cdd9 code=0x0
[  586.944018][ T5912] usb 2-1: USB disconnect, device number 98
[  587.068300][ T6083] udevd[6083]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  587.321461][T13646] mkiss: ax0: crc mode is auto.
[  587.892775][T13659] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2768'.
[  588.132853][ T5912] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  588.283815][ T5912] usb 2-1: Using ep0 maxpacket: 8
[  588.296757][ T5912] usb 2-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  588.296793][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.296817][ T5912] usb 2-1: Product: syz
[  588.296834][ T5912] usb 2-1: Manufacturer: syz
[  588.296852][ T5912] usb 2-1: SerialNumber: syz
[  588.509628][T13672] netlink: 'syz.4.2773': attribute type 2 has an invalid length.
[  588.509656][T13672] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2773'.
[  588.682971][  T820] gspca_stk1135: reg_w 0x19 err -71
[  588.684025][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684041][  T820] gspca_stk1135: Sensor write failed
[  588.684077][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684089][  T820] gspca_stk1135: Sensor write failed
[  588.684127][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684147][  T820] gspca_stk1135: Sensor read failed
[  588.684185][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684197][  T820] gspca_stk1135: Sensor read failed
[  588.684206][  T820] gspca_stk1135: Detected sensor type unknown (0x0)
[  588.684248][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684260][  T820] gspca_stk1135: Sensor read failed
[  588.684298][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684310][  T820] gspca_stk1135: Sensor read failed
[  588.684353][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684365][  T820] gspca_stk1135: Sensor write failed
[  588.684403][  T820] gspca_stk1135: serial bus timeout: status=0x00
[  588.684413][  T820] gspca_stk1135: Sensor write failed
[  588.684503][  T820] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  588.820539][  T820] usb 4-1: USB disconnect, device number 122
[  589.141475][    T9] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  589.291438][    T9] usb 3-1: Using ep0 maxpacket: 16
[  589.294777][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  589.296377][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  589.299437][    T9] usb 3-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  589.299469][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.299494][    T9] usb 3-1: Product: syz
[  589.299511][    T9] usb 3-1: Manufacturer: syz
[  589.299528][    T9] usb 3-1: SerialNumber: syz
[  589.438008][ T5912] usb 2-1: 1:1: cannot get freq (v2/v3): err -71
[  589.440270][ T5912] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  589.459445][ T5912] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  589.459485][ T5912] usb 2-1: clock source 0 is not valid, cannot use
[  589.461522][ T5912] usb 2-1: 2:1: cannot get freq (v2/v3): err -71
[  589.464044][ T5912] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  589.667080][ T5831] Bluetooth: hci4: unexpected event for opcode 0x2005
[  589.734561][T13676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2774'.
[  589.830382][    T9] usb 3-1: Audio class v2/v3 interfaces need an interface association
[  589.830897][    T9] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  589.896326][ T5912] usb 2-1: USB disconnect, device number 99
[  590.144012][    T9] usb 3-1: 2:1 : can't get Cluster Descriptor
[  590.304512][   T37] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  590.385782][   T32] usb 3-1: USB disconnect, device number 112
[  590.461473][   T37] usb 5-1: Using ep0 maxpacket: 16
[  590.465827][   T37] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.465866][   T37] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.465892][   T37] usb 5-1: config 0 interface 0 has no altsetting 0
[  590.465943][   T37] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  590.465970][   T37] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.527591][   T37] usb 5-1: config 0 descriptor??
[  590.578322][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.1/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  590.749060][T13701] sg_write: data in/out 426972/130 bytes for SCSI command 0x0-- guessing data in;
[  590.749060][T13701]    program syz.3.2783 not setting count and/or reply_len properly
[  590.951103][T13706] binder: 13702:13706 ioctl c0306201 0 returned -14
[  591.170903][   T37] hid (null): unknown global tag 0xc
[  591.375528][    T9] usb 5-1: USB disconnect, device number 23
[  591.832597][T13715] trusted_key: syz.1.2788 sent an empty control message without MSG_MORE.
[  592.127984][T13725] netlink: 'syz.2.2792': attribute type 10 has an invalid length.
[  592.161508][ T5912] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  592.311481][ T5912] usb 4-1: Using ep0 maxpacket: 32
[  592.324104][ T5912] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  592.324134][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.324156][ T5912] usb 4-1: Product: syz
[  592.324172][ T5912] usb 4-1: Manufacturer: syz
[  592.324188][ T5912] usb 4-1: SerialNumber: syz
[  592.355853][T13733] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  592.355901][T13733] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  592.391711][ T5912] usb 4-1: config 0 descriptor??
