last executing test programs:

5m47.640040218s ago: executing program 3 (id=547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x28, &(0x7f0000000240)=0x440000bcd)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000340)=""/102392, 0x18ff8)
shmctl$IPC_RMID(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, 0x90}}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0)
ioctl$TCSBRKP(r3, 0x5425, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(0xffffffffffffffff, 0x5408, &(0x7f0000000040)={0x3, 0x0, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0x1000})
ioctl$TIOCGPGRP(r3, 0x5437, 0x0)
io_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5m45.771916373s ago: executing program 3 (id=550):
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/igmp\x00')
pread64(r1, &(0x7f0000000080)=""/102350, 0x18fce, 0x51)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/time\x00')
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e04fd0a20"], 0x7)

5m44.46207693s ago: executing program 3 (id=556):
r0 = socket(0x1e, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x24, r3, 0x1, 0x0, 0xfffffffe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x48008}, 0x40080)
read(r1, 0x0, 0x0)
sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x2, {0x0, 0x4}}, 0x10, &(0x7f0000000440)=[{&(0x7f00000000c0)="bc", 0x1}, {&(0x7f0000000100)="68ecaddb83b402f059abc31221d58c9f99cafa2875f6a93b74a3f18928f0d867e4307a47e49c227f6de1099c8a3fd676c10beb9075b673ece0b9e269f3db0dee425b47447cb7de4b0d4df68d6d3da5397907df3cc7ad587aae96f37cdadaba282f101b2e7b869f4cf8a07437b8eb0876db22f1d37bf7ac0295eca663eabee03d13395017914e0b1f214bd0e6296586f75b55129d064e5f9c50bbff7b8b6d04fd96", 0xa1}, {&(0x7f0000000200)="5470ebd7eaaab6f974c96438316784ad140a3771ff06fbbed7cbd6e7b28488a667a350e365cc52f7842c2507e53cb22154031fec982d65c3e7d9473ad4ab93e806c28f655ca824bfe0f19544580c7868e5f98e25dc33e10f39e9f2f9be4a09add3f0461da569453833eac53c1829007880a5d80b2113a8d1c19351972aa6291957a36cc604839ccf532551a333faa1c763708739432c77dd", 0x98}, {&(0x7f0000000000)="65d182b5a977cbb16d7c43635cfdee66", 0x10}, {&(0x7f0000000040)="71673ecfa27c37967d9bb50e041f8a7b2993a086", 0x14}, {&(0x7f00000002c0)="67c7944b32711b98bf52835436a7bbec0e0d97e12bc39397be3c21b5221be9395bc0160063ab9a34080da50510a9bb9d484160b9ffc2dcc3a270940ed5480a9c620996b69d56c5188884fff7ec76ef26d6d0050f4039bc85d99ad1cdf3b8e6cf2fdbc69d8bda18cc4307541eb66d39edc6aba5039334e65378512183eef26fff9e319e0499351f34fcae6019cc6dede1e7d5495125cc87e8ecd114823dd401ce5766a3b244f9b927e57aa96286e70a55391ecd73c022552029b0f7b65c824582c1e786d4b31da9e4033c626908b3ca42b683ab6adf7153011d0b81ef360c7a6baafa103bde6fb1ad3b9dade7", 0xec}, {&(0x7f00000004c0)="44e67aaeffee35d188f018b614df76ad15c97af64ed37693c5847dc8ee521c5a99a22ad58f84bdadd50b8a8a903c66155770e28b432bfff9bd0b0896ccc35b9402d105a3589898e04a12b55efdee6d99e51ebaafd407ca163d6f882cac3d", 0x5e}], 0x7, 0x0, 0x0, 0x4008010}, 0x48894)

5m43.907389256s ago: executing program 3 (id=559):
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141101)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r0, 0x0, 0x4, &(0x7f0000000040)="9f0910bc996c301c8107070400", 0x28)
getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000240))
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
setxattr$security_ima(&(0x7f0000000180)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYBLOB="0415"], 0x2, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x40014103f, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000060a0b0400000000000000000200000038000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c59208000240000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x8c}}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregs(0xe, r2, 0x0, &(0x7f0000000140)=""/216)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000002c0)=0xa0000)
r4 = dup(r3)
semctl$SEM_STAT_ANY(0x0, 0x2, 0x14, &(0x7f0000000080)=""/245)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@my=0x0, 0x1})
r5 = gettid()
tkill(r5, 0x11)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000080)={&(0x7f0000000300)={{@my=0x0}, {@my=0x0}, 0x400, "1a0b5dbeaad6e12581c3705615196659d1edfd3e937bb049a5b6150777cdfc3f662aaa33c62804d786b79e9434331a65305e1ca8b12f2ef78b51d868fcacb8c1ce634287005fa21eae9125b9b5f78afe5816253c1d8179a25109c92aca81cbefee8bfee6e64f7d09541b3b54b464b08cd356e1cb5c49e7deaccfce3d06dbdf2318dfb309890458cb7a7b2a21743cec8f1ad4a7cbea7ea1ed37d1bab65c1bf52f9b1559ea51ed0e07f0184f39018109c38b561e132a99d1248964ca540bf022b6977bfaca7f9fc8e1b6826807127484d9835b5a1b710478b2a67c3f68d4d065d59140309232f0b5884f1d1dc6a575f990d0685a0cd095f6b5b79d0cffdb57b0bac719e4a9f39ccdc79fa6aeafa3a71ed3f46987cc1fda18e3bc34e56a441eb3e7f47476c52a400597b01eaf894da3428b4027a6ce2657b267932e83053be08f450510a0df068e3907290e7d104a8f79838bdc762cfe081260ff54b6b2fb4670b89be06c40b3c4ba8387586f5b84d2547d75125356f478523b8604452d0898c94f6d0bc75d9a34f063c979d519e0379eec57aa7a48d2120ae28682229213017a2215e0755c3b71e56ebaf2c928d6cf53dbc0190864d0b6ea928e933474e58a193c880bd90bb39d3291142687e8f9a10c60887898a931e34dac504220200401a7b26973590621222a74aa843becaec07a70456dad98ab32c225872a699f7aa849a035b8d513c97198d5a790b85a14375bc00f0635db6eaf0741fb9ab5bfb72dde3c1992b0157a1a34933caf5fa679435f34a756e0366a4f7d604958e6ede55883ca9f11e3b7056612489528887a45d7f67588bae91ec6f4b28ac26ccdae64cc82948fe99b2002df2d93236faacccc629f41a6981fffbb640e60399c5fe7288112bba82046197ef850d9f225987a6022fef9ad89b4798dc92b7cb5a1e1d2c698f86c4f99317ba87530b874ac3bd7899dffd2393a1d93ddb5143678831d94aaa2bf4267bfffefb44ec03fadcae8e8d89617ed926ad635559a7cdf61e2638dc3d8c424403c8121ad89aec8277a64955cf090c187113f4484c30f6246643a9707a4ef15869e58fe86ba3ab33ed7646b21846bd4f754ccffac9a96223971e4c44a36eef33c09d1b57a3790bec363a2c7333b07629874ad2119f2ccda107b183477df18f175d7e9132720d7cd7e671f8b62dee95433fa1db34dfb1bcae6a22863d1f592be8f6c64dcbb93bc5131711c7156829f77fe17b5bbfb1ac2eac809daeeeb804994b61c5e4a40c1fcbe7ee925ac8a6b0c52e24eee6d713060e407752ad35aef68040a4e68ba07c6d0548b32b12b62401c8349c6c53084bad6300d2b5e371efa569bb3a67ad15797389b8fe8dfa267fe203555bb15f36807894643f3f7f081a1e584f959c7716a46fe455837fc44c561c41ccebb845434b86b354b4a0c7796d713a5"}, 0x418})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})

5m43.236100401s ago: executing program 3 (id=561):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x2, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x87, &(0x7f0000000480)=""/135, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21)
r0 = socket(0x15, 0x4, 0xfffffffc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2000})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f00000003c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@restrict={0x0, 0x0, 0x0, 0xb, 0x2}, @fwd={0x2, 0x0, 0x0, 0x12}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000240)=""/194, 0x34, 0xc2, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r3 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
r6 = openat$cgroup_ro(r5, &(0x7f00000000c0)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r9 = geteuid()
fstat(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
fchown(r8, r9, r10)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x7}, {}, {0x7, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0c4}, 0x0)

5m42.784193729s ago: executing program 3 (id=564):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
tgkill(r1, r1, 0x29)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
write$selinux_access(0xffffffffffffffff, 0x0, 0x4d)
r4 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r4, 0x10d, 0xa, &(0x7f0000000000), 0x4)
read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x91)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x3, 0x2}, 0xe)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ustat(0x5, &(0x7f0000000400))
landlock_restrict_self(0xffffffffffffffff, 0x0)

5m42.633491827s ago: executing program 32 (id=564):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
tgkill(r1, r1, 0x29)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
write$selinux_access(0xffffffffffffffff, 0x0, 0x4d)
r4 = socket$kcm(0xa, 0x6, 0x0)
setsockopt$sock_attach_bpf(r4, 0x10d, 0xa, &(0x7f0000000000), 0x4)
read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x91)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x3, 0x2}, 0xe)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ustat(0x5, &(0x7f0000000400))
landlock_restrict_self(0xffffffffffffffff, 0x0)

12.748059139s ago: executing program 1 (id=1859):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000580))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000003c0)=0x5)

12.19949187s ago: executing program 1 (id=1864):
r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3})
unshare(0x40020000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty}, 0x2a0})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, 0x0, 0x0)
ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @empty}, 0xab852ebbeefbd6b1})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x70}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

10.392508969s ago: executing program 5 (id=1867):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00"], 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000100)={0x13, 0x10, 0x8, {0x0, 0xffffffffffffffff, 0x1}}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
close(r3)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, 0xffffffffffffffff, 0x11, 0x0, 0x0, @void, @value=r3}, 0x20)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)

9.557096318s ago: executing program 0 (id=1871):
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
setxattr$security_capability(&(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x1)
chdir(0x0)
creat(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xb0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
chmod(&(0x7f00000000c0)='./file0\x00', 0xc1beefd4e90d9958)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x8, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

8.182930581s ago: executing program 1 (id=1873):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

7.976471871s ago: executing program 1 (id=1875):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x802, 0x0)
openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x20000, 0x140}, 0x18)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x78, 0x0, &(0x7f0000000cc0)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@handle={0x73682a85, 0x101, 0x3}, @flat=@handle={0x73682a85, 0x108a}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x400}, @decrefs={0x40046307, 0x2000002}, @decrefs={0x40046307, 0x2}, @acquire_done={0x40106309, 0x3}, @decrefs={0x40046307, 0x1}], 0x68, 0x0, &(0x7f0000000240)="a12f19a19ecc72065b377a103543e370f6821fcf37c7c0554441fa4ddcfa8423172351cded9ed0794a79a30bfa23693c77c13303ac9af7d7947b2ed81a56fd923095bf5abd02d48997b392b188433026be9f367f5d622979ce96f9ff2918dc681700000000000000"}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x78, 0x0, &(0x7f0000000cc0)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@handle={0x73682a85, 0x101, 0x3}, @flat=@handle={0x73682a85, 0x108a}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x400}, @decrefs={0x40046307, 0x2000002}, @decrefs={0x40046307, 0x2}, @acquire_done={0x40106309, 0x3}, @decrefs={0x40046307, 0x1}], 0x68, 0x0, &(0x7f0000000240)="a12f19a19ecc72065b377a103543e370f6821fcf37c7c0554441fa4ddcfa8423172351cded9ed0794a79a30bfa23693c77c13303ac9af7d7947b2ed81a56fd923095bf5abd02d48997b392b188433026be9f367f5d622979ce96f9ff2918dc681700000000000000"})
r2 = syz_clone(0x41040380, &(0x7f0000000000), 0x0, &(0x7f0000000040), &(0x7f0000000140), &(0x7f0000000500)="874cb515733cfd9522e24dfb57407876b0c915813b636161ba9272b6f6b4d5d066f8cd0c8047ffd776d420de520aea33efc71752bbef05a3d8b295d6c858c1c7d9cd6dc48a7ffc5117ff88c164d155072de1749d6f8a2e4a1170fed5653d50515dce858f669a41de625ca1318eb39d7d9712dab202c08ca7df3476b70c51e648a89fdde874afff667e4fb9db3e6ef0d799c926071b6d191cc6e8be623e3f75edc61ac627181d90")
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7ff)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010065727370616e000014000280050016000000000006000e00039518"], 0x44}}, 0x0)
syz_open_dev$MSR(&(0x7f0000000ac0), 0x3, 0x0) (async)
syz_open_dev$MSR(&(0x7f0000000ac0), 0x3, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000b40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000b80)={'wpan3\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000bc0)={'wpan3\x00', <r6=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r3, &(0x7f0000000c80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x3c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x3c}}, 0x20038081) (async)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r3, &(0x7f0000000c80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x3c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x3c}}, 0x20038081)
recvmmsg(r0, &(0x7f0000000a40)=[{{&(0x7f0000000400)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000000)=""/30, 0x1e}, {&(0x7f00000005c0)=""/29, 0x1d}, {&(0x7f0000000600)=""/95, 0x5f}, {&(0x7f0000000680)=""/24, 0x18}, {&(0x7f00000006c0)=""/127, 0x7f}], 0x5, &(0x7f00000007c0)=""/16, 0x10}, 0x1ff}, {{&(0x7f0000000800)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000880)=""/12, 0xc}, {&(0x7f00000008c0)=""/14, 0xe}, {&(0x7f0000000900)=""/146, 0x92}], 0x3, &(0x7f0000000a00)=""/52, 0x34}, 0x6}], 0x2, 0x0, 0x0)

7.966047177s ago: executing program 0 (id=1876):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)

7.783937505s ago: executing program 0 (id=1877):
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x6, 0x40000)
ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000080)={0x6, 0x0, 0x10000, 0xa1, 0x8, 0x6, 0x2, 0x1, 0x3})
r1 = dup(0xffffffffffffffff)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f00000000c0)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0xfff}}, './file0\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0xe2c82)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1532, 0x10e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000440)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xa, {[@global=@item_4={0x3, 0x1, 0x0, "645231a6"}, @local=@item_4={0x3, 0x2, 0x3, "03aa46a0"}]}}, 0x0}, &(0x7f0000000740)={0x2c, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x1}, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f0000001140)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000)={0x40, 0x19, 0x2, "231f"}, 0x0, 0x0, &(0x7f00000010c0)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000001100)={0x40, 0x21, 0x1, 0x47}})
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x0)

7.339547689s ago: executing program 5 (id=1878):
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, 0x0, 0x0)
syz_usb_connect$printer(0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x7, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000002c00010324bd7002f9dbdf2506"], 0x14}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004004}, 0x40)

7.18728829s ago: executing program 2 (id=1879):
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
unshare(0x68040200) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)='\\', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000140)) (async)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DELAY(r2, 0x80084121, &(0x7f0000000040)) (async)
socket$packet(0x11, 0x2, 0x300) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0xfdef) (async)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0) (async)
mkdir(&(0x7f0000000180)='./file1\x00', 0x0) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000002040)='./bus\x00', 0x4b) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@userxattr}, {@xino_auto}]}) (async)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000003480)={0x2020}, 0x2020) (async)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x14b100, 0x0)
ioctl$FICLONE(r5, 0x40049409, r8)
sendmmsg$inet6(r7, &(0x7f0000000000)=[{{&(0x7f00000003c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c, 0x0}}], 0x1, 0x8040)

6.968011355s ago: executing program 1 (id=1880):
r0 = syz_open_dev$radio(0x0, 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x1c, 0x0, 0x0)
syz_emit_ethernet(0x4e, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)

5.797578161s ago: executing program 4 (id=1881):
syz_open_dev$usbfs(&(0x7f0000000040), 0x201, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, &(0x7f00000004c0)='GPL\x00', 0xc58d, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff7, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB="bc000000248fca1320f9954d0000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f00000000c0)={0x6, 0x0, {0x55, 0x2, 0xff, {0xfff, 0x1}, {0xc4, 0x5}, @rumble={0x1eab, 0x9000}}, {0x56, 0x1, 0x7, {0x80, 0xf}, {0x4, 0xfc}, @ramp={0x805, 0x28c, {0x2, 0x5, 0xfffd, 0x5}}}})
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

4.907774732s ago: executing program 4 (id=1882):
r0 = syz_open_dev$radio(0x0, 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x1c, 0x0, 0x0)
syz_emit_ethernet(0x4e, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)

3.808853501s ago: executing program 4 (id=1883):
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1}}, './file0\x00'})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000011850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x0, 0x52, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_ACCEPT(r3, &(0x7f0000000280)={0x8, 0x120, 0xfa00, {0x2, {0xfff, 0x81, "68e79fd49bf6021bc93d045956e022dc7ffbdc4985ce42e4061489a82649b5f3cfea9a41f7948fa9943de543fd400d2a4723984495924eb6e66a06cf65af09ed3c1a9cd4a8b63db8a6eed19b4bd2299312bacc97c5770ea9d61ad1e918800ffc5d70ce751048a83a4d5f324e073ec0c7dbde38283f27ffa3d09719aa096903863a103b3bdfbb9b400bbca048181751e82894afb463b9b72239a96d20c95519edd5ad9ccc233d8f32bb2aee04ac8be0de1fc1b3fe11057f06e55c740f62840cd60e93e629fa01ee0175ee2070c7935cb26790e547a9bd813f37e5b79d597c6727a27c6213559199a4eab7866d1e91a911ac68a0fc302f0fafb5762549920e6f57", 0x8, 0x2, 0x9, 0x1, 0x7, 0x8, 0x40, 0x1}}}, 0x128)

3.740004401s ago: executing program 0 (id=1884):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x0, &(0x7f0000000040)})
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

3.739520202s ago: executing program 2 (id=1885):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

3.671449487s ago: executing program 5 (id=1886):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2a, 0x2, 0x6)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000240)=0xe0f)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000780)={'vxcan1\x00', <r1=>0x0})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc4c85513, &(0x7f0000000040)={0xb})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$FUSE(r3, &(0x7f0000012380)={0x2020}, 0x2020)
read$FUSE(r3, 0x0, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r3, 0x8002f515, &(0x7f0000000100))
r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000018c0), 0x800, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0x7, &(0x7f0000000480)=[{0xc, 0x0, 0x8, 0xe6d}, {0x2, 0xf8, 0x0, 0x2}, {0x94, 0x80, 0x8}, {0xf, 0x5, 0xce, 0x5}, {0x6, 0x9, 0xff, 0x8000}, {0x6f8a, 0x4, 0x81, 0x5}, {0x2, 0x1, 0x8, 0x9}]})
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x5e)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$P9_RLERRORu(r6, 0x0, 0x18)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000004080), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r4, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r7, {0x78df}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x6416, 0x40, 0x2, 0x3d3, 0x0, r6}, &(0x7f0000000300), &(0x7f0000000340))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYRES8=r4], 0x0, 0x4a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
read$msr(r3, &(0x7f0000000500)=""/67, 0x43)
syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockname$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, &(0x7f00000002c0)=0x1c)
bind$can_j1939(r0, &(0x7f00000001c0)={0x1d, r1, 0x3, {0x2}, 0x1}, 0x18)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)

3.518494451s ago: executing program 4 (id=1887):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0x0, "00000000000000000000279600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000003c0)=0x4)
listen(0xffffffffffffffff, 0x7)
r2 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
r3 = syz_io_uring_setup(0x1f8, &(0x7f0000000080)={0x0, 0x6c0e, 0x4000, 0x0, 0x4}, &(0x7f0000000440), &(0x7f0000000100)=<r4=>0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r5, &(0x7f0000000100)=ANY=[], 0xff2e)
ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000000))
r6 = syz_io_uring_setup(0x5e9, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000840))
io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2000, @fd=r3, 0x0, &(0x7f0000000580)=""/251, 0xfb, 0xe, 0x1})
io_uring_enter(r3, 0xb15, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0xffffffffffffffff, r2, 0x0, 0xb, &(0x7f0000000180)='/dev/vcsa#\x00'}, 0x30)
r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000040))
r9 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r10 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_SETTRIGGER(r9, 0x40045010, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r10, 0x4112, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r9, 0x40045010, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000008dbf36cafd0000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001d60ffff080000009500000000000000184a0000f8ffffff0000000000000000181b0000", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
signalfd4(r11, &(0x7f0000000040)={[0x8]}, 0x8, 0x80800)
syz_create_resource$binfmt(&(0x7f00000000c0)='./file0\x00')

3.464076262s ago: executing program 5 (id=1888):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0x0, "00000000000000000000279600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000003c0)=0x4)
listen(0xffffffffffffffff, 0x7)
r2 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
r3 = syz_io_uring_setup(0x1f8, &(0x7f0000000080)={0x0, 0x6c0e, 0x4000, 0x0, 0x4}, &(0x7f0000000440), &(0x7f0000000100)=<r4=>0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r5, &(0x7f0000000100)=ANY=[], 0xff2e)
ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000000))
r6 = syz_io_uring_setup(0x5e9, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000840))
io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2000, @fd=r3, 0x0, &(0x7f0000000580)=""/251, 0xfb, 0xe, 0x1})
io_uring_enter(r3, 0xb15, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0xffffffffffffffff, r2, 0x0, 0xb, &(0x7f0000000180)='/dev/vcsa#\x00'}, 0x30)
r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000040))
r9 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r10 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDCTL_DSP_SETTRIGGER(r9, 0x40045010, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r10, 0x4112, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r9, 0x40045010, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000008dbf36cafd0000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001d60ffff080000009500000000000000184a0000f8ffffff0000000000000000181b0000", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
signalfd4(r11, &(0x7f0000000040)={[0x8]}, 0x8, 0x80800)
syz_create_resource$binfmt(&(0x7f00000000c0)='./file0\x00')

3.461042374s ago: executing program 1 (id=1889):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000107d1e5a2d0000000000010902240001000000000911000001030002ff080080000000000000090581030000000000"], 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000009780)={0x2020, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)={0xa8, 0x0, 0x3, [{}]}, 0xa8)
r5 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
r6 = open(&(0x7f0000000180)='./bus\x00', 0x1092fc, 0x0)
r7 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f00000003c0)={0xd8})
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r6, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r8 = syz_usb_connect$cdc_ncm(0x1, 0x7a, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x2, 0x1, 0x8, 0x0, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "dfb29bb1ac"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1400, 0x23, 0x3}, {0x6, 0x24, 0x1a, 0x4}, [@dmm={0x7, 0x24, 0x14, 0x8, 0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0x1, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x0, 0x6e, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xd, 0x3, 0x1}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x93, 0x3, 0x1, 0x40, 0x99}, 0x4f, &(0x7f0000000180)={0x5, 0xf, 0x4f, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "bc5b4c9f3dcecfe9de0c10f38d4bb38b"}, @ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0x55, 0xf0f, 0x2, [0xc000, 0x3f, 0xffffcf, 0xff003f, 0xf]}, @wireless={0xb, 0x10, 0x1, 0x2, 0x81, 0x9, 0x2, 0x5, 0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x4f, 0x9, 0x6, 0xfbff, 0xf7}]}, 0x6, [{0x7d, &(0x7f00000002c0)=@string={0x7d, 0x3, "31a63f0372c8955a301cea239efa4945c69944af69877189816d82790872a3da84a3191a0f3c55d7d578415c251e4213aa59aa53fff5cc44040ad4edd4eb9ad3f8539ef3bb1c2005410e9a1a834763720e279d0b877a8342d97b2a73ca5c1a8abb22bd0915680ae25329062f5fe0631bf7eb11560b20592c05a74d"}}, {0xca, &(0x7f0000000400)=@string={0xca, 0x3, "7a0a06d6030198853b3869f16417558b98c475f35652e3b7dd716fa861e2af1c69f0b7f014b7663e4cadfd87f685b6ee6e901a05af72e439bfa309578a0c6613a701affdd7bccabfe509206c51440e149d62e5f3715e118d35f3cfce37f2cc1484367bd2949c730665b064efd98363fea6741e275a006112d7af85668cdd0d933c346572c0ed0ef75ff6ca4e4388dfbb60f2aa3f7ab9bcd47d8342ef44151ad1513b5bde8604a7641cded571b610ebbc8bfb757ff146f8359593ba03ca1f032651a1ef9f706d2bbf"}}, {0xbd, &(0x7f0000000500)=@string={0xbd, 0x3, "a01034e2661d0a9db109f36c304f42743965f936aada6b6f63b95c8d5dbde9cef266e5a57aaac5b3bc23d518a067f3d468ebbb2c0258c5bafb3517304db9505ad9113699957dee5326db4b7aeb0ade9621e8d014a87b0a39a724dad664c0820ce0310636ef26b14482e21793a4ca5383ee995ffd52dcc31a362f85a0d3c18e9d9003b0d28200a018bc65355c6b665f7c54cacea884511d8cdbda6b4bf649134e34235b61b41af189fe368af24c9beb1fc5d0d192b95621cdedfd37"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x403}}, {0x1d, &(0x7f0000000380)=@string={0x1d, 0x3, "af7a22cc488ea0783bb3a078a12fd9df39c2f50e551adf6a3624db"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0xf4ff}}]})
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6, 0x3, {0x0, 0x21}}]}, 0x1c}}, 0x0)
syz_usb_control_io(r8, &(0x7f00000003c0)={0x4b, &(0x7f0000000000)=ANY=[@ANYRES32=r5], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_usb_ep_write(r5, 0x8d, 0x0, 0x0)
mount$fuseblk(&(0x7f0000000740), &(0x7f0000000780)='./bus\x00', &(0x7f00000007c0), 0x1090, &(0x7f0000000940)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other}, {@default_permissions}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x900}}], [{@appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '^'}}, {@dont_measure}, {@subj_user={'subj_user', 0x3d, '.('}}, {@fowner_gt={'fowner>', r3}}, {@euid_lt={'euid<', r3}}, {@appraise}, {@permit_directio}, {@func={'func', 0x3d, 'PATH_CHECK'}}]}})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00'}, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002f00)={0x20, 0x2c, 0x9, 0x70bd27, 0x0, {0x5}, [@typed={0xc, 0xa, 0x0, 0x0, @u64=0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x26000000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x58}}, 0x0)

2.769291747s ago: executing program 2 (id=1890):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$radio(&(0x7f0000000100), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, 0x0)
syz_open_dev$video4linux(0x0, 0x200000000000, 0x80000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x2)
syz_emit_ethernet(0x10c, &(0x7f0000000840)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa04810c44000800410600fa00650000e2219078e0000001e000000186190000000100045453000f1ac9a197ddc64a2d15abca12834411e0a4b39b80694dbb2b0f91de2755a9940443d700004e214e20046190780486270166074ffb5c7f571059ca7883051e24eab09c0b54eb9e77c76e6441600dc0350aaca1b897ef15889d"], 0x0)
syz_emit_ethernet(0x1c, 0x0, 0x0)
syz_emit_ethernet(0x4e, 0x0, 0x0)
getresgid(0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)

2.768276125s ago: executing program 0 (id=1891):
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r2, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10)
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x10000)
recvmmsg(r2, &(0x7f00000005c0)=[{{0x0, 0xe8, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}}], 0x4000000000001db, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = gettid()
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000073c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f00000074c0)={0x0, 0x0, &(0x7f0000007480)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010029bd7000fbdbdf25310000000c009900040000001e00000008000300", @ANYRES32=r7, @ANYBLOB='\b\x00R\x00', @ANYRES32=r6, @ANYBLOB="7c49eabe0358f47ab0427bdfd55d04ffd22bbd5d5d0d0193"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00df00", @ANYRES16, @ANYBLOB="000226bd7000fddbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04006c00040087000e00cd000200920000082d00040000000800570019010000"], 0x3c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4048000)
sendfile(r2, r0, 0x0, 0xffefffff)

2.510025566s ago: executing program 5 (id=1892):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x8000)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x1f00, 0x0, 0x40000}, 0x800)

1.776412266s ago: executing program 2 (id=1893):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x6, 0x0, 0x5)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz0\x00', {0x8000, 0x101, 0xfffe, 0x7f}, 0x32, [0x81, 0xfff, 0x80000000, 0x0, 0xb, 0x1, 0x3ff, 0x7, 0x2, 0x1e1, 0x11, 0x7, 0x8, 0xc, 0x2, 0x80, 0x1000, 0x5, 0x6, 0x100, 0x3, 0x4e800, 0x5, 0x9, 0x9d, 0x7fff, 0x800, 0x3, 0x0, 0x6, 0xfffffff3, 0x7, 0x2, 0xfbb276a8, 0x6, 0x3, 0x8001, 0xc, 0x8, 0x1e20, 0x6, 0xfffffffa, 0x3d2, 0x2, 0x0, 0x101, 0x8001, 0x80000000, 0x98a7, 0x8, 0x4, 0xfffff3fb, 0x3, 0x7, 0x3, 0x8, 0x2, 0x6, 0x6, 0x9, 0x5, 0x8a0b, 0x80000000, 0x1], [0x101, 0x8, 0x3ff, 0x80000000, 0x5, 0x4, 0x4, 0x6, 0x10001, 0x8, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0x7f, 0xe, 0x4, 0x1, 0x1, 0x8, 0x5, 0x0, 0xffff, 0x3a4b, 0x479, 0xffffffff, 0x1, 0x10, 0xfffffff8, 0x5, 0x96cc, 0x0, 0x10, 0x3, 0x80, 0xffffff81, 0x2, 0x2, 0x8001, 0x7, 0x20000, 0x8, 0x9a16, 0x0, 0x1, 0x1000, 0x3, 0x1, 0x3, 0x9, 0x6, 0xfd84, 0x6, 0x4609, 0x4, 0x2de7, 0xfffff800, 0x7, 0x0, 0x9, 0xf, 0xe], [0xd7, 0x6, 0xfffffff7, 0x9, 0x6, 0x0, 0x4, 0xd, 0x200, 0x6, 0x1a3, 0xfffffffa, 0x4, 0x9, 0x4a, 0x6, 0x8, 0x1, 0x7, 0x2, 0x7f, 0x6, 0x826, 0xb238, 0x6, 0x6, 0xa91, 0x49, 0x7aa8, 0x401, 0x0, 0x5, 0x1, 0x10000, 0x0, 0xf, 0x8, 0xffffffff, 0x8, 0xff, 0x36, 0x2, 0x4, 0x9, 0x4, 0x4, 0x4, 0xfb8c, 0x0, 0x1, 0x10, 0x100, 0xe908, 0x26, 0x2, 0xff, 0x1, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x61c1, 0xa918], [0x7, 0x5, 0x4, 0xfffffffd, 0x5, 0x7, 0x6, 0x2, 0x7, 0xddaf, 0xbc17, 0x8, 0xa, 0x8, 0x200, 0x3f02b3ae, 0xe9, 0x1ff, 0xc2f, 0x2, 0x8000, 0x6, 0x9, 0x3, 0x8, 0x7fff, 0x3, 0x1, 0xb81, 0x3, 0x6, 0x8a1, 0x9, 0x0, 0xfffffffc, 0x5646, 0x9, 0x4, 0x8, 0x3d, 0xffff, 0x4, 0x80, 0xb, 0xffff2b04, 0x8, 0x9, 0x4, 0x6, 0x8, 0x3, 0x1, 0x7, 0x1, 0x200, 0x8, 0xff, 0x57a2, 0x2, 0x1, 0x2, 0x5, 0x3, 0xaa6]}, 0x45c)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)=ANY=[@ANYBLOB="100008007b7b010022bd7000ffdbdf25"], 0x10}}, 0x8000)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fcntl$setpipe(r5, 0x407, 0x7)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r6, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r7, &(0x7f0000000100)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48)
connect$inet6(r6, &(0x7f0000000280)={0xa, 0x4e24, 0x3, @mcast1, 0x7}, 0x1c)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300bf02000000000000000000000000000114000400200100000000000000000000000000020800074000000001"], 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="580000000001050500634a000000000000000a57c700440002802c00018078000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c0002800500010000000000060003400001acccffad15830042476f78daedeb66bf9cd5cd3d689bbccf70e74e36fcb71c0af0bf22acb7dbbc33d1ed1b397622e6e72dcfa435f60b0604a13b256f26d03125dbf905f47d7fb8707aa65b6f8d992a82b92d0ebb93bdeee876a8ad340f07e65ba9871eff2e3600c892f58082be0dc1a74e9a089e699eef5c08c78aafb604bd6eeb41c949ee52f809b20514b51abdda073c5e39b7dcf36d3803cce49d1cd59cb9b7634306b27e65f59659da1e13b9085025a9bdafc150503e66e5b6c11c219933788c395f75067109c5b2997f1b76c1b13759"], 0x58}}, 0x0)

1.703632775s ago: executing program 4 (id=1894):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0xf9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x3}, 0xe)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x4, 0x1, {<r3=>0xffffffffffffffff}, {0xee00}, 0x3, 0x8001})
prlimit64(r3, 0x8, &(0x7f00000000c0)={0x2, 0x619}, &(0x7f0000000140))
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r4=>r1})
ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f0000000200)={0x100000001, 0x28, '\x00', 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02?\x00\x00\x05\x00\x00\x00-control\x00')
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0)

1.474112017s ago: executing program 5 (id=1895):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)
ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f0000000100))
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r3 = openat$cgroup_devices(r2, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f00000003c0)={'b', ' *:* ', 'r\x00'}, 0x8)
r4 = openat$cgroup_devices(r2, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000280)={'b', ' *:* ', 'rm\x00'}, 0x9)
r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000000090400000103000000092105000001220500090581030002"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r5, 0x81, 0x1, &(0x7f0000000180)="fb")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$xdp(0x2c, 0x3, 0x0)
symlink(&(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)

1.091840189s ago: executing program 4 (id=1896):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='oom_score_adj\x00')
preadv(r0, &(0x7f0000000780)=[{&(0x7f0000000480)=""/187, 0xbb}, {&(0x7f0000000380)=""/229, 0xe5}, {&(0x7f0000000540)=""/65, 0x41}, {&(0x7f00000005c0)=""/224, 0xe0}, {&(0x7f0000000100)=""/24, 0x18}, {&(0x7f00000001c0)=""/53, 0x35}], 0x6, 0x4b5, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x80000000, 0x0, 0xfffffffc})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r6 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
write$cgroup_int(r6, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x101a02, 0x0)
copy_file_range(r7, &(0x7f0000000000)=0x7, r7, 0x0, 0x7, 0x0)