[  592.498761][T13740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.509378][T13740] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.565140][T13222] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  592.565322][T13733] vhci_hcd vhci_hcd.0: Device attached
[  592.596963][T13735] vhci_hcd: connection closed
[  592.672660][ T1470] vhci_hcd vhci_hcd.4: stop threads
[  592.675928][ T1470] vhci_hcd vhci_hcd.4: release socket
[  592.678437][ T1470] vhci_hcd vhci_hcd.4: disconnect device
[  592.736348][ T5912] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 123
[  592.743452][T13222] usb 2-1: Using ep0 maxpacket: 16
[  592.767882][    T9] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  592.768067][T13222] usb 2-1: unable to get BOS descriptor or descriptor too short
[  592.773259][T13222] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  592.802655][T13222] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  592.802746][T13222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.802771][T13222] usb 2-1: Product: syz
[  592.802789][T13222] usb 2-1: Manufacturer: syz
[  592.802805][T13222] usb 2-1: SerialNumber: syz
[  593.240874][T13744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2794'.
[  593.264122][T13222] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  593.266962][T13222] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  593.346431][T13746] binder: 13745:13746 unknown command 0
[  593.346457][T13746] binder: 13745:13746 ioctl c0306201 200000000080 returned -22
[  593.450065][T13750] binder: 13749:13750 ioctl c0306201 200000000080 returned -14
[  593.461210][T13750] binder: 13749:13750 ioctl c0306201 2000000003c0 returned -14
[  593.652187][  T820] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  593.663186][T13222] usb 2-1: 2:1 : can't get Cluster Descriptor
[  593.811652][  T820] usb 5-1: Using ep0 maxpacket: 32
[  593.816367][  T820] usb 5-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  593.816400][  T820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.816422][  T820] usb 5-1: Product: syz
[  593.816441][  T820] usb 5-1: Manufacturer: syz
[  593.816453][  T820] usb 5-1: SerialNumber: syz
[  593.887200][T13222] usb 2-1: USB disconnect, device number 100
[  594.435492][  T820] usb 5-1: 1:1: cannot get freq (v2/v3): err -32
[  594.607995][T13763] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2805'.
[  594.677941][T13748] netlink: 'syz.4.2799': attribute type 29 has an invalid length.
[  594.704397][T13748] netlink: 'syz.4.2799': attribute type 29 has an invalid length.
[  594.973480][ T6000] usb 4-1: USB disconnect, device number 123
[  595.033654][ T5885] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  595.186991][  T820] usb 5-1: 1:1: cannot get freq (v2/v3): err -71
[  595.207817][  T820] usb 5-1: 2:1: cannot get freq (v2/v3): err -71
[  595.208655][ T5885] usb 3-1: config 0 has an invalid interface number: 116 but max is 0
[  595.208681][ T5885] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  595.208703][ T5885] usb 3-1: config 0 has no interface number 0
[  595.208881][  T820] usb 5-1: 2:1: cannot set freq 44100 (v2/v3): err -71
[  595.260116][ T5885] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[  595.260151][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.260176][ T5885] usb 3-1: Product: syz
[  595.260192][ T5885] usb 3-1: Manufacturer: syz
[  595.260209][ T5885] usb 3-1: SerialNumber: syz
[  595.303290][T13771] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2808'.
[  595.334456][ T5885] usb 3-1: config 0 descriptor??
[  595.348542][ T5885] usb-storage 3-1:0.116: USB Mass Storage device detected
[  595.394317][ T5885] usb-storage 3-1:0.116: device ignored
[  595.563509][T13766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.589871][T13766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.645655][  T820] usb 5-1: USB disconnect, device number 24
[  595.877642][T12837] udevd[12837]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  596.149474][T13786] fuse: Unknown parameter 'ÿÿÿÿ0x0000000000000006'
[  596.347792][T13792] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2815'.
[  596.441500][   T37] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  596.512789][T13797] FAULT_INJECTION: forcing a failure.