777.709156ms ago: executing program 2 (id=1897):
pipe(&(0x7f0000019480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa9610c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa1900000000000000000000e2ffffffddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20000000409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb79637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0adc7e77dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9af0012ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357baad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff16c45ba4a125a5a8a0000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca135ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444653fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a46005332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d366047999c825dbc4bea375529699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c2723d70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524ea2f93229106c871d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd405b8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b74ac5f894b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d6674885914abbf8830abeea2a46342e6a7378173cb2df5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb49ef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38aec0d12aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b68448692686ac80d81a89f9c29e27686fd96885205bc21a80b6704c45e42b3656dfdcd9b3048b04752ccf24103e2375ca712f6ed38b06c96bf3da324700"/2640], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)
close(r1)
ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000000)={0x2, "543bf915077dc3e402dbcac642d86e15670f1045d69a3ac1e6295683d2cb8772", 0x2, 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="120000000500000000041d000c33d00000000000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000000000000000000100"/28], 0x48)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r4, 0xc008ae05, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x34}}, 0x4)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x2, 0x8, 0x801}, 0x14}}, 0x0)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000200)={0x20, 0xe, 0x1, '0'}, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000180)={0x0, r0})
syz_usb_control_io$printer(r6, 0x0, 0x0)

598.010838ms ago: executing program 0 (id=1898):
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
getpeername$ax25(r0, &(0x7f00000000c0)={{0x3, @rose}, [@netrom, @null, @bcast, @default, @netrom, @default, @netrom, @default]}, &(0x7f0000000180)=0x48) (async)
r1 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{0x0, 0x2c}], 0x1}, 0x0) (async)
read$watch_queue(r0, 0xffffffffffffffff, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) (async)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe) (async)
setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0xf, 0x0, 0x0) (async)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) (async, rerun: 32)
futex(&(0x7f0000004000)=0x300, 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) (rerun: 32)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60606260"], 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000002000040"]) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b7000000286c0000bca30000000000002403000040feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
r9 = syz_open_dev$loop(&(0x7f0000000040), 0x80000000, 0x200)
ioctl$BLKGETSIZE(r9, 0x1260, &(0x7f0000002240)) (async)
syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io$uac1(r1, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) (async)
syz_usb_control_io(r1, 0x0, &(0x7f0000000340)={0x84, &(0x7f0000000480)=ANY=[@ANYBLOB="0000d7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 64)
syz_usb_control_io(r1, 0x0, &(0x7f0000000b40)={0x44, &(0x7f0000000440)={0x40, 0x1, 0x2, "b7e0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64)

0s ago: executing program 2 (id=1899):
r0 = syz_open_dev$radio(0x0, 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x1c, 0x0, 0x0)
syz_emit_ethernet(0x4e, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)

kernel console output (not intermixed with test programs):

1, Product=2, SerialNumber=3
[  353.586289][ T5868] usb 2-1: Product: syz
[  353.591897][ T5868] usb 2-1: Manufacturer: syz
[  353.600710][ T5868] usb 2-1: SerialNumber: syz
[  353.893543][ T5912] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  353.952534][T10370] FAULT_INJECTION: forcing a failure.
[  353.952534][T10370] name failslab, interval 1, probability 0, space 0, times 0
[  354.053458][T10370] CPU: 1 UID: 0 PID: 10370 Comm: syz.0.1233 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  354.053483][T10370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  354.053492][T10370] Call Trace:
[  354.053496][T10370]  <TASK>
[  354.053501][T10370]  dump_stack_lvl+0x16c/0x1f0
[  354.053531][T10370]  should_fail_ex+0x50a/0x650
[  354.053553][T10370]  ? fs_reclaim_acquire+0xae/0x150
[  354.053576][T10370]  should_failslab+0xc2/0x120
[  354.053593][T10370]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  354.053610][T10370]  ? __alloc_skb+0x2b1/0x380
[  354.053627][T10370]  __alloc_skb+0x2b1/0x380
[  354.053641][T10370]  ? __pfx___alloc_skb+0x10/0x10
[  354.053658][T10370]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  354.053686][T10370]  netlink_alloc_large_skb+0x69/0x130
[  354.053702][T10370]  netlink_sendmsg+0x689/0xd70
[  354.053719][T10370]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.053741][T10370]  ____sys_sendmsg+0xaaf/0xc90
[  354.053762][T10370]  ? copy_msghdr_from_user+0x10b/0x160
[  354.053778][T10370]  ? __pfx_____sys_sendmsg+0x10/0x10
[  354.053808][T10370]  ___sys_sendmsg+0x135/0x1e0
[  354.053825][T10370]  ? __pfx____sys_sendmsg+0x10/0x10
[  354.053849][T10370]  ? __pfx_lock_release+0x10/0x10
[  354.053870][T10370]  ? trace_lock_acquire+0x14e/0x1f0
[  354.053892][T10370]  ? __fget_files+0x206/0x3a0
[  354.053914][T10370]  __sys_sendmsg+0x16e/0x220
[  354.053930][T10370]  ? __pfx___sys_sendmsg+0x10/0x10
[  354.053959][T10370]  do_syscall_64+0xcd/0x250
[  354.053976][T10370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.053998][T10370] RIP: 0033:0x7f134c18cda9
[  354.054010][T10370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.054022][T10370] RSP: 002b:00007f134d022038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.054032][T10370] RAX: ffffffffffffffda RBX: 00007f134c3a5fa0 RCX: 00007f134c18cda9
[  354.054037][T10370] RDX: 0000000000000080 RSI: 00000000200002c0 RDI: 0000000000000003
[  354.054042][T10370] RBP: 00007f134d022090 R08: 0000000000000000 R09: 0000000000000000
[  354.054048][T10370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.054053][T10370] R13: 0000000000000000 R14: 00007f134c3a5fa0 R15: 00007ffeaf1634f8
[  354.054064][T10370]  </TASK>
[  354.285316][    C1] vkms_vblank_simulate: vblank timer overrun
[  354.303575][ T5912] usb 6-1: Using ep0 maxpacket: 32
[  354.311287][ T5912] usb 6-1: config 0 has an invalid interface number: 16 but max is 0
[  354.314139][ T5868] usb 2-1: USB disconnect, device number 32
[  354.319550][ T5912] usb 6-1: config 0 has no interface number 0
[  354.332060][ T5912] usb 6-1: too many endpoints for config 0 interface 16 altsetting 102: 153, using maximum allowed: 30
[  354.343531][ T5912] usb 6-1: config 0 interface 16 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 153
[  354.357303][ T5912] usb 6-1: config 0 interface 16 has no altsetting 0
[  354.364165][ T5912] usb 6-1: New USB device found, idVendor=041e, idProduct=1cf9, bcdDevice=3e.e7
[  354.373597][ T5912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.606449][ T5912] usb 6-1: config 0 descriptor??
[  355.082266][T10380] FAULT_INJECTION: forcing a failure.
[  355.082266][T10380] name failslab, interval 1, probability 0, space 0, times 0
[  355.095610][T10380] CPU: 0 UID: 0 PID: 10380 Comm: syz.2.1236 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  355.095633][T10380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  355.095642][T10380] Call Trace:
[  355.095647][T10380]  <TASK>
[  355.095653][T10380]  dump_stack_lvl+0x16c/0x1f0
[  355.095679][T10380]  should_fail_ex+0x50a/0x650
[  355.095701][T10380]  ? fs_reclaim_acquire+0xae/0x150
[  355.095726][T10380]  ? tomoyo_realpath_from_path+0xb9/0x720
[  355.095748][T10380]  should_failslab+0xc2/0x120
[  355.095767][T10380]  __kmalloc_noprof+0xcb/0x510
[  355.095784][T10380]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  355.095812][T10380]  tomoyo_realpath_from_path+0xb9/0x720
[  355.095833][T10380]  ? tomoyo_path_number_perm+0x235/0x590
[  355.095852][T10380]  ? tomoyo_path_number_perm+0x235/0x590
[  355.095873][T10380]  tomoyo_path_number_perm+0x248/0x590
[  355.095890][T10380]  ? tomoyo_path_number_perm+0x235/0x590
[  355.095911][T10380]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  355.095953][T10380]  ? __pfx_lock_release+0x10/0x10
[  355.095974][T10380]  ? trace_lock_acquire+0x14e/0x1f0
[  355.095996][T10380]  ? lock_acquire+0x2f/0xb0
[  355.096017][T10380]  ? __fget_files+0x40/0x3a0
[  355.096037][T10380]  ? __fget_files+0x206/0x3a0
[  355.096056][T10380]  security_file_ioctl+0x9b/0x240
[  355.096079][T10380]  __x64_sys_ioctl+0xb7/0x200
[  355.096105][T10380]  do_syscall_64+0xcd/0x250
[  355.096122][T10380]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.096145][T10380] RIP: 0033:0x7f9319f8cda9
[  355.096159][T10380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.096174][T10380] RSP: 002b:00007f931adc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.096190][T10380] RAX: ffffffffffffffda RBX: 00007f931a1a6160 RCX: 00007f9319f8cda9
[  355.096201][T10380] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  355.096211][T10380] RBP: 00007f931adc7090 R08: 0000000000000000 R09: 0000000000000000
[  355.096220][T10380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.096230][T10380] R13: 0000000000000000 R14: 00007f931a1a6160 R15: 00007ffc14c99fc8
[  355.096253][T10380]  </TASK>
[  355.312189][   T29] audit: type=1400 audit(2000000201.760:1913): avc:  denied  { name_bind } for  pid=10365 comm="syz.5.1232" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  355.312867][T10380] ERROR: Out of memory at tomoyo_realpath_from_path.
[  355.482598][   T29] audit: type=1326 audit(2000000202.160:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.506988][   T29] audit: type=1326 audit(2000000202.190:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.531069][   T29] audit: type=1326 audit(2000000202.190:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.555500][   T29] audit: type=1326 audit(2000000202.190:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.579278][   T29] audit: type=1326 audit(2000000202.190:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.603620][   T29] audit: type=1326 audit(2000000202.190:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.630556][   T29] audit: type=1326 audit(2000000202.190:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  355.691076][   T29] audit: type=1326 audit(2000000202.190:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  356.254995][   T29] kauditd_printk_skb: 21 callbacks suppressed
[  356.255055][   T29] audit: type=1326 audit(2000000202.800:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  356.687892][ T5912] usb 6-1: string descriptor 0 read error: -71
[  356.786705][ T5912] usb 6-1: USB disconnect, device number 16
[  356.792937][   T29] audit: type=1326 audit(2000000202.800:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  356.859235][   T29] audit: type=1326 audit(2000000202.800:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  356.899119][   T29] audit: type=1326 audit(2000000202.810:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  356.922637][    C1] vkms_vblank_simulate: vblank timer overrun
[  357.012362][T10405] binder: BINDER_SET_CONTEXT_MGR already set
[  357.112355][   T29] audit: type=1326 audit(2000000202.810:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  357.145413][T10405] binder: 10404:10405 ioctl 4018620d 20000040 returned -16
[  357.157700][   T29] audit: type=1326 audit(2000000202.810:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  357.565630][   T29] audit: type=1326 audit(2000000202.810:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  357.857243][T10409] netlink: 'syz.1.1245': attribute type 1 has an invalid length.
[  357.869098][   T29] audit: type=1326 audit(2000000202.810:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  357.939614][   T29] audit: type=1326 audit(2000000202.810:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  357.964602][   T29] audit: type=1326 audit(2000000202.810:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10383 comm="syz.1.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17f38cda9 code=0x7ffc0000
[  358.111963][T10423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1248'.
[  358.189389][T10423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1248'.
[  358.414671][T10423] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1248'.
[  359.949181][T10438] openvswitch: netlink: Flow key attr not present in new flow.
[  360.320778][T10445] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1258'.
[  360.404025][ T5867] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  361.213453][ T5867] usb 2-1: Using ep0 maxpacket: 32
[  361.257464][ T5867] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  361.273557][ T5867] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  361.291250][ T5867] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  361.324006][ T5867] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  361.359239][T10459] overlayfs: failed to resolve './file0': -2
[  361.390485][ T5867] usb 2-1: config 0 interface 0 has no altsetting 0
[  361.429420][ T5867] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  361.466754][ T5867] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  361.488092][ T5867] usb 2-1: Product: syz
[  361.497912][T10471] raw_sendmsg: syz.5.1264 forgot to set AF_INET. Fix it!
[  361.497996][ T5867] usb 2-1: Manufacturer: syz
[  361.519655][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  361.519668][   T29] audit: type=1400 audit(2000000208.200:2015): avc:  denied  { append } for  pid=10470 comm="syz.5.1264" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  361.543530][ T5867] usb 2-1: SerialNumber: syz
[  361.883764][ T5820] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  362.628940][ T5867] usb 2-1: config 0 descriptor??
[  362.645133][ T5867] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  362.783671][ T5867] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  362.785361][ T5912] kernel write not supported for file /dsp (pid: 5912 comm: kworker/1:7)
[  362.795847][ T5820] usb 1-1: Using ep0 maxpacket: 32
[  362.848915][ T5820] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  362.867777][ T5820] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  362.883289][ T5820] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  362.907748][ T5820] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  362.927397][ T5820] usb 1-1: config 0 interface 0 has no altsetting 0
[  362.956214][ T5820] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  362.967436][ T5820] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  362.981650][ T5820] usb 1-1: Product: syz
[  362.988847][ T5820] usb 1-1: Manufacturer: syz
[  363.008051][ T5820] usb 1-1: SerialNumber: syz
[  363.060792][T10487] netlink: 'syz.5.1269': attribute type 1 has an invalid length.
[  363.073789][T10487] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1269'.
[  363.111973][ T5820] usb 1-1: config 0 descriptor??
[  363.115308][ T5912] usb 2-1: USB disconnect, device number 33
[  363.116952][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  363.119332][ T5820] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  363.129221][ T5912] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  363.812895][ T5820] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  363.853026][ T5820] usb 1-1: USB disconnect, device number 34
[  363.861101][ T5820] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  363.919085][   T29] audit: type=1400 audit(2000000210.590:2016): avc:  denied  { cmd } for  pid=10493 comm="syz.4.1271" path="socket:[27863]" dev="sockfs" ino=27863 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  364.943582][ T5912] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  365.125065][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  365.140765][ T5912] usb 5-1: config 34 has an invalid interface number: 10 but max is 2
[  365.160661][ T5912] usb 5-1: config 34 has an invalid interface number: 35 but max is 2
[  365.180891][ T5912] usb 5-1: config 34 has an invalid interface number: 41 but max is 2
[  365.205640][ T5912] usb 5-1: config 34 has no interface number 0
[  365.211849][ T5912] usb 5-1: config 34 has no interface number 1
[  365.220755][ T5912] usb 5-1: config 34 has no interface number 2
[  365.238937][ T5912] usb 5-1: config 34 interface 35 altsetting 139 has an invalid descriptor for endpoint zero, skipping
[  365.265471][ T5912] usb 5-1: config 34 interface 35 has no altsetting 0
[  365.272284][ T5912] usb 5-1: config 34 interface 41 has no altsetting 0
[  365.301388][T10517] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1279'.
[  365.318710][T10517] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1279'.
[  365.433030][ T5912] usb 5-1: New USB device found, idVendor=413c, idProduct=81b6, bcdDevice=6f.61
[  365.442293][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.450427][ T5912] usb 5-1: Product: syz
[  365.454656][ T5912] usb 5-1: Manufacturer: syz
[  365.459260][ T5912] usb 5-1: SerialNumber: syz
[  366.072599][ T5912] usb 5-1: USB disconnect, device number 26
[  366.136064][T10528] netlink: 'syz.2.1282': attribute type 1 has an invalid length.
[  366.171315][T10528] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1282'.
[  366.284690][ T5865] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  366.585681][   T29] audit: type=1400 audit(2000000213.150:2017): avc:  denied  { write } for  pid=10540 comm="syz.1.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  366.943258][   T29] audit: type=1400 audit(2000000213.160:2018): avc:  denied  { read append } for  pid=10540 comm="syz.1.1287" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  367.111077][   T29] audit: type=1400 audit(2000000213.160:2019): avc:  denied  { open } for  pid=10540 comm="syz.1.1287" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  367.154519][ T5865] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  367.163162][ T5865] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  367.223444][ T5865] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  367.252385][ T5865] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  367.312407][ T5865] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  367.338192][ T5865] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  367.348109][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  367.360514][T10557] usb usb7: usbfs: process 10557 (syz.1.1291) did not claim interface 0 before use
[  367.363685][ T5865] usb 1-1: Product: syz
[  367.384106][ T5865] usb 1-1: Manufacturer: syz
[  367.393028][ T5865] cdc_wdm 1-1:1.0: skipping garbage
[  367.413299][ T5865] cdc_wdm 1-1:1.0: skipping garbage
[  367.434749][ T5865] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  367.455888][ T5865] cdc_wdm 1-1:1.0: Unknown control protocol
[  367.502055][   T29] audit: type=1400 audit(2000000214.180:2020): avc:  denied  { connect } for  pid=10558 comm="syz.2.1292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  367.630299][T10525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.682882][T10525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  368.200131][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.206996][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.213304][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.219900][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.226257][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.232854][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.239624][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.246221][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.252754][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.259349][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.265794][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.272387][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.278624][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.285215][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.291455][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.298050][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.304345][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.310937][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.317177][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  368.323767][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  368.358358][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  368.367326][ T5900] usb 1-1: USB disconnect, device number 35
[  369.664126][ T5820] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  369.843937][T10593] tmpfs: Unknown parameter 'usrquota�����!��g��$V�`d����)!n'
[  370.023679][ T5820] usb 1-1: Using ep0 maxpacket: 32
[  370.030148][ T5820] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  370.038762][ T5820] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  370.860546][ T5820] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  370.894385][ T5820] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  370.908220][ T5820] usb 1-1: config 0 interface 0 has no altsetting 0
[  370.919912][ T5820] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  370.953047][ T5820] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  370.962642][T10603] x_tables: unsorted underflow at hook 3
[  370.985350][ T5820] usb 1-1: Product: syz
[  370.996022][ T5820] usb 1-1: Manufacturer: syz
[  371.003504][ T5820] usb 1-1: SerialNumber: syz
[  371.016706][   T29] audit: type=1400 audit(2000000217.670:2021): avc:  denied  { append } for  pid=10601 comm="syz.4.1302" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  371.017341][ T5820] usb 1-1: config 0 descriptor??
[  371.221007][ T5820] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  371.244177][ T5820] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  372.038764][ T5820] usb 1-1: USB disconnect, device number 36
[  372.051300][ T5820] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  372.765376][T10620] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.832505][T10620] bond0: (slave rose0): Enslaving as an active interface with an up link
[  372.860434][   T29] audit: type=1400 audit(2000000219.530:2022): avc:  denied  { create } for  pid=10619 comm="syz.2.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  372.976170][   T29] audit: type=1400 audit(2000000219.560:2023): avc:  denied  { bind } for  pid=10619 comm="syz.2.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  373.122650][   T29] audit: type=1400 audit(2000000219.600:2024): avc:  denied  { connect } for  pid=10619 comm="syz.2.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  373.216793][T10634] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1311'.
[  373.226076][T10634] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1311'.
[  373.603980][ T5865] usb 1-1: new low-speed USB device number 37 using dummy_hcd
[  373.873478][ T5865] usb 1-1: Invalid ep0 maxpacket: 16
[  374.096935][ T5865] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  374.133691][ T5912] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  374.364168][ T5865] usb 1-1: Invalid ep0 maxpacket: 16
[  374.372629][ T5865] usb usb1-port1: attempt power cycle
[  375.024166][ T5912] usb 6-1: Using ep0 maxpacket: 32
[  375.036396][ T5912] usb 6-1: config 34 has an invalid interface number: 41 but max is 0
[  375.060845][   T29] audit: type=1400 audit(2000000221.740:2025): avc:  denied  { accept } for  pid=10671 comm="syz.2.1319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  375.081374][ T5912] usb 6-1: config 34 has no interface number 0
[  375.097134][ T5912] usb 6-1: config 34 interface 41 has no altsetting 0
[  375.106191][ T5912] usb 6-1: New USB device found, idVendor=413c, idProduct=81b6, bcdDevice=6f.61
[  375.116042][ T5912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.128925][ T5912] usb 6-1: Product: syz
[  375.133170][ T5912] usb 6-1: Manufacturer: syz
[  375.143449][ T5912] usb 6-1: SerialNumber: syz
[  375.283597][ T5865] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  375.315251][ T5865] usb 1-1: Invalid ep0 maxpacket: 16
[  375.354263][ T5867] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  375.406501][ T5912] usb 6-1: USB disconnect, device number 17
[  376.150405][T10697] vivid-000: disconnect
[  376.166802][ T5865] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  376.179957][T10696] vivid-000: reconnect
[  376.196136][ T5867] usb 5-1: unable to get BOS descriptor or descriptor too short
[  376.208379][ T5867] usb 5-1: not running at top speed; connect to a high speed hub
[  376.221635][ T5865] usb 1-1: Invalid ep0 maxpacket: 16
[  376.232145][ T5865] usb usb1-port1: unable to enumerate USB device
[  376.240823][ T5867] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  376.252655][ T5867] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  376.282497][ T5867] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  376.305621][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.316795][ T5867] usb 5-1: Product: syz
[  376.322034][ T5867] usb 5-1: Manufacturer: syz
[  376.343575][ T5867] usb 5-1: SerialNumber: syz
[  376.399940][T10705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.417874][T10705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.647586][   T25] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  376.833503][   T25] usb 2-1: Using ep0 maxpacket: 32
[  376.866967][   T25] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  376.924097][   T25] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  377.029141][   T25] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  377.135623][ T5867] cdc_ncm 5-1:1.0: bind() failure
[  377.189690][   T25] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  377.206128][ T5867] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  377.212967][ T5867] cdc_ncm 5-1:1.1: bind() failure
[  377.243611][ T5867] usb 5-1: USB disconnect, device number 27
[  377.290903][   T25] usb 2-1: config 0 interface 0 has no altsetting 0
[  377.408682][T10720] FAULT_INJECTION: forcing a failure.
[  377.408682][T10720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.421942][T10720] CPU: 0 UID: 0 PID: 10720 Comm: syz.5.1327 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  377.421963][T10720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  377.421973][T10720] Call Trace:
[  377.421978][T10720]  <TASK>
[  377.421982][T10720]  dump_stack_lvl+0x16c/0x1f0
[  377.422001][T10720]  should_fail_ex+0x50a/0x650
[  377.422016][T10720]  _copy_from_user+0x2e/0xd0
[  377.422030][T10720]  move_addr_to_kernel+0x68/0x160
[  377.422045][T10720]  __sys_bind+0x11c/0x260
[  377.422058][T10720]  ? __pfx___sys_bind+0x10/0x10
[  377.422069][T10720]  ? __fget_files+0x206/0x3a0
[  377.422082][T10720]  ? __pfx_ksys_write+0x10/0x10
[  377.422098][T10720]  __x64_sys_bind+0x72/0xb0
[  377.422110][T10720]  ? lockdep_hardirqs_on+0x7c/0x110