[  596.512789][T13797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.512826][T13797] CPU: 0 UID: 0 PID: 13797 Comm: syz.1.2816 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  596.512852][T13797] Tainted: [L]=SOFTLOCKUP
[  596.512859][T13797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  596.512871][T13797] Call Trace:
[  596.512880][T13797]  <TASK>
[  596.512889][T13797]  dump_stack_lvl+0xe8/0x150
[  596.512916][T13797]  should_fail_ex+0x46b/0x600
[  596.512950][T13797]  _copy_from_user+0x2d/0xb0
[  596.512971][T13797]  binder_get_object+0xc8/0x2c0
[  596.513012][T13797]  binder_transaction+0x3dc6/0x6fa0
[  596.513073][T13797]  ? __pfx_binder_transaction+0x10/0x10
[  596.513102][T13797]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  596.513148][T13797]  ? __lock_acquire+0x6b5/0x2cf0
[  596.513185][T13797]  ? __lock_acquire+0x6b5/0x2cf0
[  596.513212][T13797]  ? __lock_acquire+0x6b5/0x2cf0
[  596.513238][T13797]  ? __might_fault+0xaf/0x130
[  596.513265][T13797]  ? __might_fault+0xaf/0x130
[  596.513306][T13797]  binder_ioctl_write_read+0xb37/0xa490
[  596.513335][T13797]  ? is_bpf_text_address+0x26/0x2b0
[  596.513384][T13797]  ? __kernel_text_address+0xd/0x30
[  596.513428][T13797]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  596.513457][T13797]  ? stack_depot_save_flags+0x33/0x810
[  596.513494][T13797]  ? do_raw_spin_lock+0x12b/0x2f0
[  596.513530][T13797]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  596.513555][T13797]  ? reacquire_held_locks+0x104/0x190
[  596.513584][T13797]  ? rt_spin_lock+0x1e0/0x400
[  596.513604][T13797]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  596.513627][T13797]  ? rt_spin_unlock+0x14f/0x200
[  596.513653][T13797]  ? binder_get_thread+0x177/0x6d0
[  596.513683][T13797]  binder_ioctl+0x426/0x1b10
[  596.513710][T13797]  ? tomoyo_path_number_perm+0x219/0x630
[  596.513736][T13797]  ? tomoyo_path_number_perm+0x219/0x630
[  596.513763][T13797]  ? do_vfs_ioctl+0x117b/0x1540
[  596.513793][T13797]  ? __pfx_binder_ioctl+0x10/0x10
[  596.513820][T13797]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  596.513880][T13797]  ? __fget_files+0x2a/0x420
[  596.513908][T13797]  ? __fget_files+0x2a/0x420
[  596.513932][T13797]  ? __fget_files+0x3a6/0x420
[  596.513956][T13797]  ? __fget_files+0x2a/0x420
[  596.513984][T13797]  ? bpf_lsm_file_ioctl+0x9/0x20
[  596.514007][T13797]  ? __pfx_binder_ioctl+0x10/0x10
[  596.514033][T13797]  __se_sys_ioctl+0xff/0x170
[  596.514061][T13797]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.514082][T13797]  do_syscall_64+0x15f/0xf80
[  596.514107][T13797]  ? trace_irq_disable+0x3b/0x140
[  596.514129][T13797]  ? clear_bhb_loop+0x40/0x90
[  596.514151][T13797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.514171][T13797] RIP: 0033:0x7fba31c6cdd9
[  596.514188][T13797] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  596.514204][T13797] RSP: 002b:00007fba2fec6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  596.514224][T13797] RAX: ffffffffffffffda RBX: 00007fba31ee5fa0 RCX: 00007fba31c6cdd9
[  596.514237][T13797] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  596.514249][T13797] RBP: 00007fba2fec6090 R08: 0000000000000000 R09: 0000000000000000
[  596.514260][T13797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  596.514271][T13797] R13: 00007fba31ee6038 R14: 00007fba31ee5fa0 R15: 00007ffc9c850ef8
[  596.514298][T13797]  </TASK>
[  596.620336][   T37] usb 5-1: Using ep0 maxpacket: 16
[  596.710695][   T37] usb 5-1: unable to get BOS descriptor or descriptor too short
[  596.921840][   T37] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  596.925253][   T37] usb 5-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  596.925290][   T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.925316][   T37] usb 5-1: Product: syz
[  596.925335][   T37] usb 5-1: Manufacturer: syz
[  596.925355][   T37] usb 5-1: SerialNumber: syz
[  597.265872][T13789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2813'.