[  377.422123][T10720]  do_syscall_64+0xcd/0x250
[  377.422132][T10720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.422152][T10720] RIP: 0033:0x7fec6a98cda9
[  377.422160][T10720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.422169][T10720] RSP: 002b:00007fec6b881038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  377.422177][T10720] RAX: ffffffffffffffda RBX: 00007fec6aba6160 RCX: 00007fec6a98cda9
[  377.422183][T10720] RDX: 000000000000001c RSI: 0000000020f5dfe4 RDI: 0000000000000004
[  377.422188][T10720] RBP: 00007fec6b881090 R08: 0000000000000000 R09: 0000000000000000
[  377.422193][T10720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.422199][T10720] R13: 0000000000000000 R14: 00007fec6aba6160 R15: 00007fff8fe4cb98
[  377.422210][T10720]  </TASK>
[  377.647912][   T25] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  377.866782][   T25] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  377.932168][   T25] usb 2-1: Product: syz
[  378.246470][   T25] usb 2-1: Manufacturer: syz
[  378.263462][   T25] usb 2-1: SerialNumber: syz
[  378.289063][   T25] usb 2-1: config 0 descriptor??
[  378.316708][   T25] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  378.442545][   T25] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  378.445257][ T5820] kernel read not supported for file /898/net/igmp (pid: 5820 comm: kworker/0:3)
[  379.307766][ T5912] usb 2-1: USB disconnect, device number 34
[  379.348962][ T5912] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  379.572015][T10749] FAULT_INJECTION: forcing a failure.
[  379.572015][T10749] name failslab, interval 1, probability 0, space 0, times 0
[  379.584741][T10749] CPU: 1 UID: 0 PID: 10749 Comm: syz.0.1334 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  379.584762][T10749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  379.584771][T10749] Call Trace:
[  379.584774][T10749]  <TASK>
[  379.584777][T10749]  dump_stack_lvl+0x16c/0x1f0
[  379.584796][T10749]  should_fail_ex+0x50a/0x650
[  379.584809][T10749]  ? fs_reclaim_acquire+0xae/0x150
[  379.584823][T10749]  ? tomoyo_encode2+0x100/0x3e0
[  379.584834][T10749]  should_failslab+0xc2/0x120
[  379.584844][T10749]  __kmalloc_noprof+0xcb/0x510
[  379.584853][T10749]  ? d_absolute_path+0x137/0x1b0
[  379.584864][T10749]  ? rcu_is_watching+0x12/0xc0
[  379.584875][T10749]  tomoyo_encode2+0x100/0x3e0
[  379.584888][T10749]  tomoyo_encode+0x29/0x50
[  379.584898][T10749]  tomoyo_realpath_from_path+0x19d/0x720
[  379.584913][T10749]  tomoyo_path_number_perm+0x248/0x590
[  379.584922][T10749]  ? tomoyo_path_number_perm+0x235/0x590
[  379.584932][T10749]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  379.584946][T10749]  ? __pfx___schedule+0x10/0x10
[  379.584965][T10749]  ? irqentry_exit+0x3b/0x90
[  379.584978][T10749]  ? lockdep_hardirqs_on+0x7c/0x110
[  379.584994][T10749]  ? security_file_ioctl+0x21c/0x240
[  379.585005][T10749]  ? security_file_ioctl+0x22/0x240
[  379.585017][T10749]  security_file_ioctl+0x9b/0x240
[  379.585028][T10749]  __x64_sys_ioctl+0xb7/0x200
[  379.585042][T10749]  do_syscall_64+0xcd/0x250
[  379.585051][T10749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.585064][T10749] RIP: 0033:0x7f134c18cda9
[  379.585071][T10749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.585080][T10749] RSP: 002b:00007f134d001038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  379.585090][T10749] RAX: ffffffffffffffda RBX: 00007f134c3a6080 RCX: 00007f134c18cda9
[  379.585100][T10749] RDX: 00000000200000c0 RSI: 00000000c018643a RDI: 0000000000000007
[  379.585105][T10749] RBP: 00007f134d001090 R08: 0000000000000000 R09: 0000000000000000
[  379.585110][T10749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.585115][T10749] R13: 0000000000000000 R14: 00007f134c3a6080 R15: 00007ffeaf1634f8
[  379.585126][T10749]  </TASK>
[  379.585153][T10749] ERROR: Out of memory at tomoyo_realpath_from_path.
[  379.812910][ T5867] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  379.871997][T10748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.988650][T10748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.064898][ T5867] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  380.086377][ T5867] usb 5-1: config 0 has no interface number 0
[  380.108945][ T5867] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0043, bcdDevice=6a.c7
[  380.130069][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.154703][ T5867] usb 5-1: Product: syz
[  380.159010][ T5867] usb 5-1: Manufacturer: syz
[  380.173118][ T5867] usb 5-1: SerialNumber: syz
[  380.200205][ T5867] usb 5-1: config 0 descriptor??
[  380.225713][ T5867] em28xx 5-1:0.251: audio device (0ccd:0043): interface 251, class 1
[  380.630098][   T29] audit: type=1400 audit(2000000227.310:2026): avc:  denied  { sqpoll } for  pid=10754 comm="syz.5.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  380.653061][ T5867] usb 5-1: USB disconnect, device number 28
[  381.113652][   T25] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  381.113767][ T5865] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  381.285128][   T25] usb 1-1: Using ep0 maxpacket: 32
[  381.302001][   T25] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  381.319963][   T25] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  381.354835][ T5865] usb 2-1: Using ep0 maxpacket: 32
[  381.470449][ T5865] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  381.631500][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.812138][T10777] vivid-000: disconnect
[  381.862239][   T25] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  381.867030][ T5865] usb 2-1: config 0 descriptor??
[  381.873715][   T25] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  381.891849][   T25] usb 1-1: config 0 interface 0 has no altsetting 0
[  381.901576][   T25] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  381.913065][   T25] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  381.926214][   T25] usb 1-1: Product: syz
[  381.930518][   T25] usb 1-1: Manufacturer: syz
[  382.072885][ T5865] usb 2-1: selecting invalid altsetting 3
[  382.078907][   T25] usb 1-1: SerialNumber: syz
[  382.158903][   T25] usb 1-1: config 0 descriptor??
[  382.163802][ T5865] comedi comedi0: could not set alternate setting 3 in high speed
[  382.272125][   T25] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  382.277842][ T5865] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  382.391691][   T25] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  382.417271][ T5865] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22
[  382.444001][ T5865] usb 2-1: USB disconnect, device number 35
[  382.470509][   T25] usb 1-1: USB disconnect, device number 41
[  382.478417][T10773] vivid-000: reconnect
[  382.486933][   T25] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  382.985158][T10798] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1349'.
[  383.072541][T10802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.086561][T10802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.233491][ T5900] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  383.274053][   T25] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  383.308249][T10804] overlayfs: failed to resolve './file1': -2
[  383.403899][ T5900] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  383.422662][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.463644][   T25] usb 5-1: Using ep0 maxpacket: 32
[  383.512751][   T25] usb 5-1: config 34 has an invalid interface number: 41 but max is 0
[  383.544081][ T5900] usb 6-1: config 0 descriptor??
[  383.554621][   T25] usb 5-1: config 34 has no interface number 0
[  383.584499][   T25] usb 5-1: config 34 interface 41 has no altsetting 0
[  383.652029][   T25] usb 5-1: New USB device found, idVendor=413c, idProduct=81b6, bcdDevice=6f.61
[  383.675752][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.684703][   T25] usb 5-1: Product: syz
[  383.689018][   T25] usb 5-1: Manufacturer: syz
[  383.695188][   T25] usb 5-1: SerialNumber: syz
[  383.842575][ T5900] ath6kl: Failed to submit usb control message: -71
[  383.854764][ T5900] ath6kl: unable to send the bmi data to the device: -71
[  383.873576][ T5900] ath6kl: Unable to send get target info: -71
[  383.880531][ T5900] ath6kl: Failed to init ath6kl core: -71
[  383.896234][ T5900] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  384.115130][   T25] usb 5-1: USB disconnect, device number 30
[  384.128219][ T5900] usb 6-1: USB disconnect, device number 18
[  384.834228][T10815] nfs4: Unknown parameter 'rdma'
[  385.180739][   T29] audit: type=1400 audit(2000000231.860:2027): avc:  denied  { ioctl } for  pid=10821 comm="syz.1.1357" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  385.805729][T10824] lo speed is unknown, defaulting to 1000
[  386.300727][T10824] lo speed is unknown, defaulting to 1000
[  386.698680][   T29] audit: type=1400 audit(2000000233.380:2028): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  386.974823][T10854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.985882][T10854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.025901][T10854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.048137][T10854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.080188][T10852] netlink: 'syz.4.1366': attribute type 1 has an invalid length.
[  387.089400][T10852] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1366'.
[  387.113943][ T5865] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  387.137009][T10859] siw: device registration error -23
[  387.156277][   T29] audit: type=1400 audit(2000000233.840:2029): avc:  denied  { listen } for  pid=10853 comm="syz.2.1367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  387.177230][ T5867] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  387.284941][ T5865] usb 2-1: Using ep0 maxpacket: 32
[  387.292561][ T5865] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  387.315180][ T5865] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  387.319645][T10862] vxcan1: tx drop: invalid da for name 0x0000000004000003
[  387.359586][ T5865] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  387.375745][ T5867] usb 1-1: Using ep0 maxpacket: 32
[  387.494072][ T5867] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  387.533087][ T5865] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  387.533145][ T5865] usb 2-1: config 0 interface 0 has no altsetting 0
[  387.544371][ T5867] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  387.546065][ T5867] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  387.547312][ T5867] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  387.547992][ T5867] usb 1-1: config 0 interface 0 has no altsetting 0
[  387.804072][ T5867] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  387.804106][ T5867] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  387.804126][ T5867] usb 1-1: Product: syz
[  387.804142][ T5867] usb 1-1: Manufacturer: syz
[  387.804157][ T5867] usb 1-1: SerialNumber: syz
[  387.808123][ T5865] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  387.808151][ T5865] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  387.808170][ T5865] usb 2-1: Product: syz
[  387.808185][ T5865] usb 2-1: Manufacturer: syz
[  387.808200][ T5865] usb 2-1: SerialNumber: syz
[  387.819832][ T5865] usb 2-1: config 0 descriptor??
[  387.830200][ T5867] usb 1-1: config 0 descriptor??
[  387.946830][ T5865] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  387.958479][ T5865] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  387.989969][ T5867] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  388.010519][ T5867] ldusb 1-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  388.053846][ T5867] usb 2-1: USB disconnect, device number 36
[  388.059796][    C0] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  388.070869][ T5867] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  388.137090][T10867] overlayfs: failed to resolve './file0': -2
[  388.254380][   T25] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  388.267535][   T47] usb 1-1: USB disconnect, device number 42
[  388.313649][   T47] ldusb 1-1:0.0: LD USB Device #1 now disconnected
[  388.476212][   T25] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  388.488572][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  388.693899][   T25] usb 5-1: config 1 has no interface number 0
[  388.702111][   T25] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  388.726742][   T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  388.771366][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.789101][   T25] usb 5-1: Product: syz
[  388.797365][   T25] usb 5-1: Manufacturer: syz
[  388.809741][   T25] usb 5-1: SerialNumber: syz
[  388.822484][   T25] usb 5-1: selecting invalid altsetting 1
[  389.089940][T10877] openvswitch: netlink: Mixed IPv4 and IPv6 tunnel attributes
[  389.426049][ T5895] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  389.786478][   T25] cdc_ncm 5-1:1.1: bind() failure
[  389.831015][   T25] usb 5-1: USB disconnect, device number 31
[  389.833439][ T5895] usb 2-1: Using ep0 maxpacket: 32
[  389.869924][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  389.888240][ T5895] usb 2-1: can't read configurations, error -61
[  389.903085][T10882] FAULT_INJECTION: forcing a failure.
[  389.903085][T10882] name failslab, interval 1, probability 0, space 0, times 0
[  389.944358][T10882] CPU: 0 UID: 0 PID: 10882 Comm: syz.2.1374 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  389.944383][T10882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  389.944393][T10882] Call Trace:
[  389.944398][T10882]  <TASK>
[  389.944404][T10882]  dump_stack_lvl+0x16c/0x1f0
[  389.944436][T10882]  should_fail_ex+0x50a/0x650
[  389.944458][T10882]  ? fs_reclaim_acquire+0xae/0x150
[  389.944483][T10882]  should_failslab+0xc2/0x120
[  389.944501][T10882]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  389.944518][T10882]  ? mark_held_locks+0x9f/0xe0
[  389.944539][T10882]  ? copy_process+0x4be/0x8d60
[  389.944555][T10882]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.944580][T10882]  copy_process+0x4be/0x8d60
[  389.944594][T10882]  ? kasan_save_stack+0x33/0x60
[  389.944608][T10882]  ? kasan_save_track+0x14/0x30
[  389.944622][T10882]  ? __kasan_kmalloc+0xaa/0xb0
[  389.944635][T10882]  ? vhost_task_create+0xd0/0x2b0
[  389.944654][T10882]  ? kvm_mmu_post_init_vm+0x273/0x380
[  389.944674][T10882]  ? kvm_arch_vcpu_ioctl_run+0x66/0x17f0
[  389.944692][T10882]  ? kvm_vcpu_ioctl+0x5ea/0x16b0
[  389.944709][T10882]  ? __x64_sys_ioctl+0x190/0x200
[  389.944730][T10882]  ? do_syscall_64+0xcd/0x250
[  389.944744][T10882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.944780][T10882]  ? __pfx_copy_process+0x10/0x10
[  389.944811][T10882]  ? lockdep_init_map_type+0x16d/0x7d0
[  389.944832][T10882]  ? __raw_spin_lock_init+0x3a/0x110
[  389.944857][T10882]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  389.944879][T10882]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  389.944907][T10882]  vhost_task_create+0x1bd/0x2b0
[  389.944926][T10882]  ? __pfx_vhost_task_create+0x10/0x10
[  389.944945][T10882]  ? __pfx___mutex_lock+0x10/0x10
[  389.944974][T10882]  ? __pfx_vhost_task_fn+0x10/0x10
[  389.945003][T10882]  kvm_mmu_post_init_vm+0x273/0x380
[  389.945026][T10882]  kvm_arch_vcpu_ioctl_run+0x66/0x17f0
[  389.945045][T10882]  ? lock_acquire+0x2f/0xb0
[  389.945065][T10882]  ? kvm_vcpu_ioctl+0x14be/0x16b0
[  389.945088][T10882]  kvm_vcpu_ioctl+0x5ea/0x16b0
[  389.945110][T10882]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  389.945137][T10882]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  389.945163][T10882]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  389.945191][T10882]  ? __pfx_lock_release+0x10/0x10
[  389.945229][T10882]  ? selinux_file_ioctl+0x180/0x270
[  389.945251][T10882]  ? selinux_file_ioctl+0xb4/0x270
[  389.945274][T10882]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  389.945294][T10882]  __x64_sys_ioctl+0x190/0x200
[  389.945319][T10882]  do_syscall_64+0xcd/0x250
[  389.945336][T10882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.945358][T10882] RIP: 0033:0x7f9319f8cda9
[  389.945372][T10882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.945388][T10882] RSP: 002b:00007f931ae09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  389.945404][T10882] RAX: ffffffffffffffda RBX: 00007f931a1a5fa0 RCX: 00007f9319f8cda9
[  389.945415][T10882] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  389.945424][T10882] RBP: 00007f931ae09090 R08: 0000000000000000 R09: 0000000000000000
[  389.945434][T10882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.945443][T10882] R13: 0000000000000000 R14: 00007f931a1a5fa0 R15: 00007ffc14c99fc8
[  389.945461][T10882]  </TASK>
[  390.347034][ T5895] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  390.866332][ T5895] usb 2-1: Using ep0 maxpacket: 32
[  390.922100][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -61
[  391.647549][ T5895] usb 2-1: can't read configurations, error -61
[  391.655255][ T5895] usb usb2-port1: attempt power cycle
[  391.857667][T10916] vivid-001: disconnect
[  391.863813][T10914] vivid-001: reconnect
[  391.980864][   T25] kernel read not supported for file /930/net/igmp (pid: 25 comm: kworker/1:0)
[  392.054170][ T5895] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  392.284687][ T5895] usb 2-1: device not accepting address 39, error -71
[  393.193867][   T47] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  393.428698][   T47] usb 5-1: Using ep0 maxpacket: 32
[  393.457224][   T47] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  393.493834][   T47] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  393.693847][   T47] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  393.838997][   T47] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  393.904985][   T47] usb 5-1: config 0 interface 0 has no altsetting 0
[  393.915153][   T47] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  393.925629][   T47] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  393.938784][   T47] usb 5-1: Product: syz
[  393.943072][   T47] usb 5-1: Manufacturer: syz
[  393.959051][   T47] usb 5-1: SerialNumber: syz
[  393.969390][   T47] usb 5-1: config 0 descriptor??
[  393.981039][   T47] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  394.019644][   T47] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  394.038169][T10962] netlink: 'syz.0.1393': attribute type 1 has an invalid length.
[  394.063529][T10962] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1393'.
[  394.124259][T10967] binder: 10966:10967 ioctl 4018620d 0 returned -22
[  394.149419][T10967] binder: 10966:10967 ioctl c0306201 20000340 returned -14
[  394.210458][   T47] usb 5-1: USB disconnect, device number 32
[  394.244076][   T47] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  397.034461][   T29] audit: type=1400 audit(2000000243.390:2030): avc:  denied  { watch } for  pid=10980 comm="syz.1.1400" path="/257/file0" dev="tmpfs" ino=1491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  397.668473][T10995] vivid-003: disconnect
[  397.749591][ T5912] vivid-003: reconnect
[  397.852013][T11000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.889207][T11000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.906296][ T5912] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  397.960626][T11006] netlink: 'syz.1.1407': attribute type 1 has an invalid length.
[  397.969867][T11006] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1407'.
[  398.188673][ T5912] usb 5-1: config 2 has an invalid interface number: 150 but max is 0
[  398.198107][ T5912] usb 5-1: config 2 has no interface number 0
[  398.204375][ T5912] usb 5-1: config 2 interface 150 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  398.216117][ T5912] usb 5-1: config 2 interface 150 altsetting 1 endpoint 0x3 has invalid maxpacket 1999, setting to 64
[  398.227147][ T5912] usb 5-1: config 2 interface 150 altsetting 1 has an endpoint descriptor with address 0xB1, changing to 0x81
[  398.376497][ T5912] usb 5-1: config 2 interface 150 altsetting 1 endpoint 0x81 has invalid maxpacket 53322, setting to 64
[  398.408863][ T5912] usb 5-1: config 2 interface 150 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  399.064933][ T5865] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  399.116604][ T5912] usb 5-1: config 2 interface 150 has no altsetting 0
[  399.127728][ T5912] usb 5-1: New USB device found, idVendor=0572, idProduct=cb06, bcdDevice=41.cf
[  399.137564][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.145837][ T5912] usb 5-1: Product: syz
[  399.150060][ T5912] usb 5-1: Manufacturer: syz
[  399.155456][ T5912] usb 5-1: SerialNumber: syz
[  399.165427][T10996] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  399.289362][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.313478][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.330525][ T5865] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  399.363311][ T5865] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  399.378264][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.406207][ T5865] usb 6-1: config 0 descriptor??
[  399.561247][T11026] tmpfs: Unknown parameter 'usrquota�����!��g��$V�`d����)!n'
[  399.808307][   T29] audit: type=1400 audit(2000000246.480:2031): avc:  denied  { map } for  pid=10989 comm="syz.4.1402" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  399.822699][ T5912] hub 5-1:2.150: bad descriptor, ignoring hub
[  399.887203][T11030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  399.895885][T11030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  399.923594][ T5912] hub 5-1:2.150: probe with driver hub failed with error -5
[  399.937057][ T5912] cxacru 5-1:2.150: submit of write urb for cm 0x90 failed (-2)
[  399.946573][ T5912] cxacru 5-1:2.150: usbatm_usb_probe: invalid endpoint 02!
[  399.954365][ T5912] cxacru 5-1:2.150: probe with driver cxacru failed with error -22
[  400.009218][ T5912] usb 5-1: USB disconnect, device number 33
[  400.267951][ T5865] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  400.296418][ T5865] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  400.327466][ T5865] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  400.669241][   T29] audit: type=1400 audit(2000000247.350:2032): avc:  denied  { getopt } for  pid=11037 comm="syz.1.1417" lport=56630 faddr=255.255.255.254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  400.694354][T11039] lo speed is unknown, defaulting to 1000
[  400.799024][T11039] lo speed is unknown, defaulting to 1000
[  400.853531][ T5865] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  401.083302][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  401.320836][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  401.332656][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  401.349177][ T5865] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  401.360817][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.369002][ T5865] usb 1-1: Product: syz
[  401.373591][ T5865] usb 1-1: Manufacturer: syz
[  401.378244][ T5865] usb 1-1: SerialNumber: syz
[  401.386233][ T5865] usb 1-1: config 0 descriptor??
[  401.399210][   T29] audit: type=1400 audit(2000000248.070:2033): avc:  denied  { read } for  pid=11036 comm="syz.4.1416" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  401.451136][T11041] block device autoloading is deprecated and will be removed.
[  401.456417][   T29] audit: type=1400 audit(2000000248.070:2034): avc:  denied  { open } for  pid=11036 comm="syz.4.1416" path="/283/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  401.593461][T11052] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1420'.
[  401.716505][   T29] audit: type=1400 audit(2000000248.370:2035): avc:  denied  { setattr } for  pid=11051 comm="syz.1.1420" name="/" dev="configfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  402.026835][   T29] audit: type=1400 audit(2000000248.710:2036): avc:  denied  { read } for  pid=11060 comm="syz.1.1422" path="socket:[29980]" dev="sockfs" ino=29980 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  402.050165][    C1] vkms_vblank_simulate: vblank timer overrun
[  402.173210][T11066] SELinux: syz.1.1423 (11066) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  402.222410][T11067] netlink: 187320 bytes leftover after parsing attributes in process `syz.1.1423'.
[  402.232492][ T5912] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  402.268362][T11067] netlink: zone id is out of range
[  402.294278][T11067] netlink: zone id is out of range
[  402.332381][T11067] netlink: zone id is out of range
[  402.373722][ T5912] usb 5-1: device descriptor read/64, error -71
[  402.406274][   T47] usb 6-1: USB disconnect, device number 19
[  402.408307][T11072] tmpfs: Unknown parameter 'usrquota�����!��g��$V�`d����)!n'
[  402.430892][T11073] IPv6: sit1: Disabled Multicast RS
[  402.432036][T11066] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 11066 comm: syz.1.1423)
[  402.750656][   T29] audit: type=1800 audit(2000000249.410:2037): pid=11066 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1423" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=29994 res=0 errno=0
[  402.777583][ T5865] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  402.796360][ T5912] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  402.983517][ T5912] usb 5-1: device descriptor read/64, error -71
[  403.174049][ T5912] usb usb5-port1: attempt power cycle
[  403.188470][T11079] kAFS: unable to lookup cell '.yz1'
[  403.321915][T11079] netdevsim netdevsim1: Direct firmware load for .
[  403.321915][T11079]  failed with error -2
[  403.333024][T11079] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  403.333024][T11079] 
[  403.371645][T11084] libceph: resolve '0.0' (ret=-3): failed
[  403.636645][ T5912] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  403.674070][ T5912] usb 5-1: device descriptor read/8, error -71
[  403.935173][ T5912] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  404.015298][ T5912] usb 5-1: device descriptor read/8, error -71
[  404.163984][ T5912] usb usb5-port1: unable to enumerate USB device
[  404.337215][T11091] vivid-003: disconnect
[  404.341802][T11090] vivid-003: reconnect
[  406.616207][T11116] SELinux: syz.2.1436 (11116) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  406.650370][T11116] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.1436'.
[  406.654931][ T5912] usb 1-1: USB disconnect, device number 43
[  406.660037][ T5865] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  406.676122][T11116] netlink: zone id is out of range
[  406.686196][T11116] netlink: zone id is out of range
[  406.691386][T11116] netlink: zone id is out of range
[  406.703476][ T5867] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  406.718493][T11116] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 11116 comm: syz.2.1436)
[  406.738203][   T29] audit: type=1800 audit(2000000253.420:2038): pid=11116 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1436" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=30051 res=0 errno=0
[  406.763603][   T29] audit: type=1400 audit(2000000253.420:2039): avc:  denied  { setopt } for  pid=11115 comm="syz.2.1436" lport=39984 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  406.808822][T11121] binder: 11120:11121 ioctl c0306201 0 returned -14
[  406.818296][T11121] binder: 11120:11121 ioctl c0306201 20000340 returned -14
[  406.833593][ T5865] usb 6-1: Using ep0 maxpacket: 16
[  406.843206][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.855019][ T5895] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  406.863057][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  406.870194][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.880642][ T5865] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  406.890623][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.899907][ T5867] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  406.911931][ T5867] usb 5-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  406.926984][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.936317][ T5867] usb 5-1: Product: syz
[  406.941878][ T5865] usb 6-1: config 0 descriptor??
[  406.947475][ T5867] usb 5-1: Manufacturer: syz
[  406.956304][ T5867] usb 5-1: SerialNumber: syz
[  406.974932][ T5867] usb 5-1: config 0 descriptor??
[  406.985492][ T5867] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  407.006314][T11127] netlink: 'syz.2.1441': attribute type 1 has an invalid length.
[  407.013598][ T5895] usb 2-1: Using ep0 maxpacket: 32
[  407.015309][T11127] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1441'.
[  407.020808][ T5895] usb 2-1: config 34 has an invalid interface number: 10 but max is 1
[  407.038284][ T5895] usb 2-1: config 34 has an invalid interface number: 41 but max is 1
[  407.047710][ T5895] usb 2-1: config 34 has no interface number 0
[  407.068789][ T5895] usb 2-1: config 34 has no interface number 1
[  407.075571][ T5895] usb 2-1: config 34 interface 41 has no altsetting 0
[  407.084535][ T5895] usb 2-1: New USB device found, idVendor=413c, idProduct=81b6, bcdDevice=6f.61
[  407.094728][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.103056][ T5895] usb 2-1: Product: syz
[  407.107368][ T5895] usb 2-1: Manufacturer: syz
[  407.111976][ T5895] usb 2-1: SerialNumber: syz
[  407.131762][T11131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.141468][T11131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.335255][ T5895] usb 2-1: USB disconnect, device number 41
[  407.572294][   T29] audit: type=1400 audit(2000000254.250:2040): avc:  denied  { setopt } for  pid=11108 comm="syz.5.1433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  407.599832][ T5865] usbhid 6-1:0.0: can't add hid device: -71
[  407.606763][ T5865] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  407.619359][ T5865] usb 6-1: USB disconnect, device number 20
[  408.213157][T11111] netlink: 'syz.4.1434': attribute type 39 has an invalid length.
[  408.451553][   T29] audit: type=1400 audit(2000000254.890:2041): avc:  denied  { getopt } for  pid=11110 comm="syz.4.1434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  408.689081][ T5867] gspca_sunplus: reg_w_riv err -110
[  408.695548][ T5867] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  408.734666][T11111] veth0_macvtap: left promiscuous mode
[  408.833208][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1434'.
[  408.852636][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1434'.
[  408.995928][   T25] usb 5-1: USB disconnect, device number 38
[  409.025101][ T5912] kernel read not supported for file /871/net/igmp (pid: 5912 comm: kworker/1:7)
[  409.294120][T11158] SELinux: syz.2.1450 (11158) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  409.326998][T11158] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.1450'.
[  409.340818][T11158] netlink: zone id is out of range
[  409.348940][T11158] netlink: zone id is out of range
[  409.355191][T11158] netlink: zone id is out of range
[  409.497880][ T5867] kernel write not supported for file /sysvipc/msg (pid: 5867 comm: kworker/0:6)
[  409.649002][T11166] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1453'.
[  410.031118][T11176] netlink: 'syz.0.1452': attribute type 1 has an invalid length.
[  410.039422][T11176] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1452'.
[  410.196627][T11165] lo speed is unknown, defaulting to 1000
[  410.238176][T11165] lo speed is unknown, defaulting to 1000
[  411.429892][   T29] audit: type=1400 audit(2000000258.110:2042): avc:  denied  { shutdown } for  pid=11189 comm="syz.4.1458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  412.698734][   T29] audit: type=1400 audit(2000000259.380:2043): avc:  denied  { create } for  pid=11202 comm="syz.5.1461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  413.053984][T11209] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  413.598213][   T29] audit: type=1400 audit(2000000259.740:2044): avc:  denied  { ioctl } for  pid=11202 comm="syz.5.1461" path="socket:[30885]" dev="sockfs" ino=30885 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  413.622899][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.846695][T11212] Invalid source name
[  413.850726][T11212] UBIFS error (pid: 11212): cannot open "./file0", error -22
[  413.873983][   T29] audit: type=1400 audit(2000000260.530:2045): avc:  denied  { mounton } for  pid=11211 comm="syz.5.1464" path="/175/file0" dev="tmpfs" ino=1010 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  414.330270][T11229] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1469'.
[  415.621834][   T29] audit: type=1400 audit(2000000262.300:2046): avc:  denied  { connect } for  pid=11236 comm="syz.5.1471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  416.371859][ T5895] kernel read not supported for file /902/net/igmp (pid: 5895 comm: kworker/0:8)
[  416.681192][T11248] kAFS: unable to lookup cell '.yz1'
[  416.751788][T11248] netdevsim netdevsim2: Direct firmware load for .
[  416.751788][T11248]  failed with error -2
[  416.764706][T11248] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  416.764706][T11248] 
[  417.013611][ T5912] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  417.739850][ T5912] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  417.770987][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.516203][ T5912] usb 5-1: config 0 descriptor??
[  418.529743][   T29] audit: type=1400 audit(2000000265.210:2047): avc:  denied  { write } for  pid=11264 comm="syz.2.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  418.923612][ T5900] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  419.107388][ T5900] usb 2-1: New USB device found, idVendor=045b, idProduct=0212, bcdDevice=28.97
[  419.164771][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.172801][ T5900] usb 2-1: Product: syz
[  419.184268][   T29] audit: type=1400 audit(2000000265.870:2048): avc:  denied  { map } for  pid=11271 comm="syz.0.1482" path="socket:[30385]" dev="sockfs" ino=30385 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  419.193963][ T5900] usb 2-1: Manufacturer: syz
[  419.242583][   T29] audit: type=1400 audit(2000000265.870:2049): avc:  denied  { read } for  pid=11271 comm="syz.0.1482" path="socket:[30385]" dev="sockfs" ino=30385 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  419.413421][ T5900] usb 2-1: SerialNumber: syz
[  419.424351][ T5900] usb 2-1: config 0 descriptor??
[  419.462576][ T5900] upd78f0730 2-1:0.0: upd78f0730 converter detected
[  420.446507][ T5912] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  420.457855][ T5912] asix 5-1:0.0: probe with driver asix failed with error -71
[  420.475457][ T5900] usb 2-1: upd78f0730 converter now attached to ttyUSB1
[  420.485678][ T5912] usb 5-1: USB disconnect, device number 39
[  420.494497][ T5900] usb 2-1: USB disconnect, device number 42
[  420.577994][ T5900] upd78f0730 ttyUSB1: upd78f0730 converter now disconnected from ttyUSB1
[  420.620911][ T5900] upd78f0730 2-1:0.0: device disconnected
[  421.777140][T11292] binder: BINDER_SET_CONTEXT_MGR already set
[  421.783855][T11292] binder: 11290:11292 ioctl 4018620d 20000040 returned -16
[  421.792620][T11292] binder: 11290:11292 ioctl c0306201 20000340 returned -14
[  421.800148][T11289] overlayfs: missing 'lowerdir'
[  421.809358][T11289] overlayfs: failed to resolve './file1': -2
[  422.713428][   T29] audit: type=1400 audit(2000000269.340:2050): avc:  denied  { write } for  pid=11298 comm="syz.2.1491" dev="sockfs" ino=31042 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  422.733778][T11299] 9pnet_fd: Insufficient options for proto=fd
[  422.755895][T11299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.886624][T11305] tmpfs: Unknown parameter 'usrquota�����!��g��$V�`d����)!n'
[  422.908129][T11299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.814390][T11313] PKCS8: Unsupported PKCS#8 version
[  423.821225][T11313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1495'.
[  423.833032][T11313] batadv_slave_1: entered promiscuous mode
[  424.520220][T11326] binder: 11324:11326 ioctl c0306201 20000340 returned -14
[  425.163609][T11330] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1497'.
[  425.198420][   T29] audit: type=1400 audit(2000000271.870:2051): avc:  denied  { accept } for  pid=11327 comm="syz.1.1497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  425.217892][    C1] vkms_vblank_simulate: vblank timer overrun
[  425.247027][   T29] audit: type=1400 audit(2000000271.870:2052): avc:  denied  { shutdown } for  pid=11327 comm="syz.1.1497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  425.360047][T11336] overlayfs: missing 'lowerdir'
[  425.444925][T11339] overlayfs: failed to resolve './file1': -2
[  428.331248][T11378] SELinux: syz.4.1513 (11378) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  428.504267][T11380] netlink: 187320 bytes leftover after parsing attributes in process `syz.4.1513'.
[  428.656626][T11380] netlink: zone id is out of range
[  428.718284][T11380] netlink: zone id is out of range
[  428.804292][T11380] netlink: zone id is out of range
[  429.705000][T11396] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  429.913578][ T5895] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  430.073131][   T29] audit: type=1326 audit(2000000276.750:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11405 comm="syz.2.1522" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9319f8cda9 code=0x0
[  430.166969][ T5895] usb 5-1: Using ep0 maxpacket: 32
[  430.224903][ T5895] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  430.346845][ T5895] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  430.558373][ T5895] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  430.651811][ T5895] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  430.671554][ T5895] usb 5-1: config 0 interface 0 has no altsetting 0
[  430.679771][T11415] libceph: resolve '0.' (ret=-3): failed
[  430.686324][ T5895] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  430.696451][ T5895] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  430.705229][ T5895] usb 5-1: Product: syz
[  430.709452][ T5895] usb 5-1: Manufacturer: syz
[  430.718955][ T5895] usb 5-1: SerialNumber: syz
[  430.725699][ T5895] usb 5-1: config 0 descriptor??
[  430.732590][ T5895] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  430.756023][ T5895] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  431.255259][ T5900] usb 5-1: USB disconnect, device number 40
[  431.261234][    C1] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  431.313622][ T5900] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  432.159062][T11435] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1529'.
[  432.707950][ T8149] wlan1: failed to finalize CSA on link 0, disconnecting
[  432.821885][   T47] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  433.123602][   T47] usb 1-1: Using ep0 maxpacket: 8
[  433.140929][   T47] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  433.168993][   T47] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  433.809338][   T47] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  433.820153][   T47] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  433.835821][   T47] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  433.858791][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.183490][   T47] usb 1-1: GET_CAPABILITIES returned 0
[  434.189040][   T47] usbtmc 1-1:16.0: can't read capabilities
[  435.821559][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.830682][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.839762][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.848841][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.857921][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.867002][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.893500][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.902650][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.911740][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.918357][T11477] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1542'.
[  435.920824][    C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.969658][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.978807][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.987916][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  435.997019][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  436.006119][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  436.015211][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  437.588615][T11491] SELinux: syz.2.1546 (11491) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  437.593222][ T5867] usb 1-1: USB disconnect, device number 44
[  437.646785][T11491] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.1546'.
[  437.682027][T11491] netlink: zone id is out of range
[  437.722592][T11491] netlink: zone id is out of range
[  437.728078][T11491] netlink: zone id is out of range
[  437.750589][T11495] bond1: entered promiscuous mode
[  437.785297][T11495] bond1: entered allmulticast mode
[  437.819017][T11495] 8021q: adding VLAN 0 to HW filter on device bond1
[  438.085830][ T5895] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  439.313791][T11512] SELinux: syz.5.1552 (11512) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  439.364269][T11514] netlink: 187320 bytes leftover after parsing attributes in process `syz.5.1552'.
[  439.403123][T11514] netlink: zone id is out of range
[  439.433323][T11514] netlink: zone id is out of range
[  439.442002][T11514] netlink: zone id is out of range
[  439.447408][ T5895] usb 5-1: not running at top speed; connect to a high speed hub
[  439.458092][ T5895] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  439.471672][ T5895] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  439.498888][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.507259][ T5895] usb 5-1: Product: з
[  439.511422][ T5895] usb 5-1: Manufacturer: ᐁ
[  439.519775][ T5895] usb 5-1: SerialNumber: Ц
[  439.779725][ T5895] cdc_ncm 5-1:1.0: bind() failure
[  439.796506][ T5895] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  439.809606][T11495] bond1 (unregistering): Released all slaves
[  439.824344][ T5895] cdc_ncm 5-1:1.1: bind() failure
[  439.842331][ T5895] usb 5-1: USB disconnect, device number 41
[  440.130700][T11522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  440.139667][T11522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  440.334003][T11535] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  440.340556][T11535] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  440.387826][T11535] vhci_hcd vhci_hcd.0: Device attached
[  440.655232][ T5865] usb 44-1: SetAddress Request (6) to port 0
[  440.984341][ T5865] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  441.214314][T11536] vhci_hcd: connection reset by peer
[  441.230335][ T8149] vhci_hcd: stop threads
[  441.242331][ T8149] vhci_hcd: release socket
[  441.260380][ T8149] vhci_hcd: disconnect device
[  442.279779][   T29] audit: type=1326 audit(2000000288.960:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.283104][   T29] audit: type=1326 audit(2000000288.960:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.283135][   T29] audit: type=1326 audit(2000000288.960:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.283160][   T29] audit: type=1326 audit(2000000288.960:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.284606][   T29] audit: type=1326 audit(2000000288.960:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.284636][   T29] audit: type=1326 audit(2000000288.960:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.286294][   T29] audit: type=1326 audit(2000000288.970:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.286330][   T29] audit: type=1326 audit(2000000288.970:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.286360][   T29] audit: type=1326 audit(2000000288.970:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.286390][   T29] audit: type=1326 audit(2000000288.970:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11563 comm="syz.5.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec6a98cda9 code=0x7ffc0000
[  442.304048][T11565] syz.0.1567: attempt to access beyond end of device
[  442.304048][T11565] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  442.662113][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.899102][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.949129][T11584] netlink: 'syz.4.1572': attribute type 1 has an invalid length.
[  442.949150][T11584] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1572'.
[  444.051495][T11590] netlink: 'syz.4.1573': attribute type 1 has an invalid length.
[  444.160299][T11590] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1573'.
[  444.314373][ T5895] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  444.674129][ T5895] usb 6-1: Using ep0 maxpacket: 8
[  444.784531][ T5895] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  444.803798][ T5895] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  445.572778][ T5895] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  445.583320][ T5895] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  445.603891][ T5895] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  445.612957][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.717838][T11614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.923619][ T5895] usb 6-1: GET_CAPABILITIES returned 0
[  445.933640][T11614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  445.939529][ T5895] usbtmc 6-1:16.0: can't read capabilities
[  446.040791][T11618] x_tables: unsorted underflow at hook 3
[  446.710447][ T5865] usb 44-1: device descriptor read/8, error -110
[  446.733442][   T47] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  447.358637][ T5865] usb usb44-port1: attempt power cycle
[  447.584509][   T47] usb 2-1: device descriptor read/64, error -71
[  447.853854][   T47] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  448.005144][   T47] usb 2-1: device descriptor read/64, error -71
[  448.120548][ T5865] usb usb44-port1: unable to enumerate USB device
[  448.134652][ T5912] usb 6-1: USB disconnect, device number 21
[  448.251659][   T47] usb usb2-port1: attempt power cycle
[  449.103177][T11639] misc userio: The device must be registered before sending interrupts
[  449.473643][   T47] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  449.617292][   T47] usb 2-1: device descriptor read/8, error -71
[  449.873599][   T47] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  450.001343][   T47] usb 2-1: device descriptor read/8, error -71