[  597.398716][T13799] 9p: Bad value for 'rfdno'
[  597.509536][T13799] hub 8-0:1.0: USB hub found
[  597.516607][T13799] hub 8-0:1.0: 1 port detected
[  597.707184][   T37] usb 5-1: Audio class v2/v3 interfaces need an interface association
[  597.707673][   T37] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  597.962189][ T5897] usb 3-1: USB disconnect, device number 114
[  598.014239][   T37] usb 5-1: USB disconnect, device number 25
[  598.157298][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  598.364253][T13810] input: syz0 as /devices/virtual/input/input22
[  598.723922][ T5897] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  598.901503][ T5897] usb 3-1: Using ep0 maxpacket: 8
[  598.905294][ T5897] usb 3-1: config index 0 descriptor too short (expected 26, got 18)
[  598.909208][ T5897] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  598.909242][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.909266][ T5897] usb 3-1: Product: syz
[  598.909283][ T5897] usb 3-1: Manufacturer: syz
[  598.909300][ T5897] usb 3-1: SerialNumber: syz
[  598.967667][ T5897] usb 3-1: config 0 descriptor??
[  598.993229][ T5897] gspca_main: sq930x-2.14.0 probing 2770:930c
[  599.022996][   T32] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  599.172676][   T32] usb 5-1: Using ep0 maxpacket: 16
[  599.184492][   T32] usb 5-1: unable to get BOS descriptor or descriptor too short
[  599.186044][   T32] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  599.218578][   T32] usb 5-1: New USB device found, idVendor=0582, idProduct=002b, bcdDevice= 0.40
[  599.219341][   T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.219371][   T32] usb 5-1: Product: 熪⎥蕗撻;
[  599.219389][   T32] usb 5-1: SerialNumber: syz
[  599.722742][ T5897] gspca_sq930x: ucbus_write failed -110
[  600.601390][ T5897] gspca_sq930x: Unknown sensor
[  600.601549][ T5897] sq930x 3-1:0.0: probe with driver sq930x failed with error -22
[  600.652728][ T5897] usb 3-1: USB disconnect, device number 115
[  600.830631][   T32] usb 5-1: Audio class v2/v3 interfaces need an interface association
[  600.881855][   T39] INFO: task syz.0.2288:11932 blocked for more than 143 sec[  600.881855][   T39] INFO: task syz.0.2288:11932 blocked for more than 143 seconds.
[  600.881885][   T39]       Tainted: G             L      syzkaller #0
[  600.881899][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  600.881923][   T39] task:syz.0.2288      state:D stack:24328 pid:11932 tgid:11930 ppid:5828   task_flags:0x400140 flags:0x00080002
[  600.881996][   T39] Call Trace:
[  600.882005][   T39]  <TASK>
[  600.882019][   T39]  __schedule+0x169e/0x54f0
[  600.882071][   T39]  ? __pfx_sched_clock_cpu+0x10/0x10
[  600.882124][   T39]  ? __pfx___schedule+0x10/0x10
[  600.882151][   T39]  ? rt_mutex_slowlock_block+0x2e9/0x680
[  600.882193][   T39]  rt_mutex_schedule+0x76/0xf0
[  600.882248][   T39]  rt_mutex_slowlock_block+0x508/0x680
[  600.882287][   T39]  ? rt_mutex_slowlock_block+0x2e9/0x680
[  600.882316][   T39]  rt_mutex_slowlock+0x2dc/0x780
[  600.882345][   T39]  ? rt_mutex_slowlock+0x1fd/0x780
[  600.882372][   T39]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  600.882410][   T39]  ? bdev_open+0xe0/0xcc0
[  600.882445][   T39]  ? bdev_open+0xe0/0xcc0
[  600.882480][   T39]  ? bdev_open+0xe0/0xcc0
[  600.882509][   T39]  mutex_lock_nested+0x168/0x1d0
[  600.882541][   T39]  bdev_open+0xe0/0xcc0
[  600.882581][   T39]  blkdev_open+0x485/0x620
[  600.882618][   T39]  ? __pfx_blkdev_open+0x10/0x10
[  600.882659][   T39]  do_dentry_open+0x83d/0x13e0
[  600.882700][   T39]  vfs_open+0x3b/0x350
[  600.882725][   T39]  ? path_openat+0x2e2b/0x38a0
[  600.882762][   T39]  path_openat+0x2e43/0x38a0
[  600.882828][   T39]  ? __pfx_path_openat+0x10/0x10
[  600.882866][   T39]  ? kasan_save_track+0x4f/0x80
[  600.882895][   T39]  ? kasan_save_track+0x3e/0x80
[  600.882922][   T39]  ? __kasan_slab_alloc+0x6c/0x80