[  450.662993][   T47] usb usb2-port1: unable to enumerate USB device
[  450.970718][T11657] 9pnet_fd: Insufficient options for proto=fd
[  452.017917][T11670] tmpfs: Unknown parameter 'usrqulimit'
[  452.269087][T11677] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  452.298704][T11677] macsec1: entered promiscuous mode
[  452.327012][T11677] macsec1: entered allmulticast mode
[  452.352693][T11677] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  452.496571][T11681] binder: 11680:11681 ioctl c0306201 0 returned -14
[  452.518971][T11681] binder: 11680:11681 ioctl c0306201 20000340 returned -14
[  453.180713][T11688] netlink: 'syz.1.1601': attribute type 4 has an invalid length.
[  454.234277][T11707] 9pnet_fd: Insufficient options for proto=fd
[  455.524946][T11723] input: syz1 as /devices/virtual/input/input19
[  457.275877][T11739] ALSA: mixer_oss: invalid OSS volume 'X���~��+E�9�u���geV=o23��4��'
[  457.284457][T11739] ALSA: mixer_oss: invalid OSS volume '/�}�Ƣ'
[  457.290723][T11739] ALSA: mixer_oss: invalid OSS volume '?"S%'�1e���b!���Tg��&�>'
[  457.660344][T11742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.786221][T11742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.902076][   T47] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  458.063450][   T47] usb 2-1: device descriptor read/64, error -71
[  458.303515][   T47] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  458.401197][T11750] lo speed is unknown, defaulting to 1000
[  458.458353][   T47] usb 2-1: device descriptor read/64, error -71
[  458.533762][   T29] kauditd_printk_skb: 6 callbacks suppressed
[  458.533776][   T29] audit: type=1400 audit(2000000305.220:2070): avc:  denied  { bind } for  pid=11749 comm="syz.0.1615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  458.564121][ T5865] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  458.573616][   T47] usb usb2-port1: attempt power cycle
[  458.584699][T11764] netlink: 'syz.4.1620': attribute type 5 has an invalid length.
[  458.600856][T11750] lo speed is unknown, defaulting to 1000
[  458.728395][ T5865] usb 6-1: Using ep0 maxpacket: 32
[  458.744626][ T5865] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  458.759982][ T5865] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  458.770687][ T5865] usb 6-1: config 0 has no interfaces?
[  458.785031][ T5865] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  458.800463][ T5865] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  458.825367][ T5865] usb 6-1: Product: syz
[  458.829664][ T5865] usb 6-1: Manufacturer: syz
[  458.837909][ T5865] usb 6-1: SerialNumber: syz
[  458.859981][ T5865] usb 6-1: config 0 descriptor??
[  458.913767][   T47] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  458.954605][   T47] usb 2-1: device descriptor read/8, error -71
[  459.129028][ T5895] usb 6-1: USB disconnect, device number 22
[  459.213150][   T47] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  459.283638][   T47] usb 2-1: device descriptor read/8, error -71
[  459.403696][   T47] usb usb2-port1: unable to enumerate USB device
[  459.433012][T11773] binder: BINDER_SET_CONTEXT_MGR already set
[  459.451827][T11773] binder: 11772:11773 ioctl 4018620d 20000040 returned -16
[  459.472775][T11773] binder: 11772:11773 ioctl c0306201 0 returned -14
[  459.480377][T11773] binder: 11772:11773 ioctl c0306201 20000340 returned -14
[  459.588165][   T29] audit: type=1400 audit(2000000306.220:2071): avc:  denied  { read } for  pid=11777 comm="syz.4.1625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  462.116768][    C1] Unknown status report in ack skb
[  462.493211][   T29] audit: type=1400 audit(2000000309.110:2072): avc:  denied  { setopt } for  pid=11804 comm="syz.1.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  462.851600][T11821] SELinux: syz.4.1637 (11821) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  462.854167][T11821] netlink: 187320 bytes leftover after parsing attributes in process `syz.4.1637'.
[  462.854210][T11821] netlink: zone id is out of range
[  462.854222][T11821] netlink: zone id is out of range
[  462.854280][T11821] netlink: zone id is out of range
[  463.923742][ T5865] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  463.978565][T11832] binder: 11831:11832 ioctl c0306201 20000340 returned -14
[  463.994204][   T29] audit: type=1400 audit(2000000310.670:2073): avc:  denied  { mount } for  pid=11833 comm="syz.5.1643" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  464.079045][   T29] audit: type=1400 audit(2000000310.710:2074): avc:  denied  { unmount } for  pid=7922 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  464.100330][ T5865] usb 5-1: Using ep0 maxpacket: 8
[  464.220227][ T5865] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  464.383832][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.461343][ T5865] usb 5-1: config 0 descriptor??
[  466.115625][   T29] audit: type=1400 audit(2000000312.630:2075): avc:  denied  { watch watch_reads } for  pid=11837 comm="syz.2.1646" path="/proc/1243/syscall" dev="proc" ino=33364 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  466.151157][ T5865] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  466.162555][ T5865] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  466.181375][ T5865] asix 5-1:0.0: probe with driver asix failed with error -71
[  466.201467][ T5865] usb 5-1: USB disconnect, device number 42
[  469.051739][T11886] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  469.080555][T11858] Cannot find del_set index 0 as target
[  469.134231][T11891] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  469.229725][ T8679] Bluetooth: hci5: Frame reassembly failed (-84)
[  470.866623][T11908] netlink: 'syz.0.1664': attribute type 1 has an invalid length.
[  470.874529][T11908] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1664'.
[  471.374045][   T55] Bluetooth: hci5: command 0x1003 tx timeout
[  471.404111][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  472.856906][ T5865] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  473.182975][T11935] binder: 11934:11935 ioctl c0306201 20000340 returned -14
[  473.284228][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  474.005771][ T5865] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  474.015014][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.041955][   T29] audit: type=1326 audit(2000000320.720:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.042323][ T5865] usb 1-1: config 0 interface 0 has no altsetting 0
[  474.555118][ T5865] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  474.565445][T11953] overlayfs: missing 'lowerdir'
[  474.570363][   T29] audit: type=1326 audit(2000000320.720:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.602331][ T5865] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  474.612170][ T5865] usb 1-1: Product: syz
[  474.621568][ T5865] usb 1-1: Manufacturer: syz
[  474.623095][T11955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.627949][ T5865] usb 1-1: SerialNumber: syz
[  474.642996][T11945] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  474.651743][T11945] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  474.670959][   T29] audit: type=1326 audit(2000000321.050:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.680766][T11955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.695252][ T5865] usb 1-1: config 0 descriptor??
[  474.721939][   T29] audit: type=1326 audit(2000000321.050:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.748845][ T5865] ldusb 1-1:0.0: Interrupt in endpoint not found
[  474.749000][T11957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1679'.
[  474.787691][T11957] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1679'.
[  474.788380][   T29] audit: type=1326 audit(2000000321.050:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.817892][T11957] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1679'.
[  474.821143][   T29] audit: type=1326 audit(2000000321.050:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  474.977060][ T5865] usb 1-1: USB disconnect, device number 45
[  475.008213][   T29] audit: type=1326 audit(2000000321.060:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  475.229242][   T29] audit: type=1326 audit(2000000321.160:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  475.262199][   T29] audit: type=1326 audit(2000000321.160:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11944 comm="syz.4.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  475.315826][T11957] nbd0: detected capacity change from 0 to 256
[  475.341116][ T5824] block nbd0: Receive control failed (result -104)
[  476.063536][   T47] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  476.333545][   T47] usb 5-1: Using ep0 maxpacket: 8
[  476.354241][   T47] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  476.390741][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.438914][T11980] binder: 11977:11980 ioctl c0306201 20000340 returned -14
[  476.483993][   T47] usb 5-1: config 0 descriptor??
[  476.618635][T11991] overlayfs: missing 'lowerdir'
[  476.658766][T11991] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  476.679994][T11991] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  476.783640][ T5912] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  476.986319][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.999613][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  477.018885][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  477.034996][ T5912] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  477.046138][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.101939][ T5912] usb 2-1: config 0 descriptor??
[  478.351380][   T47] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  478.362901][   T47] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  478.379263][   T47] asix 5-1:0.0: probe with driver asix failed with error -71
[  478.391745][   T47] usb 5-1: USB disconnect, device number 43
[  478.792194][ T5900] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  478.963588][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  478.973734][ T5900] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  478.982740][ T5900] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  478.993216][ T5900] usb 6-1: config 0 interface 0 has no altsetting 0
[  479.487748][ T5900] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  479.596607][ T5900] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  479.606819][ T5900] usb 6-1: Product: syz
[  479.611019][ T5900] usb 6-1: Manufacturer: syz
[  479.616136][ T5900] usb 6-1: SerialNumber: syz
[  479.622423][ T5900] usb 6-1: config 0 descriptor??
[  479.631397][ T5900] ldusb 6-1:0.0: Interrupt in endpoint not found
[  479.770100][T12032] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  479.870587][ T5912] usb 6-1: USB disconnect, device number 23
[  479.965656][   T47] usb 2-1: USB disconnect, device number 51
[  479.984767][ T5900] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  480.215784][T12039] pim6reg: entered allmulticast mode
[  480.221368][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  480.238785][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  480.267769][T12040] netlink: 'syz.1.1703': attribute type 1 has an invalid length.
[  480.286036][ T5900] usb 5-1: config 0 has no interfaces?
[  480.296125][ T5900] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  480.307880][T12040] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1703'.
[  480.339120][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.377204][ T5900] usb 5-1: Product: syz
[  480.381391][ T5900] usb 5-1: Manufacturer: syz
[  480.394253][ T5900] usb 5-1: SerialNumber: syz
[  480.431566][ T5900] usb 5-1: config 0 descriptor??
[  480.479907][   T29] audit: type=1400 audit(2000000327.160:2085): avc:  denied  { nlmsg_write } for  pid=12038 comm="syz.0.1704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  480.507445][T12048] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1704'.
[  480.648958][ T5912] usb 5-1: USB disconnect, device number 44
[  481.812711][T12076] binder: 12075:12076 ioctl c0306201 0 returned -14
[  481.903564][  T960] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  482.745605][  T960] usb 6-1: Using ep0 maxpacket: 8
[  482.771169][  T960] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  482.801300][  T960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.040022][  T960] usb 6-1: config 0 descriptor??
[  483.063163][   T29] audit: type=1400 audit(2000000329.640:2086): avc:  denied  { ioctl } for  pid=12079 comm="syz.2.1715" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0xf511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  483.282678][T12093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.291589][T12093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.541746][T12103] overlayfs: failed to resolve './file1': -2
[  483.553588][ T5865] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  483.814289][ T5867] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  483.903308][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.914506][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.929556][ T5865] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  483.938759][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.954610][ T5865] usb 1-1: config 0 descriptor??
[  484.043836][ T5867] usb 5-1: Using ep0 maxpacket: 8
[  484.052073][ T5867] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.069644][ T5867] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  484.079687][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.092015][ T5867] usb 5-1: Product: syz
[  484.096383][ T5867] usb 5-1: Manufacturer: syz
[  484.108695][ T5867] usb 5-1: SerialNumber: syz
[  484.361571][T12110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  484.386612][ T5865] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  484.394468][  T960] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  484.407543][ T5865] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  484.414946][  T960] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  484.425561][ T5865] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  484.432854][ T5865] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  484.441095][  T960] asix 6-1:0.0: probe with driver asix failed with error -71
[  484.452214][ T5865] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  484.459849][  T960] usb 6-1: USB disconnect, device number 24
[  484.569129][ T5865] hid-steam 0003:28DE:1142.0007: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  485.344752][ T5865] usb 1-1: USB disconnect, device number 46
[  485.425555][ T5867] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  485.432068][ T5867] cdc_ncm 5-1:1.0: setting rx_max = 16384
[  485.647422][ T5867] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  485.672917][   T29] audit: type=1400 audit(2000000332.350:2087): avc:  denied  { bind } for  pid=12122 comm="syz.5.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  486.410468][ T5867] usb 5-1: USB disconnect, device number 45
[  486.514523][ T5867] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  487.619078][T12151] overlayfs: failed to resolve './file1': -2
[  487.934722][ T5900] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  488.183663][ T5912] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  488.214456][ T5900] usb 5-1: Using ep0 maxpacket: 8
[  488.222986][ T5900] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  488.279244][ T5900] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  488.845088][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  488.859105][ T5912] usb 1-1: Using ep0 maxpacket: 32
[  488.886413][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  488.903663][ T5912] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  488.916959][ T5912] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  488.954500][ T5900] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  489.000148][ T5912] usb 1-1: config 0 has no interfaces?
[  489.037504][ T5912] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  489.055314][ T5900] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  489.103802][ T5912] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  489.129913][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.331086][ T5912] usb 1-1: Product: syz
[  489.342790][ T5912] usb 1-1: Manufacturer: syz
[  489.508492][ T5912] usb 1-1: SerialNumber: syz
[  489.723158][ T5900] usb 5-1: GET_CAPABILITIES returned 0
[  489.741918][ T5912] usb 1-1: config 0 descriptor??
[  489.753956][ T5900] usbtmc 5-1:16.0: can't read capabilities
[  489.808066][ T5900] usb 5-1: USB disconnect, device number 46
[  489.938234][T12190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  489.958611][T12190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.017334][  T960] usb 1-1: USB disconnect, device number 47
[  490.801051][ T5867] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  490.838387][T12197] SELinux: syz.4.1742 (12197) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  490.885633][T12197] netlink: 187320 bytes leftover after parsing attributes in process `syz.4.1742'.
[  490.910053][T12197] netlink: zone id is out of range
[  490.940626][T12197] netlink: zone id is out of range
[  490.964326][ T5867] usb 6-1: Using ep0 maxpacket: 32
[  490.978073][ T5867] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  490.993838][T12197] netlink: zone id is out of range
[  491.006661][ T5867] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  491.048179][T12207] netlink: 'syz.1.1743': attribute type 1 has an invalid length.
[  491.059115][ T5867] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  491.092316][T12207] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1743'.
[  491.109647][ T5867] usb 6-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  491.170022][ T5867] usb 6-1: config 0 interface 0 has no altsetting 0
[  491.183286][T12211] netlink: 'syz.0.1744': attribute type 1 has an invalid length.
[  491.192052][ T5867] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  491.209917][ T5867] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  491.215902][T12211] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1744'.
[  491.237672][   T29] audit: type=1400 audit(2000000337.910:2088): avc:  denied  { create } for  pid=12215 comm="syz.4.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  491.286684][ T5867] usb 6-1: Product: syz
[  491.323050][ T5867] usb 6-1: Manufacturer: syz
[  491.334111][ T5867] usb 6-1: SerialNumber: syz
[  491.347519][ T5867] usb 6-1: config 0 descriptor??
[  491.359515][ T5867] ldusb 6-1:0.0: Interrupt in endpoint not found
[  491.374716][   T29] audit: type=1400 audit(2000000337.910:2089): avc:  denied  { bind } for  pid=12215 comm="syz.4.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  491.516755][T12222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1748'.
[  492.208936][T12224] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  492.691664][ T5867] usb 6-1: USB disconnect, device number 25
[  492.903623][ T5865] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  493.436675][T12242] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode
[  493.803418][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  495.145895][T12254] SELinux: syz.5.1755 (12254) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  495.576575][ T5865] usb 1-1: unable to read config index 0 descriptor/start: -71
[  495.595402][T12254] netlink: 187320 bytes leftover after parsing attributes in process `syz.5.1755'.
[  495.625981][ T5865] usb 1-1: can't read configurations, error -71
[  495.686139][T12254] netlink: zone id is out of range
[  495.697423][T12254] netlink: zone id is out of range
[  495.702748][T12254] netlink: zone id is out of range
[  495.928752][T12267] overlayfs: missing 'lowerdir'
[  495.942819][T12264] overlayfs: missing 'workdir'
[  496.753690][ T5867] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  496.794194][T12282] netlink: 'syz.4.1763': attribute type 11 has an invalid length.
[  496.905003][ T5867] usb 2-1: Using ep0 maxpacket: 8
[  496.916534][ T5867] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  496.933718][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.958093][T12286] 9pnet_fd: Insufficient options for proto=fd
[  496.972860][ T5867] usb 2-1: config 0 descriptor??
[  497.069354][   T29] audit: type=1400 audit(2000000343.730:2090): avc:  denied  { write } for  pid=12283 comm="syz.0.1764" name="task" dev="proc" ino=35106 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  497.163443][   T29] audit: type=1400 audit(2000000343.740:2091): avc:  denied  { add_name } for  pid=12283 comm="syz.0.1764" name="memory.events.local" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  497.229143][   T29] audit: type=1400 audit(2000000343.750:2092): avc:  denied  { create } for  pid=12283 comm="syz.0.1764" name="memory.events.local" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  497.285071][T12298] random: crng reseeded on system resumption
[  497.325703][   T29] audit: type=1400 audit(2000000343.750:2093): avc:  denied  { associate } for  pid=12283 comm="syz.0.1764" name="memory.events.local" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  497.411018][   T29] audit: type=1400 audit(2000000343.970:2094): avc:  denied  { append } for  pid=12297 comm="syz.5.1768" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  497.493313][   T29] audit: type=1400 audit(2000000343.970:2095): avc:  denied  { open } for  pid=12297 comm="syz.5.1768" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  498.348299][ T5867] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  498.358784][ T5867] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  498.471490][ T5867] asix 2-1:0.0: probe with driver asix failed with error -71
[  498.577704][ T5867] usb 2-1: USB disconnect, device number 52
[  498.753306][T12318] SELinux: syz.5.1772 (12318) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  498.837576][T12318] netlink: 187320 bytes leftover after parsing attributes in process `syz.5.1772'.
[  498.845000][ T5900] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  498.848370][T12318] netlink: zone id is out of range
[  498.860154][T12318] netlink: zone id is out of range
[  498.870320][T12318] netlink: zone id is out of range
[  499.034008][ T5900] usb 5-1: Using ep0 maxpacket: 32
[  499.041293][ T5900] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  499.078016][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  499.510206][ T5900] usb 5-1: config 0 has no interfaces?
[  499.785941][ T5900] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  499.795391][ T5900] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  499.805289][ T5900] usb 5-1: Product: syz
[  499.810713][   T29] audit: type=1400 audit(2000000346.490:2096): avc:  denied  { write } for  pid=12334 comm="syz.1.1777" name="igmp" dev="proc" ino=4026532829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  499.810719][ T5900] usb 5-1: Manufacturer: syz
[  499.903627][ T5900] usb 5-1: SerialNumber: syz
[  500.092907][ T5900] usb 5-1: config 0 descriptor??
[  500.236032][T12344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1781'.
[  500.264431][T12346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.284963][T12346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.329216][ T5912] usb 5-1: USB disconnect, device number 47