[  600.882951][   T39]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  600.882993][   T39]  ? do_raw_spin_lock+0x12b/0x2f0
[  600.883029][   T39]  do_file_open+0x23e/0x4a0
[  600.883062][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  600.883099][   T39]  ? __pfx_do_file_open+0x10/0x10
[  600.883141][   T39]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  600.883214][   T39]  ? alloc_fd+0x64e/0x6c0
[  600.883251][   T39]  do_sys_openat2+0x113/0x200
[  600.883279][   T39]  ? __pfx_do_sys_openat2+0x10/0x10
[  600.883307][   T39]  ? exc_page_fault+0x6a/0xc0
[  600.883339][   T39]  ? do_user_addr_fault+0xc6f/0x1340
[  600.883368][   T39]  __x64_sys_openat+0x138/0x170
[  600.883400][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.883426][   T39]  do_syscall_64+0x15f/0xf80
[  600.883457][   T39]  ? trace_irq_disable+0x3b/0x140
[  600.883483][   T39]  ? clear_bhb_loop+0x40/0x90
[  600.883511][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.883535][   T39] RIP: 0033:0x7fb3724ad60e
[  600.883555][   T39] RSP: 002b:00007fb370724b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  600.883580][   T39] RAX: ffffffffffffffda RBX: 00007fb3707256c0 RCX: 00007fb3724ad60e
[  600.883599][   T39] RDX: 0000000000000000 RSI: 00007fb370724c00 RDI: ffffffffffffff9c
[  600.883616][   T39] RBP: 00007fb370724c00 R08: 0000000000000000 R09: 0000000000000000
[  600.883632][   T39] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  600.883658][   T39] R13: 00007fb372766128 R14: 00007fb372766090 R15: 00007ffdd912e848
[  600.883695][   T39]  </TASK>
[  600.883746][   T39] 
[  600.883746][   T39] Showing all locks held in the system:
[  600.883758][   T39] 8 locks held by kworker/1:0/32:
[  600.883772][   T39]  #0: ffff8880222fa538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  600.883835][   T39]  #1: ffffc90000a6fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  600.883892][   T39]  #2: ffff88802b4e8210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[  600.883944][   T39]  #3: ffff88806109e210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[  600.883999][   T39]  #4: ffff88805d1971d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[  600.884054][   T39]  #5: ffffffff8f70ac38 (register_mutex#6){+.+.}-{4:4}, at: usb_audio_probe+0x63a/0x2380
[  600.884115][   T39]  #6: ffffffff8f6e65f8 (sound_mutex){+.+.}-{4:4}, at: snd_register_device+0x17c/0x510
[  600.884175][   T39]  #7: ffff88801c2db238 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x41/0x5c0
[  600.884239][   T39] 1 lock held by khungtaskd/39:
[  600.884251][   T39]  #0: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  600.884337][   T39] 2 locks held by kworker/u8:15/3508:
[  600.884352][   T39]  #0: ffff88801ae84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  600.884409][   T39]  #1: ffffc9000fb1fc40 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  600.884467][   T39] 2 locks held by getty/5580:
[  600.884480][   T39]  #0: ffff8880380ac0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  600.884536][   T39]  #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[  600.884601][   T39] 3 locks held by kworker/0:5/5885:
[  600.884615][   T39]  #0: ffff88813fe46938 ((wq_completion)events_freezable){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  600.884681][   T39]  #1: ffffc90005c57c40 ((work_completion)(&hcd->wakeup_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  600.884737][   T39]  #2: ffff88802b3f0210 (&dev->mutex){....}-{4:4}, at: usb_remote_wakeup+0x23/0x120
[  600.884802][   T39] 5 locks held by kworker/1:4/5897:
[  600.884815][   T39]  #0: ffff8880222fa538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  600.884869][   T39]  #1: ffffc90005d2fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  600.884926][   T39]  #2: ffff88802b470210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[  600.884973][   T39]  #3: ffff888038080210 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x870
[  600.885028][   T39]  #4: ffffffff8fb60998 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x281/0x560
[  600.885083][   T39] 1 lock held by udevd/5949:
[  600.885096][   T39]  #0: ffff888027de04c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  600.885154][   T39] 4 locks held by udevd/6083:
[  600.885167][   T39]  #0: ffff8880203cc950 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20
[  600.885228][   T39]  #1: ffff88804d1fb078 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  600.885289][   T39]  #2: ffff88805ba84698 (kn->active#32){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  600.885346][   T39]  #3: ffff88806109e210 (&dev->mutex){....}-{4:4}, at: product_show+0x26/0xa0
[  600.885413][   T39] 5 locks held by kworker/u8:18/11828:
[  600.885427][   T39]  #0: ffff88801ae84138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  600.885484][   T39]  #1: ffffc9000ed4fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  600.885543][   T39]  #2: ffff888022ec4310 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0
[  600.885608][   T39]  #3: ffff88805cfe3120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0
[  600.885675][   T39]  #4: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  600.885733][   T39] 1 lock held by syz.0.2288/11932:
[  600.885747][   T39]  #0: ffff888027de04c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  600.885814][   T39] 4 locks held by syz.3.2814/13798:
[  600.885828][   T39]  #0: ffff8880256f6480 (sb_writers#5){.+.+}-{0:0}, at: vfs_coredump+0x380d/0x4540
[  600.885902][   T39]  #1: ffff888050b328e0 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: shmem_file_write_iter+0x82/0x120
[  600.885966][   T39]  #2: ffff888050b32a18 (&xa->xa_lock#9){+.+.}-{3:3}, at: shmem_add_to_page_cache+0x74a/0xbf0
[  600.886034][   T39]  #3: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  600.886089][   T39] 1 lock held by syz.4.2826/13822:
[  600.886102][   T39]  #0: ffff88805d5a96f8 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[  600.886166][   T39] 5 locks held by syz.1.2825/13826:
[  600.886180][   T39]  #0: ffff88803f67a480 (sb_writers#5){.+.+}-{0:0}, at: vfs_coredump+0x380d/0x4540
[  600.886297][   T39]  #1: ffff88803c47dd28 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: shmem_file_write_iter+0x82/0x120
[  600.886360][   T39]  #2: ffff88803c47de60 (&xa->xa_lock#9){+.+.}-{3:3}, at: shmem_add_to_page_cache+0x74a/0xbf0
[  600.886427][   T39]  #3: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  600.886482][   T39]  #4: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[  600.886545][   T39] 1 lock held by syz.3.2833/13850:
[  600.886559][   T39]  #0: ffff88802964a480 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  600.886630][   T39] 4 locks held by syz.3.2833/13853:
[  600.886651][   T39]  #0: ffff88802964a480 (sb_writers#14){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  600.886718][   T39]  #1: ffff88805e21d290 (&sb->s_type->i_mutex_key#33){++++}-{4:4}, at: path_openat+0xb5e/0x38a0
[  600.886788][   T39]  #2: ffffffff8e3c81c0 (rcu_read_lock){....}-{1:3}, at: __d_lookup+0x66/0x780
[  600.886842][   T39]  #3: ffff88805e1eb5b0 (&lockref->lock){+.+.}-{3:3}, at: __d_lookup+0x23e/0x780
[  600.886885][   T39] 1 lock held by syz.3.2833/13857:
[  600.886894][   T39]  #0: ffffffff8e4a99d8 (lock#3){+.+.}-{4:4}, at: __lru_add_drain_all+0x6b/0x5e0
[  600.886937][   T39] 2 locks held by syz.2.2834/13858:
[  600.886946][   T39]  #0: ffff88803d0b31a0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_init_dev+0x74/0x4d0
[  600.886982][   T39]  #1: ffff8880267e11c0 (&port->mutex){+.+.}-{4:4}, at: tty_port_open+0x13c/0x2f0
[  600.887025][   T39] 
[  600.887030][   T39] =============================================
[  600.887030][   T39] 
[  600.887047][   T39] NMI backtrace for cpu 1
[  600.887061][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  600.887113][   T39] Tainted: [L]=SOFTLOCKUP
[  600.887121][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  600.887136][   T39] Call Trace:
[  600.887145][   T39]  <TASK>
[  600.887155][   T39]  dump_stack_lvl+0xe8/0x150
[  600.887183][   T39]  nmi_cpu_backtrace+0x274/0x2d0
[  600.887208][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  600.887243][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  600.887264][   T39]  sys_info+0x135/0x170
[  600.887288][   T39]  watchdog+0xfd3/0x1030
[  600.887311][   T39]  ? watchdog+0x1c9/0x1030
[  600.887332][   T39]  kthread+0x388/0x470
[  600.887354][   T39]  ? __pfx_watchdog+0x10/0x10
[  600.887370][   T39]  ? __pfx_kthread+0x10/0x10
[  600.887392][   T39]  ret_from_fork+0x514/0xb70
[  600.887412][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  600.887430][   T39]  ? __switch_to+0xc79/0x1410
[  600.887456][   T39]  ? __pfx_kthread+0x10/0x10
[  600.887478][   T39]  ret_from_fork_asm+0x1a/0x30
[  600.887509][   T39]  </TASK>
[  600.887516][   T39] Sending NMI from CPU 1 to CPUs 0:
[  600.887558][    C0] NMI backtrace for cpu 0
[  600.887577][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  600.887602][    C0] Tainted: [L]=SOFTLOCKUP
[  600.887609][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  600.887621][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  600.887650][    C0] Code: cb 81 02 e9 83 c8 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 7b 26 00 fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[  600.887666][    C0] RSP: 0018:ffffffff8e007dc0 EFLAGS: 00000242
[  600.887683][    C0] RAX: 00000000003e7e19 RBX: ffffffff8199d8da RCX: 0000000080000001
[  600.887697][    C0] RDX: 0000000000000001 RSI: ffffffff8d99c512 RDI: ffffffff8bca7060
[  600.887711][    C0] RBP: ffffffff8e007eb0 R08: ffff8880b8633e9b R09: 1ffff110170c67d3
[  600.887727][    C0] R10: dffffc0000000000 R11: ffffed10170c67d4 R12: 0000000000000000
[  600.887743][    C0] R13: 1ffffffff1c1fdd8 R14: 0000000000000000 R15: 1ffffffff1c1fdd8
[  600.887759][    C0] FS:  0000000000000000(0000) GS:ffff888125a5b000(0000) knlGS:0000000000000000
[  600.887774][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  600.887787][    C0] CR2: 00007f2162b93ff8 CR3: 0000000065e94000 CR4: 00000000003526f0
[  600.887805][    C0] Call Trace:
[  600.887812][    C0]  <TASK>
[  600.887819][    C0]  default_idle+0x9/0x20
[  600.887846][    C0]  default_idle_call+0x72/0xb0
[  600.887875][    C0]  do_idle+0x36a/0x5f0
[  600.887907][    C0]  ? __pfx_do_idle+0x10/0x10
[  600.887941][    C0]  cpu_startup_entry+0x43/0x60
[  600.887970][    C0]  rest_init+0x2de/0x300
[  600.887990][    C0]  start_kernel+0x38a/0x3e0
[  600.888084][    C0]  x86_64_start_reservations+0x24/0x30
[  600.888107][    C0]  x86_64_start_kernel+0x143/0x1c0
[  600.888127][    C0]  common_startup_64+0x13e/0x147
[  600.888168][    C0]  </TASK>
[  600.896656][   T39] Kernel panic - not syncing: hung_task: blocked tasks
[  600.896711][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  600.896744][   T39] Tainted: [L]=SOFTLOCKUP
[  600.896753][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  600.896768][   T39] Call Trace:
[  600.896800][   T39]  <TASK>
[  600.896822][   T39]  vpanic+0x56c/0xa60
[  600.896917][   T39]  ? __pfx___schedule+0x10/0x10
[  600.896992][   T39]  ? __pfx_vpanic+0x10/0x10
[  600.897097][   T39]  panic+0xc5/0xd0
[  600.897158][   T39]  ? __pfx_panic+0x10/0x10
[  600.897241][   T39]  ? preempt_schedule_thunk+0x16/0x30
[  600.897296][   T39]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  600.897342][   T39]  watchdog+0x102c/0x1030
[  600.897472][   T39]  ? watchdog+0x1c9/0x1030
[  600.897556][   T39]  kthread+0x388/0x470
[  600.897649][   T39]  ? __pfx_watchdog+0x10/0x10
[  600.897713][   T39]  ? __pfx_kthread+0x10/0x10
[  600.897792][   T39]  ret_from_fork+0x514/0xb70
[  600.897868][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  600.897933][   T39]  ? __switch_to+0xc79/0x1410
[  600.898031][   T39]  ? __pfx_kthread+0x10/0x10
[  600.898105][   T39]  ret_from_fork_asm+0x1a/0x30
[  600.898177][   T39]  </TASK>
[  600.898809][   T39] Kernel Offset: disabled