[  501.285524][T12359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.295681][T12359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.804140][T12363] tipc: Started in network mode
[  501.815944][T12363] tipc: Node identity 6646e9c272c1, cluster identity 4711
[  501.834352][T12363] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  501.843317][T12362] tipc: Resetting bearer <eth:syzkaller0>
[  502.662398][ T5903] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  502.849456][ T5903] usb 5-1: config 0 has an invalid interface number: 117 but max is 0
[  502.873426][ T5903] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  502.899711][ T5903] usb 5-1: config 0 has no interface number 0
[  502.914855][ T5903] usb 5-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  502.950123][ T5903] usb 5-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  503.007204][ T5867] tipc: Node number set to 344451522
[  503.039181][ T5903] usb 5-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  503.052958][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.061063][ T5903] usb 5-1: Product: syz
[  503.073465][ T5903] usb 5-1: Manufacturer: syz
[  503.078129][ T5903] usb 5-1: SerialNumber: syz
[  503.087238][ T5903] usb 5-1: config 0 descriptor??
[  503.891419][ T5903] usbtouchscreen 5-1:0.117: probe with driver usbtouchscreen failed with error -71
[  504.743432][ T5903] usb 5-1: USB disconnect, device number 48
[  504.803153][T10571] udevd[10571]: setting mode of /dev/bus/usb/005/048 to 020664 failed: No such file or directory
[  504.814822][T10571] udevd[10571]: setting owner of /dev/bus/usb/005/048 to uid=0, gid=0 failed: No such file or directory
[  504.833305][T12390] overlayfs: missing 'lowerdir'
[  504.857035][T12390] overlayfs: missing 'workdir'
[  504.931328][   T29] audit: type=1400 audit(2000000351.610:2097): avc:  denied  { watch_sb } for  pid=12398 comm="syz.2.1799" path="/414" dev="tmpfs" ino=2297 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  505.993488][   T26] block nbd0: Possible stuck request ffff888025a37000: control (read@0,4096B). Runtime 30 seconds
[  507.258493][T12362] tipc: Disabling bearer <eth:syzkaller0>
[  507.274010][T12401] netlink: 'syz.5.1798': attribute type 1 has an invalid length.
[  507.281796][T12401] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1798'.
[  511.087950][ T5868] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  511.284416][ T5868] usb 1-1: Using ep0 maxpacket: 32
[  511.302742][ T5868] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  511.401874][ T5912] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  511.444340][ T5868] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  511.454654][ T5868] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  511.466245][ T5868] usb 1-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  511.480962][ T5868] usb 1-1: config 0 interface 0 has no altsetting 0
[  511.489966][ T5868] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  511.499757][ T5868] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  511.508527][ T5868] usb 1-1: Product: syz
[  511.512700][ T5868] usb 1-1: Manufacturer: syz
[  511.531235][ T5868] usb 1-1: SerialNumber: syz
[  511.544375][ T5868] usb 1-1: config 0 descriptor??
[  511.551764][ T5868] ldusb 1-1:0.0: Interrupt in endpoint not found
[  512.025542][ T5912] usb 2-1: Using ep0 maxpacket: 32
[  512.324288][ T5912] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  512.605414][ T5912] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.618871][ T5912] usb 2-1: config 0 interface 0 has no altsetting 0
[  512.690585][ T5912] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  512.702901][ T5912] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  512.711669][ T5912] usb 2-1: Product: syz
[  512.717728][ T5912] usb 2-1: Manufacturer: syz
[  512.722349][ T5912] usb 2-1: SerialNumber: syz
[  512.732048][ T5867] usb 1-1: USB disconnect, device number 50
[  512.740436][T12487] fuse: Bad value for 'rootmode'
[  512.756508][ T5912] usb 2-1: config 0 descriptor??
[  512.779811][ T5912] ldusb 2-1:0.0: Interrupt in endpoint not found
[  513.024156][ T5868] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  513.041433][ T5865] usb 2-1: USB disconnect, device number 53
[  513.873816][ T5868] usb 5-1: Using ep0 maxpacket: 8
[  513.915536][ T5868] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  513.934147][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.106062][ T5868] usb 5-1: config 0 descriptor??
[  515.845959][ T5868] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  515.873552][ T5868] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  515.885318][ T5868] asix 5-1:0.0: probe with driver asix failed with error -71
[  516.279822][ T5868] usb 5-1: USB disconnect, device number 50
[  517.331186][T12555] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1840'.
[  521.043557][ T5867] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  521.107147][T12586] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1847'.
[  521.224339][ T5867] usb 1-1: Using ep0 maxpacket: 8
[  521.242539][ T5867] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  521.257965][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.274406][ T5867] usb 1-1: config 0 descriptor??
[  521.474023][ T5868] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  522.338611][ T5868] usb 6-1: Using ep0 maxpacket: 32
[  522.369076][ T5868] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  522.383429][ T5868] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  522.400137][ T5868] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0
[  522.412991][ T5868] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  522.436885][ T5868] usb 6-1: config 0 interface 0 has no altsetting 0
[  522.448522][ T5868] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  522.461840][ T5868] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  522.501052][ T5868] usb 6-1: Product: syz
[  522.521336][ T5868] usb 6-1: Manufacturer: syz
[  522.543074][ T5868] usb 6-1: SerialNumber: syz
[  522.555879][ T5867] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  522.568462][ T5868] usb 6-1: config 0 descriptor??
[  522.582801][ T5868] ldusb 6-1:0.0: Interrupt in endpoint not found
[  522.590173][ T5867] asix 1-1:0.0: probe with driver asix failed with error -71
[  522.618710][ T5867] usb 1-1: USB disconnect, device number 51
[  523.062183][   T47] usb 6-1: USB disconnect, device number 26
[  523.890448][T12620] binder: BINDER_SET_CONTEXT_MGR already set
[  523.896580][T12620] binder: 12619:12620 ioctl 4018620d 20000040 returned -16
[  523.905079][T12620] binder: 12619:12620 ioctl c0306201 20000340 returned -14
[  524.129030][   T29] audit: type=1400 audit(2000000370.800:2098): avc:  denied  { append } for  pid=12624 comm="syz.5.1862" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  524.197345][T12628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.247656][T12628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.600551][T12630] lo speed is unknown, defaulting to 1000
[  526.223431][ T5903] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  526.416805][T12652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.456234][T12652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.722864][T12630] lo speed is unknown, defaulting to 1000
[  526.783450][ T5903] usb 6-1: Using ep0 maxpacket: 32
[  527.187027][ T5903] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  527.272992][ T5903] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  527.319317][ T5903] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  527.515481][ T5903] usb 6-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  527.542297][ T5903] usb 6-1: config 0 interface 0 has no altsetting 0
[  527.577959][ T5903] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  527.587976][ T5903] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  527.596753][ T5903] usb 6-1: Product: syz
[  527.601074][ T5903] usb 6-1: Manufacturer: syz
[  527.606812][ T5903] usb 6-1: SerialNumber: syz
[  527.613307][ T5903] usb 6-1: config 0 descriptor??
[  527.647644][ T5903] ldusb 6-1:0.0: Interrupt in endpoint not found
[  528.039583][ T5868] usb 6-1: USB disconnect, device number 27
[  528.092900][T12662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  528.130840][T12662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  528.259388][T12664] binder: 12663:12664 ioctl c0306201 0 returned -14
[  528.701955][   T29] audit: type=1400 audit(2000000375.370:2099): avc:  denied  { append } for  pid=12671 comm="syz.0.1877" name="sg0" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  528.959417][T12668] lo speed is unknown, defaulting to 1000
[  529.045828][T12668] lo speed is unknown, defaulting to 1000
[  529.053463][ T5868] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  529.292113][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  529.305733][ T5868] usb 1-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  529.321182][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.369791][ T5868] usb 1-1: config 0 descriptor??
[  529.413922][T12679] lo speed is unknown, defaulting to 1000
[  529.565775][T12679] lo speed is unknown, defaulting to 1000
[  530.293839][ T5868] razer 0003:1532:010E.0008: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.0-1/input0
[  532.518068][ T5867] usb 1-1: USB disconnect, device number 52
[  532.712902][   T29] audit: type=1400 audit(2000000379.390:2100): avc:  denied  { write } for  pid=12707 comm="syz.5.1886" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  532.804080][T12706] binder: 12704:12706 ioctl c0306201 0 returned -14
[  533.814151][ T5867] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  533.983535][ T5867] usb 2-1: Using ep0 maxpacket: 16
[  534.577716][ T5867] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  534.623954][ T5867] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  534.672432][ T5867] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  534.819942][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.924873][   T29] audit: type=1400 audit(2000000381.590:2101): avc:  denied  { read } for  pid=12730 comm="syz.2.1893" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  534.990431][ T5867] usb 2-1: config 0 descriptor??
[  535.034346][   T29] audit: type=1400 audit(2000000381.710:2102): avc:  denied  { bind } for  pid=12730 comm="syz.2.1893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  535.408129][T12738] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  535.414704][T12738] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  535.425864][T12738] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  535.431811][T12738] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  535.461210][T12738] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  535.467482][T12738] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  535.559725][T12747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  535.726279][T12747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  535.764090][ T5867] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  535.843624][  T960] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  535.915617][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.927463][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  535.940783][ T5867] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  535.952783][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.962479][ T5867] usb 5-1: config 0 descriptor??
[  535.993425][  T960] usb 6-1: Using ep0 maxpacket: 16
[  535.999975][  T960] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  536.011677][  T960] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  536.013535][   T47] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  536.021199][  T960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.039184][  T960] usb 6-1: config 0 descriptor??
[  536.177015][   T47] usb 1-1: Using ep0 maxpacket: 16
[  536.183601][   T47] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  536.192867][   T47] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  536.203502][   T47] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  536.215261][   T47] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  536.224530][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.232559][   T47] usb 1-1: Product: syz
[  536.236823][   T47] usb 1-1: Manufacturer: syz
[  536.241707][   T47] usb 1-1: SerialNumber: syz
[  536.374862][ T5867] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0
[  536.382236][ T5867] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0
[  536.405079][ T5867] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0009/input/input21
[  536.434562][ T5176] 
[  536.436928][ T5176] ======================================================
[  536.443942][ T5176] WARNING: possible circular locking dependency detected
[  536.450956][ T5176] 6.13.0-syzkaller-08265-g9c5968db9e62 #0 Not tainted
[  536.454695][  T960] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  536.457701][ T5176] ------------------------------------------------------
[  536.457710][ T5176] acpid/5176 is trying to acquire lock:
[  536.475504][ T5867] cm6533_jd 0003:0D8C:0022.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  536.477215][ T5176] ffff888030ed1e20 (&hdev->ll_open_lock){+.+.}-{4:4}, at: hid_hw_open+0x25/0x170
[  536.493389][  T960] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  536.498941][ T5176] 
[  536.498941][ T5176] but task is already holding lock:
[  536.498950][ T5176] ffff888027fac2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_open_device+0x5c/0x390
[  536.511223][  T960] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  536.513307][ T5176] 
[  536.513307][ T5176] which lock already depends on the new lock.
[  536.513307][ T5176] 
[  536.513315][ T5176] 
[  536.513315][ T5176] the existing dependency chain (in reverse order) is:
[  536.513321][ T5176] 
[  536.513321][ T5176] -> #1 (&dev->mutex#2){+.+.}-{4:4}:
[  536.513349][ T5176]        __mutex_lock+0x19b/0xb10
[  536.513377][ T5176]        __input_unregister_device+0x24/0x470
[  536.513400][ T5176]        input_unregister_device+0xb9/0x100
[  536.513422][ T5176]        steam_sensors_unregister.part.0+0x10c/0x2c0
[  536.513449][ T5176]        steam_client_ll_open+0xbc/0x100
[  536.513463][ T5176]        hid_hw_open+0xe2/0x170
[  536.513478][ T5176]        hidraw_open+0x274/0x7e0
[  536.513500][ T5176]        chrdev_open+0x237/0x6a0
[  536.513515][ T5176]        do_dentry_open+0x735/0x1c40
[  536.513538][ T5176]        vfs_open+0x82/0x3f0
[  536.513554][ T5176]        path_openat+0x1e88/0x2d80
[  536.513567][ T5176]        do_filp_open+0x20c/0x470
[  536.513579][ T5176]        do_sys_openat2+0x17a/0x1e0
[  536.513596][ T5176]        __x64_sys_openat+0x175/0x210
[  536.513614][ T5176]        do_syscall_64+0xcd/0x250
[  536.513627][ T5176]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.513649][ T5176] 
[  536.513649][ T5176] -> #0 (&hdev->ll_open_lock){+.+.}-{4:4}:
[  536.513671][ T5176]        __lock_acquire+0x249e/0x3c40
[  536.513692][ T5176]        lock_acquire.part.0+0x11b/0x380
[  536.513713][ T5176]        __mutex_lock+0x19b/0xb10
[  536.513736][ T5176]        hid_hw_open+0x25/0x170
[  536.513750][ T5176]        input_open_device+0x230/0x390
[  536.513770][ T5176]        evdev_open+0x52d/0x690
[  536.513790][ T5176]        chrdev_open+0x237/0x6a0
[  536.513804][ T5176]        do_dentry_open+0x735/0x1c40
[  536.513834][ T5176]        vfs_open+0x82/0x3f0
[  536.513850][ T5176]        path_openat+0x1e88/0x2d80
[  536.513863][ T5176]        do_filp_open+0x20c/0x470
[  536.513876][ T5176]        do_sys_openat2+0x17a/0x1e0
[  536.513892][ T5176]        __x64_sys_openat+0x175/0x210
[  536.523032][  T960] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  536.529964][ T5176]        do_syscall_64+0xcd/0x250
[  536.529977][ T5176]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.529996][ T5176] 
[  536.529996][ T5176] other info that might help us debug this:
[  536.529996][ T5176] 
[  536.530002][ T5176]  Possible unsafe locking scenario:
[  536.530002][ T5176] 
[  536.530006][ T5176]        CPU0                    CPU1
[  536.530010][ T5176]        ----                    ----
[  536.530014][ T5176]   lock(&dev->mutex#2);
[  536.530027][ T5176]                                lock(&hdev->ll_open_lock);
[  536.530038][ T5176]                                lock(&dev->mutex#2);
[  536.530053][ T5176]   lock(&hdev->ll_open_lock);
[  536.530063][ T5176] 
[  536.530063][ T5176]  *** DEADLOCK ***
[  536.530063][ T5176] 
[  536.540861][  T960] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0
[  536.549412][ T5176] 2 locks held by acpid/5176:
[  536.549423][ T5176]  #0: ffff888027fab118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_open+0x2ee/0x690
[  536.549470][ T5176]  #1: ffff888027fac2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_open_device+0x5c/0x390
[  536.549519][ T5176] 
[  536.549519][ T5176] stack backtrace:
[  536.549527][ T5176] CPU: 1 UID: 0 PID: 5176 Comm: acpid Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  536.549545][ T5176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  536.549555][ T5176] Call Trace:
[  536.549560][ T5176]  <TASK>
[  536.549566][ T5176]  dump_stack_lvl+0x116/0x1f0
[  536.549592][ T5176]  print_circular_bug+0x490/0x760
[  536.549616][ T5176]  check_noncircular+0x31a/0x400
[  536.549637][ T5176]  ? __pfx_check_noncircular+0x10/0x10
[  536.549657][ T5176]  ? __pfx___lock_acquire+0x10/0x10
[  536.549681][ T5176]  ? lockdep_lock+0xc6/0x200
[  536.549697][ T5176]  ? __pfx_lockdep_lock+0x10/0x10
[  536.549715][ T5176]  __lock_acquire+0x249e/0x3c40
[  536.549740][ T5176]  ? __pfx___lock_acquire+0x10/0x10
[  536.549761][ T5176]  ? bpf_trace_run2+0x1c2/0x590
[  536.549782][ T5176]  ? __pfx_bpf_trace_run2+0x10/0x10
[  536.549804][ T5176]  lock_acquire.part.0+0x11b/0x380
[  536.549832][ T5176]  ? hid_hw_open+0x25/0x170
[  536.549849][ T5176]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  536.549872][ T5176]  ? rcu_is_watching+0x12/0xc0
[  536.549888][ T5176]  ? trace_lock_acquire+0x14e/0x1f0
[  536.549905][ T5176]  ? __mutex_trylock_common+0xea/0x250
[  536.549926][ T5176]  ? hid_hw_open+0x25/0x170
[  536.549942][ T5176]  ? lock_acquire+0x2f/0xb0
[  536.549962][ T5176]  ? hid_hw_open+0x25/0x170
[  536.549978][ T5176]  __mutex_lock+0x19b/0xb10
[  536.550000][ T5176]  ? hid_hw_open+0x25/0x170
[  536.550014][ T5176]  ? trace_contention_end+0xee/0x140
[  536.550034][ T5176]  ? hid_hw_open+0x25/0x170
[  536.550048][ T5176]  ? __pfx___mutex_lock+0x10/0x10
[  536.550069][ T5176]  ? __pfx___mutex_lock+0x10/0x10
[  536.550094][ T5176]  ? hid_hw_open+0x25/0x170
[  536.550107][ T5176]  hid_hw_open+0x25/0x170
[  536.550121][ T5176]  input_open_device+0x230/0x390
[  536.550140][ T5176]  ? __pfx_hidinput_open+0x10/0x10
[  536.550158][ T5176]  evdev_open+0x52d/0x690
[  536.550177][ T5176]  ? __pfx_evdev_open+0x10/0x10
[  536.550195][ T5176]  chrdev_open+0x237/0x6a0
[  536.550210][ T5176]  ? __pfx_chrdev_open+0x10/0x10
[  536.550225][ T5176]  ? file_set_fsnotify_mode+0x163/0x5d0
[  536.550245][ T5176]  do_dentry_open+0x735/0x1c40
[  536.550266][ T5176]  ? __pfx_chrdev_open+0x10/0x10
[  536.550280][ T5176]  ? inode_permission+0xdd/0x5f0
[  536.550298][ T5176]  vfs_open+0x82/0x3f0
[  536.550313][ T5176]  ? may_open+0x1f2/0x400
[  536.550330][ T5176]  path_openat+0x1e88/0x2d80
[  536.550346][ T5176]  ? __pfx_path_openat+0x10/0x10
[  536.550358][ T5176]  ? __pfx___lock_acquire+0x10/0x10
[  536.550377][ T5176]  ? lock_acquire.part.0+0x11b/0x380
[  536.550395][ T5176]  ? find_held_lock+0x2d/0x110
[  536.550411][ T5176]  do_filp_open+0x20c/0x470
[  536.550423][ T5176]  ? __pfx_do_filp_open+0x10/0x10
[  536.550436][ T5176]  ? find_held_lock+0x2d/0x110
[  536.550455][ T5176]  ? alloc_fd+0x41f/0x760
[  536.550478][ T5176]  do_sys_openat2+0x17a/0x1e0
[  536.550495][ T5176]  ? __pfx_do_sys_openat2+0x10/0x10
[  536.550510][ T5176]  ? sigprocmask+0xf0/0x330
[  536.550527][ T5176]  ? __might_fault+0xe3/0x190
[  536.550546][ T5176]  __x64_sys_openat+0x175/0x210
[  536.550562][ T5176]  ? __pfx___x64_sys_openat+0x10/0x10
[  536.550579][ T5176]  ? ksys_read+0x1ba/0x250
[  536.550602][ T5176]  do_syscall_64+0xcd/0x250
[  536.550616][ T5176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.550636][ T5176] RIP: 0033:0x7f03c99279a4
[  536.550648][ T5176] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[  536.550662][ T5176] RSP: 002b:00007ffc779662d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  536.550675][ T5176] RAX: ffffffffffffffda RBX: 00007ffc779665b8 RCX: 00007f03c99279a4
[  536.550684][ T5176] RDX: 0000000000080800 RSI: 00007ffc779664b8 RDI: 00000000ffffff9c
[  536.550693][ T5176] RBP: 00007ffc779664b8 R08: 00000000000000f4 R09: 00007ffc779664b8
[  536.550702][ T5176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080800
[  536.550710][ T5176] R13: 0000000000000020 R14: 00007ffc779665b8 R15: 00007ffc779664b8
[  536.550723][ T5176]  </TASK>
[  536.550756][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.557821][  T960] mcp2221 0003:04D8:00DD.000A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  536.758657][ T5903] usb 2-1: USB disconnect, device number 54
[  536.774647][    C0] usb 6-1: input irq status -75 received
[  536.856835][   T26] block nbd0: Possible stuck request ffff888025a37000: control (read@0,4096B). Runtime 60 seconds
[  536.940270][  T960] usb 6-1: USB disconnect, device number 28
[  536.957776][   T47] usb 1-1: 0:2 : does not exist
[  537.123483][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  537.178318][T12758] overlayfs: failed to resolve './file1': -2
[  537.292859][   T29] audit: type=1326 audit(2000000383.970:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.316677][   T29] audit: type=1326 audit(2000000383.970:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.340503][   T29] audit: type=1326 audit(2000000383.970:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.365319][   T47] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1)
[  537.372926][   T29] audit: type=1326 audit(2000000383.970:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.384933][   T47] usb 1-1: USB disconnect, device number 53
[  537.398265][   T29] audit: type=1326 audit(2000000383.970:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.428118][   T29] audit: type=1326 audit(2000000384.000:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.452102][ T5824] Bluetooth: hci2: command 0x0406 tx timeout
[  537.459552][   T29] audit: type=1326 audit(2000000384.000:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12743 comm="syz.4.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24d318cda9 code=0x7ffc0000
[  537.523432][ T5824] Bluetooth: hci4: command 0x040f tx timeout
[  537.564391][T10571] udevd[10571]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  537.814250][   T47] usb 5-1: reset high-speed USB device number 51 using dummy_hcd
[  539.124316][ T5903] usb 5-1: USB disconnect, device number 51
[  539.203418][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  539.523384][ T5824] Bluetooth: hci2: command 0x0406 tx timeout
[  539.603428][ T5824] Bluetooth: hci4: command 0x040f tx timeout
[  542.141606][ T5191] udevd[5191]: worker [5806] /devices/virtual/block/nbd0 is taking a long time